1.12 Ensure host-based intrusion detection tool is used - mfetpd process

Information

The operating system must have a host-based intrusion detection tool installed.

Rationale:

Adding host-based intrusion detection tools can provide the capability to automatically take actions in response to malicious behavior, which can provide additional agility in reacting to network threats. These tools also often include a reporting capability to provide network awareness of the system, which may not otherwise exist in an organization's systems management regime.

Solution

Install and enable the latest McAfee HIPS package, available from USCYBERCOM.
Note: If the system does not support the McAfee HIPS package, install and enable a supported intrusion detection system application and document its use with the Authorizing Official.

See Also

https://workbench.cisecurity.org/files/3636

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4(5), CCI|CCI-001263, CSCv6|3.1, CSCv7|8.1, Rule-ID|SV-214800r754751_rule, STIG-ID|RHEL-07-020019

Plugin: Unix

Control ID: 8ea5321e523fc245e6915299c02a7b1b8d54dad2167be2d497ff1ef7302bcbf5