McAfee Policy Auditor 6.2.
COPYRIGHT Copyright © 2013 McAfee, Inc. Do not copy without permission.
Contents Introducing McAfee Policy Auditor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Product components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Audience. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Conventions. . . . . .
Introducing McAfee Policy Auditor ® McAfee Policy Auditor automates the process required to conduct system compliance audits. It measures compliance by comparing the actual configuration of a system to the desired state of a system. This guide provides system requirements for McAfee Policy Auditor software, and information about installing it as a managed product, as well as modifying, repairing, removing, and reinstalling the software.
Introducing McAfee Policy Auditor Audience Audience McAfee documentation is carefully researched and written for the target audience. The information in this guide is intended primarily for: • Administrators — People who implement and enforce the company's security program. • Users — People who are responsible for configuring the product options on their system, or for updating the product on their systems. Conventions This guide uses the following typographical conventions.
Introducing McAfee Policy Auditor Finding product documentation To access... Do this... • 6 Click Browse the KnowledgeBase for articles listed by product and version. McAfee Policy Auditor 6.2.
Pre-Installation Tasks Before installing McAfee Policy Auditor, you need to make sure your system is ready and meets the minimum software and hardware requirements. This section presents information to help plan and prepare your system before installing the software. Contents Preparation for installing the software System requirements Database considerations and support Preparation for installing the software Complete these tasks before installing the McAfee Policy Auditor software.
Pre-Installation Tasks System requirements Supported ePolicy Orchestrator software versions One of these versions of ePolicy Orchestrator software must be installed and working before you install the software: • ePolicy Orchestrator software version 4.5 Patch 5 or greater • ePolicy Orchestrator software version 4.6 • ePolicy Orchestrator software version 5.0 Domain controller requirements The server must have a trust relationship with the Primary Domain Controller (PDC) on the network.
Pre-Installation Tasks System requirements Browser ePO 4.5 ePO 4.6 ePO5.0 Google Chrome 17 and later No No Yes Microsoft Internet Explorer 10.0 No No Yes Microsoft Internet Explorer 9.0 No No Yes Microsoft Internet Explorer 8.0 Yes Yes Yes Microsoft Internet Explorer 7.0 Yes Yes No Microsoft Internet Explorer 6.0 No No No Microsoft Internet Explorer 5.5 No No No Mozilla Firefox 10.0 No No Yes Mozilla Firefox 4.0 No No No Mozilla Firefox 3.6 Yes (with ePO 4.
Pre-Installation Tasks System requirements Port Default Description Traffic direction Agent wake-up communication port SuperAgent repository port 8081 TCP port opened by agents to receive agent wakeup requests from the ePolicy Orchestrator software server. TCP port opened to replicate repository content to a SuperAgent repository. Outbound connection from the ePolicy Orchestrator software server/Agent Handler.
Pre-Installation Tasks System requirements Virtual software ePO 4.5 ePO 4.6 ePO 5.0 VMware ESX Server 3.5 Yes Yes No VMware ESX Server 3.0.x No No No VMware Workstation 5.0 Yes Yes No Microsoft Virtual Server 2005 R2 with SP1 Yes Yes No Windows Server 2008 R2 Hyper-V TBD Yes No Windows Server 2012 Hyper-V No No Yes Windows Server 2008 Hyper-V Yes Yes Yes Citrix XenServer 6.0 No No Yes Citrix XenServer 5.5 No Yes No * ESX 4.
Pre-Installation Tasks System requirements McAfee Policy Auditor agent plug-in platforms and support The McAfee Policy Auditor agent plug-in supports a number of common enterprise platforms. Operating system 12 X86 support X64 support Other Notes processors AIX 5.3 TL8 SP5 Power5, Power6 AIX 6.1 TL2 SP0 Power5, Power6 Apple Mac OS X 10.4 X X PowerPC Universal binary Apple Mac OS X 10.5 X X PowerPC Universal binary Apple Mac OS X 10.6 X X PowerPC Universal binary Apple Mac OS X 10.
Pre-Installation Tasks System requirements Operating system X86 support X64 support Other Notes processors Windows XP Professional X X Native 32- and 64-bit agent Windows Server 2003 Standard Edition X X Native 32- and 64-bit agent Windows Server 2003 Enterprise Edition X X Native 32- and 64-bit agent Windows Server 2008 Standard Edition X X Windows Server 2008 Enterprise Edition X X Windows Server 2008 R2 X Windows Vista X X Native 32- and 64-bit agent Windows 7 X X Native 3
Pre-Installation Tasks Database considerations and support When determining how to implement agentless auditing, you need to consider your current ePolicy Orchestrator software installation, what version of McAfee Vulnerability Manager software you have installed, and your plans for upgrading your ePolicy Orchestrator software server. Database considerations and support McAfee Policy Auditor software, which requires a database, uses the ePolicy Orchestrator software server database by default.
Pre-Installation Tasks Database considerations and support Database ePO 4.5 ePO 4.6 ePO 5.0 Requirements Notes Licenses A license is required for each processor on the system where SQL Server is installed. If the minimum number of SQL Server licenses is not available, you might have difficulty installing or starting the ePolicy Orchestrator software server. SQL 2008 R2 Express No Yes Yes Provides an option for automatically installing .NET Framework 2.0 SP2 or 3.5 SP1.
Pre-Installation Tasks Database considerations and support Database ePO 4.5 ePO 4.6 ePO 5.0 Requirements Notes memory allotted for SQL Server. For example, if the system has 1 GB of RAM, set 660 MB as the fixed memory size for SQL Server. SQL Server 2005 64-bit is supported only if it is installed on a separate system from the ePolicy Orchestrator software server. Licenses SQL Server 2005 Express Patch 2 Yes Yes No • .NET Framework 2.0 • .NET Framework 2.
Pre-Installation Tasks Database considerations and support • How frequently benchmark audits are performed. • The number of systems audited. • How long you want to retain audit results. The tables used to calculate server and database requirements are based on tests of the software in the following distributed environment: • McAfee Policy Auditor server • Four-processor, Intel Xenon 2.
Pre-Installation Tasks Database considerations and support two years, double the database size obtained in step 3. If you intend to store the audit results for six months, divide the database size by two. Database storage example and requirements table The requirements table for database sizing can help you calculate the the approximate disk space needed for your McAfee Policy Auditor database. Requirements table for database sizing Use this table to estimate the required size of your database.
Pre-Installation Tasks Database considerations and support • One yearly audit runs on 150,000 systems. The table does not include this value, but it is equivalent to three yearly audits on 50,000 systems. • Two quarterly audits run on 10,000 systems. Calculate the approximate database size: 1 2 Look up the corresponding values in the table under Requirements table for database sizing, and note these results: Audit frequency... ...
Pre-Installation Tasks Database considerations and support Versions 2 3 4 5 6 Database requirement per 1,000 systems (GB) Monitored File Size (MB) 3 0.0983 0.196 0.294 0.393 0.492 4 0.138 0.276 0.415 0.553 0.691 Calculating versioning database storage requirements A corporation follows this policy for maintaining file versions: • Maintains file text for 5 versions of 2 MB files on 200,000 systems. • Maintains file text for 4 versions of 1 MB files on 20,000 systems.
Pre-Installation Tasks Database considerations and support Estimating database storage requirements You can estimate the average amount of hard disk space needed to store new McAfee audit results. 1 Determine the auditing requirements for your organization, including: • The number of audits you will be performing. • The frequency of each audit. For example, 20 audits once per quarter, 5 audits once per month, or one audit once per week. • The number of systems covered by each audit.
Installing McAfee Policy Auditor This version of McAfee Policy Auditor requires that you install one or more extensions in ePolicy Orchestrator software depending on the components you have purchased and the version of ePolicy Orchestrator software you are running.
Installing McAfee Policy Auditor Update McAfee Policy Auditor content Update McAfee Policy Auditor content After installing McAfee Policy Auditor on ePolicy Orchestrator software, you must update the content before using the software or rebooting the system. Task For option definitions, click ? in the interface. 1 To check in content, select Menu | Automation | Server Tasks. 2 Next to Update Master Repository, click Run.
Installing McAfee Policy Auditor Install the McAfee Vulnerability Manager extension • Options — Select whether to: • Move the existing package to the Previous branch — When selected, moves packages in the master repository from the Current branch to the Previous branch when a newer package of the same type is checked in. Available only when you select Current in Branch. • Package signing — Specifies if the package is signed by McAfee or is a third-party package.
Installing McAfee Policy Auditor Uninstall McAfee Policy Auditor • Benchmark Editor Content Distributor extension • Benchmark Editor extension • PA Core extension 2 Click Menu | Software | Master Repository. 3 In the Actions column of the Audit Engine Content row, click Delete to remove the benchmark and check content. 4 To uninstall any remaining McAfee Policy Auditor agent plug-in packages, click Menu | Software | Master Repository.
Index administrator rights 7 agent plug-in supported platforms 12 Windows system requirements 12 agentless audit support Vulnerability Manager 7.
Index supported operating systems 8 supported virtual software 10 system requirements 7 U T V tasks, pre-installation 7 Vulnerability Manager, install the ePO extension 24 McAfee Policy Auditor 6.2.
Index 28 McAfee Policy Auditor 6.2.
