UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The nails user and nailsgroup group must be restricted to the least privilege access required for the intended role.


Overview

Finding ID Version Rule ID IA Controls Severity
V-63141 DTAVSEL-202 SV-77631r1_rule Medium
Description
The McAfee VirusScan Enterprise for Linux software runs its processes under the nails user, which is part of the nailsgroup group. The WEB GUI is also accessed using the nails user. Ensuring this account only has access to the required functions necessary for its intended role will mitigate the possibility of the nails user/nailsgroup group from being used to perform malicious destruction to the system in the event of a compromise.
STIG Date
McAfee VSEL 1.9/2.0 Local Client Security Technical Implementation Guide 2019-03-20

Details

Check Text ( C-63893r1_chk )
Access the Linux system console command line as root.
Execute the following commands. This command will pipe the results to text files for easier review.

find / -group nailsgroup >nailsgroup.txt
find / -user nails >nails.txt

Execute the following commands to individually review each of the text files of results, pressing space bar to move to each page until the end of the exported text.

more nailsgroup.txt
more nails.txt

When reviewing the results, verify the nailsgroup group and nails user only own the following paths. The following paths assume an INSTALLDIR of /opt/NAI/LinuxShield and a RUNTIMEDIR of /var/opt/NAI/LinuxShield. If alternative folders were used, replace the following paths accordingly when validating.

/var/opt/NAI and sub-folders
/opt/NAI and sub-folders
/McAfee/lib
/var/spool/mail/nails
/proc/##### (where ##### represents the various process IDs for the VSEL processes.)

If any other folder is owned by either the nailsgroup group or the nails user, this is a finding.
Fix Text (F-69059r1_fix)
Access the Linux system console command line as root.
Navigate to each path to which the nails user or nailsgroup group has unnecessary permissions/ownership.

Using the chmod command, reduce, or remove permissions for the nails user.

Using the chown command remove ownership by the nails user or nailsgroup group.