vsel 160 config guide en-us

McAfee VirusScan Enterprise for Linux, v1.6Configuration Guide

COPYRIGHT

Copyright © 2010 McAfee, Inc. All Rights Reserved.

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any formor by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.

TRADEMARK ATTRIBUTIONS

AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCEEXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN,WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red inconnection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole propertyof their respective owners.

LICENSE INFORMATION

License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED,WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICHTYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTSTHAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET,A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOUDO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURNTHE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.

McAfee VirusScan Enterprise for Linux software, version 1.6 — Configuration Guide2

ContentsIntroducing McAfee VirusScan Enterprise for Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4

Product Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

What’s new in this release. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Integrating with ePolicy Orchestrator 4.0. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6

Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Installing McAfee VirusScan Enterprise for Linux using ePolicy Orchestrator 4.0. . . . . . . . . . . . . . . . . . . . . . . . 7

Sending an agent wake-up call. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Setting policies within ePolicy Orchestrator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Creating or editing policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Enforcing policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Scheduling tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Creating a Product Update task. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Creating an on-demand scan task. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Configuring reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Uninstallation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Removing McAfee VirusScan Enterprise for Linux from the client computer. . . . . . . . . . . . . . . . . . . 12

Removing McAfee VirusScan Enterprise for Linux from ePolicy Orchestrator 4.0. . . . . . . . . . . . . . . . 13

Integrating with ePolicy Orchestrator 4.5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Installing McAfee VirusScan Enterprise for Linux using ePolicy Orchestrator 4.5. . . . . . . . . . . . . . . . . . . . . . . 15

Sending an agent wake-up call. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Setting policies within ePolicy Orchestrator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Creating or editing policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Enforcing policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Scheduling tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Creating a Product Update task. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Creating an on-demand scan task. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Configuring reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Uninstallation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Removing McAfee VirusScan Enterprise for Linux from the client computer. . . . . . . . . . . . . . . . . . . 21

Removing McAfee VirusScan Enterprise for Linux from ePolicy Orchestrator 4.5. . . . . . . . . . . . . . . . 21

3McAfee VirusScan Enterprise for Linux software, version 1.6 — Configuration Guide

Introducing McAfee VirusScan Enterprise forLinux

McAfee VirusScan Enterprise for Linux (previously known as LinuxShield) detects and removesviruses and other potentially unwanted software on Linux-based systems.

NOTE: This information is intended for network administrators who are responsible for theircompany’s anti-virus and security program.

Contents

Product Features

What’s new in this release

Product FeaturesMcAfee VirusScan Enterprise for Linux software has the following features:

• Support for 64-bit AMD64/Intel EM64T operating systems.

• The latest version (5400) of the McAfee anti-virus engine.

• Incremental Virus Signature (DAT) updates.

• Mod-versioning for automatic kernel support.

• Scanning

• Comprehensive on-access anti-virus scanning and cleaning using the McAfee scanningengine.

• On-access scanning for local file systems, NFS and Samba.

• Kernel-level scan cache for improved performance.

• Scheduling of on-demand scans.

• Scheduling of updates for scanning engine and virus definition files.

• Administration

• Remote administration using browser-based interface.

• Secure browser interface with authentication and HTTPS (SSL) support.

• Remote administration and reporting using ePolicy Orchestrator.

• Reporting

• Real-time statistics.

• Detailed database for detected items and system events.

• Ability to query the database by date range or individual field values, for example, virusname. Results of query can be exported to a CSV file.


• Configurable email notification for detected items, out-of-date virus definition files,configuration changes, and system events.

• Diagnostic report for use when reporting a problem with the product.

Features not supported

• Support for 2.4 kernels.

What’s new in this releaseThis release of VirusScan Enterprise for Linux includes the following new enhancements:

• Support for SuSE Linux Enterprise Server/Desktop 11

• Support for CentOS 4.x

• Support for CentOS 5.x

• Support for Fedora Core 10, 11, and 12

• Support for Ubuntu 8.04, 9.04, and 9.10 (Desktop/Server edition)

• Regular expression based exclusions for On-access scan and On-demand scan from the userinterface.

• The latest version (5400) of the McAfee anti-virus engine.

Introducing McAfee VirusScan Enterprise for LinuxWhat’s new in this release


Integrating with ePolicy Orchestrator 4.0This chapter describes how to configure McAfee VirusScan Enterprise for Linux, version 1.6using McAfee ePolicy Orchestrator management software version 4.0. To use this chaptereffectively, you need to be familiar with ePolicy Orchestrator 4.0.

McAfee ePolicy Orchestrator 4.0 provides a scalable platform for centralized policy managementand enforcement on your McAfee security products and systems on which they reside. It alsoprovides comprehensive reporting and product deployment capabilities; all through a singlepoint of control.

NOTE: This guide does not provide detailed information about installing or using ePolicyOrchestrator software. See the McAfee ePolicy Orchestrator 4.0 - Installation/Product Guide.

Contents

Prerequisites

Installing McAfee VirusScan Enterprise for Linux using ePolicy Orchestrator 4.0

Sending an agent wake-up call

Setting policies within ePolicy Orchestrator

Scheduling tasks

Configuring reports

Uninstallation

PrerequisitesBefore deploying McAfee VirusScan Enterprise for Linux on Novel Open Enterprise Server 1 or2:

1 From the Novell eDirectory server, use iManager and create a user called "nails" and agroup called "nailsgroup".

2 Add the user "nails" a member of the "nailsgroup". Enable the user and group using theLinux User Management.

3 Provide "nails" user with administrative privileges on all the NSS volumes. For example:rights -f /media/nss/<VOL-name> -r s trustee nails.<context>.<tree>

NOTE: You need to provide administrative privileges to the "nails" user, every time a newNSS volume is created.


Installing McAfee VirusScan Enterprise for Linuxusing ePolicy Orchestrator 4.0

Assumption

• If you are deploying VirusScan Enterprise for Linux for the first time, ensure that there isno user as "nails" and/or user groups as "nails" or "nailsgroup" in the client computer.

Task

1 Log on to the ePolicy Orchestrator 4.0 server as an administrator.

2 Create a temporary directory on your local drive.

3 Download the archive McAfeeVSEForLinux-1.6.0-<build>-release.noarch.tar.gzand extract the files to the temporary directory.

4 Click Software |Master Repository | Check In Package. The Package page appears.

5 Select the Package type as Product or Update (.ZIP) and browse in File path to locateMSA-LNX_4.5.0_Package.ZIP extracted in the temporary directory.

6 Click Next. The Package Options page appears with the package information.

7 Select a Branch.

8 In Options, select the required option(s), then click Save.

9 Click Software |Master Repository | Check In Package. The Package page appears.

10 Select the Package type as Product or Update (.ZIP) and browse in File path to locateMcAfeeVSEForLinux-1.6.0-<build>-EPO.ZIP extracted in the temporary directory.


12 Select a Branch.


14 Click Configuration | Extensions | Install Extension to install the McAfee Agent policyextension. The Install Extension dialog box appears.

15 Click Browse, select the extension file EPOAGENTMETA.ZIP, then click OK on the InstallExtension page.

16 Click Configuration | Extensions | Install Extension to install the McAfee VirusScanEnterprise for Linux policy extension. The Install Extension dialog box appears.

17 Click Browse, select the extension file LYNXSHLD1600.ZIP, then click OK on the InstallExtension page.

18 Click Configuration | Extensions | Install Extension to install the McAfee VirusScanEnterprise for Linux reports extension. The Install Extension dialog box appears.

19 Click Browse, select the extension file LYNXSHLD1600PARSER.ZIP, then click OK onthe Install Extension page.

NOTE: Before installing the reports extension, ensure that you have removed the previousLinuxShield reports extension module (LYNXSHLDPARSER).

20 From the ePolicy Orchestrator server, copy "INSTALL.SH" and "INSTALLDEB.SH" from"C:\Program Files\McAfee\ePolicyOrchestrator\DB\Software\Current\EPOAGENT3700LYNX\Install\0409" to yourLinux client computer.

21 From the Linux terminal, execute the following command:

Integrating with ePolicy Orchestrator 4.0Installing McAfee VirusScan Enterprise for Linux using ePolicy Orchestrator 4.0


sh install.sh –i

Incase of Ubuntu operating system, type sh installdeb.sh -i

This will establish a connection between ePolicy Orchestrator and the Linux client computer.

22 Click Systems | System Tree | Client Tasks | New Task to install McAfee VirusScanEnterprise for Linux on the client Linux computer. The Client Task Builder page appears.

23 In Description, type a Name, Notes for the task and select the Type as ProductDeployment (McAfee Agent), then click Next.

24 In Configuration, select the Target Platforms as Linux.

25 In Products and components, select VirusScan Enterprise for Linux 1.6.0 from thedrop-down list, then select the Action as Install.

26 Click Next to schedule this task immediately or as required.

27 Click Next to view a summary of the task.

28 Click Save and send an agent wake-up call. Wait for the deployment task to complete.

Sending an agent wake-up callAll systems in the network are managed in the Systems tab. The System Tree contains allsystems that are managed by the ePolicy Orchestrator server. It is the primary interface formanaging policies and tasks on these systems. You can organize or sort these systems intological groups in the System Tree.

MyOrganization is the root of the System Tree. It includes a Lost&Found group that storessystems whose locations cannot be determined by the server. Depending on the methods youuse to create and maintain the System Tree segments (systems), the server uses differentcharacteristics to place the systems in the System Tree.

NOTE: For information on adding a new system, refer to the McAfee ePolicy Orchestrator 4.0Product Guide.

Task


2 Click Systems.

3 Select a group in the System Tree.

4 Select the Computer Name(s) of that group.

5 Click More Actions | Wake Up Agent. The Wake Up Agents page appears.

6 Select a Wake-up call type and a Randomization period (0-60 minutes) by which thesystem(s) respond to the wake-up call sent by the ePolicy Orchestrator server.

7 Select Get full product properties for the agent(s) to send complete properties insteadof sending only those that have changed since the last agent-to-server communication.

8 Click OK.

NOTE: Navigate to Server Task Log to see the status of the agent wake-up call.

Integrating with ePolicy Orchestrator 4.0Sending an agent wake-up call


Setting policies within ePolicy OrchestratorThe ePolicy Orchestrator console allows you to enforce policies across groups of computers oron a single computer. These policies override configurations set on individual computers. Forinformation regarding policies and how they are enforced, see the McAfee ePolicy Orchestrator4.0 Product Guide.

Before configuring any policies, select the group of computers for which you want to modifyMcAfee VirusScan Enterprise for Linux policies. You can modify McAfee VirusScan Enterprisefor Linux policies from the pages and tabs that are available in the details pane of the ePolicyOrchestrator console. These pages are nearly identical to those you can access directly fromthe McAfee VirusScan Enterprise for Linux user interface.

After you have modified the appropriate policies and saved the changes for the intendedcomputer or group of computers, you are ready to deploy new settings via the McAfee Agent.

Tasks

Creating or editing policies

Enforcing policies

Creating or editing policiesYou can create, edit, delete, or assign a policy to a specific group in the System Tree.

Task

1 Log on to the ePolicy Orchestrator server as an administrator.

2 Click Systems | System Tree | Policies. The Policies page appears.

3 Select Product as VirusScan Enterprise for Linux 1.6.0. A list of policies managed byMcAfee VirusScan Enterprise for Linux appears in the lower pane.

4 Locate the required policy, and click Edit Assignment next to the policy. The policyassignment for the chosen group page appears.

5 Click Edit Policy or New Policy as required.

NOTE: If you click New Policy, the Create a new policy dialog box appears. Select thepolicy you want to duplicate from the Create a policy based on this existing policydrop-down list, type a name then click OK. The new policy wizard appears.

6 Edit the policy setting as required, then click Save.

Enforcing policiesYou can enforce a policy to multiple managed systems within a group.

Task


2 Click Systems | System Tree and select a required group or system(s).

3 Click Assign Policy. The Assigning Policy for <n> system page appears.

4 Select the Product, Category, and Policy from the drop-down menu, then click Save.

5 Select the systems again.

Integrating with ePolicy Orchestrator 4.0Setting policies within ePolicy Orchestrator


6 Send an agent wake-up call. For instructions on sending an agent wake-up call, pleaserefer to Sending an agent wake-up call section.

NOTE: You can create and enforce McAfee VirusScan Enterprise for Linux policies and viewreports only after adding the McAfee VirusScan Enterprise for Linux extension files.

Scheduling tasksThe ePolicy Orchestrator software allows you to create, schedule, and maintain client tasks thatrun on the managed systems. You can define client tasks for the entire System Tree, a specificgroup, or an individual system.

Tasks

Creating a Product Update task

Creating an on-demand scan task

Creating a Product Update taskYour software can only provide full protection if you keep it up-to-date with the latest anti-virusdefinitions (DATs), spam engine, and anti-virus scanning engine. We recommend that youupdate DAT files daily and regularly check the McAfee AVERT (Anti-Virus Emergency ResponseTeam) website for new DAT files. Use this task to schedule autoupdates on the Linux serverusing ePolicy Orchestrator.

Task



3 From Client Tasks, select the required group in the System Tree for which you want tocreate the Product Update task.

4 Click New Task. The Client Task Builder page appears.

5 In Description, type a Name and Notes (if required) for the Product Update task.

6 Select Product Update (McAfee Agent) as the Type of the task and click Next.

7 Schedule the task as desired and click Next to select the DAT, ExtraDAT and LinuxEngine.

8 Schedule the task immediately or as required, then click Next to view the Summary ofthe product update task.

9 Click Save.

10 Send an agent wake-up call.

NOTE: Click Edit to change the description/schedule of a product update task or Deleteto remove it.

Creating an on-demand scan taskUse this task to schedule an on-demand scan on the Linux client computer using ePolicyOrchestrator. On-demand scan task involves a scheduled scanning of your Linux server(s) to

Integrating with ePolicy Orchestrator 4.0Scheduling tasks


find a threat, vulnerability, or other potentially unwanted code. It can take place immediately,at a scheduled time in the future, or at regularly-scheduled intervals.

Task



3 From Client Tasks, select the required group in the System Tree for which you want tocreate the on-demand scan task.

4 Click New Task. The Client Task Builder page appears.

5 In Description, type a Name and Notes (if required) for the on-demand scan task.

6 Select On Demand Scan (VirusScan Enterprise for Linux 1.6.0) as the Type of thetask, then click Next.

7 In Configuration, select a policy from the drop-down menu, then click Next.

8 Schedule the task immediately or as required, then click Next to view the Summary ofthe on-demand scan task.

9 Click Save.


NOTE: Click Edit to change the description/schedule of an on-demand scan task or Deleteto remove it.

Configuring reportsReports are pre-defined queries which query the ePolicy Orchestrator database and generatea graphical output. McAfee ePolicy Orchestrator 4.0 has its own querying and reportingcapabilities. McAfee includes a set of default queries on the left pane. However, you can createa new query, edit, and manage all the queries related to McAfee VirusScan Enterprise for Linux.

Creating a new query


NOTE: If the pre-defined queries on the left side does not serve your purpose, ePolicyOrchestrator enables you to create your own queries.

2 Click Reporting | New Query. The Result Type page appears.

3 On the left pane, select a data type that the query should retrieve and click Next. TheChart page appears.

4 Select and accordingly configure a display chart/table and click Next. The Columns pageappears allowing you to select columns for the chart/table.

5 Select column(s) from the Available Columns pane and click Next.

6 The Filter page appears. Specify criteria by selecting properties and operators to limit thedata retrieved by the query.

7 Click Run, then Save. The Save Query page appears.

Integrating with ePolicy Orchestrator 4.0Configuring reports


8 Type a Name and Notes (if required) for the query, then click Save.

Table 1: Reporting OptionsDefinitionOption

Deletes a selected query.Delete

Launches the Query Builder page loaded with thedetails of the selected query, where you can edit thedetails of a selected query.

Edit

Moves the selected query from My Queries list to thePublic Queries list, making it available to all userswith permissions.

Make Public

Creates and saves a copy of the selected query.Duplicate

Exports the selected query to an XML file that can beimported to any ePolicy Orchestrator server.

Export

Runs the selected query and displays its result.Run

Takes you to the View Query SQL page, where youcan view and copy the SQL script of the selected query.

More Actions | View Query SQL

Launches a dialog box that allows you to browse to anexported query file. When you import a query file, theserver adds it to My Queries list.

Import Query

Running a query


2 Click Reporting. A list of queries appear on the left pane.

3 Select a McAfee VirusScan Enterprise for Linux related query from the list.

4 Click Run. The graphical output is displayed.

UninstallationThis section provides instructions to uninstall McAfee VirusScan Enterprise for Linux from theclient computers and remove the extensions from the ePolicy Orchestrator 4.0 server.

Tasks

Removing McAfee VirusScan Enterprise for Linux from the client computer

Removing McAfee VirusScan Enterprise for Linux from ePolicy Orchestrator 4.0

RemovingMcAfee VirusScan Enterprise for Linux from the clientcomputer

Use this task to remove McAfee VirusScan Enterprise for Linux from the client computer usingePolicy Orchestrator 4.0.

Task


Integrating with ePolicy Orchestrator 4.0Uninstallation


2 Click Systems | System Tree | Client Tasks | New Task. The Client Task Builderpage appears.

3 In Description, type a Name, Notes for the task and select the Type as ProductDeployment (McAfee Agent), then click Next.

4 Under Configuration, select the Target Platforms as Linux.

5 In Products and components, select VirusScan Enterprise for Linux 1.6.0 from thedrop-down menu and select the Action as Remove.

6 Click Next to schedule the task immediately or as required.


8 Click Save and send an agent wake-up call.

Removing McAfee VirusScan Enterprise for Linux from ePolicyOrchestrator 4.0

Use this task to remove McAfee VirusScan Enterprise for Linux from the ePolicy Orchestrator4.0 repository.

Task


2 Click Software | Master Repository.

3 Click the Delete link of VirusScan Enterprise for Linux.

4 To remove the product and reports extension, click Configuration.

5 From the left pane, select the report extension file VirusScan Enterprise for LinuxReports and click Remove.

6 Select the option Force removal, bypassing any checks or errors, then click OK.

7 From the left pane, select the product extension file VirusScan Enterprise for Linux1.6.0 and click Remove.




Integrating with ePolicy Orchestrator 4.5This chapter describes how to configure McAfee VirusScan Enterprise for Linux, version 1.6using McAfee ePolicy Orchestrator management software version 4.5. To use this chaptereffectively, you need to be familiar with ePolicy Orchestrator 4.5.

McAfee ePolicy Orchestrator 4.5 provides a scalable platform for centralized policy managementand enforcement on your McAfee security products and systems on which they reside. It alsoprovides comprehensive reporting and product deployment capabilities; all through a singlepoint of control.

NOTE: This guide does not provide detailed information about installing or using ePolicyOrchestrator software. See the McAfee ePolicy Orchestrator 4.5 - Installation/Product Guide.

Contents

Prerequisites

Installing McAfee VirusScan Enterprise for Linux using ePolicy Orchestrator 4.5

Sending an agent wake-up call

Setting policies within ePolicy Orchestrator

Scheduling tasks

Configuring reports

Uninstallation

PrerequisitesBefore deploying McAfee VirusScan Enterprise for Linux on Novel Open Enterprise Server 1 or2:

1 From the Novell eDirectory server, use iManager and create a user called "nails" and agroup called "nailsgroup".

2 Add the user "nails" a member of the "nailsgroup". Enable the user and group using theLinux User Management.

3 Provide "nails" user with administrative privileges on all the NSS volumes. For example:rights -f /media/nss/<VOL-name> -r s trustee nails.<context>.<tree>

NOTE: You need to provide administrative privileges to the "nails" user, every time a newNSS volume is created.


Installing McAfee VirusScan Enterprise for Linuxusing ePolicy Orchestrator 4.5

Assumption

• If you are deploying VirusScan Enterprise for Linux for the first time, ensure that there isno user as "nails" and/or user groups as "nails" or "nailsgroup" in the client computer.

Task


2 Create a temporary directory on your local drive.

3 Download the archive McAfeeVSEForLinux-1.6.0-<build>-release.noarch.tar.gzand extract the files to the temporary directory.

4 Click Menu | Software | Master Repository. The Packages in Master Repositorypage appears.

5 Click Actions | Check In Package. The Check In Package page appears.

6 Select the Package type as Product or Update (.ZIP) and browse in File path to locateMSA-LNX_4.5.0_Package.ZIP extracted in the temporary directory.


8 Select a Branch.



11 Click Actions | Check In Package. The Check In Package page appears.

12 Select the Package type as Product or Update (.ZIP) and browse in File path to locateMcAfeeVSEForLinux-1.6.0-<build>-EPO.ZIP extracted in the temporary directory.


14 Select a Branch.


16 Click Menu | Software | Extensions. The Extensions page appears.

17 Click Install Extension to install the McAfee Agent policy extension. The InstallExtension dialog box appears.

18 Click Browse, select the extension file EPOAGENTMETA.ZIP, then click OK on the InstallExtension page.


20 Click Install Extension to install the McAfee VirusScan Enterprise for Linux policy extension.The Install Extension dialog box appears.

21 Click Browse, select the extension file LYNXSHLD1600.ZIP, then click OK on the InstallExtension page.


23 Click Install Extension to install the McAfee VirusScan Enterprise for Linux reportsextension. The Install Extension dialog box appears.

Integrating with ePolicy Orchestrator 4.5Installing McAfee VirusScan Enterprise for Linux using ePolicy Orchestrator 4.5


24 Click Browse, select the extension file LYNXSHLD1600PARSER.ZIP, then click OK onthe Install Extension page.

NOTE: Before installing the reports extension, ensure that you have removed the previousLinuxShield reports extension module (LYNXSHLDPARSER).

25 From the ePolicy Orchestrator server, copy "INSTALL.SH" and "INSTALLDEB.SH" from"C:\Program Files\McAfee\ePolicyOrchestrator\DB\Software\Current\EPOAGENT3700LYNX\Install\0409" to yourLinux client computer.

26 From the Linux terminal, execute the following command:

sh install.sh –i

Incase of Ubuntu operating system, type sh installdeb.sh -i

This will establish a connection between ePolicy Orchestrator and the Linux client computer.

27 Click Menu | Systems | System Tree. The System Tree page appears.

28 Click Client Tasks | New Task to install McAfee VirusScan Enterprise for Linux on theclient Linux computer. The Client Task Builder page appears.

29 In Description, type a Name, Notes for the task and select the Type as ProductDeployment and click Next.

30 In Configuration, select the Target platforms as Linux.

31 In Products and components, select VirusScan Enterprise for Linux 1.6.0 from thedrop-down list, then select the Action as Install.

32 Click Next to schedule this task immediately or as required.


34 Click Save and send an agent wake-up call. Wait for the deployment task to complete.

Sending an agent wake-up callAll systems in the network are managed in the Systems tab. The System Tree contains allsystems that are managed by the ePolicy Orchestrator server. It is the primary interface formanaging policies and tasks on these systems. You can organize or sort these systems intological groups in the System Tree.

MyOrganization is the root of the System Tree. It includes a Lost&Found group that storessystems whose locations cannot be determined by the server. Depending on the methods youuse to create and maintain the System Tree segments (systems), the server uses differentcharacteristics to place the systems in the System Tree.

NOTE: For information on adding a new system, refer to the McAfee ePolicy Orchestrator 4.5Product Guide.

Task


2 Click Menu | Systems | System Tree.

3 Select a group in the System Tree.

4 Select the Computer Name(s) of that group.

5 Click Actions | Agent |Wake Up Agents. TheWake Up McAfee Agent page appears.

Integrating with ePolicy Orchestrator 4.5Sending an agent wake-up call


6 Select the Wake-up call type as Agent Wake-Up Call and a Randomization period(0-60 minutes) by which the system(s) respond to the wake-up call sent by the ePolicyOrchestrator server.

7 Select Get full product properties for the agent(s) to send complete properties insteadof sending only those that have changed since the last agent-to-server communication.

8 Click OK.

NOTE: To see the status of the agent wake-up call, click Menu | Automation | ServerTask Log.

Setting policies within ePolicy OrchestratorThe ePolicy Orchestrator console allows you to enforce policies across groups of computers oron a single computer. These policies override configurations set on individual computers. Forinformation regarding policies and how they are enforced, see the McAfee ePolicy Orchestrator4.5 Product Guide.

Before configuring any policies, select the group of computers for which you want to modifyMcAfee VirusScan Enterprise for Linux policies. You can modify McAfee VirusScan Enterprisefor Linux policies from the pages and tabs that are available in the details pane of the ePolicyOrchestrator console. These pages are nearly identical to those you can access directly fromthe McAfee VirusScan Enterprise for Linux user interface.

After you have modified the appropriate policies and saved the changes for the intendedcomputer or group of computers, you are ready to deploy new settings via the McAfee Agent.

Tasks

Creating or editing policies

Enforcing policies

Creating or editing policiesYou can create, edit, delete, or assign a policy to a specific group in the System Tree.

Task



3 Click Assigned Policies.

4 Select Product as VirusScan Enterprise for Linux 1.6.0. A list of policies managed byMcAfee VirusScan Enterprise for Linux appears in the lower pane.

5 Locate the required policy, and click Edit Assignment next to the policy. The policyassignment for the chosen group page appears.

6 Click Edit Policy or New Policy as required.

NOTE: If you click New Policy, the Create a new policy dialog box appears. Select thepolicy you want to duplicate from the Create a policy based on this existing policydrop-down list, type a name then click OK. The new policy wizard appears.

7 Edit the policy setting as required, then click Save.

Integrating with ePolicy Orchestrator 4.5Setting policies within ePolicy Orchestrator


Enforcing policiesYou can enforce a policy to multiple managed systems within a group.

Task


2 Click Menu | Systems | System Tree and select a required group or system(s).

3 Click Assigned Policies and from the Product drop-down menu, select VirusScanEnterprise for Linux 1.6.0.

4 Select the Category and click Edit Assignment.

5 Select the policy from the Assigned policy drop-down menu and click Save.

6 Select the systems again.

7 Send an agent wake-up call. For instructions on sending an agent wake-up call, pleaserefer to Sending an agent wake-up call section.

NOTE: You can create and enforce McAfee VirusScan Enterprise for Linux policies and viewreports only after adding the McAfee VirusScan Enterprise for Linux extension files.

Scheduling tasksThe ePolicy Orchestrator software allows you to create, schedule, and maintain client tasks thatrun on the managed systems. You can define client tasks for the entire System Tree, a specificgroup, or an individual system.

Tasks

Creating a Product Update task

Creating an on-demand scan task

Creating a Product Update taskYour software can only provide full protection if you keep it up-to-date with the latest anti-virusdefinitions (DATs), spam engine, and anti-virus scanning engine. We recommend that youupdate DAT files daily and regularly check the McAfee AVERT (Anti-Virus Emergency ResponseTeam) website for new DAT files. Use this task to schedule autoupdates on the Linux serverusing ePolicy Orchestrator.

Task


2 ClickMenu | Systems | System Tree and select a required group or system(s) for whichyou want to create the Product Update task.

3 From Client Tasks, click Actions | New Task. The Client Task Builder page appears.

4 In Description, type a Name and Notes (if required) for the Product Update task.

5 Select Product Update as the Type of the task and click Next.

6 Schedule the task as desired and click Next to select the DAT, ExtraDAT and LinuxEngine.

Integrating with ePolicy Orchestrator 4.5Scheduling tasks


7 Schedule the task immediately or as required, then click Next to view the Summary ofthe product update task.

8 Click Save.


NOTE: Click Edit to change the description/schedule of a product update task or Deleteto remove it.

Creating an on-demand scan taskUse this task to schedule an on-demand scan on the Linux client computer using ePolicyOrchestrator. On-demand scan task involves a scheduled scanning of your Linux server(s) tofind a threat, vulnerability, or other potentially unwanted code. It can take place immediately,at a scheduled time in the future, or at regularly-scheduled intervals.

Task


2 ClickMenu | Systems | System Tree and select a required group or system(s) for whichyou want to create the on-demand scan task.

3 From Client Tasks, click Actions | New Task. The Client Task Builder page appears.

4 In Description, type a Name and Notes (if required) for the on-demand scan task.

5 Select On Demand Scan (VirusScan Enterprise for Linux 1.6.0) as the Type of thetask, then click Next.

6 In Configuration, select a policy from the drop-down menu, then click Next.

7 Schedule the task immediately or as required, then click Next to view the Summary ofthe on-demand scan task.

8 Click Save.


NOTE: Click Edit to change the description/schedule of an on-demand scan task or Deleteto remove it.

Configuring reportsReports are pre-defined queries which query the ePolicy Orchestrator database and generatea graphical output. McAfee ePolicy Orchestrator 4.5 has its own querying and reportingcapabilities. McAfee includes a set of default queries on the left pane. However, you can createa new query, edit, and manage all the queries related to McAfee VirusScan Enterprise for Linux.

Creating a new query


NOTE: If the pre-defined queries on the left side does not serve your purpose, ePolicyOrchestrator enables you to create your own queries.

2 Click Menu | Reporting | Queries. The Queries page appears.

3 Click Actions | New Query. The Query Wizard page appears.

Integrating with ePolicy Orchestrator 4.5Configuring reports


4 On the left pane, select a Feature Group that the query should retrieve.

5 Select a Result Type and click Next. The Chart page appears.

6 Select and accordingly configure a display chart/table and click Next. The Columns pageappears allowing you to select columns for the chart/table.

7 Select column(s) from the Available Columns pane and click Next.

8 The Filter page appears. Specify criteria by selecting properties and operators to limit thedata retrieved by the query.

9 Click Run, then Save. The Save Query page appears.

10 Type a Name and Notes (if required) for the query, then click Save.

Table 2: Reporting OptionsDefinitionOption

Deletes a selected query.Delete

Launches the Query Builder page loaded with thedetails of the selected query, where you can edit thedetails of a selected query.

Edit

Creates and saves a copy of the selected query.Duplicate

Exports the selected query to an XML file that can beimported to any ePolicy Orchestrator server.

Export Data

Runs the selected query and displays its result.Run

Takes you to the View Query SQL page, where youcan view and copy the SQL script of the selected query.

Actions | View Query SQL

Launches a dialog box that allows you to browse to anexported query file. When you import a query file, theserver adds it to My Queries list.

Import Query

Running a query


2 Click Menu | Reporting | Queries. A list of queries appear on the left pane.

3 Select a McAfee VirusScan Enterprise for Linux related query from the list.

4 Click Run. The graphical output is displayed.

UninstallationThis section provides instructions to uninstall McAfee VirusScan Enterprise for Linux from theclient computers and remove the extensions from the ePolicy Orchestrator 4.5 server.

Tasks

Removing McAfee VirusScan Enterprise for Linux from the client computer

Removing McAfee VirusScan Enterprise for Linux from ePolicy Orchestrator 4.5



RemovingMcAfee VirusScan Enterprise for Linux from the clientcomputer

Use this task to remove McAfee VirusScan Enterprise for Linux from the client computer usingePolicy Orchestrator 4.5.

Task



3 Click Client Tasks | Actions | New Task. The Client Task Builder page appears.

4 In Description, type a Name, Notes for the task and select the Type as ProductDeployment, then click Next.

5 Under Configuration, select the Target Platforms as Linux.

6 In Products and components, select VirusScan Enterprise for Linux 1.6.0 from thedrop-down menu and select the Action as Remove.

7 Click Next to schedule the task immediately or as required.


9 Click Save and send an agent wake-up call.

Removing McAfee VirusScan Enterprise for Linux from ePolicyOrchestrator 4.5

Use this task to remove McAfee VirusScan Enterprise for Linux from the ePolicy Orchestrator4.5 repository.

Task



3 Click the Delete link of VirusScan Enterprise for Linux.

4 To remove the product and reports extension, click Menu | Software | Extensions. TheExtensions page appears.

5 From the left pane, select VirusScan Enterprise for Linux.

6 Select the report extension file VirusScan Enterprise for Linux Reports, then clickRemove.


8 Select the product extension file VirusScan Enterprise for Linux 1.6.0 and click Remove.




vsel 160 config guide en-us

Documents