You can use the command line interface to run individual commands of Kaspersky Endpoint Agent for Linux.
The command line interface functionality is provided by the lenactl utility. This utility is included in the application distribution kit and is installed on each workstation in the /opt/kaspersky/epagent/sbin/ directory.
To run application commands on the command line:
export PATH="$PATH:/opt/kaspersky/epagent/sbin/"
.Now you can evoke the lenactl utility without specifying the path to the file.
lenactl --param1 value
The command is executed.
The complete list of options and corresponding values is provided below.
Main commands of the application
--product
This option is used to run or stop the application and to display its current state.
Allowed values:
--product
start
runs the unloaded application; this command runs the stopped service of the application--product stop
stops the running application; this command stops the running service of the application--product state
writes the current state of the application ("running" or "stopped") to the console--update
This option lets you perform a single update of the application databases and modules.
Allowed values and additional options:
--update
updates program databases from Kaspersky servers--update <update_source>
updates application databases from the specified source--update --app
updates databases and modules of the application from Kaspersky servers--update <update_source> --app
updates databases and modules of the application from the specified source--local-update-task
This option updates application databases and modules on a schedule using a local task.
The local update task is created automatically when the application is run for the first time. By default, the task is in an inactive state. When an update task is created using Kaspersky Security Center, the local task is automatically and permanently deleted.
Allowed values and additional options:
--local-update-task enable-schedule
to enable hourly updates of application databases from Kaspersky servers.--local-update-task --app enable-schedule
to enable hourly updates of application databases and modules from Kaspersky servers.--local-update-task disable-schedule
to disable hourly updates of application databases from Kaspersky servers.--local-update-task --app disable-schedule
to disable hourly updates of application databases and modules from Kaspersky servers.--local-update-task <update_source>
to update application databases from the specified source.--proxy
This option lets you use a proxy server.
Kaspersky Endpoint Agent for Linux does not encrypt the connection with the proxy server. You must take steps to make sure the network connection between your proxy server and Kaspersky Endpoint Agent for Linux is secure.
Allowed values and additional options:
--server
— address of the proxy server--port
— port of the proxy server--user
— name of the proxy server user (optional)--password
— password of the proxy server (if user name is specified)--use-for-local
— use the proxy server for local addresses--traces
This option is used to manage trace files of the application.
All files in the trace file directory are considered to be trace files.
Allowed values and additional options:
--traces --on
turns on the trace file collection mode--traces --off
turns off the trace file collection mode--traces --clear
deletes all trace files in a directory--traces --copyto <path to a directory>
copies trace files to the specified directoryThe systemd-journald system logging service can be active independently of the application and can maintain its own operation logs. This may slow down the interaction of the application with trace files and reduce available disk space.
To turn off audit logs of the systemd-journald system service:
systemctl mask systemd-journald-audit.socket
systemctl restart systemd-journald
--help
This option displays a command line option reference text.
Commands for configuring the interaction of the program with the EDR server
--servers
This option lets you specify the address and port of the EDR server.
The arguments can be represented by a semicolon-separated list of server:port pairs. Multiple server:port pairs can be passed to the input, however the application ignores all pairs except the first in the list.
Default value: none.
--timeout
This option lets you specify the timeout of the connection to the EDR server in milliseconds.
The argument can be represented by a number.
Default value: 100,000.
--sync-period
This option lets you specify the synchronization period with the EDR server in seconds.
The argument can be represented by a number; the allowed range is 5-3,600.
Default value: 300.
--send-packet-period
This option lets you specify the frequency with which telemetry packets are sent.
Argument: number; allowed range: 5-999.
Default value: 30
--max-events-per-packet
This option lets you specify the maximum number of events in a telemetry packet.
Argument: number; allowed range: 5-10,000
Default value: 1,024.
--compression
This option lets you apply compression.
Arguments: <yes|no>
.
Default value: no
.
--tls
This option lets you apply TLS encryption.
Arguments: <yes|no>
.
Default value: no
.
--pinned-certificate
This option lets you specify the path to the public part of the server certificate.
Argument: <path to public part of server pinned certificate>
.
Default value: none.
--client-certificate
This option lets you specify the path to the container with the client certificate.
Argument: <path to client certificate>
.
Default value: none.
--client-password
This option lets you specify the password of the container with the client certificate.
Argument: <password>
.
Default value: none.
Page top