STIGQter: STIG Summary: McAfee VSEL 1.9/2.0 Local Client Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 24 Apr 2020:

The McAfee VirusScan Enterprise for Linux Web interface must be disabled unless the system is on a segregated network.

DISA Rule

SV-77281r1_rule

Vulnerability Number

V-62791

Group Title

SRG-APP-000380

Rule Version

DTAVSEL-000

Severity

CAT II

CCI(s)

CCI-001813 - The information system enforces access restrictions.

Weight

Fix Recommendation

To validate without the Web interface, access the Linux system being reviewed, either at the console or by a SSH connection.

At the command line, navigate to /var/opt/NAI/LinuxShield/etc.

Modify the nailsd.cfg file.
Find the line "nailsd.disableCltWebUI: false"
Change the "false" to "true".

Reload the nails processes by running the following command:
/etc/init.d/nails reload

Check Contents

Verify the location of the system being reviewed. If it is on a segregated network, without access to the Internet nor access to the Local Area Network, nor is it managed by a McAfee ePO server, this check is Not Applicable.

If the system being reviewed has access to the Internet, is reachable from the Local Area Network and/or is managed by a McAfee ePO server, this check must be validated.

To validate without the Web interface, access the Linux system being reviewed, either at the console or by a SSH connection.

At the command line, navigate to /var/opt/NAI/LinuxShield/etc.
Enter the command "grep "nailsd.disableCltWebUI" nailsd.cfg".

If the response given for "nailsd.disableCltWebUI" is "false", this is a finding.

The McAfee VirusScan Enterprise for Linux Web interface must be disabled unless the system is on a segregated network.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments