cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ccastbr
Level 10
Report Inappropriate Content
Message 1 of 6

SELinux Confinement Mode query

Jump to solution

Is there a way to query the Enterprise to see which Linux systems have ENSL running in SELinux confinement?     It is possible to see the version of platform and threatprevention, but I am not seeing a way to verify, without logging on to individual systems, that the selinux package was loaded and threatprevention is running in selinux confinement.

1 Solution

Accepted Solutions
AjaySundar
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: SELinux Confinement Mode query

Jump to solution

Hi @ccastbr,

Good day to you!

Unfortunately, we do not have that option at the moment.

Please consider submitting a product enhancement request for this.

https://kc.mcafee.com/corporate/index?page=content&id=KB60021

Regards,

AJ

View solution in original post

5 Replies
AjaySundar
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: SELinux Confinement Mode query

Jump to solution

Hi @ccastbr,

Good day to you!

Unfortunately, we do not have that option at the moment.

Please consider submitting a product enhancement request for this.

https://kc.mcafee.com/corporate/index?page=content&id=KB60021

Regards,

AJ

View solution in original post

ccastbr
Level 10
Report Inappropriate Content
Message 3 of 6

Re: SELinux Confinement Mode query

Jump to solution

In the meantime, I  thought about running an EEDK that does an rpm -qa looking for the McAfee SELinux package and if present puts a string in a Custom property.  The ePO can query on that property.   Not the greatest idea, especially since the EEDK would have to be rerun.   

The other, and probably better, approach is to have one of our other applications report on running processes.  It is a little frustrating, though, that from the ePO you cannot tell if systems are compliant.   I did use an EEDK to distribute the RPM, and I suppose I could add setting a custom property there as well, to at least mark which systems were touched. 

Another question is, is there an order for installation of McAfee SELinux rpm and ENSL?   For instance, if Puppet is maintaining our systems and the McAfee SELinux rpm is installed, would it then be possible to install ENSL, or must ENSL be installed first?

If ENSL may be installed after the SELinux rpm is installed, then I could have Puppet maintain the rpm.

Thank you!

ccastbr
Level 10
Report Inappropriate Content
Message 4 of 6

Re: SELinux Confinement Mode query

Jump to solution

I believe ENSL must be installed first, and then the SELinux package.

Based on that, I should be able to create a Puppet module to install the selinux rpm if ENSL is present and the rpm McAfeeENS-selinux is not. 

Perhaps that is the best approach.

 

AjaySundar
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 6

Re: SELinux Confinement Mode query

Jump to solution
ccastbr
Level 10
Report Inappropriate Content
Message 6 of 6

Re: SELinux Confinement Mode query

Jump to solution

Thank you.   I missed that statement, "You can install SE-Linux RPM package on
standalone or managed Linux machine, before or after installing McAfee Endpoint Security for Linux 10.7.2"

I am assuming the SELinux rpm version will be updated as the ENSL package version is updated?    

Installation of the SELinux rpm is described as a manual install on a Linux machine. Is it correct that it is not deployed from the ePO? 

 

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community