Managing Kaspersky Endpoint Agent for Linux using the command line

You can use the command line interface to run individual commands of Kaspersky Endpoint Agent for Linux.

The command line interface functionality is provided by the lenactl utility. This utility is included in the application distribution kit and is installed on each workstation in the /opt/kaspersky/epagent/sbin/ directory.

To run application commands through the command line interface:

1. Run the command line terminal on the device.
2. Enter the following command: export PATH="$PATH:/opt/kaspersky/epagent/sbin/".
3. Press ENTER.

   Now you can evoke the lenactl utility without specifying the path to the file.

4. Enter the command in the following format: lenactl --param1 value
5. Press ENTER.

The command is executed.

The complete list of options and corresponding values is provided below.

Main commands of the program

--product

This option is used to run or stop the application and to display its current state.

Allowed values:

• --product start runs the unloaded program; this command runs the stopped service of the program
• --product stop stops the running program; this command stops the running service of the program
• --product state writes the current state of the program ("running" or "stopped") to the console

--update

This option updates program databases and modules once.

Allowed values and additional options:

• --update updates program databases from Kaspersky servers
• --update <update_source> updates program databases from the specified source
• --update --app updates databases and modules of the program from Kaspersky servers
• --update <update_source> --app updates databases and modules of the program from the specified source

--local-update-task

This option updates program databases and modules on a schedule using a local task.

The local update task is created automatically when the program is run for the first time. By default, the task is in an inactive state. When an update task is created using Kaspersky Security Center, the local task is automatically and permanently deleted.

Allowed values and additional options:

• --local-update-task enable-schedule to enable hourly updates of program databases from Kaspersky servers.
• --local-update-task --app enable-schedule to enable hourly updates of program databases and modules from Kaspersky servers.
• --local-update-task disable-schedule to disable hourly updates of program databases from Kaspersky servers.
• --local-update-task --app disable-schedule to disable hourly updates of program databases and modules from Kaspersky servers.
• --local-update-task <update_source> to update program databases from the specified source.

--proxy

This option lets you use a proxy server.

Kaspersky Endpoint Agent for Linux does not encrypt the connection with the proxy server. You must take steps to make sure the network connection between your proxy server and Kaspersky Endpoint Agent for Linux is secure.

Allowed values and additional options:

• --server — address of the proxy server
• --port — port of the proxy server
• --user — name of the proxy server user (optional)
• --password — password of the proxy server (if user name is specified)
• --use-for-local — use the proxy server for local addresses

--traces

This option is used to manage trace files of the application.

All files in the trace file directory are considered to be trace files.

Allowed values and additional options:

• --traces --on turns on the trace file collection mode
• --traces --off turns off the trace file collection mode
• --traces --clear deletes all trace files in a directory
• --traces --copyto <path to a directory> copies trace files to the specified directory

The systemd-journald system logging service can be active independently of the application and can maintain its own operation logs. This may slow down the interaction of the program with trace files and reduce available disk space.

To turn off audit logs of the systemd-journald system service:

1. systemctl mask systemd-journald-audit.socket
2. systemctl restart systemd-journald

--help

This option displays a command line option reference text.

Commands for configuring the interaction of the program with the EDR server

--servers

This option lets you specify the address and port of the EDR server.

The arguments can be represented by a semicolon-separated list of server:port pairs. Multiple server:port pairs can be passed to the input, however the program ignores all pairs except the first in the list.

Default value: none.

--timeout

This option lets you specify the timeout of the connection to the EDR server in milliseconds.

The argument can be represented by a number.

Default value: 100000.

--sync-period

This option lets you specify the synchronization period with the EDR server in seconds.

The argument can be represented by a number; the allowed range is 5-3600.

Default value: 300.

--send-packet-period

This option lets you specify the frequency with which telemetry packets are sent.

Argument: number; allowed range: 5-999.

Default value: 30

--max-events-per-packet

This option lets you specify the maximum number of events in a telemetry packet.

Argument: number; allowed range: 5-10000

Default value: 1024.

--compression

This option lets you apply compression.

Arguments: <yes|no>.

Default value: no.

--tls

This option lets you apply TLS encryption.

Arguments: <yes|no>.

Default value: no.

--pinned-certificate

This option lets you specify the path to the public part of the server certificate.

Argument: <path to public part of server pinned certificate>.

Default value: none.

--client-certificate

This option lets you specify the path to the container with the client certificate.

Argument: <path to client certificate>.

Default value: none.

--client-password

This option lets you specify the password of the container with the client certificate.

Argument: <password>.

Default value: none.

Page top