Installing Mcafee on CentOS 8 - CloudCommandos/JohnChan GitHub Wiki

Installation

Download the free trial version of McAfee Endpoint Security for Linux Threat Prevention

This guide uses McAfee ENSLTP v10.6.7

Copy the following files into your target VM

McAfeeTP-10.6.7-118-Eval-standalone.tar.gz
MFErt.i686.rpm
MFEma.x86_64.rpm

Install rpms

rpm -i MFErt.i686.rpm
rpm -i MFEma.x86_64.rpm

Un-tar and run installation script

tar -zxvf McAfeeTP-10.6.7-118-Eval-standalone.tar.gz
./install-mfetp.sh

Check status of McAfee

/etc/init.d/cma status

Check McAfee threat prevention service

systemctl status mfetpd.service

If service has errors, check if the VM's kernel is supported.

ls /var/McAfee/ens/esp/aac/kernel
uname -r

See if the VM's kernel is included in the listed directories. If not included but same major version and different minor versions are supported, check if the files in the nearest two minor version directories are the same. E.g. Your VM kernel is 4.18.0-80.7.1.el8_0.x86_64 but not supported. 4.18.0-80.11.2.el8_0.x86_64 and 4.18.0-80.4.2.el8_0.x86_64 are the two nearest minor versions that are supported. Check inside both folders and compare their files.

cmp --silent "file1" "file2" && echo "files are same" || echo "files are different"

If they are the same, copy one of them and name the directory as your kernel version. Do the same for /var/McAfee/ens/esp/fileaccess/kernel. For example:

cd /var/McAfee/ens/esp/aac/kernel
cp -r 4.18.0-80.11.2.el8_0.x86_64 4.18.0-80.7.1.el8_0.x86_64

cd /var/McAfee/ens/esp/fileaccess/kernel
cp -r 4.18.0-80.11.2.el8_0.x86_64 4.18.0-80.7.1.el8_0.x86_64

systemctl restart mfetpd.service
systemctl status mfetpd.service

Features

On-demand file scan logging

/opt/McAfee/ens/tp/bin/mfetpcli --oasactivitylog enable
cat /var/McAfee/ens/log/tp/mfetpdactivity.log

Auto protect

/opt/isec/ens/threatprevention/bin/isecav --setapstatus enable

Check versions

/opt/McAfee/ens/tp/bin/mfetpcli --version

System scan

/opt/isec/ens/threatprevention/bin/isecav --listtasks
/opt/isec/ens/threatprevention/bin/isecav --runtask --index 1

Update signatures online

/opt/isec/ens/threatprevention/bin/isecav --listtasks
/opt/isec/ens/threatprevention/bin/isecav --runtask --index 3

Allowing non-sudo users to access log files. st_admin is your privileged user group.

cd /var/McAfee/ens/log
chgrp -Rv st_admin .
chmod -Rv g+s,g=rx .

cd /var/McAfee/agent/logs
chgrp -Rv st_admin .
chmod -Rv g+s,g=rx .

Useful Links:
Manual DAT Updates for Mcafee Endpoint Security for Linux