Check: UBTU-16-030900
Canonical Ubuntu 16.04 LTS STIG:
UBTU-16-030900
(in versions v2 r3 through v2 r1)
Title
The system must use a DoD-approved virus scan program. (Cat I impact)
Discussion
Virus scanning software can be used to protect a system from penetration from computer viruses and to limit their spread through intermediate systems. The virus scanning software should be configured to perform scans dynamically on accessed files. If this capability is not available, the system must be configured to scan, at a minimum, all altered files on the system on a daily basis. If the system processes inbound SMTP mail, the virus scanner must be configured to scan all received mail.
Check Content
Verify the system is using a DoD-approved virus scan program. Check for the presence of "McAfee VirusScan Enterprise for Linux" with the following command: # systemctl status nails nails - service for McAfee VirusScan Enterprise for Linux > Loaded: loaded /opt/NAI/package/McAfeeVSEForLinux/McAfeeVSEForLinux-2.0.2.<build_number>; enabled) > Active: active (running) since Mon 2015-09-27 04:11:22 UTC;21 min ago If the "nails" service is not active, check for the presence of "clamav" on the system with the following command: # systemctl status clamav-daemon.socket systemctl status clamav-daemon.socket clamav-daemon.socket - Socket for Clam AntiVirus userspace daemon Loaded: loaded (/lib/systemd/system/clamav-daemon.socket; enabled) Active: active (running) since Mon 2015-01-12 09:32:59 UTC; 7min ago If neither of these applications are loaded and active, ask the System Administrator if there is an antivirus package installed and active on the system. If no antivirus scan program is active on the system, this is a finding.
Fix Text
Install an approved DoD antivirus solution on the system.
Additional Identifiers
Rule ID: SV-220332r610931_rule
Vulnerability ID: V-220332
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001241 |
The organization configures malicious code protection mechanisms to perform periodic scans of the information system on an organization-defined frequency. |
Controls
Number | Title |
---|---|
SI-3 |
Malicious Code Protection |