Linux - EnterpriseThis forum is for all items relating to using Linux in the Enterprise.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
If so, what software do you have installed to get it to work in an enterprise environment?
This is pertaining to RHEL5. RHEL6 servers are being managed by HBSS, which is operated by someone else higher up the food chain.
I have an agent, with a daemon running as cma and then there is a CLI scanner which needs to have virus definition files sent to it manually each week.
It will depend on the system requirements for McAfee. If the minimum requirements are met, you should be okay, but do take care if it requires a certain kernel line for a module. Some module code for 2.6 and 3.x may not build on 4.x kernels, so research carefully.
Mandated software often may need a review and if it can't be used, it can't be used plain and simple. Test, retest, retest again, and double check to make sure it is working before deploying it. Closed source software can be problematic on GNU/Linux at times, but not always, so just take care and caution.
I work in a DoD environment and have the exact same setup that you described in your top post. Our local site runs a custom sh file provided by the HBSS team which then (from what I gather) submits some sort of request to their server. We then provide the hostname/IP of the specific host so that they can properly enable the "management" portion within the HBSS server.
So far, we've had no issues (cross fingers) with the installation. I would have installed CLAM but it wasn't part of our approved software list which is why we resorted to HBSS.
Just who anointed McAfee the "standard and mandated" AV program? I stopped using it in my DOS days because it was too darn resource-hungry. Lately, I've been using AVG Free, not so much because Linux needs it, but because I promised myself a long time that I would never connect a computer to the net without its having an AV installed because I trust no one, no one, you hear.
I'm assuming that OP (like me) works in an environment where McAfee is the "standard and mandated" AV program (HBSS)
I suspected that might be the case, but I had to ask. If that's the case, the answer would seem to me to use McAfee.
As the updates seem to be distributed manually, OP might want to take a look at clusterssh to help manage that task. One of the guys at TLLTS speaks highly of it.
McAfee VSEL is commonly used with the McAfee HBSS suite as a CLI based anti virus solution for Linux. The virus definitions for VSEL should be updated daily and can be pulled from DISA or directly from McAfee (I recommend using directly from them if your servers are subjected to ACAS scans). HBSS by itself is not a an anti virus but a suite of products, please refer to the McAfee website for further information.
It makes my soul hurt every time I see it but it is true. McAfee is required as part of the STIGs, which makes life really hard for those of us using applications that require SELinux, as they are mutually exclusive without taking a serious hammer out and beating on them. Now, as you are on a government site, they should be able to manage all of that from the Satellite Server, assuming you have one. Then again, that's not always a safe assumption.
JockVSJock: What management are you using for your environment. Satellite, Crowbar, Puppet, Ansible, or good old manual updates to everything and pray no one makes a typo?
Hello, I also work in a DoD environment. What I ended up doing was using the McAffee Command Line Scanner distributed from DISA under Tools > Other CyberSecurity Tools > DoD AntiVirus Software (Since the GUI version does NOT work with RHEL5/RHEL6 and RHEL7 is still not approved for use). There is an install script you have to make executable (chmod +x install.sh). Run that and it will install the files in /usr/local/uvscan if you select the default presets. After that, you will need to download the latest definitions (I get mine from DISA or Navy INFOSEC site). Copy those files into the /usr/local/uvscan folder.
I am not sure if you need to apply STIG controls to McAfee on Linux like you need to do with Windows other than setting permissions and whatnot, since I have not gotten that far yet in my builds.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.