Working with Host Intrusion Prevention Clients
Overview of the Linux client
Task
1
Run the command:
2
Enable IPS protection. Use one of these procedures, depending on which you used to stop
the client:
• Set IPS Options to On in the ePO console and apply the policy to the client.
• Logged in at root, run the command:
Overview of the Linux client
The Host Intrusion Prevention Linux client identifies and prevents potentially harmful attempts
to compromise a Linux server's files and applications. It protects the server's operating system
along with Apache web servers, with an emphasis on preventing buffer overflow attacks.
Policy enforcement with the Linux client
Not all policies that protect a Windows client are available for the Linux client. In brief, Host
Intrusion Prevention protects the host server from harmful attacks but does not offer network
intrusion protection, including buffer overflow. The policies that are valid are listed here.
Table 21: Linux client policies
Policy
Host Intrusion Prevention 8.0 IPS
IPS Options
IPS Protection
IPS Rules
Host Intrusion Prevention 8.0 General
Client UI
Trusted Networks
Trusted Applications
Host Intrusion Prevention 8.0 Firewall
Notes about the Linux client
• The Host IPS 8.0 Linux client is incompatible with SELinux in enforce mode. To disable the
enforce mode, run the command:
and restart the client system.
McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5
/sbin/rc2.d/S99hip restart.
hipts engines MISC:on
Available options
•
•
•
All
•
•
NOTE:
are not available.
None except administrative or time-based password to
allow use of the troubleshooting tool.
None
Only Mark as trusted for IPS and New Process Name to
add trusted applications.
None
system-config-securitylevel
Enable HIPS
Enable Adaptive Mode
Retain existing Client Rules
Exception Rules
Signatures (default and custom HIPS rules only)
NIPS signatures and Application Protection Rules
, change the setting to disabled,
97