Start endpoint in linux

Starting and stopping the application

By default, Kaspersky Endpoint Security starts automatically when the operating system is booted (at the default level of execution for each operating system). Kaspersky Endpoint Security starts all service tasks as well as custom tasks whose schedule settings is set to PS .

If you stop Kaspersky Endpoint Security, all running tasks will be interrupted. After restarting Kaspersky Endpoint Security, the interrupted custom tasks will not be automatically resumed. Only those custom tasks whose schedule settings is set to PS , will be restarted.

To start Kaspersky Endpoint Security, execute the following command:

To stop Kaspersky Endpoint Security, execute the following command:

To restart Kaspersky Endpoint Security, execute the following command:

To display the status of Kaspersky Endpoint Security, execute the following command:

To start Kaspersky Endpoint Security in the systemd system, execute the following command:

systemctl start kesl-supervisor

To stop Kaspersky Endpoint Security in the systemd system, execute the following command:

systemctl stop kesl-supervisor

To restart Kaspersky Endpoint Security in the systemd system, execute the following command:

systemctl restart kesl-supervisor

To display the status of Kaspersky Endpoint Security in the systemd system, execute the following command:

systemctl status kesl-supervisor

Application state monitoring

The application state is monitored by the watchdog service. The watchdog service is automatically started on the application start.

In case of the application crash, a dump file is generated, and the application is restarted automatically. The /var/opt/kaspersky/kesl directory, excluding dump files, is backed up.

Источник

Запуск и остановка программы

По умолчанию Kaspersky Endpoint Security запускается автоматически при запуске операционной системы (на уровнях выполнения по умолчанию, принятых для каждой операционной системы). Kaspersky Endpoint Security запускает все служебные задачи, а также пользовательские задачи, в параметрах расписания которых задан режим запуска PS .

Если вы остановите Kaspersky Endpoint Security, все выполняющиеся задачи будут прерваны. После повторного запуска Kaspersky Endpoint Security прерванные пользовательские задачи не будут возобновлены автоматически. Только те пользовательские задачи, в параметрах расписания которых задан режим запуска PS , будут запущены снова.

Чтобы запустить Kaspersky Endpoint Security в systemd-системе, выполните следующую команду:

systemctl start kesl

Чтобы остановить Kaspersky Endpoint Security в systemd-системе, выполните следующую команду:

systemctl stop kesl

Чтобы перезапустить Kaspersky Endpoint Security в systemd-системе, выполните следующую команду:

systemctl restart kesl

Чтобы запустить Kaspersky Endpoint Security, выполните следующую команду:

Чтобы остановить Kaspersky Endpoint Security, выполните следующую команду:

Чтобы перезапустить Kaspersky Endpoint Security, выполните следующую команду:

Мониторинг статуса программы

Мониторинг статуса программы Kaspersky Endpoint Security выполняется с помощью контрольной службы. Контрольная служба автоматически запускается при запуске программы.

В случае сбоя программы генерируется файл дампа, и программа автоматически перезапускается.

Чтобы вывести статус Kaspersky Endpoint Security в systemd-системе, выполните следующую команду:

systemctl status kesl

Чтобы вывести статус Kaspersky Endpoint Security, выполните следующую команду:

Источник

Installation

ESET Endpoint Antivirus for Linux is distributed as a binary file ( .bin ).

Make sure your OS has the most recent updates installed before installation of ESET Endpoint Antivirus for Linux.

Installation via Terminal

To install or upgrade your product, run the ESET distribution script with root privileges for the appropriate OS distribution that you have:

• sh ./eea- .x86_64.bin

To display the available parameters (arguments) of ESET Endpoint Antivirus for Linux binary file, run the following command from a terminal window:

bash ./eea- .x86_64.bin -h

Available parameters

Display command-line arguments

Do not perform installation after unpacking

Do not show the license, license has been accepted

Force installation via package manager without asking

Gain .deb installation package

To gain .deb installation package suitable for your OS, run ESET distribution script with » -n » command-line argument:

sudo ./eea- .x86_64.bin -n

sudo sh ./eea- .x86_64.bin -n

To see the dependencies of the installation package, run one of the following commands:

Follow the on-screen instructions. Once you accept the product License Agreement, installation will complete.

The installer would inform you of any dependency problems.

Installation via ESET Security Management Center (ESMC)

To deploy ESET Endpoint Antivirus for Linux remotely on your computers, refer to the ESMC Software Install online help section.

To enable regular updates of detection modules, activate ESET Endpoint Antivirus for Linux.

A summary of third-party apps used by ESET Endpoint Antivirus for Linux can be found in the NOTICE_mode file stored at /opt/eset/eea/doc/modules_notice/ .

Источник

Deploy Microsoft Defender for Endpoint on Linux manually

Applies to:

This article describes how to deploy Microsoft Defender for Endpoint on Linux manually. A successful deployment requires the completion of all of the following tasks:

Prerequisites and system requirements

Before you get started, see Microsoft Defender for Endpoint on Linux for a description of prerequisites and system requirements for the current software version.

Configure the Linux software repository

Defender for Endpoint on Linux can be deployed from one of the following channels (denoted below as [channel]): insiders-fast, insiders-slow, or prod. Each of these channels corresponds to a Linux software repository. Instructions for configuring your device to use one of these repositories are provided below.

The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in insiders-fast are the first ones to receive updates and new features, followed later by insiders-slow and lastly by prod.

In order to preview new features and provide early feedback, it is recommended that you configure some devices in your enterprise to use either insiders-fast or insiders-slow.

Switching the channel after the initial installation requires the product to be reinstalled. To switch the product channel: uninstall the existing package, re-configure your device to use the new channel, and follow the steps in this document to install the package from the new location.

RHEL and variants (CentOS and Oracle Linux)

Install yum-utils if it isn’t installed yet:

Note your distribution and version, and identify the closest entry (by major, then minor) for it under https://packages.microsoft.com/config/rhel/ .

Use the following table to help guide you in locating the package:

Distro & version	Package
For RHEL 8.0-8.5	https://packages.microsoft.com/config/rhel/8/prod/
For RHEL 7.2-7.9	https://packages.microsoft.com/config/rhel/7/prod/

In the following commands, replace [version] and [channel] with the information you’ve identified:

In case of Oracle Linux, replace [distro] with «rhel».

For example, if you are running CentOS 7 and want to deploy Defender for Endpoint on Linux from the prod channel:

Or if you wish to explore new features on selected devices, you might want to deploy Microsoft Defender for Endpoint on Linux to insiders-fast channel:

Install the Microsoft GPG public key:

Download and make usable all the metadata for the currently enabled yum repositories:

SLES and variants

Note your distribution and version, and identify the closest entry(by major, then minor) for it under https://packages.microsoft.com/config/sles/ .

In the following commands, replace [distro] and [version] with the information you’ve identified:

For example, if you are running SLES 12 and wish to deploy Microsoft Defender for Endpoint on Linux from the prod channel:

Install the Microsoft GPG public key:

Ubuntu and Debian systems

Install curl if it isn’t installed yet:

Install libplist-utils if it isn’t installed yet:

Note your distribution and version, and identify the closest entry (by major, then minor) for it under https://packages.microsoft.com/config/[distro]/ .

In the below command, replace [distro] and [version] with the information you’ve identified:

For example, if you are running Ubuntu 18.04 and wish to deploy Microsoft Defender for Endpoint on Linux from the prod channel:

Install the repository configuration:

For example, if you chose prod channel:

Install the gpg package if not already installed:

If gpg is not available, then install gnupg .

Install the Microsoft GPG public key:

Install the https driver if it’s not already present:

Update the repository metadata:

Application installation

RHEL and variants (CentOS and Oracle Linux):

If you have multiple Microsoft repositories configured on your device, you can be specific about which repository to install the package from. The following example shows how to install the package from the production channel if you also have the insiders-fast repository channel configured on this device. This situation can happen if you are using multiple Microsoft products on your device. Depending on the distribution and the version of your server, the repository alias might be different than the one in the following example.

SLES and variants:

If you have multiple Microsoft repositories configured on your device, you can be specific about which repository to install the package from. The following example shows how to install the package from the production channel if you also have the insiders-fast repository channel configured on this device. This situation can happen if you are using multiple Microsoft products on your device.

Ubuntu and Debian system:

If you have multiple Microsoft repositories configured on your device, you can be specific about which repository to install the package from. The following example shows how to install the package from the production channel if you also have the insiders-fast repository channel configured on this device. This situation can happen if you are using multiple Microsoft products on your device.

Download the onboarding package

Download the onboarding package from Microsoft 365 Defender portal:

In the Microsoft 365 Defender portal, go to Settings > Endpoints > Device management > Onboarding.

In the first drop-down menu, select Linux Server as the operating system. In the second drop-down menu, select Local Script as the deployment method.

Select Download onboarding package. Save the file as WindowsDefenderATPOnboardingPackage.zip.

From a command prompt, verify that you have the file. Extract the contents of the archive:

Client configuration

Copy MicrosoftDefenderATPOnboardingLinuxServer.py to the target device.

Initially the client device is not associated with an organization. Note that the orgId attribute is blank:

To run this command, you must have python installed on the device. If you’re running RHEL 8.x or Ubuntu 20.04 or higher, then you will need to use Python 3 instead of Python.

Verify that the device is now associated with your organization and reports a valid organization identifier:

A few minutes after you complete the installation, you can see the status by running the following command. A return value of 1 denotes that the product is functioning as expected:

When the product starts for the first time, it downloads the latest antimalware definitions. Depending on your Internet connection, this can take up to a few minutes. During this time the above command returns a value of false . You can check the status of the definition update using the following command:

Please note that you may also need to configure a proxy after completing the initial installation. See Configure Defender for Endpoint on Linux for static proxy discovery: Post-installation configuration.

Run a detection test to verify that the device is properly onboarded and reporting to the service. Perform the following steps on the newly onboarded device:

Ensure that real-time protection is enabled (denoted by a result of 1 from running the following command):

Open a Terminal window. Copy and execute the following command:

The file should have been quarantined by Defender for Endpoint on Linux. Use the following command to list all the detected threats:

Experience Linux endpoint detection and response (EDR) capabilities with simulated attacks

To test out the functionalities of EDR for Linux, follow the steps below to simulate a detection on your Linux server and investigate the case.

Verify that the onboarded Linux server appears in Microsoft 365 Defender. If this is the first onboarding of the machine, it can take up to 20 minutes until it appears.

Download and extract the script file to an onboarded Linux server and run the following command: ./mde_linux_edr_diy.sh

After a few minutes, a detection should be raised in Microsoft 365 Defender.

Look at the alert details, machine timeline, and perform your typical investigation steps.

Installer script

Alternatively, you can use an automated installer bash script provided in our public GitHub repository. The script identifies the distribution and version, and sets up the device to pull the latest package and install it. You can also onboard with a provided script.

Log installation issues

See Log installation issues for more information on how to find the automatically generated log that is created by the installer when an error occurs.

Operating system upgrades

When upgrading your operating system to a new major version, you must first uninstall Defender for Endpoint on Linux, install the upgrade, and finally reconfigure Defender for Endpoint on Linux on your device.

How to migrate from Insiders-Fast to Production channel

Uninstall the «Insiders-Fast channel» version of Defender for Endpoint on Linux.

Disable the Defender for Endpoint on Linux Insiders-Fast repo

The output should show «packages-microsoft-com-fast-prod».

Redeploy Microsoft Defender for Endpoint on Linux using the «Production channel».

Uninstallation

See Uninstall for details on how to remove Defender for Endpoint on Linux from client devices.

Источник