UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The McAfee VirusScan Enterprise for Linux Web interface must be disabled unless the system is on a segregated network.


Overview

Finding ID Version Rule ID IA Controls Severity
V-62791 DTAVSEL-000 SV-77281r1_rule Medium
Description
The McAfee VirusScan Enterprise for Linux WEB GUI is the method for configuring the McAfee VSEL on a non-managed Linux system. The WEB GUI on the system could be used maliciously to gain unauthorized access to the system. By restricting access to interface by implementing firewall rules, the risk of unauthorized access will be mitigated.
STIG Date
McAfee VSEL 1.9/2.0 Local Client Security Technical Implementation Guide 2020-03-24

Details

Check Text ( C-63599r1_chk )
Verify the location of the system being reviewed. If it is on a segregated network, without access to the Internet nor access to the Local Area Network, nor is it managed by a McAfee ePO server, this check is Not Applicable.

If the system being reviewed has access to the Internet, is reachable from the Local Area Network and/or is managed by a McAfee ePO server, this check must be validated.

To validate without the Web interface, access the Linux system being reviewed, either at the console or by a SSH connection.

At the command line, navigate to /var/opt/NAI/LinuxShield/etc.
Enter the command "grep "nailsd.disableCltWebUI" nailsd.cfg".

If the response given for "nailsd.disableCltWebUI" is "false", this is a finding.
Fix Text (F-68711r1_fix)
To validate without the Web interface, access the Linux system being reviewed, either at the console or by a SSH connection.

At the command line, navigate to /var/opt/NAI/LinuxShield/etc.

Modify the nailsd.cfg file.
Find the line "nailsd.disableCltWebUI: false"
Change the "false" to "true".

Reload the nails processes by running the following command:
/etc/init.d/nails reload