Professional Documents
Culture Documents
KL 013.11.4 en Labs v1.0
KL 013.11.4 en Labs v1.0
KL 013.11.4 en Labs v1.0
KL 013.11.4
Kaspersky
Endpoint Security
for Linux
Lab guide
1
KL 013.11.4: Kaspersky Endpoint Security for Linux
Table of contents
Lab 1. How to install Kaspersky Security Center Linux ................................................................................ 2
Task A: Install and configure MariaDB DBMS.................................................................................. 2
Task B: Configure the firewall ports and change the SELinux mode ............................................... 4
Task C: Install Kaspersky Security Center Linux ............................................................................. 5
Task D: Install Kaspersky Security Center Web Console ................................................................ 7
Lab 2. How to configure Kaspersky Security Center Linux ........................................................................... 9
Task A: Proceed through the Quick Start Wizard to configure KSC Linux ...................................... 9
Task B: Poll the network to discover devices .................................................................................14
Lab 3. Install Kaspersky Endpoint Security on the managed devices ........................................................15
Task A: Install Kaspersky Network Agent on devices ....................................................................15
Task B: Install Kaspersky Endpoint Security on the devices .........................................................17
Lab 4. How to manage devices ...................................................................................................................19
Task A: Create administration groups and distribute devices into them ........................................19
Task B: Create security policies for administration groups ............................................................22
Lab 5. Configuring server protection ...........................................................................................................25
Task A: Configure and test File Threat Protection .........................................................................25
Task B: Enable and test Web Threat Protection ............................................................................29
Task C: Enable Anti-Cryptor and test it ..........................................................................................31
Lab 6. How to collect information about executable files ............................................................................34
Lab 7. Test protection against vulnerability exploitation .............................................................................36
Task A: Prepare the target server for the attack ............................................................................36
Task B: Attack the system ..............................................................................................................36
Task C: Enable Web Threat Protection and repeat the attack .......................................................39
Task D: Enable File Threat Protection and repeat the attack ........................................................42
Lab 8. How to manage protection using kesl-control ..................................................................................45
Task A: Enable remote task management .....................................................................................45
Task B: Modify task settings using the terminal .............................................................................46
Task C: Create a new task using the terminal................................................................................47
1
KL 013.11.4: Kaspersky Endpoint Security for Linux
Lab 1.
How to install Kaspersky Security Center Linux
Scenario. You need to protect a network that consists of Linux computers with Kaspersky Endpoint Security for
Business. One Kaspersky Security Center is enough for a small network. Install a MariaDB database and
Kaspersky Security Center Administration Server on a dedicated computer running CentOS 8.
2
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 1.
How to install Kaspersky Security Center Linux
3
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 1.
How to install Kaspersky Security Center Linux
Task B: Configure the firewall ports and change the SELinux mode
Open ports required for Kaspersky Security Center Linux operation on the KSC server and disable SELinux to
prevent conflicts.
In the terminal with an ssh session to ksc, carry out the following command to open the required ports in the
firewall:
firewall-cmd --permanent --zone=public --add-port=13000/tcp --add-port=13000/udp
--add-port=17000/tcp --add-port=8080/tcp
4
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 1.
How to install Kaspersky Security Center Linux
After the installation completes, run the KSC Linux post-installation script
/opt/kaspersky/ksc64/lib/bin/setup/postinstall.pl
5
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 1.
How to install Kaspersky Security Center Linux
6
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 1.
How to install Kaspersky Security Center Linux
In the terminal with an ssh session to the ksc server, copy the answer file for the web console installation to
the folder /etc
cp /distr/ksc-web-consle-setup.json /etc
Open the answer file for web console installation
nano /etc/ksc-web-console-setup.json
Read it
7
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 1.
How to install Kaspersky Security Center Linux
Conclusion
In this lab, we have configured the server and installed Kaspersky Security Center Linux on it.
We use MariaDB for the database in our labs, but you can use any other DBMS from the list of supported ones. If
you select another DBMS, consult the respective installation instructions. Different DBMS may require different
setup.
8
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 2.
How to configure Kaspersky Security Center Linux
Lab 2.
How to configure Kaspersky Security Center Linux
Scenario. You have installed Kaspersky Security Center. Configure the server and poll the network to facilitate
protection deployment on the devices.
Task A: Proceed through the Quick Start Wizard to configure KSC Linux
Proceed through the Quick start wizard to configure the KSC Linux Administration Server.
The ksc, dns, servera, serverb and workstation machines must be powered on.
9
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 2.
How to configure Kaspersky Security Center Linux
In the next step, select plug-ins for the applications you plan to manage. This list is also drawn up depending
on the devices and operating systems you've selected to protect. Select Kaspersky Endpoint Security
11.4.0 for Linux.
10
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 2.
How to configure Kaspersky Security Center Linux
Accept the Kaspersky Security Network statement for Kaspersky Security Center
11
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 2.
How to configure Kaspersky Security Center Linux
Click Next
Accept the Kaspersky Security Network statement for Kaspersky Endpoint Security Linux
12
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 2.
How to configure Kaspersky Security Center Linux
13
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 2.
How to configure Kaspersky Security Center Linux
Go to Discovery &
deployment | Unassigned
devices
Study the list of discovered
devices
Conclusion
You have completed initial setup and discovered devices on the network. In our lab environment, we could use IP
addresses to deploy protection and skip polling, but in a real network this would be inconvenient.
14
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 3.
Install Kaspersky Endpoint Security on the managed devices
Lab 3.
Install Kaspersky Endpoint Security on the managed
devices
Scenario. Use the discovery results to install the Network Agent on the networked endpoints. As soon as all
Agents connect to the Administration Server, install Kaspersky Endpoint Security for Linux using the Network
Agent.
The ksc, dns, servera, serverb and workstation machines must be powered on.
On the following page, select Do not add license key to installation package and click Next
15
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 3.
Install Kaspersky Endpoint Security on the managed devices
16
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 3.
Install Kaspersky Endpoint Security on the managed devices
On the installation
start page, select
the checkbox Run
the task after the
wizard finishes
and click Next
Go to Devices |
Tasks and wait for
the installation to
complete
On the following page, select Do not add license key to installation package and click Next
17
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 3.
Install Kaspersky Endpoint Security on the managed devices
18
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 4.
How to manage devices
Go to Devices | Tasks
and wait for the
installation to complete
Conclusion
You have installed Network Agent and then Kaspersky Endpoint Security on the networked devices. The devices
are protected now. Next, you should configure protection.
Lab 4.
How to manage devices
Scenario. You have installed Kaspersky Endpoint Security on the network computers. As different devices may
require different security settings, you need to organize them into administration groups and create a security policy
for each group.
The ksc, dns, servera, serverb and workstation machines must be powered on.
19
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 4.
How to manage devices
20
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 4.
How to manage devices
In the Devices | Moving rules section, select the checkbox next to the rule Move to A, click the three-dot
menu in the upper right corner and select Enforce enabled rule
21
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 4.
How to manage devices
Open Kaspersky
Security Center
Web Console
Go to Devices |
Policies &
Profiles
To create a new
security policy,
click the button
+ Add
Accept the
Kaspersky Security
Network Statement
and click Next
22
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 4.
How to manage devices
On the following
page, rename the
policy Group A
policy, set its status
to Inactive, disable
the option Inherit
settings from
parent policy and
click Save
Create another
policy in a similar
manner and name
it Group B policy
Select the
checkbox next to
Group A policy
and on the three-
dot menu in the
upper right corner,
click Move
23
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 4.
How to manage devices
Conclusion
You have set up automatic device grouping and created security policies for all groups.
24
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 5.
Configuring server protection
Lab 5.
Configuring server protection
Scenario. You have created security policies for managed devices. Configure the components that will efficiently
protect the system.
The ksc, dns, servera, serverb, kali and workstation machines must be powered on.
25
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 5.
Configuring server protection
26
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 5.
Configuring server protection
Check if the
downloaded file is
in the folder
ls /tmp
You can see that
the eicar.com.txt
file is not there
Threat detected, Object not disinfected and Object deleted events pertain to File Threat Protection response
to downloading the malicious file
27
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 5.
Configuring server protection
28
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 5.
Configuring server protection
29
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 5.
Configuring server protection
Kaspersky Endpoint Security has replaced the contents of the original eicar.com.txt file
Open Kaspersky Security Center Web Console
Open Monitoring & Reporting | Event Selections
Open the Recent events selection
You will find the Threat detected and Website blocked events there. The former informs about the
detected threat, and the latter, about blocked connection to the website from which the file was downloaded
30
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 5.
Configuring server protection
31
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 5.
Configuring server protection
The process will not be completed because Kaspersky Endpoint Security will block the host
Press Ctrl+C to stop encryption
32
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 5.
Configuring server protection
Also notice that Anti-Cryptor blocked the host from which encryption was attempted. The default blocking
time is 30 minutes.
Conclusion
You have set up protection against encryption, file and web threats and tested how each of these protection
components works.
33
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 6.
How to collect information about executable files
Lab 6.
How to collect information about executable files
Scenario. You have configured the main protection components. Now, increase network visibility. Kaspersky
Endpoint Security for Linux can collect information about executable files on the endpoint and send it to Kaspersky
Security Center. This will give the administrator a complete picture of the executable files on the network endpoints.
Contents. In this lab, we will inventory the system to get a list of available executable files.
Click Next
Expand the Managed devices group and select Group A
Click Next
34
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 6.
How to collect information about executable files
Select the checkbox Open task details when creation is complete and click Finish
After the configuration completes, the task details will open. Switch to the Application settings tab
Check the Inventory scan scope. It must be enabled and contain the path /usr/bin
Exit the task details to see the list of all created tasks
Find the Inventory scan task, select the respective checkbox and click Start to run the task
Go to Operations | Third-party applications | Executable files. You can see the list of all executable files
that have been found in the /usr/bin directory
Conclusion
35
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 7.
Test protection against vulnerability exploitation
Lab 7.
Test protection against vulnerability exploitation
Scenario. Act as an attacker to test how the protection components work. There is a computer with a known
vulnerability on the network. Get access to the computer, load a malicious file. Next, activate the protection
components one by one and observe at what stages the attack will be detected.
The ksc, dns, servera, serverb, kali and workstation machines must be powered on.
36
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 7.
Test protection against vulnerability exploitation
37
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 7.
Test protection against vulnerability exploitation
38
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 7.
Test protection against vulnerability exploitation
39
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 7.
Test protection against vulnerability exploitation
40
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 7.
Test protection against vulnerability exploitation
41
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 7.
Test protection against vulnerability exploitation
42
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 7.
Test protection against vulnerability exploitation
Run Metasploit
msfconsole
Find the exploit samba is known pipename
search pipename
43
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 7.
Test protection against vulnerability exploitation
Conclusion
You have carried out a vulnerability exploitation attack and studied the components that can repel or detect such an
attack at different stages.
44
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 8.
How to manage protection using kesl-control
Lab 8.
How to manage protection using kesl-control
Scenario. There are several Linux computers in a small isolated segment of ABC Inc. network. It is impractical to
install Kaspersky Security Center in this segment, and you manage security using scripts and the kesl-control
utility.
The ksc, dns, servera and workstation machines must be powered on.
45
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 8.
How to manage protection using kesl-control
46
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 8.
How to manage protection using kesl-control
By default, Kaspersky Security Center prohibits users from creating tasks using kesl-control. Let’s allow task
creation
47
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 8.
How to manage protection using kesl-control
Your task ID may differ. We’ll use it to manage the task in our commands; use the number that you have
received when creating the task
Display the list of tasks; you will see the created task on the list
kesl-control --get-task-list
Add the /bin area to the inventory settings. To do so, enter the following command:
kesl-control --set-settings 166 ScanScope.item_0001.UseScanArea=yes
ScanScope.item_0001.Path=/bin
Output the current settings of the Inventory task
kesl-control --get-settings 166
48
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 8.
How to manage protection using kesl-control
The task start schedule is set to manual mode. Add automatic start every Saturday
kesl-control --set-schedule 166 RuleType=weekly RunMissedStartRules=yes
StartTime=’13:00:00;Sat’ RandomInterval=60
View the inventory task schedule
kesl-control --get-schedule 166
Display the list of executable files detected by the Inventory task on the screen
kesl-control --get-app-list
Conclusion
You have reconfigured an existing task and created a new one from scratch remotely. You can use this
functionality to automate Kaspersky Endpoint Security for Linux tasks where Kaspersky Security Center cannot be
used.
v1.0
49