cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
BlueHerron
Level 8
Report Inappropriate Content
Message 1 of 25

SELinux denying McAfee Agent

I have RHEL 7 with SELinux and am trying to get the McAfee Agent 5.7.3 to work with SELinux.  Something is being denied, but I cannot figure out where.  I have used ausearch - a avc to identify the apps that are being blocked and I feel like I have created policies based on the info given from that, but I am new at selinux and policies, so I may be doing something wrong.  I do know that when I put selinux in permissive, everything works fine (cmdagent, MEDDAT updates).  When it is enforcing, and I try to run the cmdagent from the terminal, it gives a "bash: /var/McAfee/agent/bin/cmdagent permission denied" message.   I have the selinux packages for the agent and ENS installed on my system and everything is at the latest versions.  Any information would be appreciated.

24 Replies
aguevara
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 25

Re: SELinux denying McAfee Agent

what is it denied? is it an application installed on that box? if thats the case then we need to isolate the problem to a product, if you disable/uninstall ENSL does the problem persist?

you dont normally need sudo when running "/var/McAfee/agent/bin/cmdagent - p"  (adding a switch as an example) but could you try:

sudo /var/McAfee/agent/bin/cmdagent -p

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

 

BlueHerron
Level 8
Report Inappropriate Content
Message 3 of 25

Re: SELinux denying McAfee Agent

It was denying McAfee services such as masvc and showing mfeespd as denied, but when I do a "audit2allow -a", it shows everything is being allowed.  I have created numerous policies in seLinux to allow all of the modules I am seeing denied, but still won't work correctly.  I have tried running commands with, and without, sudo, but I have been mainly running them with.  As soon as I set selinux to setenforce 0, everything works, but when I do setenforce 1, nothing works.   

BlueHerron
Level 8
Report Inappropriate Content
Message 4 of 25

Re: SELinux denying McAfee Agent

I have created policies for everything being denied and nothing else is showing up being denied.  Still can't get MEDDATs to update or cmdagent to run.  Saying permission denied with running cmdagent -i or -p while running as root.  Permissions on the cmdagent are rwx for root.  Runs fine still with setenforce 0.

aguevara
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 25

Re: SELinux denying McAfee Agent

do you know what's causing this denies? is it a 3rd party application preventing MA from working? i question this as i see you have done some work excluding and permitting the agent processes 

BlueHerron
Level 8
Report Inappropriate Content
Message 6 of 25

Re: SELinux denying McAfee Agent

This is where I am confused because I generated policies to accept all the denials and I am still getting permission denied when turning on selinux.  My next step is going to be to try and install MACC.  Not sure if this is possible since I am working on RHEL 7.9 and this only mentions RHEL 8 in the instruction, but in the title mentions RHEL 7 and 8.  Any other suggestions are welcome.  Thanks.

 

Option 1
To install MACC with RHEL 8 SELinux in "Enforcing" mode:

  1. Run the following commands:
    # semanage fcontext -a -e /lib/modules /usr/local/mcafee/solidcore/kmod
    # restorecon -Rv /usr/local/mcafee/solidcore/kmod/
  2. Follow the onscreen prompts to tnstall MACC on your RHEL 8 server.

https://kc.mcafee.com/corporate/index?page=content&id=KB91660

 

aguevara
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 25

Re: SELinux denying McAfee Agent

i see now 🙂 Solidcore, let me move this post to that team and see if they can suggest further

BlueHerron
Level 8
Report Inappropriate Content
Message 8 of 25

Re: SELinux denying McAfee Agent

After reading the following article, I will not be installing MACC...

https://kc.mcafee.com/corporate/index?page=content&id=KB92460&locale=en_US

Since I installed the agent using the command  install.sh -i on the machine, my next step will be to uninstall the agent and re-install it using the install.sh -i -r so processes can all run with root privileges. Maybe this is why I am getting a permission denied.   Just throwing things at a wall at this point.  

AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 25

Re: SELinux denying McAfee Agent

Hi @BlueHerron,

Thank you for your post. if it was indeed solidcore blocking your installation of Agent, You can try installation of agent by keeping Solidcore in update mode.

If your method still does not work, please log a support ticket with us for further investigation.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

Re: SELinux denying McAfee Agent

The agent installed fine, it just doesn't communicate with ePO to pull down MEDDAT files or allow cmdagent to run while in selinux enforcing mode.  I noticed the macmnsvc runs with the mfe user and group privileges.  Everything else runs with root.  Should this service also run with root privileges?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community