Managing Kaspersky Endpoint Agent for Linux

This section provides information about Kaspersky Endpoint Agent for Linux. For information about Kaspersky Endpoint Agent for Windows, see a separate section.

Kaspersky Endpoint Agent for Linux is installed on individual devices running one of the supported Linux operating systems within the corporate IT infrastructure. The application continuously monitors processes running on those devices, active network connections, and files that are being modified.

Kaspersky Endpoint Agent for Linux enables the interaction of the protected device with other Kaspersky solutions for complex threat detection (such as targeted attacks).

When the integration of Kaspersky Endpoint Agent for Linux with Kaspersky Anti Targeted Attack Platform is configured, the application runs tasks, applies settings coming from Kaspersky Anti Targeted Attack Platform, and sends telemetry from the protected device to the KATA Central Node server. For more details about what Kaspersky Endpoint Agent for Linux can do when integrated with Kaspersky Anti Targeted Attack Platform, see the Operating principle of the application section.

You can remotely manage Kaspersky Endpoint Agent for Linux using the Kaspersky Security Center Web Console, the Kaspersky Security Center Administration Console, or the command line.

Installing and removing Kaspersky Endpoint Agent for Linux

This section provides information about installing Kaspersky Endpoint Agent for Linux on a device, updating the previous version of the application, restoring and removing the application from the device.

Preparing to install Kaspersky Endpoint Agent for Linux

Before installing Kaspersky Endpoint Agent for Linux on a device or upgrading an older version of the application, you must verify that the device satisfies the hardware and software requirements.

Installing Kaspersky Endpoint Agent for Linux using Kaspersky Security Center Administration Console

This section describes the remote installation of Kaspersky Endpoint Agent on a local device using Kaspersky Security Center Administration Console.

Installing the Kaspersky Endpoint Agent for Linux administration plug-in

You can manage Kaspersky Endpoint Agent in the Kaspersky Security Console by using the administration plug-in. Therefore, to gain access to the application management interface, the administration plug-in must be installed on the administrator's workstation.

To install the Kaspersky Endpoint Agent administration plug-in,

copy the klcfginst.msi file from the distribution kit to the device where Kaspersky Security Center Administration Console is installed and run the file.

The Setup Wizard starts.

Page top

Adding devices for installing Kaspersky Endpoint Agent for Linux

To install the application remotely using Kaspersky Security Center, you must add the devices on which you are installing the application to the managed devices group.

To add devices for installing the application:

1. Install the Kaspersky Security Center Network Agent on the device.

   The procedure for preparing a Linux-running device for remote installation of Network Agent is described in the Kaspersky Security Center Help.

2. In the command line, run the following command: /opt/kaspersky/klnagent/bin/klmover --address <IP address of the Kaspersky Security Center server>.

   The device becomes available for management using Kaspersky Security Center.

   If Network Agent was previously installed on the device, the first two steps of these instructions are not necessary.

3. Open the Kaspersky Security Center Administration Console.
4. In the console tree, select the Managed devices folder.

   If Kaspersky Endpoint Security for Linux is installed on a device, the device is added to the group in which the Kaspersky Endpoint Security for Linux policy is active. You do not need to move the device.

5. In the workspace of the folder, select the Devices tab.
6. Click Move devices to group.

   This opens the move devices wizard.

7. Click Select devices discovered on the network by the Administration Server.
8. In the next window of the wizard, in the list of devices, select the check box next to the device where you need to install the application.
9. Click Next.

   The device is moved to the managed devices group.

10. Click Finish to complete the wizard.

The device becomes available for remote installation of the application.

Creating an installation package for Kaspersky Endpoint Agent for Linux

To remotely install the application using Kaspersky Security Center, you must create an installation package for Kaspersky Endpoint Agent from the Kaspersky repository or from a file.

Before creating the Kaspersky Endpoint Agent installation package, make sure that the administration plug-in is installed on the administrator workstation.

To create an installation package for the application from the Kaspersky application repository:

1. Open the Kaspersky Security Center Administration Console.
2. In the console tree, in the Administration Server → Advanced → Remote installation folder, select the Installation packages subfolder.
3. Click Create an installation package to start the installation package creation wizard.
4. In the Select installation package type window of the wizard, click Create an installation package for a Kaspersky application.

   When creating an installation package for an application, you will be prompted to read the End User License Agreement for that application and the Privacy Policy of that application. Carefully read the End User License Agreement between you and Kaspersky Lab, as well as the Privacy Policy. If you agree with all the terms of the License Agreement and the Privacy Policy, select the following check boxes in the I confirm that I have fully read, understand, and accept section:

   • The terms and conditions of this End User License Agreement
   • Privacy Policy describing the handling of data
5. In the next window of the wizard, enter the name for the new installation package.
6. In the next window of the wizard, select the Kaspersky Endpoint Agent installation file with the "kud" extension.
7. In the next window of the wizard, select Kaspersky Endpoint Agent components that you need to install, the installation directory and the installation mode of the application.

After the wizard finishes, the created installation package appears in the workspace of the Installation packages folder in the console tree.

To create an installation package for the application from a file:

1. Open the Kaspersky Security Center Administration Console.
2. In the console tree, in the Administration Server → Advanced → Remote installation folder, select the Installation packages subfolder.
3. Click Create an installation package to start the installation package creation wizard.
4. In the Select installation package type window of the wizard, click Create an installation package for the specified executable file.

   When creating an installation package for an application, you will be prompted to read the End User License Agreement for that application and the Privacy Policy of that application. Carefully read the End User License Agreement between you and Kaspersky Lab, as well as the Privacy Policy. If you agree with all the terms of the License Agreement and the Privacy Policy, select the following check boxes in the I confirm that I have fully read, understand, and accept section:

   • The terms and conditions of this End User License Agreement
   • Privacy Policy describing the handling of data
5. In the next window of the wizard, enter a name for the installation package.
6. In the next window of the wizard, select the installation file of the application and complete the creation of the installation package by following the directions of the wizard.

After the wizard finishes, the created installation package appears in the workspace of the Installation packages folder in the console tree.

Page top

Remote installation of Kaspersky Endpoint Agent for Linux on selected devices

Kaspersky Security Center allows you to install applications on devices remotely using remote installation tasks.

To create and run the task to remotely install Kaspersky Endpoint Agent on selected devices:

1. Open the Kaspersky Security Center Administration Console.
2. In the console tree, in the Remote installation folder, select the Installation packages subfolder.
3. In the workspace of the folder, select the installation package of Kaspersky Endpoint Agent.
4. In the context menu of the installation package, select Install program.
5. The Remote Installation Wizard starts.
6. In the Select devices for installation window, you can create a list of devices to install the application on.
7. In the Configure the remote installation task, configure the remote installation of the application.
8. In the Select operating system reboot option window, select whether the devices will be restarted if a system restart is required during installation.
9. In the Select accounts for access to devices window, you can add accounts that will be used to start the remote installation task.
10. In the Start installation window, click Next to create and start the remote installation task on selected devices.

    If in the Start installation window, the Do not start the task after the remote installation wizard finishes check box is selected, the remote installation task is not started. You can start this task manually later. The name of the task corresponds to the name of the installation package for installing the application: Install <name of the installation package>.

Installing Kaspersky Endpoint Agent for Linux using Kaspersky Security Center Web Console

This section describes the remote installation of Kaspersky Endpoint Agent for Linux on a local device using Kaspersky Security Center Web Console.

Installing the Kaspersky Endpoint Agent web administration plug-in

You can manage Kaspersky Endpoint Agent for Linux using Kaspersky Security Center Web Console with the web administration plug-in. Therefore to gain access to application management, you must install the web administration plug-in on the administrator workstation (see information on installing and updating the web administration plug-in in the Kaspersky Endpoint Agent for Windows Help).

Before installing, familiarize yourself with the information about compatible versions of the web administration plug-in.

Adding devices for installing Kaspersky Endpoint Agent for Linux

To install the application remotely using Kaspersky Security Center, you must add the devices that you are installing the application on to the managed devices group.

To add devices for installing the application:

1. Install the Kaspersky Security Center Network Agent on the device.

   The procedure for preparing a Linux-running device for remote installation of Network Agent is described in the Kaspersky Security Center Help.

2. In the command line, run the following command: /opt/kaspersky/klnagent/bin/klmover --address <IP address of the Kaspersky Security Center server>.

   The device becomes available for management using Kaspersky Security Center.

   If Network Agent was previously installed on the device, the first two steps of these instructions are not necessary.

3. Log in to the Kaspersky Security Center Web Console.
4. In the main window of the web console, select Device discovery -> Unassigned devices.

   If Kaspersky Endpoint Security for Linux is installed on a device, the device is added to the group in which the Kaspersky Endpoint Security for Linux policy is active. You do not need to move the device.

5. In the list of devices, select the check box next to the device where you want to install the application.
6. Click Move to group.
7. This opens a menu on the right side; in the menu, select the check box next to the Managed devices group.
8. Click Move.

The device becomes available for remote installation of the application.

Page top

Creating an installation package for Kaspersky Endpoint Agent for Linux

To remotely install the application using Kaspersky Security Center Web Console, you must create an installation package for Kaspersky Endpoint Agent for Linux from the Kaspersky application repository or from a file.

To create an installation package for the application:

1. Log in to the Kaspersky Security Center Web Console.
2. On the Discovery & Deployment tab, select Deployment & Assignment → Installation packages.
3. Click Add.

   This starts the New Package Wizard. To continue with the wizard, click Next.

4. At the first step of the wizard, you can select how you want to create the installation package: from the Kaspersky application repository or from a file.
   • If you select Create an installation package for a Kaspersky application, a list of installation packages available on Kaspersky web servers is displayed. To make finding the necessary installation package easier, click Filter, and in the menu that opens in the Property window, select Operating system and the Linux option.
   • If you select Create an installation package from a file, you are prompted to enter the path to a local folder containing the archive with the installation package of the application.
5. Select the necessary Kaspersky Endpoint Agent for Linux installation package.

   This opens a window containing information about the installation package.

6. Read the information and click Download and create installation package.

   The installation package begins downloading to the Administration Server.

7. While the download is in progress, the Accept button is displayed. Do the following:
   1. Click Accept to read the text of the License Agreement and the Privacy Policy.
   2. If you agree with all the terms of the License Agreement and the Privacy Policy, select the following check boxes in the I confirm that I have fully read, understand, and accept section:
      • the terms and conditions of this End User License Agreement
      • Privacy Policy describing the handling of data
   3. Click Accept.

      The download of the installation package resumes after both check boxes are selected. If you click Decline, the download is canceled.

8. After the download is complete, click Close to close the installation package information window.

The downloaded installation package is located in the Packages subfolder within the shared folder of the Administration Server. The downloaded installation package is displayed in the list of installation packages.

Page top

Remote installation of Kaspersky Endpoint Agent for Linux on selected devices

Kaspersky Security Center Web Console allows you to install applications on devices remotely, using remote installation tasks.

To create and run the task to remotely install Kaspersky Endpoint Agent for Linux on selected devices:

1. Log in to the Kaspersky Security Center Web Console.
2. On the Devices tab, select Tasks.
3. Click Add.

   The New Task Wizard starts. Follow the instructions of the wizard.

4. At the first step of the wizard:
   1. In the Application window, select Kaspersky Security Center 12.
   2. In the Task type window, select Install application remotely as the task type.
   3. If necessary, enter a name for the task in the Task name window.
   4. In the Select devices to which the task will be assigned section, select Device group.
5. Click Next.

   This opens the next screen of the New Task Wizard.

6. Select the check box next to the Managed devices group or check boxes next to individual devices in that group.
7. Click Next.

   This opens the next screen of the New Task Wizard.

8. In the Selecting installation package window, select the Kaspersky Endpoint Agent for Linux that you created earlier.

   Do not modify any other options at this step or the subsequent steps.

9. Click Next.

   This opens the final step of the New Task Wizard.

10. At the final step of the Wizard, click Finish.
11. Select the check box next to the created task in the task list.
12. Click Start.
13. Wait until the installation of Kaspersky Endpoint Agent for Linux on selected devices is complete.

    The status of the task changes to Completed.

Local installation of Kaspersky Endpoint Agent for Linux

This section contains information about installing Kaspersky Endpoint Agent on a local device from DEB or RPM installation packages.

To install the application or update an older version of the application:

1. Copy the DEB or RPM installation package of the program from the distribution kit to the user device.
2. Open the console and run the command to install the application from the relevant package:
   • To install the application from a deb installation package: sudo apt install package_name.deb
   • To install the application from an rpm installation package: sudo rpm -i package_name.rpm

The application is installed on the local device.

To use the application, you must accept the terms and conditions of the End User License Agreement and the Privacy Policy.

To view the End User License Agreement and the Privacy Policy and accept the terms and conditions:

1. Open the console and run the /opt/kaspersky/epagent/sbin/lenactl --eula-pp accept command.
2. Carefully read the End User License Agreement between you and Kaspersky Lab.
3. Click I confirm that I have fully read, understand, and accept the terms and conditions of this End User License Agreement.
4. Carefully read the terms and conditions of the Privacy Policy.
5. Click I understand and agree that my information will be processed and transmitted (including to third countries) in accordance with the Privacy Policy. I confirm that I have fully read and understand the Privacy Policy.

The application is ready for use.

Page top

Updating and restoring Kaspersky Endpoint Agent for Linux

The application can be updated and restored using Kaspersky Security Center or locally.

To upgrade Kaspersky Endpoint Agent for Linux using Kaspersky Security Center, you must create an installation package for the new version and follow the installation procedure. To restore the application, you can use the installation package created for the current version of the application.

Page top

Removing Kaspersky Endpoint Agent for Linux

The application can be removed using Kaspersky Security Center or locally.

To remove the application remotely from selected devices using Kaspersky Security Center:

1. Log in to the Kaspersky Security Center Web Console.
2. On the Devices tab, select Tasks.
3. Click Add.

   Follow the instructions of the New Task Wizard.

4. At the first step of the wizard:
   1. In the Application window, select Kaspersky Security Center 12.
   2. In the Task type window, select Uninstall application remotely as the task type.
   3. If necessary, enter a name for the task in the Task name window.
   4. In the Select devices to which the task will be assigned section, select Device group.
5. Click Next.

   This opens the next screen of the New Task Wizard.

6. Select the check box next to the Managed devices group or check boxes next to individual devices in that group.
7. Click Next.

   This opens the next screen of the New Task Wizard.

8. In the Application to uninstall window, select the installed version of Kaspersky Endpoint Agent for Linux.

   Do not modify any other options at this step or the subsequent steps.

9. At the last step of the Wizard, click Finish.
10. Select the check box next to the created task in the task list and click Start.
11. Wait until the removal of Kaspersky Endpoint Agent for Linux from the selected devices is complete.

    The task status changes to Completed.

Upon completion of the task, the selected application is removed from the selected devices.

Managing Kaspersky Endpoint Agent for Linux policies using Kaspersky Security Center Administration Console

Kaspersky Security Center is designed for centralized running of basic administration and maintenance tasks for an organization's network security system. The application provides the administrator with access to detailed information about the organization's network security level; it lets you configure all the components of protection based on Kaspersky Lab applications.

You can use Kaspersky Security Center to remotely install and remove Kaspersky Endpoint Agent and configure the operation of the application.

For detailed information about Kaspersky Security Center, please refer to the Kaspersky Security Center Help.

The user interface for working with Kaspersky Security Center is provided by the Kaspersky Security Center Administration Console.

You can manage Kaspersky Endpoint Agent using Kaspersky Security Center Web Console with the Kaspersky Endpoint Agent administration plug-in.

The following information in this section describes how to manage Kaspersky Endpoint Agent using the Kaspersky Security Center Administration Console.

Managing policies of Kaspersky Endpoint Agent for Linux

This section provides instructions for creating a policy for Kaspersky Endpoint Agent for Linux and enabling options in the policy using Kaspersky Security Center Administration Console.

Instructions in this section apply only to Kaspersky Endpoint Agent for Linux.

Creating a policy for Kaspersky Endpoint Agent for Linux

To create a policy for Kaspersky Endpoint Agent in Kaspersky Security Center:

1. Open the Kaspersky Security Center Administration Console.
2. In the console tree, open the Policies folder.
3. Click Create policy.

   The New Policy Wizard starts.

4. In the Enter group policy name, window, enter the name that will be used to display the new policy in the list of policies.
5. In the Select policy type, select a Kaspersky Endpoint Agent deployment mode by selecting the Endpoint Detection and Response Expert (KATA EDR) check box.
6. Click Next.
7. Do one of the following in all settings windows that are displayed in sequence:
   • To configure application settings from the displayed sections when creating the policy:
     1. Click Configure next to the name of the section.
     2. This opens a window; in that window, modify the relevant settings and click OK.
     3. Click Next.
   • To edit application settings in the displayed sections later, click Next.

   Application configuration involves the following steps:

   • Configuring general proxy server settings.
   • Configuring the integration of Kaspersky Endpoint Agent with KATA Central Node.
8. In the Target group window, select the Kaspersky Security Center administration group that the new policy must affect:
   1. Click Browse.

      This opens the administration group selection window.

   2. Select an administration group from the list.

      For example, you can select the Managed devices group.

   3. If you want to create a device subgroup in the Managed devices group:
      1. Click New group.
      2. This opens a window; in that window, enter the name of the device subgroup.
      3. Click OK.
   4. Click Next.
9. In the Create group policy for the program select one of the following policy states:
   • Active policy to activate the policy immediately after creation.
   • Inactive policy to activate the policy later.
10. Select the Open policy properties immediately after creation if you need to perform additional configuration of the policy right after it is created.
11. Click Finish.

The policy that you created appears in the list of politics.

Page top

Enabling options in the policy of Kaspersky Endpoint Agent for Linux

When configuring default settings of a Kaspersky Endpoint Agent policy, setting values are saved but not applied until you enable them.

You can enable settings by enabling groups in which the settings reside. In one policy you can enable some groups of settings or all groups of settings.

To enable a group of settings in the Kaspersky Endpoint Agent policy:

1. Open the Kaspersky Security Center Administration Console.
2. In the console tree, open the Policies folder.
3. Select a policy for Kaspersky Endpoint Agent and open its settings window in one of the following ways:
   • Double-click on the name of the policy.
   • In the context menu of the policy, select Properties.
4. In the opened window, select the Application settings tab.
   1. Select the Other settings subsection.
   2. Select one of the following options for using a proxy server:
      • Do not use proxy server.
      • Use proxy server with specified settings.

      If you selected Use proxy server with specified settings, in the Server name or IP address and Port, enter the address and port of the proxy server to which you want to connect. Port 8080 is used by default.

      Kaspersky Endpoint Agent does not encrypt the connection with the proxy server. You must take steps to make sure the network connection between your proxy server and Kaspersky Endpoint Agent is secure.

      If you want to use NTLM authentication when connecting to the proxy server:

      1. Select the Use NTLM authentication by user name and password.
      2. In the User name field, enter the name of the user whose account will be used for authorization at the proxy server.
      3. In the Password field, enter the password to obtain connection to the proxy server.

      To reveal password characters, click Show to the right of the Password field.

      If you do not want to use the proxy server for addresses internal to the organization, select the Bypass proxy server for local addresses check box.

   3. Click Apply.
5. Select the KATA integration section.
   1. Go to the General Settings subsection.
   2. In the Data transmission settings group, set the Under policy toggle switch to active.
   3. In the Event transmission period (sec.) field, type 30.
   4. In the Event limit per one package, type 1024.
   5. In the Throttling settings group, set the Under policy toggle switch to active.
   6. Select the Enable throttling check box.
   7. Enter the maximum number of events per hour and the percentage value for events exceeding the limit.
   8. Go to the KATA integration settings subsection.
   9. In the Connection settings group, move the Enforce toggle switch to active.
   10. Select the Enable KATA integration check box.
   11. Enter the address and port of the KATA server in the Address and Port fields.
   12. Select the Use pinned certificate to secure connection check box.
   13. Click Add new TLS certificate.
   14. In the opened window, click Upload and select the server certificate file to set up a secure connection or enter certificate data in the field.
   15. Click Add.
   16. Click Add client certificate.
   17. In the opened window, select the Secure with client certificate check box.
   18. Click Upload and select a client certificate file to set up a secure connection.
   19. In the Cryptographic container password field, enter the password of the client certificate to set up a secure connection.
   20. Select the Apply TTL period for events transmission.
   21. In the TTL period (min.) field, enter the interval for sending synchronization requests.
   22. Click Apply.
6. Click OK.

Policy settings required by Kaspersky Endpoint Agent are enabled.

Managing database and module update tasks for Kaspersky Endpoint Agent

You can create and configure application database and module update tasks using Kaspersky Security Center Administration Console (for information about creating and configuring application database and module update tasks, see the Kaspersky Endpoint Agent for Windows Help).

You can also configure application database and module updates using the command line.

Managing Kaspersky Endpoint Agent for Linux using Kaspersky Security Center Web Console

Kaspersky Security Center is designed for centralized running of basic administration and maintenance tasks for an organization's network security system. The application provides the administrator with access to detailed information about the organization's network security level; it lets you configure all the components of protection based on Kaspersky Lab applications.

You can use Kaspersky Security Center to remotely install and remove Kaspersky Endpoint Agent for Linux and configure the operation of the application.

For detailed information about Kaspersky Security Center, please refer to the Kaspersky Security Center Help.

The user interface for working with Kaspersky Security Center is provided by the Kaspersky Security Center Web Console component.

You can manage Kaspersky Endpoint Agent for Linux using Kaspersky Security Center Web Console with the Kaspersky Endpoint Agent web administration plug-in.

The following information in this section describes how to manage Kaspersky Endpoint Agent for Linux using Kaspersky Security Center Web Console.

Managing policies of Kaspersky Endpoint Agent for Linux

This section provides instructions for creating a policy for Kaspersky Endpoint Agent for Linux and enabling options in the policy using Kaspersky Security Center Web Console.

Instructions in this section apply only to Kaspersky Endpoint Agent for Linux.

Creating a policy for Kaspersky Endpoint Agent for Linux

To create a policy for Kaspersky Endpoint Agent for Linux using Kaspersky Security Center Web Console:

1. Log in to the Kaspersky Security Center Web Console.
2. On the Devices tab, select Policies & Profiles.
3. Click Add.

   Follow the instructions of the New Policy Wizard.

4. At the first step of the wizard, select Kaspersky Endpoint Agent.
5. Click Next.
6. Make sure the Kaspersky Endpoint Detection and Response Expert (KATA EDR) check box is selected.
7. Click Next.
8. At the last step of the Wizard, specify the new policy name, change the state of the policy (by default, the policy is Active), and configure the inheritance of settings.
9. Click Save.

The policy that you created appears in the list of politics.

Page top

Enabling options in the policy of Kaspersky Endpoint Agent for Linux

To enable settings in a policy for Kaspersky Endpoint Agent for Linux using Kaspersky Security Center Web Console:

1. Log in to the Kaspersky Security Center Web Console.
2. On the Devices tab, select Policies & Profiles.
3. Click a previously created Kaspersky Endpoint Agent policy.

   This opens the policy settings window.

4. Select the Application settings section.
   1. Select the Other settings subsection.
   2. Select one of the following options for using a proxy server:
      • Do not use proxy server.
      • Use proxy server with specified settings.

      If you selected Use proxy server with specified settings, in the Server name or IP address and Port, enter the address and port of the proxy server to which you want to connect. Port 8080 is used by default.

      Kaspersky Endpoint Agent for Linux does not encrypt the connection with the proxy server. You must take steps to make sure the network connection between your proxy server and Kaspersky Endpoint Agent for Linux is secure.

      If you want to use NTLM authentication when connecting to the proxy server:

      1. Select the Use NTLM authentication by user name and password.
      2. In the User name field, enter the name of the user whose account will be used for authorization at the proxy server.
      3. In the Password field, enter the password to obtain connection to the proxy server.

      To reveal password characters, click Show to the right of the Password field.

      If you do not want to use the proxy server for addresses internal to the organization, select the Bypass proxy server for local addresses check box.

      If you are configuring policy settings, in the upper right corner of the group of settings, move the toggle switch from Undefined to Enforce.

   3. Click OK.
5. In the KATA integration section:
   1. Go to the General Settings subsection.
   2. In the Data transmission settings group, move the Enforce toggle switch to active.
   3. In the Event transmission period (sec.) field, type 30.
   4. In the Event limit per one package, type 1024.
   5. In the Throttling settings group, select the Enable throttling check box.
   6. Enter the maximum number of events per hour and the percentage value for events exceeding the limit.
   7. Click OK.
   8. Go to the KATA integration settings subsection.
   9. In the Connection settings group, move the Enforce toggle switch to active.
   10. Select the Enable KATA integration check box.
   11. Enter the address and port of the KATA server in the Server and Port fields.
   12. Select the Use pinned certificate to secure connection check box.
   13. Click Add new TLS certificate.
   14. In the opened tab, click Upload and select the server certificate file to set up a secure connection or enter certificate data in the TLS certificate data field.
   15. Click OK.
   16. In the Additional security of the connection group, select the Secure with client certificate check box.
   17. Click Upload cryptographic container and select a client certificate file to set up a secure connection.
   18. In the Cryptographic container password field, enter the password of the client certificate to set up a secure connection.
   19. In the Advanced group:
       1. In the Send sync request to KATA server every (min.) field, enter the synchronization interval in minutes.
       2. Select the Apply TTL period for events transmission.
       3. In the TTL period (min.) field, enter the interval for sending synchronization requests.
   20. Click OK.
6. Click Save.

Policy settings required by Kaspersky Endpoint Agent for Linux are enabled.

Managing database and module update tasks for Kaspersky Endpoint Agent

You can also create and configure application database and module update tasks using Kaspersky Security Center Web Console (for information about creating and configuring application database and module update tasks, see the Kaspersky Endpoint Agent for Windows Help).

You can also configure application database and module updates using the command line.

Managing Kaspersky Endpoint Agent for Linux using the command line

You can use the command line interface to run individual commands of Kaspersky Endpoint Agent for Linux.

The command line interface functionality is provided by the lenactl utility. This utility is included in the application distribution kit and is installed on each workstation in the /opt/kaspersky/epagent/sbin/ directory.

To run application commands on the command line:

1. Run the command line terminal on the device.
2. Enter the following command: export PATH="$PATH:/opt/kaspersky/epagent/sbin/".
3. Press Enter.

   Now you can evoke the lenactl utility without specifying the path to the file.

4. Enter the command in the following format: lenactl --param1 value
5. Press Enter.

The command is executed.

The complete list of options and corresponding values is provided below.

Main commands of the application

--product

This option is used to run or stop the application and to display its current state.

Allowed values:

• --product start runs the unloaded application; this command runs the stopped service of the application
• --product stop stops the running application; this command stops the running service of the application
• --product state writes the current state of the application ("running" or "stopped") to the console

--update

This option lets you perform a single update of the application databases and modules.

Allowed values and additional options:

• --update updates program databases from Kaspersky servers
• --update <update_source> updates application databases from the specified source
• --update --app updates databases and modules of the application from Kaspersky servers
• --update <update_source> --app updates databases and modules of the application from the specified source

--local-update-task

This option updates application databases and modules on a schedule using a local task.

The local update task is created automatically when the application is run for the first time. By default, the task is in an inactive state. When an update task is created using Kaspersky Security Center, the local task is automatically and permanently deleted.

Allowed values and additional options:

• --local-update-task enable-schedule to enable hourly updates of application databases from Kaspersky servers.
• --local-update-task --app enable-schedule to enable hourly updates of application databases and modules from Kaspersky servers.
• --local-update-task disable-schedule to disable hourly updates of application databases from Kaspersky servers.
• --local-update-task --app disable-schedule to disable hourly updates of application databases and modules from Kaspersky servers.
• --local-update-task <update_source> to update application databases from the specified source.

--proxy

This option lets you use a proxy server.

Kaspersky Endpoint Agent for Linux does not encrypt the connection with the proxy server. You must take steps to make sure the network connection between your proxy server and Kaspersky Endpoint Agent for Linux is secure.

Allowed values and additional options:

• --server — address of the proxy server
• --port — port of the proxy server
• --user — name of the proxy server user (optional)
• --password — password of the proxy server (if user name is specified)
• --use-for-local — use the proxy server for local addresses

--traces

This option is used to manage trace files of the application.

All files in the trace file directory are considered to be trace files.

Allowed values and additional options:

• --traces --on turns on the trace file collection mode
• --traces --off turns off the trace file collection mode
• --traces --clear deletes all trace files in a directory
• --traces --copyto <path to a directory> copies trace files to the specified directory

The systemd-journald system logging service can be active independently of the application and can maintain its own operation logs. This may slow down the interaction of the application with trace files and reduce available disk space.

To turn off audit logs of the systemd-journald system service:

1. systemctl mask systemd-journald-audit.socket
2. systemctl restart systemd-journald

--help

This option displays a command line option reference text.

Commands for configuring the interaction of the program with the EDR server

--servers

This option lets you specify the address and port of the EDR server.

The arguments can be represented by a semicolon-separated list of server:port pairs. Multiple server:port pairs can be passed to the input, however the application ignores all pairs except the first in the list.

Default value: none.

--timeout

This option lets you specify the timeout of the connection to the EDR server in milliseconds.

The argument can be represented by a number.

Default value: 100,000.

--sync-period

This option lets you specify the synchronization period with the EDR server in seconds.

The argument can be represented by a number; the allowed range is 5-3,600.

Default value: 300.

--send-packet-period

This option lets you specify the frequency with which telemetry packets are sent.

Argument: number; allowed range: 5-999.

Default value: 30

--max-events-per-packet

This option lets you specify the maximum number of events in a telemetry packet.

Argument: number; allowed range: 5-10,000

Default value: 1,024.

--compression

This option lets you apply compression.

Arguments: <yes|no>.

Default value: no.

--tls

This option lets you apply TLS encryption.

Arguments: <yes|no>.

Default value: no.

--pinned-certificate

This option lets you specify the path to the public part of the server certificate.

Argument: <path to public part of server pinned certificate>.

Default value: none.

--client-certificate

This option lets you specify the path to the container with the client certificate.

Argument: <path to client certificate>.

Default value: none.

--client-password

This option lets you specify the password of the container with the client certificate.

Argument: <password>.

Default value: none.

Verifying the integrity of Kaspersky Endpoint Agent for Linux components

To avoid the replacement of application manifest and files, Kaspersky Endpoint Agent can verify their integrity. The integrity verification utility verifies the integrity of files and modules listed in special lists that are called manifest files. A manifest file of an application component contains files and modules whose integrity is critical for correct operation of the component. The integrity of manifest files themselves is also verified.

By default, the integrity verification utility is located in the /opt/kaspersky/epagent/sbin directory.

To run the integrity verification utility:

1. Run the command line terminal on the device.
2. Run the command: ./integrity_checker --signature-type kds-with-filename [other parameters] [<path to the manifest>].

As a result, the terminal will display verification statistics as well as a return code:

• 0 means the integrity of Kaspersky Endpoint Agent manifest and files is maintained
• 1 means this is not the case

Parameters and arguments are listed below.

<path to the manifest>

This argument is used to verify the integrity of the manifest located at the specified path. If this parameter is not specified, the utility uses the integrity_check.xml file in the utility directory as the manifest file.

--verbose

This parameter is used to display integrity verification results for each file and a verbose description of integrity errors, if any.

--trace <path to the file>

This parameter is used to specify a file for saving trace data at the DEBUG level.

If this parameter is not specified, trace data is not saved.

--crl <path to the list of revoked certificates>

This parameter is used to verify the signature of the manifest using a list of revoked certificates located at the specified path.

Page top