McAfee HISCDE-AB-IA Product Guide - Page 97
Overview of the Linux client, Policy enforcement with the Linux client, Notes about the Linux client
View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 97 highlights
Working with Host Intrusion Prevention Clients Overview of the Linux client Task 1 Run the command: /sbin/rc2.d/S99hip restart. 2 Enable IPS protection. Use one of these procedures, depending on which you used to stop the client: • Set IPS Options to On in the ePO console and apply the policy to the client. • Logged in at root, run the command: hipts engines MISC:on Overview of the Linux client The Host Intrusion Prevention Linux client identifies and prevents potentially harmful attempts to compromise a Linux server's files and applications. It protects the server's operating system along with Apache web servers, with an emphasis on preventing buffer overflow attacks. Policy enforcement with the Linux client Not all policies that protect a Windows client are available for the Linux client. In brief, Host Intrusion Prevention protects the host server from harmful attacks but does not offer network intrusion protection, including buffer overflow. The policies that are valid are listed here. Table 21: Linux client policies Policy Available options Host Intrusion Prevention 8.0 IPS IPS Options • Enable HIPS • Enable Adaptive Mode • Retain existing Client Rules IPS Protection IPS Rules All • Exception Rules • Signatures (default and custom HIPS rules only) NOTE: NIPS signatures and Application Protection Rules are not available. Host Intrusion Prevention 8.0 General Client UI Trusted Networks Trusted Applications Host Intrusion Prevention 8.0 Firewall None except administrative or time-based password to allow use of the troubleshooting tool. None Only Mark as trusted for IPS and New Process Name to add trusted applications. None Notes about the Linux client • The Host IPS 8.0 Linux client is incompatible with SELinux in enforce mode. To disable the enforce mode, run the command: system-config-securitylevel, change the setting to disabled, and restart the client system. McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5 97