Vsel 160 Config Guide En-Us

McAfee VirusScan Enterprise for Linux, v1.
6
Configuration Guide
COPYRIGHT Copyright 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies. TRADEMARK ATTRIBUTIONS AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.
McAfee VirusScan Enterprise for Linux software, version 1.6 Configuration Guide
Contents
Introducing McAfee VirusScan Enterprise for Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Product Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Whats new in this release. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Integrating with ePolicy Orchestrator 4.0. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Installing McAfee VirusScan Enterprise for Linux using ePolicy Orchestrator 4.0. . . . . . . . . . . . . . . . . . . . . . . . 7 Sending an agent wake-up call. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Setting policies within ePolicy Orchestrator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Creating or editing policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Enforcing policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Scheduling tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Creating a Product Update task. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Creating an on-demand scan task. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Configuring reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Uninstallation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Removing McAfee VirusScan Enterprise for Linux from the client computer. . . . . . . . . . . . . . . . . . . 12 Removing McAfee VirusScan Enterprise for Linux from ePolicy Orchestrator 4.0. . . . . . . . . . . . . . . . 13
Integrating with ePolicy Orchestrator 4.5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Installing McAfee VirusScan Enterprise for Linux using ePolicy Orchestrator 4.5. . . . . . . . . . . . . . . . . . . . . . . 15 Sending an agent wake-up call. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Setting policies within ePolicy Orchestrator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Creating or editing policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Enforcing policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Scheduling tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Creating a Product Update task. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Creating an on-demand scan task. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Configuring reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Uninstallation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Removing McAfee VirusScan Enterprise for Linux from the client computer. . . . . . . . . . . . . . . . . . . 21 Removing McAfee VirusScan Enterprise for Linux from ePolicy Orchestrator 4.5. . . . . . . . . . . . . . . . 21
Introducing McAfee VirusScan Enterprise for Linux

McAfee VirusScan Enterprise for Linux (previously known as LinuxShield) detects and removes viruses and other potentially unwanted software on Linux-based systems. NOTE: This information is intended for network administrators who are responsible for their companys anti-virus and security program. Contents Product Features Whats new in this release
Product Features
McAfee VirusScan Enterprise for Linux software has the following features: Support for 64-bit AMD64/Intel EM64T operating systems. The latest version (5400) of the McAfee anti-virus engine. Incremental Virus Signature (DAT) updates. Mod-versioning for automatic kernel support. Scanning Comprehensive on-access anti-virus scanning and cleaning using the McAfee scanning engine. On-access scanning for local file systems, NFS and Samba. Kernel-level scan cache for improved performance. Scheduling of on-demand scans. Scheduling of updates for scanning engine and virus definition files. Administration Remote administration using browser-based interface. Secure browser interface with authentication and HTTPS (SSL) support. Remote administration and reporting using ePolicy Orchestrator. Reporting Real-time statistics. Detailed database for detected items and system events. Ability to query the database by date range or individual field values, for example, virus name. Results of query can be exported to a CSV file.
Introducing McAfee VirusScan Enterprise for Linux Whats new in this release
Configurable email notification for detected items, out-of-date virus definition files, configuration changes, and system events. Diagnostic report for use when reporting a problem with the product. Features not supported Support for 2.4 kernels.
Whats new in this release

This release of VirusScan Enterprise for Linux includes the following new enhancements: Support for SuSE Linux Enterprise Server/Desktop 11 Support for CentOS 4.x Support for CentOS 5.x Support for Fedora Core 10, 11, and 12 Support for Ubuntu 8.04, 9.04, and 9.10 (Desktop/Server edition) Regular expression based exclusions for On-access scan and On-demand scan from the user interface. The latest version (5400) of the McAfee anti-virus engine.
Integrating with ePolicy Orchestrator 4.0

This chapter describes how to configure McAfee VirusScan Enterprise for Linux, version 1.6 using McAfee ePolicy Orchestrator management software version 4.0. To use this chapter effectively, you need to be familiar with ePolicy Orchestrator 4.0. McAfee ePolicy Orchestrator 4.0 provides a scalable platform for centralized policy management and enforcement on your McAfee security products and systems on which they reside. It also provides comprehensive reporting and product deployment capabilities; all through a single point of control. NOTE: This guide does not provide detailed information about installing or using ePolicy Orchestrator software. See the McAfee ePolicy Orchestrator 4.0 - Installation/Product Guide. Contents Prerequisites Installing McAfee VirusScan Enterprise for Linux using ePolicy Orchestrator 4.0 Sending an agent wake-up call Setting policies within ePolicy Orchestrator Scheduling tasks Configuring reports Uninstallation
Prerequisites
Before deploying McAfee VirusScan Enterprise for Linux on Novel Open Enterprise Server 1 or 2: 1 2 3 From the Novell eDirectory server, use iManager and create a user called "nails" and a group called "nailsgroup". Add the user "nails" a member of the "nailsgroup". Enable the user and group using the Linux User Management. Provide "nails" user with administrative privileges on all the NSS volumes. For example:
rights -f /media/nss/<VOL-name> -r s trustee nails.<context>.<tree>
NOTE: You need to provide administrative privileges to the "nails" user, every time a new NSS volume is created.
Integrating with ePolicy Orchestrator 4.0 Installing McAfee VirusScan Enterprise for Linux using ePolicy Orchestrator 4.0
Installing McAfee VirusScan Enterprise for Linux using ePolicy Orchestrator 4.0
Assumption If you are deploying VirusScan Enterprise for Linux for the first time, ensure that there is no user as "nails" and/or user groups as "nails" or "nailsgroup" in the client computer. Task 1 2 3 4 5 6 7 8 9 Log on to the ePolicy Orchestrator 4.0 server as an administrator. Create a temporary directory on your local drive. Download the archive McAfeeVSEForLinux-1.6.0-<build>-release.noarch.tar.gz and extract the files to the temporary directory. Click Software | Master Repository | Check In Package. The Package page appears. Select the Package type as Product or Update (.ZIP) and browse in File path to locate MSA-LNX_4.5.0_Package.ZIP extracted in the temporary directory. Click Next. The Package Options page appears with the package information. Select a Branch. In Options, select the required option(s), then click Save. Click Software | Master Repository | Check In Package. The Package page appears.
10 Select the Package type as Product or Update (.ZIP) and browse in File path to locate McAfeeVSEForLinux-1.6.0-<build>-EPO.ZIP extracted in the temporary directory. 11 Click Next. The Package Options page appears with the package information. 12 Select a Branch. 13 In Options, select the required option(s), then click Save. 14 Click Configuration | Extensions | Install Extension to install the McAfee Agent policy extension. The Install Extension dialog box appears. 15 Click Browse, select the extension file EPOAGENTMETA.ZIP, then click OK on the Install Extension page. 16 Click Configuration | Extensions | Install Extension to install the McAfee VirusScan Enterprise for Linux policy extension. The Install Extension dialog box appears. 17 Click Browse, select the extension file LYNXSHLD1600.ZIP, then click OK on the Install Extension page. 18 Click Configuration | Extensions | Install Extension to install the McAfee VirusScan Enterprise for Linux reports extension. The Install Extension dialog box appears. 19 Click Browse, select the extension file LYNXSHLD1600PARSER.ZIP, then click OK on the Install Extension page. NOTE: Before installing the reports extension, ensure that you have removed the previous LinuxShield reports extension module (LYNXSHLDPARSER). 20 From the ePolicy Orchestrator server, copy "INSTALL.SH" and "INSTALLDEB.SH" from "C:\Program Files\McAfee\ePolicy Orchestrator\DB\Software\Current\EPOAGENT3700LYNX\Install\0409" to your Linux client computer. 21 From the Linux terminal, execute the following command:
Integrating with ePolicy Orchestrator 4.0 Sending an agent wake-up call
sh install.sh i
Incase of Ubuntu operating system, type sh installdeb.sh -i This will establish a connection between ePolicy Orchestrator and the Linux client computer. 22 Click Systems | System Tree | Client Tasks | New Task to install McAfee VirusScan Enterprise for Linux on the client Linux computer. The Client Task Builder page appears. 23 In Description, type a Name, Notes for the task and select the Type as Product Deployment (McAfee Agent), then click Next. 24 In Configuration, select the Target Platforms as Linux. 25 In Products and components, select VirusScan Enterprise for Linux 1.6.0 from the drop-down list, then select the Action as Install. 26 Click Next to schedule this task immediately or as required. 27 Click Next to view a summary of the task. 28 Click Save and send an agent wake-up call. Wait for the deployment task to complete.
Sending an agent wake-up call

All systems in the network are managed in the Systems tab. The System Tree contains all systems that are managed by the ePolicy Orchestrator server. It is the primary interface for managing policies and tasks on these systems. You can organize or sort these systems into logical groups in the System Tree. My Organization is the root of the System Tree. It includes a Lost&Found group that stores systems whose locations cannot be determined by the server. Depending on the methods you use to create and maintain the System Tree segments (systems), the server uses different characteristics to place the systems in the System Tree. NOTE: For information on adding a new system, refer to the McAfee ePolicy Orchestrator 4.0 Product Guide. Task 1 2 3 4 5 6 7 8 Log on to the ePolicy Orchestrator 4.0 server as an administrator. Click Systems. Select a group in the System Tree. Select the Computer Name(s) of that group. Click More Actions | Wake Up Agent. The Wake Up Agents page appears. Select a Wake-up call type and a Randomization period (0-60 minutes) by which the system(s) respond to the wake-up call sent by the ePolicy Orchestrator server. Select Get full product properties for the agent(s) to send complete properties instead of sending only those that have changed since the last agent-to-server communication. Click OK. NOTE: Navigate to Server Task Log to see the status of the agent wake-up call.
Integrating with ePolicy Orchestrator 4.0 Setting policies within ePolicy Orchestrator
Setting policies within ePolicy Orchestrator

The ePolicy Orchestrator console allows you to enforce policies across groups of computers or on a single computer. These policies override configurations set on individual computers. For information regarding policies and how they are enforced, see the McAfee ePolicy Orchestrator 4.0 Product Guide. Before configuring any policies, select the group of computers for which you want to modify McAfee VirusScan Enterprise for Linux policies. You can modify McAfee VirusScan Enterprise for Linux policies from the pages and tabs that are available in the details pane of the ePolicy Orchestrator console. These pages are nearly identical to those you can access directly from the McAfee VirusScan Enterprise for Linux user interface. After you have modified the appropriate policies and saved the changes for the intended computer or group of computers, you are ready to deploy new settings via the McAfee Agent. Tasks Creating or editing policies Enforcing policies
Creating or editing policies

You can create, edit, delete, or assign a policy to a specific group in the System Tree. Task 1 2 3 4 5 Log on to the ePolicy Orchestrator server as an administrator. Click Systems | System Tree | Policies. The Policies page appears. Select Product as VirusScan Enterprise for Linux 1.6.0. A list of policies managed by McAfee VirusScan Enterprise for Linux appears in the lower pane. Locate the required policy, and click Edit Assignment next to the policy. The policy assignment for the chosen group page appears. Click Edit Policy or New Policy as required. NOTE: If you click New Policy, the Create a new policy dialog box appears. Select the policy you want to duplicate from the Create a policy based on this existing policy drop-down list, type a name then click OK. The new policy wizard appears. 6 Edit the policy setting as required, then click Save.
Enforcing policies
You can enforce a policy to multiple managed systems within a group. Task 1 2 3 4 5 Log on to the ePolicy Orchestrator server as an administrator. Click Systems | System Tree and select a required group or system(s). Click Assign Policy. The Assigning Policy for <n> system page appears. Select the Product, Category, and Policy from the drop-down menu, then click Save. Select the systems again.
Integrating with ePolicy Orchestrator 4.0 Scheduling tasks
Send an agent wake-up call. For instructions on sending an agent wake-up call, please refer to Sending an agent wake-up call section. NOTE: You can create and enforce McAfee VirusScan Enterprise for Linux policies and view reports only after adding the McAfee VirusScan Enterprise for Linux extension files.
Scheduling tasks
The ePolicy Orchestrator software allows you to create, schedule, and maintain client tasks that run on the managed systems. You can define client tasks for the entire System Tree, a specific group, or an individual system. Tasks Creating a Product Update task Creating an on-demand scan task
Creating a Product Update task

Your software can only provide full protection if you keep it up-to-date with the latest anti-virus definitions (DATs), spam engine, and anti-virus scanning engine. We recommend that you update DAT files daily and regularly check the McAfee AVERT (Anti-Virus Emergency Response Team) website for new DAT files. Use this task to schedule autoupdates on the Linux server using ePolicy Orchestrator. Task 1 2 3 4 5 6 7 8 9 Log on to the ePolicy Orchestrator server as an administrator. Click Systems | System Tree and select a required group or system(s). From Client Tasks, select the required group in the System Tree for which you want to create the Product Update task. Click New Task. The Client Task Builder page appears. In Description, type a Name and Notes (if required) for the Product Update task. Select Product Update (McAfee Agent) as the Type of the task and click Next. Schedule the task as desired and click Next to select the DAT, ExtraDAT and Linux Engine. Schedule the task immediately or as required, then click Next to view the Summary of the product update task. Click Save.
10 Send an agent wake-up call. NOTE: Click Edit to change the description/schedule of a product update task or Delete to remove it.
Creating an on-demand scan task

Use this task to schedule an on-demand scan on the Linux client computer using ePolicy Orchestrator. On-demand scan task involves a scheduled scanning of your Linux server(s) to
10
Integrating with ePolicy Orchestrator 4.0 Configuring reports
find a threat, vulnerability, or other potentially unwanted code. It can take place immediately, at a scheduled time in the future, or at regularly-scheduled intervals. Task 1 2 3 4 5 6 7 8 9 Log on to the ePolicy Orchestrator server as an administrator. Click Systems | System Tree and select a required group or system(s). From Client Tasks, select the required group in the System Tree for which you want to create the on-demand scan task. Click New Task. The Client Task Builder page appears. In Description, type a Name and Notes (if required) for the on-demand scan task. Select On Demand Scan (VirusScan Enterprise for Linux 1.6.0) as the Type of the task, then click Next. In Configuration, select a policy from the drop-down menu, then click Next. Schedule the task immediately or as required, then click Next to view the Summary of the on-demand scan task. Click Save.
10 Send an agent wake-up call. NOTE: Click Edit to change the description/schedule of an on-demand scan task or Delete to remove it.
Configuring reports
Reports are pre-defined queries which query the ePolicy Orchestrator database and generate a graphical output. McAfee ePolicy Orchestrator 4.0 has its own querying and reporting capabilities. McAfee includes a set of default queries on the left pane. However, you can create a new query, edit, and manage all the queries related to McAfee VirusScan Enterprise for Linux. Creating a new query 1 Log on to the ePolicy Orchestrator 4.0 server as an administrator. NOTE: If the pre-defined queries on the left side does not serve your purpose, ePolicy Orchestrator enables you to create your own queries. 2 3 4 5 6 7 Click Reporting | New Query. The Result Type page appears. On the left pane, select a data type that the query should retrieve and click Next. The Chart page appears. Select and accordingly configure a display chart/table and click Next. The Columns page appears allowing you to select columns for the chart/table. Select column(s) from the Available Columns pane and click Next. The Filter page appears. Specify criteria by selecting properties and operators to limit the data retrieved by the query. Click Run, then Save. The Save Query page appears.
11
Integrating with ePolicy Orchestrator 4.0 Uninstallation
Type a Name and Notes (if required) for the query, then click Save. Table 1: Reporting Options
Option Delete Edit Definition Deletes a selected query. Launches the Query Builder page loaded with the details of the selected query, where you can edit the details of a selected query. Moves the selected query from My Queries list to the Public Queries list, making it available to all users with permissions. Creates and saves a copy of the selected query. Exports the selected query to an XML file that can be imported to any ePolicy Orchestrator server. Runs the selected query and displays its result. Takes you to the View Query SQL page, where you can view and copy the SQL script of the selected query. Launches a dialog box that allows you to browse to an exported query file. When you import a query file, the server adds it to My Queries list.
Make Public
Duplicate Export
Run More Actions | View Query SQL
Import Query
Running a query 1 2 3 4 Log on to the ePolicy Orchestrator server as an administrator. Click Reporting. A list of queries appear on the left pane. Select a McAfee VirusScan Enterprise for Linux related query from the list. Click Run. The graphical output is displayed.
Uninstallation
This section provides instructions to uninstall McAfee VirusScan Enterprise for Linux from the client computers and remove the extensions from the ePolicy Orchestrator 4.0 server. Tasks Removing McAfee VirusScan Enterprise for Linux from the client computer Removing McAfee VirusScan Enterprise for Linux from ePolicy Orchestrator 4.0
Removing McAfee VirusScan Enterprise for Linux from the client computer
Use this task to remove McAfee VirusScan Enterprise for Linux from the client computer using ePolicy Orchestrator 4.0. Task 1 Log on to the ePolicy Orchestrator 4.0 server as an administrator.
12
2 3 4 5 6 7 8
Click Systems | System Tree | Client Tasks | New Task. The Client Task Builder page appears. In Description, type a Name, Notes for the task and select the Type as Product Deployment (McAfee Agent), then click Next. Under Configuration, select the Target Platforms as Linux. In Products and components, select VirusScan Enterprise for Linux 1.6.0 from the drop-down menu and select the Action as Remove. Click Next to schedule the task immediately or as required. Click Next to view a summary of the task. Click Save and send an agent wake-up call.
Removing McAfee VirusScan Enterprise for Linux from ePolicy Orchestrator 4.0
Use this task to remove McAfee VirusScan Enterprise for Linux from the ePolicy Orchestrator 4.0 repository. Task 1 2 3 4 5 6 7 8 Log on to the ePolicy Orchestrator server as an administrator. Click Software | Master Repository. Click the Delete link of VirusScan Enterprise for Linux. To remove the product and reports extension, click Configuration. From the left pane, select the report extension file VirusScan Enterprise for Linux Reports and click Remove. Select the option Force removal, bypassing any checks or errors, then click OK. From the left pane, select the product extension file VirusScan Enterprise for Linux 1.6.0 and click Remove. Select the option Force removal, bypassing any checks or errors, then click OK.
13
Integrating with ePolicy Orchestrator 4.5

This chapter describes how to configure McAfee VirusScan Enterprise for Linux, version 1.6 using McAfee ePolicy Orchestrator management software version 4.5. To use this chapter effectively, you need to be familiar with ePolicy Orchestrator 4.5. McAfee ePolicy Orchestrator 4.5 provides a scalable platform for centralized policy management and enforcement on your McAfee security products and systems on which they reside. It also provides comprehensive reporting and product deployment capabilities; all through a single point of control. NOTE: This guide does not provide detailed information about installing or using ePolicy Orchestrator software. See the McAfee ePolicy Orchestrator 4.5 - Installation/Product Guide. Contents Prerequisites Installing McAfee VirusScan Enterprise for Linux using ePolicy Orchestrator 4.5 Sending an agent wake-up call Setting policies within ePolicy Orchestrator Scheduling tasks Configuring reports Uninstallation
Prerequisites
Before deploying McAfee VirusScan Enterprise for Linux on Novel Open Enterprise Server 1 or 2: 1 2 3 From the Novell eDirectory server, use iManager and create a user called "nails" and a group called "nailsgroup". Add the user "nails" a member of the "nailsgroup". Enable the user and group using the Linux User Management. Provide "nails" user with administrative privileges on all the NSS volumes. For example:
rights -f /media/nss/<VOL-name> -r s trustee nails.<context>.<tree>
NOTE: You need to provide administrative privileges to the "nails" user, every time a new NSS volume is created.
14
Integrating with ePolicy Orchestrator 4.5 Installing McAfee VirusScan Enterprise for Linux using ePolicy Orchestrator 4.5
Installing McAfee VirusScan Enterprise for Linux using ePolicy Orchestrator 4.5
Assumption If you are deploying VirusScan Enterprise for Linux for the first time, ensure that there is no user as "nails" and/or user groups as "nails" or "nailsgroup" in the client computer. Task 1 2 3 4 5 6 7 8 9 Log on to the ePolicy Orchestrator 4.5 server as an administrator. Create a temporary directory on your local drive. Download the archive McAfeeVSEForLinux-1.6.0-<build>-release.noarch.tar.gz and extract the files to the temporary directory. Click Menu | Software | Master Repository. The Packages in Master Repository page appears. Click Actions | Check In Package. The Check In Package page appears. Select the Package type as Product or Update (.ZIP) and browse in File path to locate MSA-LNX_4.5.0_Package.ZIP extracted in the temporary directory. Click Next. The Package Options page appears with the package information. Select a Branch. In Options, select the required option(s), then click Save.
10 Click Menu | Software | Master Repository. The Packages in Master Repository page appears. 11 Click Actions | Check In Package. The Check In Package page appears. 12 Select the Package type as Product or Update (.ZIP) and browse in File path to locate McAfeeVSEForLinux-1.6.0-<build>-EPO.ZIP extracted in the temporary directory. 13 Click Next. The Package Options page appears with the package information. 14 Select a Branch. 15 In Options, select the required option(s), then click Save. 16 Click Menu | Software | Extensions. The Extensions page appears. 17 Click Install Extension to install the McAfee Agent policy extension. The Install Extension dialog box appears. 18 Click Browse, select the extension file EPOAGENTMETA.ZIP, then click OK on the Install Extension page. 19 Click Menu | Software | Extensions. The Extensions page appears. 20 Click Install Extension to install the McAfee VirusScan Enterprise for Linux policy extension. The Install Extension dialog box appears. 21 Click Browse, select the extension file LYNXSHLD1600.ZIP, then click OK on the Install Extension page. 22 Click Menu | Software | Extensions. The Extensions page appears. 23 Click Install Extension to install the McAfee VirusScan Enterprise for Linux reports extension. The Install Extension dialog box appears.
15
Integrating with ePolicy Orchestrator 4.5 Sending an agent wake-up call
24 Click Browse, select the extension file LYNXSHLD1600PARSER.ZIP, then click OK on the Install Extension page. NOTE: Before installing the reports extension, ensure that you have removed the previous LinuxShield reports extension module (LYNXSHLDPARSER). 25 From the ePolicy Orchestrator server, copy "INSTALL.SH" and "INSTALLDEB.SH" from "C:\Program Files\McAfee\ePolicy Orchestrator\DB\Software\Current\EPOAGENT3700LYNX\Install\0409" to your Linux client computer. 26 From the Linux terminal, execute the following command:
sh install.sh i
Incase of Ubuntu operating system, type sh installdeb.sh -i This will establish a connection between ePolicy Orchestrator and the Linux client computer. 27 Click Menu | Systems | System Tree. The System Tree page appears. 28 Click Client Tasks | New Task to install McAfee VirusScan Enterprise for Linux on the client Linux computer. The Client Task Builder page appears. 29 In Description, type a Name, Notes for the task and select the Type as Product Deployment and click Next. 30 In Configuration, select the Target platforms as Linux. 31 In Products and components, select VirusScan Enterprise for Linux 1.6.0 from the drop-down list, then select the Action as Install. 32 Click Next to schedule this task immediately or as required. 33 Click Next to view a summary of the task. 34 Click Save and send an agent wake-up call. Wait for the deployment task to complete.
Sending an agent wake-up call

All systems in the network are managed in the Systems tab. The System Tree contains all systems that are managed by the ePolicy Orchestrator server. It is the primary interface for managing policies and tasks on these systems. You can organize or sort these systems into logical groups in the System Tree. My Organization is the root of the System Tree. It includes a Lost&Found group that stores systems whose locations cannot be determined by the server. Depending on the methods you use to create and maintain the System Tree segments (systems), the server uses different characteristics to place the systems in the System Tree. NOTE: For information on adding a new system, refer to the McAfee ePolicy Orchestrator 4.5 Product Guide. Task 1 2 3 4 5 Log on to the ePolicy Orchestrator 4.5 server as an administrator. Click Menu | Systems | System Tree. Select a group in the System Tree. Select the Computer Name(s) of that group. Click Actions | Agent | Wake Up Agents. The Wake Up McAfee Agent page appears.
16
Integrating with ePolicy Orchestrator 4.5 Setting policies within ePolicy Orchestrator
Select the Wake-up call type as Agent Wake-Up Call and a Randomization period (0-60 minutes) by which the system(s) respond to the wake-up call sent by the ePolicy Orchestrator server. Select Get full product properties for the agent(s) to send complete properties instead of sending only those that have changed since the last agent-to-server communication. Click OK. NOTE: To see the status of the agent wake-up call, click Menu | Automation | Server Task Log.
7 8
Setting policies within ePolicy Orchestrator

The ePolicy Orchestrator console allows you to enforce policies across groups of computers or on a single computer. These policies override configurations set on individual computers. For information regarding policies and how they are enforced, see the McAfee ePolicy Orchestrator 4.5 Product Guide. Before configuring any policies, select the group of computers for which you want to modify McAfee VirusScan Enterprise for Linux policies. You can modify McAfee VirusScan Enterprise for Linux policies from the pages and tabs that are available in the details pane of the ePolicy Orchestrator console. These pages are nearly identical to those you can access directly from the McAfee VirusScan Enterprise for Linux user interface. After you have modified the appropriate policies and saved the changes for the intended computer or group of computers, you are ready to deploy new settings via the McAfee Agent. Tasks Creating or editing policies Enforcing policies
Creating or editing policies

You can create, edit, delete, or assign a policy to a specific group in the System Tree. Task 1 2 3 4 5 6 Log on to the ePolicy Orchestrator server as an administrator. Click Menu | Systems | System Tree. The System Tree page appears. Click Assigned Policies. Select Product as VirusScan Enterprise for Linux 1.6.0. A list of policies managed by McAfee VirusScan Enterprise for Linux appears in the lower pane. Locate the required policy, and click Edit Assignment next to the policy. The policy assignment for the chosen group page appears. Click Edit Policy or New Policy as required. NOTE: If you click New Policy, the Create a new policy dialog box appears. Select the policy you want to duplicate from the Create a policy based on this existing policy drop-down list, type a name then click OK. The new policy wizard appears. 7 Edit the policy setting as required, then click Save.
17
Integrating with ePolicy Orchestrator 4.5 Scheduling tasks
Enforcing policies
You can enforce a policy to multiple managed systems within a group. Task 1 2 3 4 5 6 7 Log on to the ePolicy Orchestrator server as an administrator. Click Menu | Systems | System Tree and select a required group or system(s). Click Assigned Policies and from the Product drop-down menu, select VirusScan Enterprise for Linux 1.6.0. Select the Category and click Edit Assignment. Select the policy from the Assigned policy drop-down menu and click Save. Select the systems again. Send an agent wake-up call. For instructions on sending an agent wake-up call, please refer to Sending an agent wake-up call section. NOTE: You can create and enforce McAfee VirusScan Enterprise for Linux policies and view reports only after adding the McAfee VirusScan Enterprise for Linux extension files.
Scheduling tasks
The ePolicy Orchestrator software allows you to create, schedule, and maintain client tasks that run on the managed systems. You can define client tasks for the entire System Tree, a specific group, or an individual system. Tasks Creating a Product Update task Creating an on-demand scan task
Creating a Product Update task

Your software can only provide full protection if you keep it up-to-date with the latest anti-virus definitions (DATs), spam engine, and anti-virus scanning engine. We recommend that you update DAT files daily and regularly check the McAfee AVERT (Anti-Virus Emergency Response Team) website for new DAT files. Use this task to schedule autoupdates on the Linux server using ePolicy Orchestrator. Task 1 2 3 4 5 6 Log on to the ePolicy Orchestrator 4.5 server as an administrator. Click Menu | Systems | System Tree and select a required group or system(s) for which you want to create the Product Update task. From Client Tasks, click Actions | New Task. The Client Task Builder page appears. In Description, type a Name and Notes (if required) for the Product Update task. Select Product Update as the Type of the task and click Next. Schedule the task as desired and click Next to select the DAT, ExtraDAT and Linux Engine.
18
Integrating with ePolicy Orchestrator 4.5 Configuring reports
7 8 9
Schedule the task immediately or as required, then click Next to view the Summary of the product update task. Click Save. Send an agent wake-up call. NOTE: Click Edit to change the description/schedule of a product update task or Delete to remove it.
Creating an on-demand scan task

Use this task to schedule an on-demand scan on the Linux client computer using ePolicy Orchestrator. On-demand scan task involves a scheduled scanning of your Linux server(s) to find a threat, vulnerability, or other potentially unwanted code. It can take place immediately, at a scheduled time in the future, or at regularly-scheduled intervals. Task 1 2 3 4 5 6 7 8 9 Log on to the ePolicy Orchestrator 4.5 server as an administrator. Click Menu | Systems | System Tree and select a required group or system(s) for which you want to create the on-demand scan task. From Client Tasks, click Actions | New Task. The Client Task Builder page appears. In Description, type a Name and Notes (if required) for the on-demand scan task. Select On Demand Scan (VirusScan Enterprise for Linux 1.6.0) as the Type of the task, then click Next. In Configuration, select a policy from the drop-down menu, then click Next. Schedule the task immediately or as required, then click Next to view the Summary of the on-demand scan task. Click Save. Send an agent wake-up call. NOTE: Click Edit to change the description/schedule of an on-demand scan task or Delete to remove it.
Configuring reports
Reports are pre-defined queries which query the ePolicy Orchestrator database and generate a graphical output. McAfee ePolicy Orchestrator 4.5 has its own querying and reporting capabilities. McAfee includes a set of default queries on the left pane. However, you can create a new query, edit, and manage all the queries related to McAfee VirusScan Enterprise for Linux. Creating a new query 1 Log on to the ePolicy Orchestrator 4.5 server as an administrator. NOTE: If the pre-defined queries on the left side does not serve your purpose, ePolicy Orchestrator enables you to create your own queries. 2 3 Click Menu | Reporting | Queries. The Queries page appears. Click Actions | New Query. The Query Wizard page appears.
19
4 5 6 7 8 9
On the left pane, select a Feature Group that the query should retrieve. Select a Result Type and click Next. The Chart page appears. Select and accordingly configure a display chart/table and click Next. The Columns page appears allowing you to select columns for the chart/table. Select column(s) from the Available Columns pane and click Next. The Filter page appears. Specify criteria by selecting properties and operators to limit the data retrieved by the query. Click Run, then Save. The Save Query page appears.
10 Type a Name and Notes (if required) for the query, then click Save. Table 2: Reporting Options
Option Delete Edit Definition Deletes a selected query. Launches the Query Builder page loaded with the details of the selected query, where you can edit the details of a selected query. Creates and saves a copy of the selected query. Exports the selected query to an XML file that can be imported to any ePolicy Orchestrator server. Runs the selected query and displays its result. Takes you to the View Query SQL page, where you can view and copy the SQL script of the selected query. Launches a dialog box that allows you to browse to an exported query file. When you import a query file, the server adds it to My Queries list.
Duplicate Export Data
Run Actions | View Query SQL
Import Query
Running a query 1 2 3 4 Log on to the ePolicy Orchestrator 4.5 server as an administrator. Click Menu | Reporting | Queries. A list of queries appear on the left pane. Select a McAfee VirusScan Enterprise for Linux related query from the list. Click Run. The graphical output is displayed.
Uninstallation
This section provides instructions to uninstall McAfee VirusScan Enterprise for Linux from the client computers and remove the extensions from the ePolicy Orchestrator 4.5 server. Tasks Removing McAfee VirusScan Enterprise for Linux from the client computer Removing McAfee VirusScan Enterprise for Linux from ePolicy Orchestrator 4.5
20
Removing McAfee VirusScan Enterprise for Linux from the client computer
Use this task to remove McAfee VirusScan Enterprise for Linux from the client computer using ePolicy Orchestrator 4.5. Task 1 2 3 4 5 6 7 8 9 Log on to the ePolicy Orchestrator 4.5 server as an administrator. Click Menu | Systems | System Tree. The System Tree page appears. Click Client Tasks | Actions | New Task. The Client Task Builder page appears. In Description, type a Name, Notes for the task and select the Type as Product Deployment, then click Next. Under Configuration, select the Target Platforms as Linux. In Products and components, select VirusScan Enterprise for Linux 1.6.0 from the drop-down menu and select the Action as Remove. Click Next to schedule the task immediately or as required. Click Next to view a summary of the task. Click Save and send an agent wake-up call.
Removing McAfee VirusScan Enterprise for Linux from ePolicy Orchestrator 4.5
Use this task to remove McAfee VirusScan Enterprise for Linux from the ePolicy Orchestrator 4.5 repository. Task 1 2 3 4 5 6 7 8 9 Log on to the ePolicy Orchestrator 4.5 server as an administrator. Click Menu | Software | Master Repository. The Packages in Master Repository page appears. Click the Delete link of VirusScan Enterprise for Linux. To remove the product and reports extension, click Menu | Software | Extensions. The Extensions page appears. From the left pane, select VirusScan Enterprise for Linux. Select the report extension file VirusScan Enterprise for Linux Reports, then click Remove. Select the option Force removal, bypassing any checks or errors, then click OK. Select the product extension file VirusScan Enterprise for Linux 1.6.0 and click Remove. Select the option Force removal, bypassing any checks or errors, then click OK.
21

Vsel 160 Config Guide En-Us

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Vsel 160 Config Guide En-Us

Загружено:

Авторское право:

Доступные форматы

McAfee VirusScan Enterprise for Linux, v1.

Integrating with ePolicy Orchestrator 4.0. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Integrating with ePolicy Orchestrator 4.5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Introducing McAfee VirusScan Enterprise for Linux

Whats new in this release

Integrating with ePolicy Orchestrator 4.0

Integrating with ePolicy Orchestrator 4.0 Sending an agent wake-up call

Sending an agent wake-up call

Setting policies within ePolicy Orchestrator

Creating or editing policies

Integrating with ePolicy Orchestrator 4.0 Scheduling tasks

Creating a Product Update task

Creating an on-demand scan task

Integrating with ePolicy Orchestrator 4.0 Configuring reports

Integrating with ePolicy Orchestrator 4.0 Uninstallation

Run More Actions | View Query SQL

Integrating with ePolicy Orchestrator 4.0 Uninstallation

Integrating with ePolicy Orchestrator 4.5

Integrating with ePolicy Orchestrator 4.5 Sending an agent wake-up call

Sending an agent wake-up call

Setting policies within ePolicy Orchestrator

Creating or editing policies

Integrating with ePolicy Orchestrator 4.5 Scheduling tasks

Creating a Product Update task

Integrating with ePolicy Orchestrator 4.5 Configuring reports

Creating an on-demand scan task

Integrating with ePolicy Orchestrator 4.5 Uninstallation

Duplicate Export Data

Run Actions | View Query SQL

Integrating with ePolicy Orchestrator 4.5 Uninstallation

Вам также может понравиться