On 7/27/14, 11:27 PM, Shawn Wells wrote:
From: Leland Steinke<[email protected]>
Signed-off-by: Leland Steinke<[email protected]>
---
RHEL/6/input/system/software/integrity.xml | 13 ++++++-------
1 files changed, 6 insertions(+), 7 deletions(-)
diff --git a/RHEL/6/input/system/software/integrity.xml
b/RHEL/6/input/system/software/integrity.xml
index 0c14ecc..eca2b8e 100644
--- a/RHEL/6/input/system/software/integrity.xml
+++ b/RHEL/6/input/system/software/integrity.xml
@@ -221,7 +221,7 @@ intruder gains access to a system or network.
<description>
Install virus scanning software, which uses signatures to search for the
presence of viruses on the filesystem.
-The McAfee uvscan virus scanning tool is provided for DoD systems.
+The McAfee VirusScan Enterprise for Linux virus scanning tool is provided for
DoD systems.
Ensure virus definition files are no older than 7 days, or their last release.
<!-- need info here on where DoD admins can go to get this -->
Configure the virus scanning software to perform scans dynamically on all
@@ -234,18 +234,17 @@ to scan all received mail.
with the IAO (or SSO or ISSO or ISSM or whatever is the right acronym in
your
particular neighborhood) should occur? -->
</description>
-<ocil clause="virus scanning software does not run daily, or has signatures that are
out of date">
+<ocil clause="virus scanning software does not run continuously, or at least daily, or
has signatures that are out of date">
Inspect the system for a cron job or system service which executes
a virus scanning tool regularly.
<br/>
<!-- this should be handled as DoD-specific text in a future revision -->
-To verify the McAfee command line scan tool (uvscan) is scheduled for
-regular execution, run the following command to check for a cron job:
-<pre># grep uvscan/etc/cron* /var/spool/cron/*</pre>
-This will reveal if and when the uvscan program will be run.
+To verify the McAfee VSEL system service is operational,
+run the following command:
+<pre># /etc/init.d/nails status</pre>
<br/>
To check on the age of uvscan virus definition files, run the following
command:
-<pre># cd /usr/local/uvscan
+<pre># cd /opt/NAI/LinuxShield/engine/dat
# ls -la avvscan.dat avvnames.dat avvclean.dat</pre>
</ocil>
<rationale>
-- 1.7.1
Syntax wise this patch is good. As I don't have a copy of VSEL, I'll
have to trust the filepaths are correct.
Question: The OCIL asks for continuously or daily operations, whereas
the check text ("nails status") only returns if VSEL is currently
running. Should OCIL check text be added to check for cron jobs as well?
I'll go ahead and ack this as-is to keep upstream aligned with FSO
content, and we'll patch as needed.
--
SCAP Security Guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/
