STIGQter: STIG Summary: McAfee VSEL 1.9/2.0 Local Client Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 24 Apr 2020: STIGQter: STIG Summary: McAfee VSEL 1.9/2.0 Local Client Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 24 Apr 2020:SV-77597r1_rule
V-63107
SRG-APP-000278
DTAVSEL-019
CAT II
10
From a desktop browser window, connect to the McAfee VirusScan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account.
In the VSEL WEB Monitor, under "Configure", select "On-Access Settings".
Under "Anti-virus Scanning Options", select the check box for "Scan files on network mounted volumes".
Click "Apply".
With the System Administrator's assistance, determine network mounted volumes on the Linux system being reviewed.
If network mounted volumes are mounted, verify whether anti-virus protection is locally installed on, and configured to protect, the network servers to which the mounted volumes connect.
If all network servers to which mounted volumes connect are protected by locally installed and configured anti-virus protection, this check for the Linux system being reviewed is Not Applicable.
If no network mounted volumes are configured on the Linux system being reviewed, this check is Not Applicable.
If mounted volumes exist on the Linux system being reviewed which are connecting to network servers which lack locally installed and configured anti-virus protection, this check must be validated.
From a desktop browser window, connect to the McAfee VirusScan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account.
In the VSEL WEB Monitor, under "Configure", select "On-Access Settings".
Under "Anti-virus Scanning Options", verify check box for "Scan files on network mounted volumes" is selected.
If the check box for "Scan files on network mounted volumes" is not selected, this is a finding.
To validate without the Web interface, access the Linux system being reviewed, either at the console or by a SSH connection.
At the command line, navigate to /var/opt/NAI/LinuxShield/etc.
Enter the command "grep "nailsd.profile.OAS.scanNWFiles:" nailsd.cfg"
If the response given for "nailsd.profile.OAS.scanNWFiles" is not "true", this is a finding.
V-63107
False
DTAVSEL-019
With the System Administrator's assistance, determine network mounted volumes on the Linux system being reviewed.
If network mounted volumes are mounted, verify whether anti-virus protection is locally installed on, and configured to protect, the network servers to which the mounted volumes connect.
If all network servers to which mounted volumes connect are protected by locally installed and configured anti-virus protection, this check for the Linux system being reviewed is Not Applicable.
If no network mounted volumes are configured on the Linux system being reviewed, this check is Not Applicable.
If mounted volumes exist on the Linux system being reviewed which are connecting to network servers which lack locally installed and configured anti-virus protection, this check must be validated.
From a desktop browser window, connect to the McAfee VirusScan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account.
In the VSEL WEB Monitor, under "Configure", select "On-Access Settings".
Under "Anti-virus Scanning Options", verify check box for "Scan files on network mounted volumes" is selected.
If the check box for "Scan files on network mounted volumes" is not selected, this is a finding.
To validate without the Web interface, access the Linux system being reviewed, either at the console or by a SSH connection.
At the command line, navigate to /var/opt/NAI/LinuxShield/etc.
Enter the command "grep "nailsd.profile.OAS.scanNWFiles:" nailsd.cfg"
If the response given for "nailsd.profile.OAS.scanNWFiles" is not "true", this is a finding.
M
2941