SITUATION: Using ePO 4.5.5 (MR4) and pushing out VSE for Linux 1.7 to RHEL 5 nodes. VSE for Linux 1.7 installs Apache version 1.3.42 (a very old version).
GOAL: I know VSE for Linux 1.7.1 installs Apache version 2.4.2 but it would be my preference to not install it at all to avoid any vulnerabilities (past, present, & future) in apache and just control the Virus Scan settings from ePO.
SIDE QUESTION: Is stopping the web service good enough? I know KB71824 has a good work around solution on how to stop the web service from running (and I know the KB article is for VSE for Linux 1.6).
MAIN QUESTION: How do I stop apache from installing when I install VSE for Linux 1.7? I have searched through the install script (McAfeeVSEForLinux-1.7.0-installer) and came up with two potential solutions, but it is not behaving as I thought it would.
RUN_WITH_MONITOR=yes should be set to =no. This line overwrites the variable from the config file, and forces it to “yes”. I hope it was a coding mistake because they have several lines of code checking if the value is set to yes or no. Having it overwrite the setting makes all that code a waste. After trying this, Apache still installed and the service was running.
On a separate try, I Comment out the line, and ensured the variable SILENT_RUN_WITH_MONITOR=no is set from the installation config file. This will properly follow the logic in the script to disable the web monitoring feature. After trying this, the apache service is not running, but apache still installed.
Any ideas on how to prevent it from installing?
Please note that even if you achieve this it will most likely leave you in an unsupportable state.
I'd strongly suggest you discuss this with McAfee support first.
Did you contact McAfee support for an answer to your question? We have a requirement from our security team to provide AV for Linux but then the same team yells and screams when we install VSE for Linux because of the vulnerabilities in apache. I'd rather not install it than have to come up with firewall rules, disable services or write some kind of exemption.
Although I would strongly suggest confirming with McAfee support as suggested by rackroyd, I have seen no issues in environments where Apache is installed but failed to initialise (on a recent project, a number of servers were cloned and given different IPs - when starting, it was noted that the Apache service didnt start and after troubleshooting it was found that the httpd.conf file was causing Apache to try to bind to the old IP address and port, and was failing as the IP no longer existed). To replicate this, you could change the relevant httpd.conf values (I forget what they are - set up a CentOS VM or something and have a play) to 18.104.22.168 or something. Alternatively see what happens if you try to manually uninstall Apache, as as far as I am aware the service is not required unless you want to use the GUI. Again, I would like to stress that this is based on observations, and the only definitive answer you will get is from support.
Unsure what vulnerabilities are being discussed - but a few have been brough to support already .... and a statement on certain items has been published in KB