Running Message Based data Collection (MBC) using Enterprise Security Manager policies. The File Find module is not flagging executables that it should be for SetUID and SetGID checks.
CCS 9.x and higher using Message Based data Collection (MBC) with Security Update (SU) 47.
On Redhat Enterprise Linux (RHEL) agents the Setuid and setguid checks parse through results of the linux FILE command looking for the word "executable". This word flags the ESM module that the check has failed on this file. However in later versions of RHEL the executables are compiled with the libraries and the FILE command displays them as "shared object" types, not as executable. This was causing these checks to not report that these files were actually executable.
Symantec has released a Quick Fix (QF) package 11103 that can be pushed by the ESM console to the ESM managers. The fix will be pushed via liveupdate to Intel based 32 bit Linux agents during the next policy run. Agents must have SU 47 and liveupdate activated to receive this fix. Directions for how to stage and push the package are included in the QF.
NOTE: Message Based data Collection requires that the 32 bit version Linux agent, along with the 32 bit libraries, be loaded onto the RHEL machine.
Subscribing will provide email updates when this Article is updated. Login is required.