Главная » Linux

Kaspersky security scan linux

На чтение 8 мин Просмотров 2 Опубликовано

Kaspersky security scan linux

This section describes how to manually install Kaspersky Scan Engine on Linux systems.

To install Kaspersky Scan Engine manually:

  1. Make sure that you have root (administrator) privileges.
  2. Create the /opt/kaspersky/ScanEngine directory. This directory is called %service_dir% in this Help document.
  3. Unpack the distribution kit contents to the %service_dir% directory on your system.
  4. Read the End User License Agreement (EULA) for Kaspersky Scan Engine. The EULA is located at %service_dir%/doc/license.tx t. If you agree to the terms of the EULA, proceed to the next step. If you decline the terms of the EULA, cancel the installation.
  5. Open file %service_dir%/etc/klScanEngineUI.xml .
  6. Accept the EULA. Change rejected to accepted in the klScanEngineUI.xml file.
  7. If you want to use Kaspersky Security Network (KSN), read the EULA for KSN and the Privacy Policy. This EULA is also located at %service_dir%/doc/ksn_license.txt and contains the link to the Privacy Policy. If you agree to the terms of the EULA for KSN and the Privacy Policy, proceed to the next step. If you decline the terms of the EULA for KSN or the Privacy Policy, proceed to step 9.
  8. Accept the EULA for KSN. Change rejected to accepted in klScanEngineUI.xml .
  9. Save and close %service_dir%/etc/klScanEngineUI.xml .
  10. Create a symbolic link to %service_dir%/etc/klScanEngineUI.xml from the /etc/ directory:
    ln -s %service_dir%/etc/klScanEngineUI.xml /etc/klScanEngineUI.xml
  11. If you want to use Kaspersky Scan Engine GUI, read subsection «Enabling Kaspersky Scan Engine GUI» below.
  12. Make a symbolic link to the proper Kaspersky Scan Engine configuration file from the /etc/ directory:
    • For HTTP mode, copy the %service_dir%/etc/kavhttpd.xml file to the /etc/ directory.
    • For ICAP mode, copy the %service_dir%/etc/kavicapd.xml file to the /etc/ directory.

For example, in HTTP mode you have to run the following command:

ln -s %service_dir%/etc/kavhttpd.xml /etc/kavhttpd.xml

  • For HTTP mode, copy the %service_dir%/etc/init.d/kavhttpd file to the /etc/init.d directory.
  • For ICAP mode, copy the %service_dir%/etc/init.d/kavicapd file to the /etc/init.d directory.

For example, in HTTP mode you have to run the following command:

ln -s %service_dir%/etc/init.d/kavhttpd /etc/init.d/kavhttpd

  1. Go to the /etc/init.d/ directory.
  2. Add the proper Kaspersky Scan Engine service to the system startup.
    • For HTTP mode, run the following command:
      • Red Hat-based distributions:

update-rc.d kavhttpd defaults

update-rc.d kavicapd defaults

Enabling Kaspersky Scan Engine GUI

To enable Kaspersky Scan Engine GUI:

  1. Make sure that you have root (administrator) privileges.
  2. Perform the actions described in section «Preparing to install Kaspersky Scan Engine GUI».
  3. On the computer that has PostgreSQL installed, perform the actions listed below under a user that can create new users and databases. To perform these actions, you can use either the psql utility or pgAdmin.
    1. Create a new PostgreSQL user called scanengine : CREATE USER scanengine;
    2. Set the password for the scanengine user: ALTER USER scanengine WITH PASSWORD ‘%PASSWORD%’;
    3. Using PostgreSQL, create a database called kavebase : CREATE DATABASE kavebase OWNER scanengine;
    4. In the kavebase database run the queries described in %service_dir%/samples/tables.sql . psql -d kavebase -a -f tables.sql
    • If you already have an SSL certificate that you want to install in the Kaspersky Scan Engine GUI web service, specify the paths to your certificate and your private key:
      1. In the element, specify the path to your SSL certificate.
      2. In the element, specify the path to your private key.
    • If you do not have an SSL certificate that you want to install in the Kaspersky Scan Engine GUI web service, generate a new one. Run the %service_dir%/tools/openssl utility as follows:

    /opt/kaspersky/ScanEngine/tools/openssl req -x509 -nodes -days 1825 -subj /C=RU/CN=»%СonnectionString%» -newkey rsa:2048 -extensions EXT -config «/opt/kaspersky/ScanEngine/tools/openssl.cnf» -keyout «/opt/kaspersky/ScanEngine/httpsrv/kl_scanengine_private.pem» -out «/opt/kaspersky/ScanEngine/httpsrv/kl_scanengine_cert.pem»

    Here %СonnectionString% is the value that is specified in the element.

    1. Go to the /etc/init.d/ directory.
    2. Add the Kaspersky Scan Engine GUI service to the system startup. Run the following command:
      • Red Hat-based distributions: chkconfig —add klScanEngineUI
      • Debian-based distributions: update-rc.d klScanEngineUI defaults

    Источник

    Kaspersky Endpoint Security 11.4.0 for Linux

    Kaspersky Endpoint Security 11.4.0 for Linux («Kaspersky Endpoint Security,» «Application») protects devices running Linux® operating systems against various types of threats, including network and scam attacks.

    The application is used to:

    • Scan file system objects located on local disks of your device, as well as mounted and shared resources, which are accessed via SMB and NFS protocols.
    • Scan objects in the file system both in real time using the File Threat Protection task and on demand using scan tasks.
    • Scan startup objects, boot sectors, process memory, and kernel memory.
    • Detect infected objects and neutralize threats detected in them.
    • Automatically select an action to neutralize the threat.
    • Save backup copies of files before disinfection or deletion and restore files from backups.
    • Manage tasks and configure their settings.
    • Add keys and activate the application using activation codes.
    • Update the application with service packs.
    • Update application databases from Kaspersky Lab’s update servers, via the Administration Server, or from a user-specified source on schedule and on demand.
    • Use application databases to detect and disinfect infected files. During the scan process, the application analyzes each file for the presence of a threat: it compares the file code with the code of a specific threat and looks for possible matches.
    • Monitor the integrity of the system or specified files and report changes. System Integrity Monitoring can be performed in continuous monitoring mode and in on-demand scan mode.
    • Manage the operating system firewall and restore the set of firewall rules if they were changed.
    • Protect files in local directories with network access via SMB / NFS from remote malicious encryption.
    • Analyze traffic sent to users’ devices via HTTP / HTTPS and FTP and check if web addresses are malicious or phishing.
    • Configure flexible restrictions on access to data storage devices (hard disks, removable disks, CD / DVD drives), data transfer equipment (modems), data conversion devices (printers) and interfaces for connecting devices (USB, FireWire).
    • Check removable drives when connected to your device.
    • Scan inbound network traffic for activity that is typical of network attacks.
    • Scan containers, images and namespaces, as well as use Kaspersky Endpoint Security as a container application (hereinafter referred to as KESL container).
    • Receive information about application actions on your device.
    • Configure encrypted connections scan settings.
    • Control the start of applications and restrict access to applications on user devices to help reduce the risk of client device infections.
    • Get information about all executable files of the applications installed on client devices using the Inventory Scan task, which can be useful, for example, for creating Application Control rules.
    • Configure integration between Kaspersky Endpoint Security and Kaspersky Managed Detection and Response (MDR) to enable continuous search, detection and elimination of threats aimed at your organization.
    • Configure integration of Kaspersky Endpoint Security with Kaspersky Endpoint Detection and Response, a component of the Kaspersky Anti Targeted Attack Platform (hereinafter also referred to as EDR (KATA)), to ensure the protection of your organization’s IT infrastructure and promptly detect threats, including zero-day attacks, targeted attacks, and advanced persistent threats.
    • Use Kaspersky Security Network. The use of data from Kaspersky Security Network ensures faster responses by Kaspersky Endpoint Security to various threats, improves the performance of some protection components, and reduces the likelihood of false positives.
    • Allow users without root permissions to manage the application functions.
    • Notify the administrator about events that occurred while the application was running.
    • Check the integrity of application components using the integrity check tool.

    You can manage Kaspersky Endpoint Security using the following methods:

    • Using control commands from the command line.
    • Using Kaspersky Security Center Administration Console.
    • Using Kaspersky Security Center Web Console and Kaspersky Security Center Cloud Console.
    • Using a graphical user interface.

    Источник

    Читайте также:  Realtek 8812au driver linux
Оцените статью
© 2023 Posetke
Adblock
detector