I have RHEL 7 with SELinux and am trying to get the McAfee Agent 5.7.3 to work with SELinux. Something is being denied, but I cannot figure out where. I have used ausearch - a avc to identify the apps that are being blocked and I feel like I have created policies based on the info given from that, but I am new at selinux and policies, so I may be doing something wrong. I do know that when I put selinux in permissive, everything works fine (cmdagent, MEDDAT updates). When it is enforcing, and I try to run the cmdagent from the terminal, it gives a "bash: /var/McAfee/agent/bin/cmdagent permission denied" message. I have the selinux packages for the agent and ENS installed on my system and everything is at the latest versions. Any information would be appreciated.
what is it denied? is it an application installed on that box? if thats the case then we need to isolate the problem to a product, if you disable/uninstall ENSL does the problem persist?
you dont normally need sudo when running "/var/McAfee/agent/bin/cmdagent - p" (adding a switch as an example) but could you try:
sudo /var/McAfee/agent/bin/cmdagent -p
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
It was denying McAfee services such as masvc and showing mfeespd as denied, but when I do a "audit2allow -a", it shows everything is being allowed. I have created numerous policies in seLinux to allow all of the modules I am seeing denied, but still won't work correctly. I have tried running commands with, and without, sudo, but I have been mainly running them with. As soon as I set selinux to setenforce 0, everything works, but when I do setenforce 1, nothing works.
I have created policies for everything being denied and nothing else is showing up being denied. Still can't get MEDDATs to update or cmdagent to run. Saying permission denied with running cmdagent -i or -p while running as root. Permissions on the cmdagent are rwx for root. Runs fine still with setenforce 0.
do you know what's causing this denies? is it a 3rd party application preventing MA from working? i question this as i see you have done some work excluding and permitting the agent processes
This is where I am confused because I generated policies to accept all the denials and I am still getting permission denied when turning on selinux. My next step is going to be to try and install MACC. Not sure if this is possible since I am working on RHEL 7.9 and this only mentions RHEL 8 in the instruction, but in the title mentions RHEL 7 and 8. Any other suggestions are welcome. Thanks.
To install MACC with RHEL 8 SELinux in "Enforcing" mode:
After reading the following article, I will not be installing MACC...
Since I installed the agent using the command install.sh -i on the machine, my next step will be to uninstall the agent and re-install it using the install.sh -i -r so processes can all run with root privileges. Maybe this is why I am getting a permission denied. Just throwing things at a wall at this point.
Thank you for your post. if it was indeed solidcore blocking your installation of Agent, You can try installation of agent by keeping Solidcore in update mode.
If your method still does not work, please log a support ticket with us for further investigation.
The agent installed fine, it just doesn't communicate with ePO to pull down MEDDAT files or allow cmdagent to run while in selinux enforcing mode. I noticed the macmnsvc runs with the mfe user and group privileges. Everything else runs with root. Should this service also run with root privileges?