7 Replies Latest reply on Oct 7, 2013 3:50 PM by jadire

    LinuxShield 1.5 and OES 2 Linux

      Hello,

      I try to install LinuxShield 1.5.0 on my OES 2 Linux server with NSS Volume and eDirectory.

      I followed steps described in the documentation :

      - Create nails user on eDir
      - Create nailsgroup on eDir
      - Make nails a member on nailsgroup
      - LUM enable nails user
      - Give Supervisor right for nails to the volume
      - Install LinuxShield using rpm -ivh LinuxShield-1.5.0....
      - Accept licence, ...
      - choose nailsgroup as group administrator
      - choose nails as user
      - change password for that user

      At the next step, I get this error : cannot access /opt/NAI/LinuxShield as user nails

      How to install LinuxShield on OES 2 Linux or where is my mistake?

      Thanks in advance.
        • 1. RE: LinuxShield 1.5 and OES 2 Linux
          On a fresh new server I can now install LinuxShield for OES 2.
          But there is problem.
          I cannot login to the web page with nails user. I get an authentication error. I use the user eDirectory password. It seems that Apache is not able to authtenticate to eDirectory.

          How to solve this issue?

          Thanks.
          • 2. RE: LinuxShield 1.5 and OES 2 Linux
            What is the advantage to having a nails user and group?

            Why cant we just install locally and have the root user run the scans? Root can see NSS volumes, so we are unsure as to why we have to access to a nails user, read compare etc.. to files. Does this not pose a security risk?

            If anyone has the pros and cons for nails user in edirectory or local to server?
            • 3. RE: LinuxShield 1.5 and OES 2 Linux
              kjhurni
              There's a documentation error on McAfee's docs.

              If you want to login as the "nails" user (since the docs TELL you that you MUST LUM enable it), you would have to use the edirectory userid: nails, along with the password.

              But McAfee leaves out an important tidbit about their software.

              LinuxShield has its own PAM module that does NOT use eDirectory (so you cannot login as the LUM-enabled user)

              Why they do this, I don't know. They supposedly will address this in the next doc version (I had to open a support call and have it escalated)

              The relevant information (which I got from Novell, BTW):

              cat /etc/pam.d/nails

              You'll notice it only has two lines like:
              auth include common-auth
              auth required pam_nologin.so


              You need to "lum enable it", so edit that file and add this:

              auth sufficient pam_nam.so use_first_pass


              (put that on top of the two previous auth lines)
              • 4. pam_nam.so no workie
                hello all, I am having a similar problem here in that i cannot login to the mcafee web interface on

                https://192.168.105.148:55443 using sled10sp2

                i get the login prompt however /var/log/messages i get the following errors:

                Apr 6 15:50:26 080979DN-apr6a mon: PAM unable to dlopen(/lib/security/pam_nam.so)
                Apr 6 15:50:26 080979DN-apr6a mon: PAM [error: libldapsdk.so.0: cannot open shared object file: No such file or directory]
                Apr 6 15:50:26 080979DN-apr6a mon: PAM adding faulty module: /lib/security/pam_nam.so

                my /etc/pam.d/nails looks like:

                auth sufficient pam_nam.so use_first_pass
                auth include common-auth
                auth required pam_micasa.so
                auth required pam_nologin.so

                I tried with and without the use_first_pass option, made no difference

                I can however login to a virtual console using the nails account, so I know LUM is working fine and I can confirm the pam modules is there

                080979DN-apr6a:/lib/security # ll pam_nam.so
                -rwxr-xr-x 1 root root 99511 2009-04-02 21:15 pam_nam.so

                any assistance is appreciated.

                Neal
                • 5. RE: pam_nam.so no workie
                  kjhurni
                  I didn't think LinuxShield was suported on SLED?

                  The PAM modules may be diff. on SLED vs. SLES along with LUM features.
                  • 6. RE: LinuxShield 1.5 and OES 2 Linux
                    Hello all,

                    I'm having some trouble installing McAfee on my OES2 server.
                    There are 2 issues: he's not scanning my DATA volume and since the install my users or not able to access there files. They are however able to create/delete/move files but not to edit them.
                    Very strange...
                    Here you can see the steps I tried to install McAfee. I didn't recieved an error so my guess it's fine. Except for the LUM-enabling where I'm not sure of the steps I'd tried.

                    Can you guys help me out?

                    Thnx!

                    Tim

                    • 7. Re: LinuxShield 1.5 and OES 2 Linux
                      jadire

                      This thread is so old, but I'm having trouble on the default directory installation of McAfee on Linux CentOS 6.2 with version 1.9.0.  Getting the message, "cannot access as user nails".  Anyone have any idea why?

                       

                      jade