STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

The SUSE operating system must deploy Endpoint Security for Linux Threat Prevention (ENSLTP).

DISA Rule

SV-234801r622137_rule

Vulnerability Number

V-234801

Group Title

SRG-OS-000191-GPOS-00080

Rule Version

SLES-15-010001

Severity

CAT II

CCI(s)

• CCI-001233 - The organization employs automated mechanisms on an organization-defined frequency to determine the state of information system components with regard to flaw remediation.

Weight

10

Fix Recommendation

Install and enable the latest McAfee ENSLTP.

Check Contents

Per OPORD 16-0080, the preferred intrusion detection system is McAfee Host Intrusion Prevention System (HIPS) in conjunction with SELinux. McAfee Endpoint Security for Linux (ENSL) is an approved alternative to McAfee Virus Scan Enterprise (VSE) and HIPS.

Procedure:
Verify the SUSE operating system deploys ENSLTP.

Check that the following package has been installed:

# rpm -qa | grep isectp

If the "isectp" package is not installed, this is a finding.

Verify that the daemon is running:

# ps -ef | grep -i “isectpd”

If the daemon is not running, this is a finding.

Vulnerability Number

V-234801

Documentable

False

Rule Version

SLES-15-010001

Severity Override Guidance

Per OPORD 16-0080, the preferred intrusion detection system is McAfee Host Intrusion Prevention System (HIPS) in conjunction with SELinux. McAfee Endpoint Security for Linux (ENSL) is an approved alternative to McAfee Virus Scan Enterprise (VSE) and HIPS.

Procedure:
Verify the SUSE operating system deploys ENSLTP.

Check that the following package has been installed:

# rpm -qa | grep isectp

If the "isectp" package is not installed, this is a finding.

Verify that the daemon is running:

# ps -ef | grep -i “isectpd”

If the daemon is not running, this is a finding.

Check Content Reference

M

Target Key

5274

Comments