From McAfee VSEL 1.9/2.0 Local Client Security Technical Implementation Guide
Part of SRG-APP-000276
Associated with: CCI-001240
Failure of anti-virus signature updates will eventually render the software to be useless in protecting the Linux system from malware. Administration notification for failed updates, via SMTP, will ensure timely remediation of errors causing DATs to not be updated.
The preferred method for notification is via SMTP alerts. Consult with the System Administrator to determine whether SMTP alerts are configured or whether some other notification mechanism (i.e., regular manual review of reports)is used. If SMTP alerts are not configured, some other notification mechanism must be configured. For SMTP alert configuration in VSEL WEB Monitor: From a desktop browser window, connect to the McAfee VirusScan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account. In the VSEL WEB Monitor, review tasks under "Configure", "Notifications". Review the configured Notifications. Verify the check box for "Item Detected" is selected. Verify check boxes for "Viruses", "Trojans", "Programs", "Jokes" and "Include alerts for on-demand tasks" are selected. Verify the check box for "Out of date" is selected and "Alert for DAT files which are # days old" is configured to "7" or less. Verify the check box for "Configuration changes" is selected. Verify the check box for "System events" is selected. Verify check box for "Type" is selected and "Error" is selected from drop-down list. Verify check box for "Code" is selected and "3000-3999" is entered in Code field. Verify SMTP Settings are configured with valid email address(es) for System Administrators. For SMTP alert configuration without the Web interface: Access the Linux system being reviewed, either at the console or by a SSH connection. At the command line, navigate to /var/opt/NAI/LinuxShield/etc. Enter the command "grep "notifications.virusDetected.active" nailsd.cfg" If SMTP alert settings are not configured to send notifications to System Administrators, or some other mechanism is not used to provide this notification to System Administrators, this is a finding.
From a desktop browser window, connect to the McAfee VirusScan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account. In the VSEL WEB Monitor, under "Configure", "Notifications", select the check box for "Item Detected". Select check boxes for "Viruses", "Trojans", "Programs", "Jokes" and "Include alerts for on-demand tasks". Select the check box for "Out of date" and configure "Alert for DAT files which are # days old" to "7" or less. Select the check box for "Configuration changes". Select the check box for "System events". Select check box for "Type" and select "Error" from drop-down list. Select check box for "Code" and configured with "3000-3999" in Code field. Configure the SMTP Settings with valid email address(es) for System Administrators.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer