Deploying and activating KESL container

Distribution package description

The distribution package contains the following files:

docker-service-<version>.tgz – Archive with files necessary to create the image
kesl-<version>.rpm – Kaspersky Endpoint Security installation package
klnagent.rpm – Kaspersky Security Center Network Agent installation package

The docker-service-<version>.tgz archive contains the following files:

kesl-service – directory of the container application files.
Dockerfile – file for building a docker image of a version below 18.06.
Dockerfile.1809 – file for building a docker image of a version later than 18.05.
build.sh.example – example of a script for building an image.
run.sh.example – example of a script for launching a KESL container.
kesl-service.config.example – example of a container application configuration file.
klnagent.conf.example – example of a configuration file for connecting to Kaspersky Security Center.
readme.md – quick reference.

KESL container deployment and activation

To prepare a KESL container for use:

Unpack the tar -xvf docker-service-<version>.tgz archive.
If you want to configure the KESL container settings using Kaspersky Security Center, do the following:
1. In the klnagent.conf.example file, specify the values of the Network Agent variables. For more information, refer to Kaspersky Security Center Help section (the "Installing Network Agent for Linux in silent mode (with an answer file)" section).
2. Copy klnagent.conf.example to kesl-service/klnagent.conf.
Build the KESL container Docker image using the build.sh.example installation script:
1. If you use a proxy server, specify the desired values for the COMMON_AGRS variable.
2. If necessary, change the name of the target kesl-service image to the desired one.
3. Copy build.sh.example to build.sh and assign an executable file attribute to it.
4. Run build.sh.
Make sure that the build completed successfully by executing the docker images -a command.
The following command execution result is displayed:

REPOSITORY TAG IMAGE ID CREATED SIZE

kesl-service latest <hex> <creation time> <size>
Activate the KESL container in one of the following ways:
- Using Kaspersky Security Center. To activate the KESL container, you need to add the key to the devices that correspond to the KESL containers in the Web Console or in the Administration Console.
  For correct operation of KESL containers in Kaspersky Security Center, it is recommended to move the devices that correspond to the KESL containers to a separate administration group with its own policy. When the KESL container is stopped, these devices are automatically removed from the administration group, and the key that was used for these devices is released.
- Using a configuration file.
- Using an environment variable (see step 7).
Configure the KESL container (Configuring KESL container, KESL container settings).
Start the KESL container using the following command docker run --privileged --init -p < <KESL container_port>:<device_port> \
-e <variable_1> -e <variable_2> ... -e <variable_n> \

-v <mount point_1> -v <mount point_2> ... -v <mount point_n> \

<image name>

where:
- <KESL container port> is the port of the KESL container, which must be accessible by the network from outside the KESL container.
- <device_port> –is the port of the device where the KESL container is installed.
When starting the KESL container, you can activate it with an environment variable:
- If you are using an activation code, add the KRAS4D_ACTIVATION='<activation code>' option:
  docker run ... -e KRAS4D_ACTIVATION='<activation code>'
- If you are using a key file, add the KRAS4D_ACTIVATION='<key file>' and KRAS4D_KEYPATH=/root/kesl-service/keys options:
  docker run ... -e KRAS4D_ACTIVATION='<key file>' -e KRAS4D_KEYPATH=/root/kesl-service/keys -v <path to the directory with keys>:/root/kesl-service/keys
You can see an example of the run command in the file run.sh.example.

Page top