The nails user and nailsgroup group must be restricted to the least privilege access required for the intended role.

From McAfee VSEL 1.9/2.0 Managed Client Security Technical Implementation Guide

Part of SRG-APP-000340

Associated with: CCI-002235

SV-77557r1_rule The nails user and nailsgroup group must be restricted to the least privilege access required for the intended role.

Vulnerability discussion

The McAfee VirusScan Enterprise for Linux software runs its processes under the nails user, which is part of the nailsgroup group. The WEB GUI is also accessed using the nails user. Ensuring this account only has access to the required functions necessary for its intended role will mitigate the possibility of the nails user/nailsgroup group from being used to perform malicious destruction to the system in the event of a compromise.

Check content

Access the Linux system console command line as root. Execute the following commands. This command will pipe the results to text files for easier review. find / -group nailsgroup >nailsgroup.txt find / -user nails >nails.txt Execute the following commands to individually review each of the text files of results, pressing space bar to move to each page until the end of the exported text. more nailsgroup.txt more nails.txt When reviewing the results, verify the nailsgroup group and nails user only own the following paths. The following paths assume an INSTALLDIR of /opt/NAI/LinuxShield and a RUNTIMEDIR of /var/opt/NAI/LinuxShield. If alternative folders were used, replace the following paths accordingly when validating. /var/opt/NAI and sub-folders /opt/NAI and sub-folders /McAfee/lib /var/spool/mail/nails /proc/##### (where ##### represents the various process IDs for the VSEL processes.) If any other folder is owned by either the nailsgroup group or the nails user, this is a finding.

Fix text

Access the Linux system console command line as root. Navigate to each path to which the nails user or nailsgroup group has unnecessary permissions/ownership. Using the chmod command, reduce or remove permissions for the nails user. Using the chown command to remove ownership by the nails user or nailsgroup group.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer