From: Leland Steinke <[email protected]> - Update VRelease - Provide clarification if users should disable SELinux to enable 3rd party tools (e.g. HBSS)
Signed-off-by: Leland Steinke <[email protected]> --- RHEL/6/input/auxiliary/stig_overlay.xml | 2 +- RHEL/6/input/system/software/integrity.xml | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/RHEL/6/input/auxiliary/stig_overlay.xml b/RHEL/6/input/auxiliary/stig_overlay.xml index 86a5b5e..958b119 100644 --- a/RHEL/6/input/auxiliary/stig_overlay.xml +++ b/RHEL/6/input/auxiliary/stig_overlay.xml @@ -816,7 +816,7 @@ <title>The system must use and update a DoD-approved virus scan program.</title> </overlay> <overlay owner="disastig" ruleid="install_hids" ownerid="RHEL-06-000285" disa="1263" severity="medium"> - <VMSinfo VKey="38667" SVKey="50468" VRelease="1" /> + <VMSinfo VKey="38667" SVKey="50468" VRelease="2" /> <title>The system must have a host-based intrusion detection tool installed.</title> </overlay> <overlay owner="disastig" ruleid="disable_ctrlaltdel_reboot" ownerid="RHEL-06-000286" disa="366" severity="high"> diff --git a/RHEL/6/input/system/software/integrity.xml b/RHEL/6/input/system/software/integrity.xml index 73a0629..0c14ecc 100644 --- a/RHEL/6/input/system/software/integrity.xml +++ b/RHEL/6/input/system/software/integrity.xml @@ -197,7 +197,11 @@ software may not be appropriate for some specialized systems. The base Red Hat platform already includes a sophisticated auditing system that can detect intruder activity, as well as SELinux, which provides host-based intrusion prevention capabilities by confining privileged programs and user -sessions which may become compromised. +sessions which may become compromised.<br /> +In DoD environments, supplemental intrusion detection tools, such as, the McAfee +Host-based Security System, are available to integrate with existing infrastructure. +When these supplemental tools interfere with the proper functioning of SELinux, SELinux +takes precedence. <br/> </description> <ocil clause="no host-based intrusion detection tools are installed"> -- 1.7.1 -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
