STIGQter: STIG Summary: McAfee VSEL 1.9/2.0 Managed Client Security Technical Implementation Guide Version: 1 Release: 5 Benchmark Date: 24 Apr 2020:

The nails user and nailsgroup group must be restricted to the least privilege access required for the intended role.

DISA Rule

SV-77557r1_rule

Vulnerability Number

V-63067

Group Title

SRG-APP-000340

Rule Version

DTAVSEL-202

Severity

CAT II

CCI(s)

• CCI-002235 - The information system prevents non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

Weight

10

Fix Recommendation

Access the Linux system console command line as root.

Navigate to each path to which the nails user or nailsgroup group has unnecessary permissions/ownership.

Using the chmod command, reduce or remove permissions for the nails user.

Using the chown command to remove ownership by the nails user or nailsgroup group.

Check Contents

Access the Linux system console command line as root.

Execute the following commands. This command will pipe the results to text files for easier review.

find / -group nailsgroup >nailsgroup.txt
find / -user nails >nails.txt

Execute the following commands to individually review each of the text files of results, pressing space bar to move to each page until the end of the exported text.

more nailsgroup.txt
more nails.txt

When reviewing the results, verify the nailsgroup group and nails user only own the following paths. The following paths assume an INSTALLDIR of /opt/NAI/LinuxShield and a RUNTIMEDIR of /var/opt/NAI/LinuxShield. If alternative folders were used, replace the following paths accordingly when validating.

/var/opt/NAI and sub-folders
/opt/NAI and sub-folders
/McAfee/lib
/var/spool/mail/nails
/proc/##### (where ##### represents the various process IDs for the VSEL processes.)

If any other folder is owned by either the nailsgroup group or the nails user, this is a finding.

Vulnerability Number

V-63067

Documentable

False

Rule Version

DTAVSEL-202

Severity Override Guidance

Access the Linux system console command line as root.

Execute the following commands. This command will pipe the results to text files for easier review.

find / -group nailsgroup >nailsgroup.txt
find / -user nails >nails.txt

Execute the following commands to individually review each of the text files of results, pressing space bar to move to each page until the end of the exported text.

more nailsgroup.txt
more nails.txt

When reviewing the results, verify the nailsgroup group and nails user only own the following paths. The following paths assume an INSTALLDIR of /opt/NAI/LinuxShield and a RUNTIMEDIR of /var/opt/NAI/LinuxShield. If alternative folders were used, replace the following paths accordingly when validating.

/var/opt/NAI and sub-folders
/opt/NAI and sub-folders
/McAfee/lib
/var/spool/mail/nails
/proc/##### (where ##### represents the various process IDs for the VSEL processes.)

If any other folder is owned by either the nailsgroup group or the nails user, this is a finding.

Check Content Reference

M

Target Key

2939

Comments