|
Anyone using McAfee with RHEL?
If so, what software do you have installed to get it to work in an enterprise environment?
This is pertaining to RHEL5. RHEL6 servers are being managed by HBSS, which is operated by someone else higher up the food chain. I have an agent, with a daemon running as cma and then there is a CLI scanner which needs to have virus definition files sent to it manually each week. |
clam mail scanner is really all you need
and it is in the rhn repos |
Quote:
I'm getting conflicting info on what is needed, so I'll keep reading... |
I use clamav to scan our rsync backups/hostFS before dumping the backups into our isolated "vault". This is for ransomware protection.
Their database is updated several times a day, so don't forget to freshclam often. :) |
It will depend on the system requirements for McAfee. If the minimum requirements are met, you should be okay, but do take care if it requires a certain kernel line for a module. Some module code for 2.6 and 3.x may not build on 4.x kernels, so research carefully.
Mandated software often may need a review and if it can't be used, it can't be used plain and simple. Test, retest, retest again, and double check to make sure it is working before deploying it. Closed source software can be problematic on GNU/Linux at times, but not always, so just take care and caution. |
Hi JockVSJock,
I work in a DoD environment and have the exact same setup that you described in your top post. Our local site runs a custom sh file provided by the HBSS team which then (from what I gather) submits some sort of request to their server. We then provide the hostname/IP of the specific host so that they can properly enable the "management" portion within the HBSS server. So far, we've had no issues (cross fingers) with the installation. I would have installed CLAM but it wasn't part of our approved software list which is why we resorted to HBSS. |
Just who anointed McAfee the "standard and mandated" AV program? I stopped using it in my DOS days because it was too darn resource-hungry. Lately, I've been using AVG Free, not so much because Linux needs it, but because I promised myself a long time that I would never connect a computer to the net without its having an AV installed because I trust no one, no one, you hear.
A web search for reviews of AV programs for Linux will turn up many results. |
Quote:
Although I wish the results were better, I happened to find this article which turned up 4th on the list of results mentioned above. :( Regards... |
Quote:
|
Quote:
As the updates seem to be distributed manually, OP might want to take a look at clusterssh to help manage that task. One of the guys at TLLTS speaks highly of it. |
McAfee VSEL is commonly used with the McAfee HBSS suite as a CLI based anti virus solution for Linux. The virus definitions for VSEL should be updated daily and can be pulled from DISA or directly from McAfee (I recommend using directly from them if your servers are subjected to ACAS scans). HBSS by itself is not a an anti virus but a suite of products, please refer to the McAfee website for further information.
|
Quote:
Correct, McAfee is the standard. For older RHEL we use a client and have to download signatures frequently. |
It makes my soul hurt every time I see it but it is true. McAfee is required as part of the STIGs, which makes life really hard for those of us using applications that require SELinux, as they are mutually exclusive without taking a serious hammer out and beating on them. Now, as you are on a government site, they should be able to manage all of that from the Satellite Server, assuming you have one. Then again, that's not always a safe assumption.
JockVSJock: What management are you using for your environment. Satellite, Crowbar, Puppet, Ansible, or good old manual updates to everything and pray no one makes a typo? |
Hey JockVSJock
I have used mcafee - mind your exclusions / we used to cli scanner where I can do the exclusion list myself - then we switched over to agent I believe it was these 2 rpms that gave you the cma and nails for the McAfee. MFEcma MFErt I didnt have to update the virus def manually though - our sec team managed the updates on their own. |
Hello, I also work in a DoD environment. What I ended up doing was using the McAffee Command Line Scanner distributed from DISA under Tools > Other CyberSecurity Tools > DoD AntiVirus Software (Since the GUI version does NOT work with RHEL5/RHEL6 and RHEL7 is still not approved for use). There is an install script you have to make executable (chmod +x install.sh). Run that and it will install the files in /usr/local/uvscan if you select the default presets. After that, you will need to download the latest definitions (I get mine from DISA or Navy INFOSEC site). Copy those files into the /usr/local/uvscan folder.
I am not sure if you need to apply STIG controls to McAfee on Linux like you need to do with Windows other than setting permissions and whatnot, since I have not gotten that far yet in my builds. |
| All times are GMT -5. The time now is 04:44 PM. |