Installation Guide. McAfee VirusScan Enterprise for Linux Software

Installation Guide

COPYRIGHT

Copyright © 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee Artemis, McAfee CleanBoot, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, McAfee Enterprise Mobility Management, Foundscore, Foundstone, McAfee NetPrism, McAfee Policy Enforcer, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, SmartFilter, McAfee Stinger, McAfee Total Protection, TrustedSource, VirusScan, WaveSecure, WormTraq are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others.

LICENSE INFORMATION License Agreement

Contents

Preface 5

About this guide . . . 5

Audience . . . 5

Conventions . . . 5

What's in this guide . . . 6

Find product documentation . . . 6

1 Introduction 7 Product Features . . . 7

What’s new in this release . . . 8

2 System Requirements 11 Hardware and software requirements . . . 11

3 Installation 13 Manual installation . . . 13

Silent installation . . . 16

Running McAfee VirusScan Enterprise for Linux . . . 18

Upgrading from previous versions . . . 18

Integrating with ePolicy Orchestrator . . . 18

Removing the software . . . 20

Preface

This guide provides the information you need to install your McAfee product. This guide provides the information you need to install McAfee®

VirusScan®

Enterprise for Linux.

For instructions on how to configure, use and maintain McAfee VirusScan Enterprise for Linux using McAfee® _{ePolicy Orchestrator (McAfee ePO) software, see the McAfee VirusScan Enterprise for Linux —} Configuration Guide for your product version. For detailed information all phases of product use from

configuration to troubleshooting, see the McAfee VirusScan Enterprise for Linux — Product Guide for your product version.

Contents

About this guide

Find product documentation

About this guide

This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized.

Audience

McAfee documentation is carefully researched and written for the target audience. The information in this guide is intended primarily for:

• Administrators — People who implement and enforce the company's security program.

• Users — People who use the computer where the software is running and can access some or all of its features.

Conventions

This guide uses these typographical conventions and icons.

Book title, term,

emphasis Title of a book, chapter, or topic; a new term; emphasis.

Bold Text that is strongly emphasized.

User input, code,

message Commands and other text that the user types; a code sample; a displayedmessage.

Interface text Words from the product interface like options, menus, buttons, and dialog boxes.

Hypertext blue A link to a topic or to an external website.

Note: Additional information, like an alternate method of accessing an

Tip: Suggestions and recommendations.

Important/Caution: Valuable advice to protect your computer system,

software installation, network, business, or data.

Warning: Critical advice to prevent bodily harm when using a hardware

product.

What's in this guide

This guide is organized to help you find the information you need.

This guide provides you with an introduction to McAfee VirusScan Enterprise for Linux and how to install and configure the software.

Topics include:

• Introducing McAfee VirusScan Enterprise for Linux

• System requirements and prerequisites before installing the software • Types of installation such as manual and silent installation

• Detailed instructions on how to set up the software on various platforms • How to run the software

• Handling old certificates

• Upgrading the software from previous versions • Removing the software

• Brief description about integrating the software with ePolicy Orchestrator

Find product documentation

McAfee provides the information you need during each phase of product implementation, from

installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase.

Task

1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com.

2 Under Self Service, access the type of information you need:

To access... Do this...

User documentation 1 Click Product Documentation.

2 Select a product, then select a version.

3 Select a product document.

KnowledgeBase • Click Search the KnowledgeBase for answers to your product questions. • Click Browse the KnowledgeBase for articles listed by product and version.

Preface

1

Introduction

McAfee VirusScan Enterprise for Linux detects and removes viruses and other potentially unwanted software on Linux_{‑based systems.}

This information is intended for network administrators who are responsible for their company’s anti‑virus and security program.

Contents

Product Features

What’s new in this release

Product Features

This section describes the product features for the McAfee VirusScan Enterprise for Linux software. McAfee VirusScan Enterprise for Linux software has these features:

• Support for Amazon EC2 Linux machines (2.6.x kernels) • Support for Novell Cluster Services

• Support for Corosync OCFS2 File System Cluster • Runtime kernel module support (RKMS)

McAfee VirusScan Enterprise for Linux Kernel modules will be created dynamically in case of a mod_{‑version failure. To manually compile the kernel module, refer Frequently asked questions —}

Runtime kernel module support in the Product Guide.

• Support for 64_{‑bit AMD64/Intel EM64T operating systems.} • The latest version (5600) of the McAfee anti_{‑virus engine.} • Incremental Virus Signature (DAT) updates.

• Mod_{‑versioning for automatic kernel support.}

• Regular expression based exclusions for On_{‑access scan and On‑demand scan from the user} interface.

• Scanning

• Comprehensive on_{‑access anti‑virus scanning and cleaning using the McAfee scanning engine.} • On_{‑access scanning for local file systems, NFS and Samba/CIFS.}

• Scheduling of on_{‑demand scans.}

• Scheduling of updates for scanning engine and virus definition files. • Administration

• Remote administration using browser_{‑based interface.}

• Secure browser interface with authentication and HTTPS (SSL) support. • Reporting

• Real_{‑time statistics.}

• Detailed database for detected items and system events.

• Ability to query the database by date range or individual field values, for example, virus name. Results of query can be exported to a CSV file.

• Configurable email notification for detected items, out_{‑of‑date virus definition files, configuration} changes, and system events.

• Diagnostic report for use when reporting a problem with the product.

What’s new in this release

This section describes the new enhancements in this release of VirusScan Enterprise for Linux. These new features are available in this release, that could be used from McAfee ePolicy Orchestrator to configure McAfee VirusScan Enterprise for Linux client systems.

General policies

• Enable or disable Web GUI Apache services • Enable or disable SMTP notifications

• Enable or disable Syslogging with different levels • Enable logging from ePolicy Orchestrator

On

_{‑Access policy}

• Specify primary and secondary actions for Programs and Jokes

On

_{‑Demand scan task}

• Specify primary and secondary actions for Programs and Jokes • Specify custom Maximum scan time for each on_{‑demand scan task}

Product deployment task

• Deploy the product successfully without PAM libraries

Password change task

• Set the McAfee VirusScan Enterprise for Linux administrator password from ePolicy Orchestrator

1

Introduction

System properties

• Scanning summary information on Files Scanned and Number of Infections for the selected Linux client • Threat information is available now

Events

• On_{‑demand scan task status events} • Password change task status events

Queries and reports

• Threat report • Compliance report

Help Content

New ePolicy Orchestrator Help extension for McAfee VirusScan Enterprise for Linux

Introduction

1

Introduction

2

System Requirements

This section describes the software and hardware requirements to install VirusScan Enterprise for Linux.

Hardware and software requirements

Make sure that your Linux server meets these requirements.

Supported operating systems (32

_{‑bit/64‑bit)}

• SuSE Linux Enterprise 10.x and 11.x (Desktop/Server) • Red Hat Enterprise 5.x Advanced Platform, Desktop

• Red Hat Enterprise 6.0, 6.1, 6.2, and 6.3 Server, Workstation, Client • Oracle Enterprise Linux 5.x and 6.x

• Novell Open Enterprise Server 2.x • CentOS 5.x and 6.x

• Ubuntu 10.04, 11.10, 12.04, and 12.10 (Desktop/Server edition)

To view a complete list of supported environments, see McAfee KnowledgeBase article KB75270.

Supported kernels

• This release supports all kernels available on the supported distributions.

To view a complete list of supported distributions, see McAfee KnowledgeBase article KB72999.

Supported processors

• Intel x86 architecture_{‑based processor}

• Intel x86_64 architecture_{‑based processor that supports Intel Extended Memory 64 Technology} (Intel EM64T)

• AMD x86_64 architecture_{‑based processor with AMD 64‑bit technology}

Memory

Free Disk space

• Minimum: 1 GB

Supported McAfee Management software

• McAfee ePolicy Orchestrator 4.5 • McAfee ePolicy Orchestrator 4.6 • McAfee ePolicy Orchestrator 5.0

Supported McAfee Agent software

• McAfee Agent 4.6 • McAfee Agent 4.8

Display

Monitor screen with a recommended minimum resolution of 1024 x 768.

2

System Requirements

3

Installation

This chapter describes the installation process of VirusScan Enterprise for Linux.

You can install VirusScan Enterprise for Linux manually on hosts (see Manual installation) or you can use a script (see Silent installation).

Download and extract the VirusScan Enterprise for Linux software package (McAfeeVSEForLinux‑1.9. 0.<build number>‑release‑full.noarch.tar.gz) on to a temporary directory.

Contents

Manual installation Silent installation

Running McAfee VirusScan Enterprise for Linux Upgrading from previous versions

Integrating with ePolicy Orchestrator Removing the software

Manual installation

During installation, you are prompted to supply a password and other information. For most of the questions, you can accept the default value that is offered.

Before you begin

• Make sure that there is no user named as "nails" or group named as "nailsgroup" on the computer.

• Make sure that you have "root" privileges to install VirusScan Enterprise for Linux. • If you are installing VirusScan Enterprise for Linux on a 64_{‑bit RHEL 6.x system, ensure}

that 32_{‑bit RHEL 6.x PAM libraries are also installed.}

• If you are installing VirusScan Enterprise for Linux on a 64_{‑bit Ubuntu system, ensure} that 32_{‑bit Ubuntu libraries are also installed.}

To set up email notification for alerts if it is required, you need a Mail Transfer Agent (MTA) configured, and the following information:

• Email address of the VirusScan administrator • Address for the SMTP host

Task

1 From the terminal, go to the temporary directory and execute the following commands: tar ‑zxvf McAfeeVSEForLinux‑1.9.0.<build number>‑release.tar.gz

tar ‑zxvf McAfeeVSEForLinux‑1.9.0.<build number>‑others.tar.gz

2 To install McAfee Runtime, type the following command in the terminal window: rpm ‑ivh MFErt.i686.rpm

3 To install McAfee Agent (MA), type the following command in the terminal window: rpm ‑ivh MFEcma.i686.rpm

4 To confirm that the McAfee Agent is running correctly, type the following command in the terminal window:

/etc/init.d/cma status

5 To install VirusScan Enterprise for Linux, type the following command in the terminal window: bash McAfeeVSEForLinux‑1.9.0.<build number>‑installer

6 Answer the questions when prompted. Accept the default values, or specify your own.

7 When prompted to start the VirusScan services, select the default option Y.

8 To confirm that VirusScan Enterprise for Linux is running correctly, type the following command in the terminal window:

/etc/init.d/nails status

Tasks

• Installing on Novell Open Enterprise Server on page 14

Install VirusScan Enterprise for Linux on Novell Open Enterprise Server. • Installing on Ubuntu (Desktop or Server edition) on page 15

Install VirusScan Enterprise for Linux on Ubuntu Server.

Installing on Novell Open Enterprise Server

Install VirusScan Enterprise for Linux on Novell Open Enterprise Server.

Task

1 From the Novell eDirectory server, use iManager and create a user called "nails" and a group called "nailsgroup".

2 Add the user "nails" a member of the "nailsgroup". Enable the user and group using the Linux User

Management.

3 Provide "nails" user with administrative privileges on all the NSS volumes. rights ‑f /media/nss/<VOL‑name> ‑r s trustee nails.<context>.<tree>

You need to provide administrative privileges to the "nails" user, every time a new NSS volume is created.

4 Download the MFErt.i686.rpm and MFEcma.i686.rpm file.

5 Install McAfee Runtime and McAfee Agent using the following commands: rpm ‑ivh MFErt.i686.rpm

rpm ‑ivh MFEcma.i686.rpm

6 To install VirusScan Enterprise for Linux, type this command in the terminal window: bash McAfeeVSEForLinux‑1.9.0.<build number>‑installer

7 Type nailsgroup for the Linux group for VirusScan administrator.

8 Type nails for the VirusScan user.

9 Answer the questions when prompted. Accept the default values, or specify your own.

10 When prompted to start the VirusScan services, select the default option Y.

Installing on Ubuntu (Desktop or Server edition)

Install VirusScan Enterprise for Linux on Ubuntu Server.

Before you begin

If you are installing VirusScan Enterprise for Linux on a 64‑bit Ubuntu system, ensure that you perform these steps before installation:

1 _{Copy pam_unix.so and pam_nologin.so from /lib/security of a 32‑bit ubuntu system}

(till version 10.10) to a temporary directory (/tmp) on the 64‑bit ubuntu system. From Ubuntu 11.04 onwards pam_unix.so and pam_nologin.so are available under the /lib/ i386‑linux‑gnu/security directory.

2 _{In the root ( / ), create a folder pam32lib.}

3 Execute the following commands to copy pam_unix32.so and pam_nologin.so to the pam32lib directory:

cp /tmp/pam_unix.so /pam32lib/pam_unix32.so cp /tmp/pam_nologin.so /pam32lib/pam_nologin32.so

Task

1 Download the MFErt.i686.deb and MFEcma.i686.deb file.

2 Install McAfee Runtime and McAfee Agent using these commands: dpkg ‑i MFErt.i686.deb

dpkg ‑i MFEcma.i686.deb

3 Type the following at the command prompt:

bash McAfeeVSEForLinux‑1.9.0.<build number>‑installer

4 Answer the questions when prompted. Accept the default values, or type your own.

5 When prompted to start the VirusScan services, select the default option Y.

6 To confirm that VirusScan Enterprise for Linux is installed and running correctly, type the following at the command prompt:

/etc/init.d/nails status

Installation

Silent installation

Install VirusScan Enterprise for Linux in silent mode.

Before you begin

• Before installing VirusScan Enterprise for Linux, make sure that there is no user as "nails" and no group as "nailsgroup" in the computer.

• Before installing VirusScan Enterprise for Linux, you must have McAfee Runtime and McAfee Agent already installed on the computer.

• Create a file "nails.options" in the root home (/root) directory.

For example: SILENT_ACCEPTED_EULA=”yes” SILENT_INSTALLDIR=”/opt/NAI/LinuxShield” SILENT_RUNTIMEDIR=”/var/opt/NAI/LinuxShield” SILENT_ADMIN=”[email protected]” SILENT_HTTPHOST=”0.0.0.0” SILENT_HTTPPORT=”55443” SILENT_MONITORPORT=”65443” SILENT_SMTPHOST=”0.0.0.0” SILENT_SMTPPORT=”25” SILENT_NAILS_USER=”nails” SILENT_NAILS_GROUP=”nailsgroup” SILENT_CREATE_USER=”yes” SILENT_CREATE_GROUP=”yes” SILENT_RUN_WITH_MONITOR=”yes” SILENT_QUARANTINEDIR=”/quarantine” SILENT_START_PROCESSES=”yes” SILENT_CONTINUE_INSTALL_ON_PAM_ERROR=”no”

Use SILENT_CONTINUE_INSTALL_ON_PAM_ERROR only when 32‑bit PAM libraries are not present.

If you set this flag to yes and continue without Pluggable Authentication

Module (PAM) libraries, the installation of VirusScan Enterprise for Linux

monitor component is skipped, and the web interface will not be available. However, you can still manage the VirusScan Enterprise for Linux host using ePolicy Orchestrator or the web interface of some other VirusScan Enterprise for Linux host. See information about Configuring VirusScan Enterprise for

Linux in the Product Guide.

Task

1 To install VirusScan Enterprise for Linux, type this command in the terminal window: bash McAfeeVSEForLinux‑1.9.0.<build number>‑installer

2 After performing the installation, use the command passwd to assign a password to the user "nails".

Tasks

• Installing on Novell Open Enterprise Server in silent mode on page 17

Install VirusScan Enterprise for Linux on Novell Open Enterprise server in silent mode. • Installing on Ubuntu (Desktop or Server edition) in silent mode on page 17

Install VirusScan Enterprise for Linux on Ubuntu (Desktop/Server edition) in silent mode.

Installing on Novell Open Enterprise Server in silent mode

Install VirusScan Enterprise for Linux on Novell Open Enterprise server in silent mode.

Task

1 From the Novell eDirectory server, use iManager and create a user called "nails" and a group called "nailsgroup".

2 Add the user "nails" a member of the "nailsgroup", enable the user and group using the Linux User

Management.

3 Provide "nails" user with administrative privileges on all the NSS volumes. rights ‑f /media/nss/<VOL‑name> ‑r s trustee nails.<context>.<tree>

You need to provide administrative privileges to the "nails" user, every time a new NSS volume is created.

4 In the "nails.options" file, check if the following parameters are available:

SILENT_NAILS_USER="nails" SILENT_NAILS_GROUP="nailsgroup" SILENT_CREATE_USER=”no”

SILENT_CREATE_GROUP=”no”

5 From the terminal window, type bash McAfeeVSEForLinux‑1.9.0.<build number>‑installer

6 After performing the installation, use iManager to assign a password to the user "nails".

Installing on Ubuntu (Desktop or Server edition) in silent mode

Install VirusScan Enterprise for Linux on Ubuntu (Desktop/Server edition) in silent mode.

Before you begin

Ensure that the nails.options file is available in the root home (/root) directory. For information on how to create the nails.options file, refer to the Silent installation section.

If you are installing VirusScan Enterprise for Linux on a 64‑bit Ubuntu system, ensure that you perform these steps before installation:

1 _{Copy pam_unix.so and pam_nologin.so from /lib/security of a 32‑bit ubuntu system}

(till version 10.10) to a temporary directory (/tmp) on the 64‑bit ubuntu system. From Ubuntu 11.04 onwards pam_unix.so and pam_nologin.so are available under the /lib/ i386_{‑linux‑gnu/security directory.}

2 In the root ( / ), create a folder pam32lib.

3 Execute the following commands to copy pam_unix32.so and pam_nologin.so to the pam32lib directory:

cp /tmp/pam_unix.so /pam32lib/pam_unix32.so cp /tmp/pam_nologin.so /pam32lib/pam_nologin32.so

Task

1 Type the following at the command prompt:

bash McAfeeVSEForLinux‑1.9.0.<build number>‑installer

2 After performing the installation, use the command passwd to assign a password to the user nails.

Installation

Running McAfee VirusScan Enterprise for Linux

Use this task to open the McAfee VirusScan Enterprise for Linux user interface.

Task

1 From a supported web_{‑browser, go to https://<hostname or IP address>:<port number>} Specify the hostname or IP address of the computer, on which VirusScan Enterprise for Linux is installed. By default, the port number is "55443".

https://192.168.200.200:55443 (or) https://server1:55443

2 On the log on page, type the user name as nails and type the password that you specified during installation.

If you see messages caused by the use of certificates, see the Handling old certificates section.

Upgrading from previous versions

Upgrade your previous McAfee VirusScan Enterprise for Linux version 1.6, 1.7 or 1.7.1 to version 1.9.0.

Task

1 To upgrade McAfee Agent, type the following command in the terminal window: rpm ‑Uvh MFEcma.i686.rpm

If you want to upgrade McAfee Agent on a Ubuntu server, type this command: dpkg ‑i MFEcma.i686.deb

2 To confirm that McAfee Agent is running correctly, type the following command in the terminal window:

/etc/init.d/cma status

3 To upgrade VirusScan Enterprise for Linux, type the following command in the terminal window: bash McAfeeVSEForLinux‑1.9.0.<build number>‑installer

4 To confirm that VirusScan Enterprise for Linux is running correctly, type the following command in the terminal window:

/etc/init.d/nails status

5 Restart the computer using the command: reboot

Integrating with ePolicy Orchestrator

Integrate VirusScan Enterprise for Linux with ePolicy Orchestrator to manage client systems.

Before you begin

If you have any VirusScan Enterprise for Linux1.7 or 1.7.1 hotfix checked in to the Master

3

Installation

Task

1 Download and extract the VirusScan Enterprise for Linux software package (McAfeeVSEForLinux‑1. 9.0.<build number>‑release‑full.noarch.tar.gz) on to a temporary directory on the ePolicy Orchestrator server.

2 Go to the temporary directory and extract McAfeeVSEForLinux‑1.9.0.<build number>‑others.tar .gz.

3 _{Check in the McAfee Agent (MSA‑LNX_4.8.0_Package.ZIP) bundled with this package on to the}

ePolicy Orchestrator Master repository.

4 _{Check in McAfeeVSEForLinux‑1.9.0.<build number>‑EPO.ZIP on to the ePolicy Orchestrator}

Master repository.

5 Check in these extensions on to the ePolicy Orchestrator "Extensions": • EPOAGENTMETA.ZIP

• LYNXSHLD1900.ZIP • LYNXSHLD1900PARSER.ZIP • HELP_VSEL_190.ZIP

6 Create and download the agent installation package by performing these steps:

a From System Tree, click System Tree Actions | New Systems. The New Systems page appears.

b Under How to add systems select Create and download agent installation package, click Non_{‑Windows, then select} McAfee Agent for Linux 4.8.0 (Current) and click OK.

c From Download file, right_{‑click install and select Save Target As... to download the file on to your local} system.

7 From the Linux terminal, execute the following command: sh install.sh –i

This will establish a connection between ePolicy Orchestrator and the Linux client computer.

8 Create a Product Deployment Task on ePolicy Orchestrator to deploy VirusScan Enterprise for Linux software on client systems.

For more detailed information on how to integrate and configure VirusScan Enterprise for Linux using VirusScan Enterprise for Linux, see the McAfee VirusScan Enterprise for Linux — Configuration

Guide for your product version.

Installation

Removing the software

Use this task to remove McAfee VirusScan Enterprise for Linux from your computer.

Task

1 To uninstall VirusScan Enterprise for Linux, type the following at the command prompt: rpm ‑e McAfeeVSEForLinux

rpm ‑e MFEcma rpm ‑e MFErt

If you want to uninstall from a Ubuntu server, type: dpkg ‑‑purge mcafeevseforlinux

dpkg ‑‑purge mfecma dpkg ‑‑purge mfert

2 Reboot the computer to remove the VirusScan Enterprise kernel modules.

You do not have to reboot the computer immediately, because the VirusScan Enterprise for Linux kernel modules does not interrupt functioning of any other running service.

3

Installation

Index

A

about 7

about this guide 5

audience 7

C

conventions and icons used in this guide 5

D

documentation

audience for this guide 5

product-specific, finding 6

typographical conventions and icons 5

F

features administration 7 reporting 7 scanning 7

I

introduction 7

L

Linuxshield previously known as 7

M

McAfee ServicePortal, accessing 6

P

product features 7

R

release what's new 8 requirements system 11

S

ServicePortal, finding product documentation 6

system

requirements 11

T

Technical Support, finding product information 6

W

what's in this guide 6