McAfee QUICKCLEAN 3.0 User's Guide download pdf (Page 37)

SVA security requirements

The following security measures are implemented on the SVA.

Security

measure

Description

apparmor

apparmor is a kernel module that envelops processes and limits their system access to

predefined items as defined in their profile.

The MOVE scanning process, mvsvc, contains this profile: /etc/apparmor.d/opt.McAfee

.move.bin.mvsvc. There are two apparmor modes: complain and enforce. By default,

mvsvc is in enforce mode. You can change the mode to complain by using the aa‑complain

mvsvc command. To enable enforce mode, use the aa‑enforce mvsvc command.

While in complain mode, you can use the command aa‑logprof to analyze any requests

the process has made outside of its profile.

For more information, visit this website: https://help.ubuntu.com/10.04/serverguide/C/

apparmor.html

iptables The sva‑firewalls script enables the built‑in firewall. Usage is sva‑firewalls: start | stop |

restart. By default, the firewall rules allow:

• TCP port 22 (SSH)

• TCP port 8081 (McAfee Agent default port)

• UDP 67, 68 (DHCP)

The script name is sva‑firewall. It is located at etc/init.d/ and starts automatically.

SVA

settings

Add these options to harden the SVA from a VM perspective:

isolation.tools.diskWiper.disable=TRUE

isolation.tools.diskShrink.disable=TRUE

isolation.device.connectable.disable=TRUE

isolation.device.edit.disable=TRUE

RemoteDisplay.maxConnections=1

vmci0.unrestricted=FALSE

log.rotateSize=1000000

log.keepOld=10

For more information, visit this website: http://www.vmware.com/files/pdf/techpaper/

VMW‑TWP‑vSPHR‑SECRTY‑HRDNG‑USLET‑101‑WEB‑1.pdf

McAfee MOVE AntiVirus 3.0.0 Product Guide

1 2 ... 32 33 34 35 36 37 38 39 40 41

No comments

McAfee QUICKCLEAN 3.0 User's Guide Page 37