DTAVSEL-000 - The McAfee VirusScan Enterprise for Linux Web interface must be disabled unless the system is on a segregated network.

Information

The McAfee VirusScan Enterprise for Linux WEB GUI is the method for configuring the McAfee VSEL on a non-managed Linux system. The WEB GUI on the system could be used maliciously to gain unauthorized access to the system. By restricting access to interface by implementing firewall rules, the risk of unauthorized access will be mitigated.

Solution

To validate without the Web interface, access the Linux system being reviewed, either at the console or by a SSH connection.

At the command line, navigate to /var/opt/NAI/LinuxShield/etc.

Modify the nailsd.cfg file.
Find the line 'nailsd.disableCltWebUI: false'
Change the 'false' to 'true'.

Reload the nails processes by running the following command:
/etc/init.d/nails reload

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_McAfee_VSEL_1-9_2-0_Y20M04_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-5(1), CAT|II, CCI|CCI-001813, Rule-ID|SV-77281r1_rule, STIG-ID|DTAVSEL-000, Vuln-ID|V-62791

Plugin: Unix

Control ID: a584b7317f86b590d8cbf0feedb6d1dbaed2954b7364d8f90ebec67c49fb1a52