Jess, Far as I can tell, it don't work. And that assumes you consider HBSS able to "work"...
Leam On Tue, Sep 24, 2013 at 3:50 PM, Jess Sightler <[email protected]> wrote: > Hi Shawn, > > The RHEL5 verbiage implies that SELinux is unnecessary if HBSS is > installed. I do not believe that this is correct. > > The RHEL6 documentation seems to clearly indicate that HBSS is an > intrusion detection tool, and SELinux is an intrusion prevention system. > > To me the RHEL6 version is superior. > > Thanks, > Jess > > > ----- Original Message ----- > > From: "Shawn Wells" <[email protected]> > > To: [email protected] > > Sent: Tuesday, September 24, 2013 3:21:10 PM > > Subject: RHEL5 vs RHEL6 language on HBSS > > > > I received the following note from a colleague today, outlining the > > wording changes between RHEL5 and RHEL6 regarding HBSS. I searched the > > mailing archives, and can't figure out *why* the language was changed. > > > > - Anyone remember why? > > - Objections to reverting to the RHEL5 language? > > > > EMail: > > > from the RHEL 6 STIG: > > > > > > ============================ > > > Group ID (Vulid): V-38667 > > > Group Title: SRG-OS-000196 > > > Rule ID: SV-50468r1_rule > > > Severity: CAT II > > > Rule Version (STIG-ID): RHEL-06-000285 > > > Rule Title: The system must have a host-based intrusion detection tool > > > installed. > > > > > > Vulnerability Discussion: Adding host-based intrusion detection tools > can > > > provide the capability to automatically take actions in response to > > > malicious behavior, which can provide additional agility in reacting to > > > network threats. These tools also often include a reporting capability > to > > > provide network awareness of system, which may not otherwise exist in > an > > > organization's systems management regime. > > > > > > Check Content: > > > Inspect the system to determine if intrusion detection software has > been > > > installed. Verify the intrusion detection software is active. > > > If no host-based intrusion detection tools are installed, this is a > > > finding. > > > > > > Fix Text: The base Red Hat platform already includes a sophisticated > > > auditing system that can detect intruder activity, as well as SELinux, > > > which provides host-based intrusion prevention capabilities by > confining > > > privileged programs and user sessions which may become compromised. > > > > > > Install an additional intrusion detection tool to provide > complementary or > > > duplicative monitoring, reporting, and reaction capabilities to those > of > > > the base platform. For DoD systems, the McAfee Host-based Security > System > > > is provided to fulfill this role. > > > ======================== > > > > > > > > > to look more like this from the RHEL 5 STIG: > > > > > > ========================= > > > Group ID (Vulid): V-782 > > > Group Title: GEN006480 > > > Rule ID: SV-37746r2_rule > > > Severity: CAT II > > > Rule Version (STIG-ID): GEN006480 > > > Rule Title: The system must have a host-based intrusion detection tool > > > installed. > > > > > > Vulnerability Discussion: Without a host-based intrusion detection > tool, > > > there is no system-level defense when an intruder gains access to a > system > > > or network. Additionally, a host-based intrusion detection tool can > > > provide methods to immediately lock out detected intrusion attempts. > > > > > > Responsibility: System Administrator > > > IAControls: ECID-1 > > > > > > Check Content: > > > Ask the SA or IAO if a host-based intrusion detection application is > loaded > > > on the system. The preferred intrusion detection system is McAfee HBSS > > > available through Cybercom. If another host-based intrusion detection > > > application, such as SELinux, is used on the system, this is not a > > > finding. > > > ========================= > > > > > > People are getting confused and SElinux and HBSS are getting installed > with > > > SElinux being disabled to make things work. > > > > > > > > _______________________________________________ > > scap-security-guide mailing list > > [email protected] > > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > > > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > -- Mind on a Mission <http://leamhall.blogspot.com/>
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
