Since HBSS and SELinux don't play well together, I'm for reverting. Leam
On Tue, Sep 24, 2013 at 3:21 PM, Shawn Wells <[email protected]> wrote: > I received the following note from a colleague today, outlining the > wording changes between RHEL5 and RHEL6 regarding HBSS. I searched the > mailing archives, and can't figure out *why* the language was changed. > > - Anyone remember why? > - Objections to reverting to the RHEL5 language? > > EMail: > >> from the RHEL 6 STIG: >> >> ============================ >> Group ID (Vulid): V-38667 >> Group Title: SRG-OS-000196 >> Rule ID: SV-50468r1_rule >> Severity: CAT II >> Rule Version (STIG-ID): RHEL-06-000285 >> Rule Title: The system must have a host-based intrusion detection tool >> installed. >> >> Vulnerability Discussion: Adding host-based intrusion detection tools can >> provide the capability to automatically take actions in response to >> malicious behavior, which can provide additional agility in reacting to >> network threats. These tools also often include a reporting capability to >> provide network awareness of system, which may not otherwise exist in an >> organization's systems management regime. >> >> Check Content: >> Inspect the system to determine if intrusion detection software has been >> installed. Verify the intrusion detection software is active. >> If no host-based intrusion detection tools are installed, this is a >> finding. >> >> Fix Text: The base Red Hat platform already includes a sophisticated >> auditing system that can detect intruder activity, as well as SELinux, >> which provides host-based intrusion prevention capabilities by confining >> privileged programs and user sessions which may become compromised. >> >> Install an additional intrusion detection tool to provide complementary >> or duplicative monitoring, reporting, and reaction capabilities to those of >> the base platform. For DoD systems, the McAfee Host-based Security System >> is provided to fulfill this role. >> ======================== >> >> >> to look more like this from the RHEL 5 STIG: >> >> ========================= >> Group ID (Vulid): V-782 >> Group Title: GEN006480 >> Rule ID: SV-37746r2_rule >> Severity: CAT II >> Rule Version (STIG-ID): GEN006480 >> Rule Title: The system must have a host-based intrusion detection tool >> installed. >> >> Vulnerability Discussion: Without a host-based intrusion detection tool, >> there is no system-level defense when an intruder gains access to a system >> or network. Additionally, a host-based intrusion detection tool can provide >> methods to immediately lock out detected intrusion attempts. >> >> Responsibility: System Administrator >> IAControls: ECID-1 >> >> Check Content: >> Ask the SA or IAO if a host-based intrusion detection application is >> loaded on the system. The preferred intrusion detection system is McAfee >> HBSS available through Cybercom. If another host-based intrusion detection >> application, such as SELinux, is used on the system, this is not a finding. >> ========================= >> >> People are getting confused and SElinux and HBSS are getting installed >> with SElinux being disabled to make things work. >> > > > > ______________________________**_________________ > scap-security-guide mailing list > scap-security-guide@lists.**fedorahosted.org<[email protected]> > https://lists.fedorahosted.**org/mailman/listinfo/scap-**security-guide<https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide> > -- Mind on a Mission <http://leamhall.blogspot.com/>
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
