The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to receive automatic updates.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-63073	DTAVSEL-002	SV-77563r1_rule		Medium

Description
Anti-virus signature files are updated almost daily by anti-virus software vendors. These files are made available to anti-virus clients as they are published. Keeping virus signature files as current as possible is vital to the security of any system. The anti-virus software product must be configured to receive those updates automatically in order to afford the expected protection.

STIG	Date
McAfee VSEL 1.9/2.0 Local Client Security Technical Implementation Guide	2020-03-24

Details

Check Text ( C-63825r1_chk )
From a desktop browser window, connect to the McAfee VirusScan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account. Under "View", select "Scheduled Tasks". Under "Scheduled Tasks", under "Task Summaries", with the assistance of the McAfee VSEL SA, identify the VirusScan DAT update task. Verify the "Type" is "Update" and the "Status" is "Completed" with Results of "Update Finished". Under "Task Details" for the task, click on the "Modify" button. Choose "2. Choose what to update" and verify the "Virus definition files (also known as DAT files)" is selected. If there is not a task designated as the regularly scheduled DAT Update task, this is a finding. If there exists a task designated as the regularly scheduled DAT Update task, but "Virus definition files (also known as DAT files)" selection under the "2. Choose what to update" section is not selected, this is a finding. To validate without the Web interface, access the Linux system being reviewed, either at the console or by a SSH connection. At the command line, enter the command "/opt/NAI/LinuxShield/bin/nails task --list". The command will return a response similar to the following: LinuxShield configured tasks: 1 "LinuxShield Update" (Running) If the response does not return a configured task for "LinuxShield Update", this is a finding.

Check Text ( C-63825r1_chk )

From a desktop browser window, connect to the McAfee VirusScan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account.

Under "View", select "Scheduled Tasks".
Under "Scheduled Tasks", under "Task Summaries", with the assistance of the McAfee VSEL SA, identify the VirusScan DAT update task.
Verify the "Type" is "Update" and the "Status" is "Completed" with Results of "Update Finished".
Under "Task Details" for the task, click on the "Modify" button.
Choose "2. Choose what to update" and verify the "Virus definition files (also known as DAT files)" is selected.

If there is not a task designated as the regularly scheduled DAT Update task, this is a finding.

If there exists a task designated as the regularly scheduled DAT Update task, but "Virus definition files (also known as DAT files)" selection under the "2. Choose what to update" section is not selected, this is a finding.

To validate without the Web interface, access the Linux system being reviewed, either at the console or by a SSH connection.
At the command line, enter the command "/opt/NAI/LinuxShield/bin/nails task --list".

The command will return a response similar to the following:
LinuxShield configured tasks:
1 "LinuxShield Update" (Running)

If the response does not return a configured task for "LinuxShield Update", this is a finding.

Fix Text (F-68991r1_fix)
From a desktop browser window, connect to the McAfee VirusScan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account. In the VSEL WEB Monitor, under "Schedule", select "Product Update". Under "1. When to update", select "Daily" and choose every "1" day(s), click on "Next". Under "2. Choose what to update", select "Virus definition files (also known as DAT files), and click on "Next". Under "3. Enter a task name", give the task a unique task name for the daily update, and click on "Finish". Configure an /etc/crontab entry for the LinuxShield Update. To run the Update task manually without the Web interface, access the Linux system being review, either at the console or by a SSH connection. At the command line, enter the command "/opt/NAI/LinuxShield/bin/nails task -l". After the task runs, a (Completed) response will be returned.

Fix Text (F-68991r1_fix)

From a desktop browser window, connect to the McAfee VirusScan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account.

In the VSEL WEB Monitor, under "Schedule", select "Product Update".
Under "1. When to update", select "Daily" and choose every "1" day(s), click on "Next".
Under "2. Choose what to update", select "Virus definition files (also known as DAT files), and click on "Next".
Under "3. Enter a task name", give the task a unique task name for the daily update, and click on "Finish".

Configure an /etc/crontab entry for the LinuxShield Update.
To run the Update task manually without the Web interface, access the Linux system being review, either at the console or by a SSH connection.
At the command line, enter the command "/opt/NAI/LinuxShield/bin/nails task -l".
After the task runs, a (Completed) response will be returned.