Managing Kaspersky Endpoint Agent for Linux using the command line

You can use the command line interface to run individual commands of Kaspersky Endpoint Agent for Linux.

The command line interface functionality is provided by the lenactl utility. This utility is included in the application distribution kit and is installed on each workstation in the /opt/kaspersky/epagent/sbin/ directory.

To run application commands through the command line interface:

  1. Run the command line terminal on the device.
  2. Enter the following command: export PATH="$PATH:/opt/kaspersky/epagent/sbin/".
  3. Press ENTER.

    Now you can evoke the lenactl utility without specifying the path to the file.

  4. Enter the command in the following format: lenactl --param1 value
  5. Press ENTER.

The command is executed.

The complete list of options and corresponding values is provided below.

Main commands of the program

--product

This option is used to run or stop the application and to display its current state.

Allowed values:

--update

This option updates program databases and modules once.

Allowed values and additional options:

--local-update-task

This option updates program databases and modules on a schedule using a local task.

The local update task is created automatically when the program is run for the first time. By default, the task is in an inactive state. When an update task is created using Kaspersky Security Center, the local task is automatically and permanently deleted.

Allowed values and additional options:

--proxy

This option lets you use a proxy server.

Kaspersky Endpoint Agent for Linux does not encrypt the connection with the proxy server. You must take steps to make sure the network connection between your proxy server and Kaspersky Endpoint Agent for Linux is secure.

Allowed values and additional options:

--traces

This option is used to manage trace files of the application.

All files in the trace file directory are considered to be trace files.

Allowed values and additional options:

The systemd-journald system logging service can be active independently of the application and can maintain its own operation logs. This may slow down the interaction of the program with trace files and reduce available disk space.

To turn off audit logs of the systemd-journald system service:

  1. systemctl mask systemd-journald-audit.socket
  2. systemctl restart systemd-journald

--help

This option displays a command line option reference text.

Commands for configuring the interaction of the program with the EDR server

--servers

This option lets you specify the address and port of the EDR server.

The arguments can be represented by a semicolon-separated list of server:port pairs. Multiple server:port pairs can be passed to the input, however the program ignores all pairs except the first in the list.

Default value: none.

--timeout

This option lets you specify the timeout of the connection to the EDR server in milliseconds.

The argument can be represented by a number.

Default value: 100000.

--sync-period

This option lets you specify the synchronization period with the EDR server in seconds.

The argument can be represented by a number; the allowed range is 5-3600.

Default value: 300.

--send-packet-period

This option lets you specify the frequency with which telemetry packets are sent.

Argument: number; allowed range: 5-999.

Default value: 30

--max-events-per-packet

This option lets you specify the maximum number of events in a telemetry packet.

Argument: number; allowed range: 5-10000

Default value: 1024.

--compression

This option lets you apply compression.

Arguments: <yes|no>.

Default value: no.

--tls

This option lets you apply TLS encryption.

Arguments: <yes|no>.

Default value: no.

--pinned-certificate

This option lets you specify the path to the public part of the server certificate.

Argument: <path to public part of server pinned certificate>.

Default value: none.

--client-certificate

This option lets you specify the path to the container with the client certificate.

Argument: <path to client certificate>.

Default value: none.

--client-password

This option lets you specify the password of the container with the client certificate.

Argument: <password>.

Default value: none.

Page top