Details

The McAfee VirusScan Enterprise for Linux software runs its processes under the nails user, which is part of the nailsgroup group. The WEB GUI is also accessed using the nails user. Ensuring this account only has access to the required functions necessary for its intended role will mitigate the possibility of the nails user/nailsgroup group from being used to perform malicious destruction to the system in the event of a compromise.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Access the Linux system console command line as root.

Navigate to each path to which the nails user or nailsgroup group has unnecessary permissions/ownership.

Using the chmod command, reduce or remove permissions for the nails user.

Using the chown command to remove ownership by the nails user or nailsgroup group.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_McAfee_VSEL_1-9_2-0_Y20M04_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.

References

• 800-53|AC-6(10)
• CAT|II
• CCI|CCI-002235
• Rule-ID|SV-77557r1_rule
• STIG-ID|DTAVSEL-202
• Vuln-ID|V-63067

Source

• Tenable.com/audits