STIGQter: STIG Summary: McAfee VSEL 1.9/2.0 Local Client Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 24 Apr 2020: STIGQter: STIG Summary: McAfee VSEL 1.9/2.0 Local Client Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 24 Apr 2020:SV-77565r1_rule
V-63075
SRG-APP-000279
DTAVSEL-003
CAT I
10
From a desktop browser window, connect to the McAfee VirusScan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account.
In the VSEL WEB Monitor, under "Configure", select "On-Access Settings".
Under "Anti-virus Scanning Options", select the "Enable On-Access scanning" check box.
In the "Quarantine directory" field, populate with "/quarantine" (or another valid location as determined by the organization).
Click "Apply".
Note: McAfee VSEL On-Access scan is not compatible with NFS Version 4. On client systems with the NFS 4.0 client as default, execute the following command to use NFS version 3.0 as a workaround:
mount -t nfs -o nfsvers=3 <NFS_Path> <Mount_point>
If mounting with NFS version 3.0 is not an option, this is a finding.
Only in such case, if STIG ID DTAVSEL-100 is configured for a daily scheduled scan and DTAVSEL-101 through DTAVSEL-114 are not a finding, the severity of this check can be reduced to a CAT 2.
From a desktop browser window, connect to the McAfee VirusScan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account.
In the VSEL WEB Monitor, under "Configure", select "On-Access Settings".
Under "Anti-virus Scanning Options", verify the "Enable On-Access scanning" check box is selected.
Verify the "Quarantine directory" field is populated with "/quarantine" (or another valid location as determined by the organization).
If the check box "Enable On-Access scanning" is not selected, this is a finding.
If the "Quarantine directory" field is not populated, this is a finding.
To validate without the Web interface, access the Linux system being reviewed, either at the console or by a SSH connection.
At the command line, navigate to /var/opt/NAI/LinuxShield/etc.
Enter the command "grep "oasEnabled" nailsd.cfg"
If the response given is "nailsd.oasEnabled: false" or is "nailsd.oasEnabled: true" with a preceding #, this is a finding.
V-63075
False
DTAVSEL-003
Note: McAfee VSEL On-Access scan is not compatible with NFS Version 4. On client systems with the NFS 4.0 client as default, execute the following command to use NFS version 3.0 as a workaround:
mount -t nfs -o nfsvers=3 <NFS_Path> <Mount_point>
If mounting with NFS version 3.0 is not an option, this is a finding.
Only in such case, if STIG ID DTAVSEL-100 is configured for a daily scheduled scan and DTAVSEL-101 through DTAVSEL-114 are not a finding, the severity of this check can be reduced to a CAT 2.
From a desktop browser window, connect to the McAfee VirusScan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account.
In the VSEL WEB Monitor, under "Configure", select "On-Access Settings".
Under "Anti-virus Scanning Options", verify the "Enable On-Access scanning" check box is selected.
Verify the "Quarantine directory" field is populated with "/quarantine" (or another valid location as determined by the organization).
If the check box "Enable On-Access scanning" is not selected, this is a finding.
If the "Quarantine directory" field is not populated, this is a finding.
To validate without the Web interface, access the Linux system being reviewed, either at the console or by a SSH connection.
At the command line, navigate to /var/opt/NAI/LinuxShield/etc.
Enter the command "grep "oasEnabled" nailsd.cfg"
If the response given is "nailsd.oasEnabled: false" or is "nailsd.oasEnabled: true" with a preceding #, this is a finding.
M
2941