LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices


Reply
  Search this Thread
Old 03-10-2016, 03:02 PM   #1
JockVSJock
Senior Member
 
Registered: Jan 2004
Location: DC
Distribution: RHEL/CentOS
Posts: 1,386
Blog Entries: 4

Rep: Reputation: 164Reputation: 164
Anyone using McAfee with RHEL?


If so, what software do you have installed to get it to work in an enterprise environment?

This is pertaining to RHEL5. RHEL6 servers are being managed by HBSS, which is operated by someone else higher up the food chain.

I have an agent, with a daemon running as cma and then there is a CLI scanner which needs to have virus definition files sent to it manually each week.
 
Old 03-11-2016, 01:24 PM   #2
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 17,517

Rep: Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619
clam mail scanner is really all you need
and it is in the rhn repos
 
Old 03-11-2016, 01:34 PM   #3
JockVSJock
Senior Member
 
Registered: Jan 2004
Location: DC
Distribution: RHEL/CentOS
Posts: 1,386

Original Poster
Blog Entries: 4

Rep: Reputation: 164Reputation: 164
Quote:
Originally Posted by John VV View Post
clam mail scanner is really all you need
and it is in the rhn repos
I understand what your saying, however the standard and mandated anti-virus suite is McAfee.

I'm getting conflicting info on what is needed, so I'll keep reading...
 
Old 06-01-2016, 08:56 AM   #4
biosboy4
Member
 
Registered: Aug 2015
Distribution: *DEB, Centos, NXOS
Posts: 242

Rep: Reputation: 38
I use clamav to scan our rsync backups/hostFS before dumping the backups into our isolated "vault". This is for ransomware protection.

Their database is updated several times a day, so don't forget to freshclam often.

 
Old 06-01-2016, 09:18 AM   #5
ReaperX7
LQ Guru
 
Registered: Jul 2011
Location: California
Distribution: Slackware64-Current
Posts: 6,450
Blog Entries: 15

Rep: Reputation: 2031Reputation: 2031Reputation: 2031Reputation: 2031Reputation: 2031Reputation: 2031Reputation: 2031Reputation: 2031Reputation: 2031Reputation: 2031Reputation: 2031
It will depend on the system requirements for McAfee. If the minimum requirements are met, you should be okay, but do take care if it requires a certain kernel line for a module. Some module code for 2.6 and 3.x may not build on 4.x kernels, so research carefully.

Mandated software often may need a review and if it can't be used, it can't be used plain and simple. Test, retest, retest again, and double check to make sure it is working before deploying it. Closed source software can be problematic on GNU/Linux at times, but not always, so just take care and caution.
 
Old 07-15-2016, 08:03 AM   #6
jsdomingo
LQ Newbie
 
Registered: Feb 2016
Posts: 18

Rep: Reputation: Disabled
Hi JockVSJock,

I work in a DoD environment and have the exact same setup that you described in your top post. Our local site runs a custom sh file provided by the HBSS team which then (from what I gather) submits some sort of request to their server. We then provide the hostname/IP of the specific host so that they can properly enable the "management" portion within the HBSS server.

So far, we've had no issues (cross fingers) with the installation. I would have installed CLAM but it wasn't part of our approved software list which is why we resorted to HBSS.
 
Old 07-15-2016, 08:38 PM   #7
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Ubuntu MATE, Mageia, and whatever VMs I happen to be playing with
Posts: 17,217
Blog Entries: 27

Rep: Reputation: 5326Reputation: 5326Reputation: 5326Reputation: 5326Reputation: 5326Reputation: 5326Reputation: 5326Reputation: 5326Reputation: 5326Reputation: 5326Reputation: 5326
Just who anointed McAfee the "standard and mandated" AV program? I stopped using it in my DOS days because it was too darn resource-hungry. Lately, I've been using AVG Free, not so much because Linux needs it, but because I promised myself a long time that I would never connect a computer to the net without its having an AV installed because I trust no one, no one, you hear.

A web search for reviews of AV programs for Linux will turn up many results.
 
Old 07-15-2016, 09:19 PM   #8
ardvark71
LQ Veteran
 
Registered: Feb 2015
Location: USA
Distribution: Lubuntu 14.04, Windows Vista
Posts: 6,277
Blog Entries: 3

Rep: Reputation: 841Reputation: 841Reputation: 841Reputation: 841Reputation: 841Reputation: 841Reputation: 841
Quote:
Originally Posted by frankbell View Post
A web search for reviews of AV programs for Linux will turn up many results.
Hi all...

Although I wish the results were better, I happened to find this article which turned up 4th on the list of results mentioned above.

Regards...

Last edited by ardvark71; 07-15-2016 at 09:27 PM. Reason: Changed wording.
 
Old 07-16-2016, 01:29 AM   #9
jsdomingo
LQ Newbie
 
Registered: Feb 2016
Posts: 18

Rep: Reputation: Disabled
Quote:
Originally Posted by frankbell View Post
Just who anointed McAfee the "standard and mandated" AV program?
I'm assuming that OP (like me) works in an environment where McAfee is the "standard and mandated" AV program (HBSS).
 
Old 07-16-2016, 09:00 PM   #10
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Ubuntu MATE, Mageia, and whatever VMs I happen to be playing with
Posts: 17,217
Blog Entries: 27

Rep: Reputation: 5326Reputation: 5326Reputation: 5326Reputation: 5326Reputation: 5326Reputation: 5326Reputation: 5326Reputation: 5326Reputation: 5326Reputation: 5326Reputation: 5326
Quote:
I'm assuming that OP (like me) works in an environment where McAfee is the "standard and mandated" AV program (HBSS)
I suspected that might be the case, but I had to ask. If that's the case, the answer would seem to me to use McAfee.

As the updates seem to be distributed manually, OP might want to take a look at clusterssh to help manage that task. One of the guys at TLLTS speaks highly of it.
 
Old 08-08-2016, 10:12 AM   #11
ihaveavirus
LQ Newbie
 
Registered: Jul 2016
Distribution: RHEL
Posts: 22

Rep: Reputation: Disabled
McAfee VSEL is commonly used with the McAfee HBSS suite as a CLI based anti virus solution for Linux. The virus definitions for VSEL should be updated daily and can be pulled from DISA or directly from McAfee (I recommend using directly from them if your servers are subjected to ACAS scans). HBSS by itself is not a an anti virus but a suite of products, please refer to the McAfee website for further information.
 
Old 08-08-2016, 12:23 PM   #12
JockVSJock
Senior Member
 
Registered: Jan 2004
Location: DC
Distribution: RHEL/CentOS
Posts: 1,386

Original Poster
Blog Entries: 4

Rep: Reputation: 164Reputation: 164
Quote:
Originally Posted by jsdomingo View Post
I'm assuming that OP (like me) works in an environment where McAfee is the "standard and mandated" AV program (HBSS).

Correct, McAfee is the standard.

For older RHEL we use a client and have to download signatures frequently.
 
Old 08-15-2016, 05:48 PM   #13
DeusExMichael
LQ Newbie
 
Registered: Mar 2007
Location: Colorado
Distribution: RHEL/Fedora
Posts: 5

Rep: Reputation: 2
It makes my soul hurt every time I see it but it is true. McAfee is required as part of the STIGs, which makes life really hard for those of us using applications that require SELinux, as they are mutually exclusive without taking a serious hammer out and beating on them. Now, as you are on a government site, they should be able to manage all of that from the Satellite Server, assuming you have one. Then again, that's not always a safe assumption.

JockVSJock: What management are you using for your environment. Satellite, Crowbar, Puppet, Ansible, or good old manual updates to everything and pray no one makes a typo?
 
1 members found this post helpful.
Old 12-07-2016, 09:21 AM   #14
bravored
Member
 
Registered: Mar 2005
Distribution: RHEL, freeBSD, Solaris
Posts: 49

Rep: Reputation: 0
Hey JockVSJock

I have used mcafee - mind your exclusions / we used to cli scanner where I can do the exclusion list myself - then we switched over to agent

I believe it was these 2 rpms that gave you the cma and nails for the McAfee.
MFEcma MFErt


I didnt have to update the virus def manually though - our sec team managed the updates on their own.
 
Old 12-15-2016, 07:43 AM   #15
ClassANetwork
LQ Newbie
 
Registered: Jul 2016
Distribution: CentOS
Posts: 3

Rep: Reputation: Disabled
Hello, I also work in a DoD environment. What I ended up doing was using the McAffee Command Line Scanner distributed from DISA under Tools > Other CyberSecurity Tools > DoD AntiVirus Software (Since the GUI version does NOT work with RHEL5/RHEL6 and RHEL7 is still not approved for use). There is an install script you have to make executable (chmod +x install.sh). Run that and it will install the files in /usr/local/uvscan if you select the default presets. After that, you will need to download the latest definitions (I get mine from DISA or Navy INFOSEC site). Copy those files into the /usr/local/uvscan folder.

I am not sure if you need to apply STIG controls to McAfee on Linux like you need to do with Windows other than setting permissions and whatnot, since I have not gotten that far yet in my builds.
 
  


Reply

Tags
antivirus, mcafee, rhel


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
RHEL McAfee Anti-Virus upgrade JockVSJock Linux - Enterprise 1 07-30-2015 10:26 PM
mcafee prob rhel sobah Linux - Newbie 6 08-01-2012 03:33 AM
Trying to install McAfee Rig24 Linux - Software 2 07-10-2007 11:57 AM
McAfee Scan??? dsschanze Linux - Software 0 12-23-2004 09:22 AM
loading Mcafee from cdrom flyer26 Linux - Newbie 2 02-12-2003 01:34 PM

LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise

All times are GMT -5. The time now is 02:50 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration