Beruflich Dokumente
Kultur Dokumente
6
Configuration Guide
COPYRIGHT Copyright 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies. TRADEMARK ATTRIBUTIONS AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.
McAfee VirusScan Enterprise for Linux software, version 1.6 Configuration Guide
Contents
Introducing McAfee VirusScan Enterprise for Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Product Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Whats new in this release. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
McAfee VirusScan Enterprise for Linux software, version 1.6 Configuration Guide
Product Features
McAfee VirusScan Enterprise for Linux software has the following features: Support for 64-bit AMD64/Intel EM64T operating systems. The latest version (5400) of the McAfee anti-virus engine. Incremental Virus Signature (DAT) updates. Mod-versioning for automatic kernel support. Scanning Comprehensive on-access anti-virus scanning and cleaning using the McAfee scanning engine. On-access scanning for local file systems, NFS and Samba. Kernel-level scan cache for improved performance. Scheduling of on-demand scans. Scheduling of updates for scanning engine and virus definition files. Administration Remote administration using browser-based interface. Secure browser interface with authentication and HTTPS (SSL) support. Remote administration and reporting using ePolicy Orchestrator. Reporting Real-time statistics. Detailed database for detected items and system events. Ability to query the database by date range or individual field values, for example, virus name. Results of query can be exported to a CSV file.
McAfee VirusScan Enterprise for Linux software, version 1.6 Configuration Guide
Introducing McAfee VirusScan Enterprise for Linux Whats new in this release
Configurable email notification for detected items, out-of-date virus definition files, configuration changes, and system events. Diagnostic report for use when reporting a problem with the product. Features not supported Support for 2.4 kernels.
McAfee VirusScan Enterprise for Linux software, version 1.6 Configuration Guide
Prerequisites
Before deploying McAfee VirusScan Enterprise for Linux on Novel Open Enterprise Server 1 or 2: 1 2 3 From the Novell eDirectory server, use iManager and create a user called "nails" and a group called "nailsgroup". Add the user "nails" a member of the "nailsgroup". Enable the user and group using the Linux User Management. Provide "nails" user with administrative privileges on all the NSS volumes. For example:
rights -f /media/nss/<VOL-name> -r s trustee nails.<context>.<tree>
NOTE: You need to provide administrative privileges to the "nails" user, every time a new NSS volume is created.
McAfee VirusScan Enterprise for Linux software, version 1.6 Configuration Guide
Integrating with ePolicy Orchestrator 4.0 Installing McAfee VirusScan Enterprise for Linux using ePolicy Orchestrator 4.0
Installing McAfee VirusScan Enterprise for Linux using ePolicy Orchestrator 4.0
Assumption If you are deploying VirusScan Enterprise for Linux for the first time, ensure that there is no user as "nails" and/or user groups as "nails" or "nailsgroup" in the client computer. Task 1 2 3 4 5 6 7 8 9 Log on to the ePolicy Orchestrator 4.0 server as an administrator. Create a temporary directory on your local drive. Download the archive McAfeeVSEForLinux-1.6.0-<build>-release.noarch.tar.gz and extract the files to the temporary directory. Click Software | Master Repository | Check In Package. The Package page appears. Select the Package type as Product or Update (.ZIP) and browse in File path to locate MSA-LNX_4.5.0_Package.ZIP extracted in the temporary directory. Click Next. The Package Options page appears with the package information. Select a Branch. In Options, select the required option(s), then click Save. Click Software | Master Repository | Check In Package. The Package page appears.
10 Select the Package type as Product or Update (.ZIP) and browse in File path to locate McAfeeVSEForLinux-1.6.0-<build>-EPO.ZIP extracted in the temporary directory. 11 Click Next. The Package Options page appears with the package information. 12 Select a Branch. 13 In Options, select the required option(s), then click Save. 14 Click Configuration | Extensions | Install Extension to install the McAfee Agent policy extension. The Install Extension dialog box appears. 15 Click Browse, select the extension file EPOAGENTMETA.ZIP, then click OK on the Install Extension page. 16 Click Configuration | Extensions | Install Extension to install the McAfee VirusScan Enterprise for Linux policy extension. The Install Extension dialog box appears. 17 Click Browse, select the extension file LYNXSHLD1600.ZIP, then click OK on the Install Extension page. 18 Click Configuration | Extensions | Install Extension to install the McAfee VirusScan Enterprise for Linux reports extension. The Install Extension dialog box appears. 19 Click Browse, select the extension file LYNXSHLD1600PARSER.ZIP, then click OK on the Install Extension page. NOTE: Before installing the reports extension, ensure that you have removed the previous LinuxShield reports extension module (LYNXSHLDPARSER). 20 From the ePolicy Orchestrator server, copy "INSTALL.SH" and "INSTALLDEB.SH" from "C:\Program Files\McAfee\ePolicy Orchestrator\DB\Software\Current\EPOAGENT3700LYNX\Install\0409" to your Linux client computer. 21 From the Linux terminal, execute the following command:
McAfee VirusScan Enterprise for Linux software, version 1.6 Configuration Guide
sh install.sh i
Incase of Ubuntu operating system, type sh installdeb.sh -i This will establish a connection between ePolicy Orchestrator and the Linux client computer. 22 Click Systems | System Tree | Client Tasks | New Task to install McAfee VirusScan Enterprise for Linux on the client Linux computer. The Client Task Builder page appears. 23 In Description, type a Name, Notes for the task and select the Type as Product Deployment (McAfee Agent), then click Next. 24 In Configuration, select the Target Platforms as Linux. 25 In Products and components, select VirusScan Enterprise for Linux 1.6.0 from the drop-down list, then select the Action as Install. 26 Click Next to schedule this task immediately or as required. 27 Click Next to view a summary of the task. 28 Click Save and send an agent wake-up call. Wait for the deployment task to complete.
McAfee VirusScan Enterprise for Linux software, version 1.6 Configuration Guide
Integrating with ePolicy Orchestrator 4.0 Setting policies within ePolicy Orchestrator
Enforcing policies
You can enforce a policy to multiple managed systems within a group. Task 1 2 3 4 5 Log on to the ePolicy Orchestrator server as an administrator. Click Systems | System Tree and select a required group or system(s). Click Assign Policy. The Assigning Policy for <n> system page appears. Select the Product, Category, and Policy from the drop-down menu, then click Save. Select the systems again.
McAfee VirusScan Enterprise for Linux software, version 1.6 Configuration Guide
Send an agent wake-up call. For instructions on sending an agent wake-up call, please refer to Sending an agent wake-up call section. NOTE: You can create and enforce McAfee VirusScan Enterprise for Linux policies and view reports only after adding the McAfee VirusScan Enterprise for Linux extension files.
Scheduling tasks
The ePolicy Orchestrator software allows you to create, schedule, and maintain client tasks that run on the managed systems. You can define client tasks for the entire System Tree, a specific group, or an individual system. Tasks Creating a Product Update task Creating an on-demand scan task
10 Send an agent wake-up call. NOTE: Click Edit to change the description/schedule of a product update task or Delete to remove it.
10
McAfee VirusScan Enterprise for Linux software, version 1.6 Configuration Guide
find a threat, vulnerability, or other potentially unwanted code. It can take place immediately, at a scheduled time in the future, or at regularly-scheduled intervals. Task 1 2 3 4 5 6 7 8 9 Log on to the ePolicy Orchestrator server as an administrator. Click Systems | System Tree and select a required group or system(s). From Client Tasks, select the required group in the System Tree for which you want to create the on-demand scan task. Click New Task. The Client Task Builder page appears. In Description, type a Name and Notes (if required) for the on-demand scan task. Select On Demand Scan (VirusScan Enterprise for Linux 1.6.0) as the Type of the task, then click Next. In Configuration, select a policy from the drop-down menu, then click Next. Schedule the task immediately or as required, then click Next to view the Summary of the on-demand scan task. Click Save.
10 Send an agent wake-up call. NOTE: Click Edit to change the description/schedule of an on-demand scan task or Delete to remove it.
Configuring reports
Reports are pre-defined queries which query the ePolicy Orchestrator database and generate a graphical output. McAfee ePolicy Orchestrator 4.0 has its own querying and reporting capabilities. McAfee includes a set of default queries on the left pane. However, you can create a new query, edit, and manage all the queries related to McAfee VirusScan Enterprise for Linux. Creating a new query 1 Log on to the ePolicy Orchestrator 4.0 server as an administrator. NOTE: If the pre-defined queries on the left side does not serve your purpose, ePolicy Orchestrator enables you to create your own queries. 2 3 4 5 6 7 Click Reporting | New Query. The Result Type page appears. On the left pane, select a data type that the query should retrieve and click Next. The Chart page appears. Select and accordingly configure a display chart/table and click Next. The Columns page appears allowing you to select columns for the chart/table. Select column(s) from the Available Columns pane and click Next. The Filter page appears. Specify criteria by selecting properties and operators to limit the data retrieved by the query. Click Run, then Save. The Save Query page appears.
McAfee VirusScan Enterprise for Linux software, version 1.6 Configuration Guide
11
Type a Name and Notes (if required) for the query, then click Save. Table 1: Reporting Options
Option Delete Edit Definition Deletes a selected query. Launches the Query Builder page loaded with the details of the selected query, where you can edit the details of a selected query. Moves the selected query from My Queries list to the Public Queries list, making it available to all users with permissions. Creates and saves a copy of the selected query. Exports the selected query to an XML file that can be imported to any ePolicy Orchestrator server. Runs the selected query and displays its result. Takes you to the View Query SQL page, where you can view and copy the SQL script of the selected query. Launches a dialog box that allows you to browse to an exported query file. When you import a query file, the server adds it to My Queries list.
Make Public
Duplicate Export
Import Query
Running a query 1 2 3 4 Log on to the ePolicy Orchestrator server as an administrator. Click Reporting. A list of queries appear on the left pane. Select a McAfee VirusScan Enterprise for Linux related query from the list. Click Run. The graphical output is displayed.
Uninstallation
This section provides instructions to uninstall McAfee VirusScan Enterprise for Linux from the client computers and remove the extensions from the ePolicy Orchestrator 4.0 server. Tasks Removing McAfee VirusScan Enterprise for Linux from the client computer Removing McAfee VirusScan Enterprise for Linux from ePolicy Orchestrator 4.0
Removing McAfee VirusScan Enterprise for Linux from the client computer
Use this task to remove McAfee VirusScan Enterprise for Linux from the client computer using ePolicy Orchestrator 4.0. Task 1 Log on to the ePolicy Orchestrator 4.0 server as an administrator.
12
McAfee VirusScan Enterprise for Linux software, version 1.6 Configuration Guide
2 3 4 5 6 7 8
Click Systems | System Tree | Client Tasks | New Task. The Client Task Builder page appears. In Description, type a Name, Notes for the task and select the Type as Product Deployment (McAfee Agent), then click Next. Under Configuration, select the Target Platforms as Linux. In Products and components, select VirusScan Enterprise for Linux 1.6.0 from the drop-down menu and select the Action as Remove. Click Next to schedule the task immediately or as required. Click Next to view a summary of the task. Click Save and send an agent wake-up call.
Removing McAfee VirusScan Enterprise for Linux from ePolicy Orchestrator 4.0
Use this task to remove McAfee VirusScan Enterprise for Linux from the ePolicy Orchestrator 4.0 repository. Task 1 2 3 4 5 6 7 8 Log on to the ePolicy Orchestrator server as an administrator. Click Software | Master Repository. Click the Delete link of VirusScan Enterprise for Linux. To remove the product and reports extension, click Configuration. From the left pane, select the report extension file VirusScan Enterprise for Linux Reports and click Remove. Select the option Force removal, bypassing any checks or errors, then click OK. From the left pane, select the product extension file VirusScan Enterprise for Linux 1.6.0 and click Remove. Select the option Force removal, bypassing any checks or errors, then click OK.
McAfee VirusScan Enterprise for Linux software, version 1.6 Configuration Guide
13
Prerequisites
Before deploying McAfee VirusScan Enterprise for Linux on Novel Open Enterprise Server 1 or 2: 1 2 3 From the Novell eDirectory server, use iManager and create a user called "nails" and a group called "nailsgroup". Add the user "nails" a member of the "nailsgroup". Enable the user and group using the Linux User Management. Provide "nails" user with administrative privileges on all the NSS volumes. For example:
rights -f /media/nss/<VOL-name> -r s trustee nails.<context>.<tree>
NOTE: You need to provide administrative privileges to the "nails" user, every time a new NSS volume is created.
14
McAfee VirusScan Enterprise for Linux software, version 1.6 Configuration Guide
Integrating with ePolicy Orchestrator 4.5 Installing McAfee VirusScan Enterprise for Linux using ePolicy Orchestrator 4.5
Installing McAfee VirusScan Enterprise for Linux using ePolicy Orchestrator 4.5
Assumption If you are deploying VirusScan Enterprise for Linux for the first time, ensure that there is no user as "nails" and/or user groups as "nails" or "nailsgroup" in the client computer. Task 1 2 3 4 5 6 7 8 9 Log on to the ePolicy Orchestrator 4.5 server as an administrator. Create a temporary directory on your local drive. Download the archive McAfeeVSEForLinux-1.6.0-<build>-release.noarch.tar.gz and extract the files to the temporary directory. Click Menu | Software | Master Repository. The Packages in Master Repository page appears. Click Actions | Check In Package. The Check In Package page appears. Select the Package type as Product or Update (.ZIP) and browse in File path to locate MSA-LNX_4.5.0_Package.ZIP extracted in the temporary directory. Click Next. The Package Options page appears with the package information. Select a Branch. In Options, select the required option(s), then click Save.
10 Click Menu | Software | Master Repository. The Packages in Master Repository page appears. 11 Click Actions | Check In Package. The Check In Package page appears. 12 Select the Package type as Product or Update (.ZIP) and browse in File path to locate McAfeeVSEForLinux-1.6.0-<build>-EPO.ZIP extracted in the temporary directory. 13 Click Next. The Package Options page appears with the package information. 14 Select a Branch. 15 In Options, select the required option(s), then click Save. 16 Click Menu | Software | Extensions. The Extensions page appears. 17 Click Install Extension to install the McAfee Agent policy extension. The Install Extension dialog box appears. 18 Click Browse, select the extension file EPOAGENTMETA.ZIP, then click OK on the Install Extension page. 19 Click Menu | Software | Extensions. The Extensions page appears. 20 Click Install Extension to install the McAfee VirusScan Enterprise for Linux policy extension. The Install Extension dialog box appears. 21 Click Browse, select the extension file LYNXSHLD1600.ZIP, then click OK on the Install Extension page. 22 Click Menu | Software | Extensions. The Extensions page appears. 23 Click Install Extension to install the McAfee VirusScan Enterprise for Linux reports extension. The Install Extension dialog box appears.
McAfee VirusScan Enterprise for Linux software, version 1.6 Configuration Guide
15
24 Click Browse, select the extension file LYNXSHLD1600PARSER.ZIP, then click OK on the Install Extension page. NOTE: Before installing the reports extension, ensure that you have removed the previous LinuxShield reports extension module (LYNXSHLDPARSER). 25 From the ePolicy Orchestrator server, copy "INSTALL.SH" and "INSTALLDEB.SH" from "C:\Program Files\McAfee\ePolicy Orchestrator\DB\Software\Current\EPOAGENT3700LYNX\Install\0409" to your Linux client computer. 26 From the Linux terminal, execute the following command:
sh install.sh i
Incase of Ubuntu operating system, type sh installdeb.sh -i This will establish a connection between ePolicy Orchestrator and the Linux client computer. 27 Click Menu | Systems | System Tree. The System Tree page appears. 28 Click Client Tasks | New Task to install McAfee VirusScan Enterprise for Linux on the client Linux computer. The Client Task Builder page appears. 29 In Description, type a Name, Notes for the task and select the Type as Product Deployment and click Next. 30 In Configuration, select the Target platforms as Linux. 31 In Products and components, select VirusScan Enterprise for Linux 1.6.0 from the drop-down list, then select the Action as Install. 32 Click Next to schedule this task immediately or as required. 33 Click Next to view a summary of the task. 34 Click Save and send an agent wake-up call. Wait for the deployment task to complete.
16
McAfee VirusScan Enterprise for Linux software, version 1.6 Configuration Guide
Integrating with ePolicy Orchestrator 4.5 Setting policies within ePolicy Orchestrator
Select the Wake-up call type as Agent Wake-Up Call and a Randomization period (0-60 minutes) by which the system(s) respond to the wake-up call sent by the ePolicy Orchestrator server. Select Get full product properties for the agent(s) to send complete properties instead of sending only those that have changed since the last agent-to-server communication. Click OK. NOTE: To see the status of the agent wake-up call, click Menu | Automation | Server Task Log.
7 8
McAfee VirusScan Enterprise for Linux software, version 1.6 Configuration Guide
17
Enforcing policies
You can enforce a policy to multiple managed systems within a group. Task 1 2 3 4 5 6 7 Log on to the ePolicy Orchestrator server as an administrator. Click Menu | Systems | System Tree and select a required group or system(s). Click Assigned Policies and from the Product drop-down menu, select VirusScan Enterprise for Linux 1.6.0. Select the Category and click Edit Assignment. Select the policy from the Assigned policy drop-down menu and click Save. Select the systems again. Send an agent wake-up call. For instructions on sending an agent wake-up call, please refer to Sending an agent wake-up call section. NOTE: You can create and enforce McAfee VirusScan Enterprise for Linux policies and view reports only after adding the McAfee VirusScan Enterprise for Linux extension files.
Scheduling tasks
The ePolicy Orchestrator software allows you to create, schedule, and maintain client tasks that run on the managed systems. You can define client tasks for the entire System Tree, a specific group, or an individual system. Tasks Creating a Product Update task Creating an on-demand scan task
18
McAfee VirusScan Enterprise for Linux software, version 1.6 Configuration Guide
7 8 9
Schedule the task immediately or as required, then click Next to view the Summary of the product update task. Click Save. Send an agent wake-up call. NOTE: Click Edit to change the description/schedule of a product update task or Delete to remove it.
Configuring reports
Reports are pre-defined queries which query the ePolicy Orchestrator database and generate a graphical output. McAfee ePolicy Orchestrator 4.5 has its own querying and reporting capabilities. McAfee includes a set of default queries on the left pane. However, you can create a new query, edit, and manage all the queries related to McAfee VirusScan Enterprise for Linux. Creating a new query 1 Log on to the ePolicy Orchestrator 4.5 server as an administrator. NOTE: If the pre-defined queries on the left side does not serve your purpose, ePolicy Orchestrator enables you to create your own queries. 2 3 Click Menu | Reporting | Queries. The Queries page appears. Click Actions | New Query. The Query Wizard page appears.
McAfee VirusScan Enterprise for Linux software, version 1.6 Configuration Guide
19
4 5 6 7 8 9
On the left pane, select a Feature Group that the query should retrieve. Select a Result Type and click Next. The Chart page appears. Select and accordingly configure a display chart/table and click Next. The Columns page appears allowing you to select columns for the chart/table. Select column(s) from the Available Columns pane and click Next. The Filter page appears. Specify criteria by selecting properties and operators to limit the data retrieved by the query. Click Run, then Save. The Save Query page appears.
10 Type a Name and Notes (if required) for the query, then click Save. Table 2: Reporting Options
Option Delete Edit Definition Deletes a selected query. Launches the Query Builder page loaded with the details of the selected query, where you can edit the details of a selected query. Creates and saves a copy of the selected query. Exports the selected query to an XML file that can be imported to any ePolicy Orchestrator server. Runs the selected query and displays its result. Takes you to the View Query SQL page, where you can view and copy the SQL script of the selected query. Launches a dialog box that allows you to browse to an exported query file. When you import a query file, the server adds it to My Queries list.
Import Query
Running a query 1 2 3 4 Log on to the ePolicy Orchestrator 4.5 server as an administrator. Click Menu | Reporting | Queries. A list of queries appear on the left pane. Select a McAfee VirusScan Enterprise for Linux related query from the list. Click Run. The graphical output is displayed.
Uninstallation
This section provides instructions to uninstall McAfee VirusScan Enterprise for Linux from the client computers and remove the extensions from the ePolicy Orchestrator 4.5 server. Tasks Removing McAfee VirusScan Enterprise for Linux from the client computer Removing McAfee VirusScan Enterprise for Linux from ePolicy Orchestrator 4.5
20
McAfee VirusScan Enterprise for Linux software, version 1.6 Configuration Guide
Removing McAfee VirusScan Enterprise for Linux from the client computer
Use this task to remove McAfee VirusScan Enterprise for Linux from the client computer using ePolicy Orchestrator 4.5. Task 1 2 3 4 5 6 7 8 9 Log on to the ePolicy Orchestrator 4.5 server as an administrator. Click Menu | Systems | System Tree. The System Tree page appears. Click Client Tasks | Actions | New Task. The Client Task Builder page appears. In Description, type a Name, Notes for the task and select the Type as Product Deployment, then click Next. Under Configuration, select the Target Platforms as Linux. In Products and components, select VirusScan Enterprise for Linux 1.6.0 from the drop-down menu and select the Action as Remove. Click Next to schedule the task immediately or as required. Click Next to view a summary of the task. Click Save and send an agent wake-up call.
Removing McAfee VirusScan Enterprise for Linux from ePolicy Orchestrator 4.5
Use this task to remove McAfee VirusScan Enterprise for Linux from the ePolicy Orchestrator 4.5 repository. Task 1 2 3 4 5 6 7 8 9 Log on to the ePolicy Orchestrator 4.5 server as an administrator. Click Menu | Software | Master Repository. The Packages in Master Repository page appears. Click the Delete link of VirusScan Enterprise for Linux. To remove the product and reports extension, click Menu | Software | Extensions. The Extensions page appears. From the left pane, select VirusScan Enterprise for Linux. Select the report extension file VirusScan Enterprise for Linux Reports, then click Remove. Select the option Force removal, bypassing any checks or errors, then click OK. Select the product extension file VirusScan Enterprise for Linux 1.6.0 and click Remove. Select the option Force removal, bypassing any checks or errors, then click OK.
McAfee VirusScan Enterprise for Linux software, version 1.6 Configuration Guide
21