Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1599 Views 4 Replies Latest reply: Aug 8, 2013 5:41 AM by Aidan RSS
adriandiglio Newcomer 13 posts since
Feb 2, 2012
Currently Being Moderated

Oct 31, 2012 11:42 AM

Help with preventing install of Apache

SITUATION: Using ePO 4.5.5 (MR4) and pushing out VSE for Linux 1.7 to RHEL 5 nodes.  VSE for Linux 1.7 installs Apache version 1.3.42 (a very old version).

 

GOAL: I know VSE for Linux 1.7.1 installs Apache version 2.4.2 but it would be my preference to not install it at all to avoid any vulnerabilities (past, present, & future) in apache and just control the Virus Scan settings from ePO.

 

SIDE QUESTION: Is stopping the web service good enough? I know KB71824 has a good work around solution on how to stop the web service from running (and I know the KB article is for VSE for Linux 1.6).

 

MAIN QUESTION: How do I stop apache from installing when I install VSE for Linux 1.7? I have searched through the install script (McAfeeVSEForLinux-1.7.0-installer) and came up with two potential solutions, but it is not behaving as I thought it would.

 

RUN_WITH_MONITOR=yes should be set to =no. This line overwrites the variable from the config file, and forces it to “yes”.  I hope it  was a coding mistake because they have several lines of code checking if the value is set to yes or no.  Having it overwrite the setting makes all that code a waste. After trying this, Apache still installed and the service was running.

 

On a separate try, I Comment out the line, and ensured the variable SILENT_RUN_WITH_MONITOR=no is set from the installation config file. This will properly follow the logic in the script to disable the web monitoring feature. After trying this, the apache service is not running, but apache still installed.

 

Any ideas on how to prevent it from installing?

  • rackroyd McAfee Mentor 953 posts since
    Feb 3, 2010
    Currently Being Moderated
    1. Nov 2, 2012 6:01 AM (in response to adriandiglio)
    Re: Help with preventing install of Apache

    Please note that even if you achieve this it will most likely leave you in an unsupportable state.

    I'd strongly suggest you discuss this with McAfee support first.

     

    Rgds,

     

    Rob.

  • nniehoff Newcomer 1 posts since
    Nov 12, 2012
    Currently Being Moderated
    2. Nov 12, 2012 9:06 AM (in response to adriandiglio)
    Re: Help with preventing install of Apache

    Did you contact McAfee support for an answer to your question?  We have a requirement from our security team to provide AV for Linux but then the same team yells and screams when we install VSE for Linux because of the vulnerabilities in apache.  I'd rather not install it than have to come up with firewall rules, disable services or write some kind of exemption.

    Thanks,

    Nick

  • dmease729 Champion 267 posts since
    Jul 22, 2011
    Currently Being Moderated
    3. Aug 8, 2013 3:43 AM (in response to nniehoff)
    Re: Help with preventing install of Apache

    Although I would strongly suggest confirming with McAfee support as suggested by rackroyd, I have seen no issues in environments where Apache is installed but failed to initialise (on a recent project, a number of servers were cloned and given different IPs - when starting, it was noted that the Apache service didnt start and after troubleshooting it was found that the httpd.conf file was causing Apache to try to bind to the old IP address and port, and was failing as the IP no longer existed).  To replicate this, you could change the relevant httpd.conf values (I forget what they are - set up a CentOS VM or something and have a play) to 1.2.3.4 or something.  Alternatively see what happens if you try to manually uninstall Apache, as as far as I am aware the service is not required unless you want to use the GUI.  Again, I would like to stress that this is based on observations, and the only definitive answer you will get is from support.

  • Aidan McAfee SME 463 posts since
    Nov 4, 2009
    Currently Being Moderated
    4. Aug 8, 2013 5:41 AM (in response to dmease729)
    Re: Help with preventing install of Apache

    Unsure what vulnerabilities are being discussed - but a few have been brough to support already .... and a statement on certain items has been published in KB

     

    VirusScan for Enterprise Linux 1.7.1: Response to Apache 2.4.2 vulnerability (not vulnerable) (KB77865)

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points