Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-38666 | RHEL-06-000284 | SV-50467r2_rule | High |
Description |
---|
Virus scanning software can be used to detect if a system has been compromised by computer viruses, as well as to limit their spread to other systems. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 6 Security Technical Implementation Guide | 2016-12-16 |
Check Text ( C-46226r2_chk ) |
---|
Inspect the system for a cron job or system service which executes a virus scanning tool regularly. To verify the McAfee VSEL system service is operational, run the following command: # /etc/init.d/nails status To check on the age of uvscan virus definition files, run the following command: # cd /opt/NAI/LinuxShield/engine/dat # ls -la avvscan.dat avvnames.dat avvclean.dat If virus scanning software does not run continuously, or at least daily, or has signatures that are out of date, this is a finding. |
Fix Text (F-43615r2_fix) |
---|
Install virus scanning software, which uses signatures to search for the presence of viruses on the filesystem. The McAfee VirusScan Enterprise for Linux virus scanning tool is provided for DoD systems. Ensure virus definition files are no older than 7 days, or their last release. Configure the virus scanning software to perform scans dynamically on all accessed files. If this is not possible, configure the system to scan all altered files on the system on a daily basis. If the system processes inbound SMTP mail, configure the virus scanner to scan all received mail. |