{"description": "The base Ubuntu 22.04 platform already includes a sophisticated auditing system that\ncan detect intruder activity, as well as SELinux, which provides host-based\nintrusion prevention capabilities by confining privileged programs and user\nsessions which may become compromised.", "rationale": "Host-based intrusion detection tools provide a system-level defense when an\nintruder gains access to a system or network.", "severity": "high", "references": {"cis-csc": ["1", "12", "13", "14", "15", "16", "18", "7", "8", "9"], "cobit5": ["APO01.06", "APO13.01", "DSS01.03", "DSS01.05", "DSS03.05", "DSS05.02", "DSS05.04", "DSS05.07", "DSS06.02"], "isa-62443-2009": ["4.3.3.4"], "isa-62443-2013": ["SR 3.1", "SR 3.5", "SR 3.8", "SR 4.1", "SR 4.3", "SR 5.1", "SR 5.2", "SR 5.3", "SR 6.2", "SR 7.1", "SR 7.6"], "iso27001-2013": ["A.10.1.1", "A.11.1.4", "A.11.1.5", "A.11.2.1", "A.13.1.1", "A.13.1.3", "A.13.2.1", "A.13.2.3", "A.13.2.4", "A.14.1.2", "A.14.1.3", "A.6.1.2", "A.7.1.1", "A.7.1.2", "A.7.3.1", "A.8.2.2", "A.8.2.3", "A.9.1.1", "A.9.1.2", "A.9.2.3", "A.9.4.1", "A.9.4.4", "A.9.4.5"], "nist": ["CM-6(a)"], "nist-csf": ["DE.CM-1", "PR.AC-5", "PR.DS-5", "PR.PT-4"], "pcidss": ["Req-11.4"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "no host-based intrusion detection tools are installed", "ocil": "Inspect the system to determine if intrusion detection software has been installed.\nVerify this intrusion detection software is active.", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [{"general": "In DoD environments, supplemental intrusion detection and antivirus tools,\nsuch as the McAfee Host-based Security System, are available to integrate with\nexisting infrastructure. Per DISA guidance, when these supplemental tools interfere\nwith proper functioning of SELinux, SELinux takes precedence. Should further\nclarification be required, DISA contact information is published publicly at\nhttps://www.cyber.mil/stigs/"}], "conflicts": ["selinux_state"], "requires": [], "policy_specific_content": {}, "platform": "system_with_kernel", "platforms": ["system_with_kernel"], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": ["system_with_kernel"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Install Intrusion Detection Software", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml", "template": null}