CentOS

Hi,

I've been asked by my manager to give a list of a potential impacts in system level when installing McAfee on a CentOS/RedHat machine ? In an other word what to check in a system after installing Macfee ?

It's first time I will install an antivirus on a linux server


Thanks in advance.

Mcafee has a linux version?

I was also surprised when I heard in my new job that the IT direction got Mcafee agent to install in their RedHat machines.

https://www.mcafee.com/uk/products/viru ... linux.aspx - seems so. In the past these have just looked for MS viruses hiding in Linux servers, what the current offering does I have no idea.

So, as far as "impacts" go, if it doesn't have a kernel module then I wouldn't expect much of an impact. If it does... well I'm not sure I'd run it.

Hi,

I'm about to install McAfee on a RHEL7 box and to measure the performances on the system level (CPU, RAM, Disk).

I want to compare performances between the pre-install and post-install mode.

What is the most significant column of the command iostat (or any other command) output I have to take into consideration ? I would be grateful if you give an example.


Thanks in advance.

Hi, I've worked with McAfee Virus Scammer for Enterprise Linux (VSEL) extensively and found it to be quite a resource hog when it comes to how scans are handled. On-Access scanning can seriously affect RHEL 7's performance to the point of maxing out the CPU load due to it constantly scanning any files that are opened, compressed, etc. It was an ongoing battle with the security team to have them set to On-Demand scanning and when they would push back I would just alter the config for VSEL's scanning and make it immutable.

Standard location of On Access Scanning type for VSEL:

/var/opt/NAI/LinuxShield/etc/nailsd.cfg

nailsd.cfg:146:nailsd.profile.OAS.allFiles: true

*set OAS to false and then set immutable flag on the config*

I do not recommend using any virus scanner on Linux as its not necessary if you are using good security practices DACs + MACs (SELinux is my favorite). In the years that I used VSEL on my systems due to security policies, it never once found a virus and I found myself constantly having to update the definitions (/opt/NAI/LinuxShield/bin/nails task –run 1) since they're almost always out of sync with the HBSS master.