DTAVSEL-202 - The nails user and nailsgroup group must be restricted to the least privilege access required for the intended role - user

Information

The McAfee VirusScan Enterprise for Linux software runs its processes under the nails user, which is part of the nailsgroup group. The WEB GUI is also accessed using the nails user. Ensuring this account only has access to the required functions necessary for its intended role will mitigate the possibility of the nails user/nailsgroup group from being used to perform malicious destruction to the system in the event of a compromise.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Access the Linux system console command line as root.
Navigate to each path to which the nails user or nailsgroup group has unnecessary permissions/ownership.

Using the chmod command, reduce, or remove permissions for the nails user.

Using the chown command remove ownership by the nails user or nailsgroup group.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_McAfee_VSEL_1-9_2-0_Y20M04_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(10), CAT|II, CCI|CCI-002235, Rule-ID|SV-77631r1_rule, STIG-ID|DTAVSEL-202, Vuln-ID|V-63141

Plugin: Unix

Control ID: c225bd292f047300e8e945c57551c3cfd3bd24c48ddbd4517edc1d653bd16221