STIGQter STIGQter: STIG Summary: McAfee VSEL 1.9/2.0 Local Client Security Technical Implementation Guide Version: 1 Release: 5 Benchmark Date: 25 Oct 2019: The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to receive automatic updates.

DISA Rule

SV-77563r1_rule

Vulnerability Number

V-63073

Group Title

SRG-APP-000276

Rule Version

DTAVSEL-002

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

From a desktop browser window, connect to the McAfee VirusScan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account.

In the VSEL WEB Monitor, under "Schedule", select "Product Update".
Under "1. When to update", select "Daily" and choose every "1" day(s), click on "Next".
Under "2. Choose what to update", select "Virus definition files (also known as DAT files), and click on "Next".
Under "3. Enter a task name", give the task a unique task name for the daily update, and click on "Finish".

Configure an /etc/crontab entry for the LinuxShield Update.
To run the Update task manually without the Web interface, access the Linux system being review, either at the console or by a SSH connection.
At the command line, enter the command "/opt/NAI/LinuxShield/bin/nails task -l".
After the task runs, a (Completed) response will be returned.

Check Contents

From a desktop browser window, connect to the McAfee VirusScan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account.

Under "View", select "Scheduled Tasks".
Under "Scheduled Tasks", under "Task Summaries", with the assistance of the McAfee VSEL SA, identify the VirusScan DAT update task.
Verify the "Type" is "Update" and the "Status" is "Completed" with Results of "Update Finished".
Under "Task Details" for the task, click on the "Modify" button.
Choose "2. Choose what to update" and verify the "Virus definition files (also known as DAT files)" is selected.

If there is not a task designated as the regularly scheduled DAT Update task, this is a finding.

If there exists a task designated as the regularly scheduled DAT Update task, but "Virus definition files (also known as DAT files)" selection under the "2. Choose what to update" section is not selected, this is a finding.

To validate without the Web interface, access the Linux system being reviewed, either at the console or by a SSH connection.
At the command line, enter the command "/opt/NAI/LinuxShield/bin/nails task --list".

The command will return a response similar to the following:
LinuxShield configured tasks:
1 "LinuxShield Update" (Running)

If the response does not return a configured task for "LinuxShield Update", this is a finding.

Vulnerability Number

V-63073

Documentable

False

Rule Version

DTAVSEL-002

Severity Override Guidance

From a desktop browser window, connect to the McAfee VirusScan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account.

Under "View", select "Scheduled Tasks".
Under "Scheduled Tasks", under "Task Summaries", with the assistance of the McAfee VSEL SA, identify the VirusScan DAT update task.
Verify the "Type" is "Update" and the "Status" is "Completed" with Results of "Update Finished".
Under "Task Details" for the task, click on the "Modify" button.
Choose "2. Choose what to update" and verify the "Virus definition files (also known as DAT files)" is selected.

If there is not a task designated as the regularly scheduled DAT Update task, this is a finding.

If there exists a task designated as the regularly scheduled DAT Update task, but "Virus definition files (also known as DAT files)" selection under the "2. Choose what to update" section is not selected, this is a finding.

To validate without the Web interface, access the Linux system being reviewed, either at the console or by a SSH connection.
At the command line, enter the command "/opt/NAI/LinuxShield/bin/nails task --list".

The command will return a response similar to the following:
LinuxShield configured tasks:
1 "LinuxShield Update" (Running)

If the response does not return a configured task for "LinuxShield Update", this is a finding.

Check Content Reference

M

Target Key

2941

Comments