The [General] section contains the following settings:

Locale

The locale used for the localization of texts sent by Kaspersky Industrial CyberSecurity for Linux Nodes to Kaspersky Security Center (events, notifications, task results, etc).

The locale of the graphical interface and the application command line depends on the value of the LANG environment variable. If a localization that is not supported by Kaspersky Industrial CyberSecurity for Linux Nodes is specified as the value of the LANG environment variable, the graphical interface and the command line are displayed in English.

Locale in the format specified by RFC 3066.

If the Locale setting is not specified, the operating system locale is used. If the application fails to determine the operating system localization language or the operating system localization is not supported, the default value will be used – en_US.utf8.

PackageType

Format of the installed application package.

We do not recommend changing the value of this setting manually. This value is filled in automatically during initial application configuration.

rpm – an RPM package is installed.

deb – a DEB package is installed.

UseFanotify

Using the fanotify technology to intercept file operations.

We do not recommend changing the value of this setting manually. This setting is specified during the initial configuration of the application.

true/yes – the application uses the fanotify technology to intercept file operations.

false/no – the fanotify technology is not used.

StartupTraces

Enables generation of trace files at application startup.

true/yes – Create trace files at application startup.

false/no (default value) – Do not create trace files at application startup.

RevealSensitiveInfoInTraces

Display information in trace files that may contain personal data (for example, passwords).

true/yes (default value) — display information in application trace files that may contain personal data.

false/no (default value) — do not display information that may contain personal data in trace files.

AsyncTraces

Enables asynchronous tracing, in which information is logged to trace files in asynchronously.

true/yes – enable asynchronous tracing.

false/no (default value) – do not enable asynchronous tracing.

CoreDumps

Enables the creation of a dump file when application failure occurs.

true/yes – Create a dump file when the application crashes.

false/no (default value) – Do not create a dump file when the application crashes.

CoreDumpsPath

Path to the directory where the dump files are stored.

Default value: /var/opt/kaspersky/kics/common/dumps.

Root privileges are required to access the default dump file directory.

MinFreeDiskSpace

The minimum amount of disk memory that will remain after writing a dump file, in megabytes.

Default value: 300.

ScanMemoryLimit

Limit on the application's use of memory in megabytes.

Default value: 8192.

MachineId

The user's unique device ID.

The value of the setting is filled in automatically during installation of the application.

SocketPath

Path to a socket for a remote connection to, say, a graphical interface and the kics-control utility.

Default value: /var/run/bl4control.

MaxInotifyWatches

Limit on the number of subscriptions to changes in files and directories (user watches) in /proc/sys/fs/inotify/max_user_watches.

Default value: 300000.

MaxInotifyInstances

Limit on the number of subscriptions to changes in files and directories for a single user.

Default value: 2048.

ExecEnvMax

The number of environment variables that the application captures from the command call.

Default value: 50.

ExecArgMax

Number of arguments that the application captures from the exec call.

Default value: 50.

DisableFileAvActions

Disables the disinfection and file deletion functions for application components after its installation.

If the disinfection and file deletion functions are disabled and a threat is detected, the application does not attempt to disinfect or delete the files in which a threat was detected, but only informs the user about a threat detection.

true/yes: disables the disinfection and file deletion functions when the application is started after the installation.

false/no (default value): does not disable the disinfection and file deletion functions when the application is started after the installation.

AdditionalDNSLookup

Indicates use of a public DNS.

If there are errors accessing servers through the system DNS, the application uses a public DNS. This is needed for updating application databases and maintaining device security. The application will use the following public DNSes in this order:

• Google Public DNS™ (8.8.8.8).
• Cloudflare® DNS (1.1.1.1).
• Alibaba Cloud® DNS (223.6.6.6).
• Quad9® DNS (9.9.9.9).
• CleanBrowsing (185.228.168.168).

true/yes – Use a public DNS to access Kaspersky servers.

false/no (default value) – Do not use a public DNS to access Kaspersky servers.

The application's requests may contain domain addresses and the user's external IP address, since the application establishes a TCP/UDP connection with the DNS server. This information is necessary, for example, to check the certificate of a web resource when interacting via HTTPS. If the application is using a public DNS server, data processing rules are governed by the Privacy Policy of the corresponding service. If you need to block the application from using a public DNS server, contact Technical Support for a private patch.

The [Network] section contains the following settings:

WtpFwMark

A mark in the iptables rules for forwarding traffic to the application for processing by Web Threat Protection component. You may need to change this mark if a device with the application runs other software that uses the ninth bit of the TCP packet mask, and a conflict occurs.

A decimal value or hexadecimal number with the prefix 0x.

Default value: 0x100.

NtpFwMark

A mark in the iptables rules for forwarding traffic to the application for processing by Network Threat Protection component.

You may need to change this mark if a device with the application runs other software that uses the ninth bit of the TCP packet mask, and a conflict occurs.

A decimal value or hexadecimal number with the prefix 0x.

Default value: 0x200.

BypassFwMark

A mark used to indicate packets created or scanned by the application, so that the application does not scan them again.

A decimal value or hexadecimal number with the prefix 0x.

Default value: 0x400.

BypassNFlogMark

A mark used to indicate packages created or scanned by the application to prevent them from being logged by the iptable utility.

A decimal value or hexadecimal number with the prefix 0x.

Default value: 0x800.

ProxyRouteTable

Number of the routing table.

Default value: 101.

The [Watchdog] section contains the following settings:

TimeoutAfterHeadshot

Maximum time to wait for the kics process to complete from the moment the Watchdog server sends the HEADSHOT signal to the kics process.

Default value: 2 minutes.

StartupTimeout

Maximum time interval from the moment the REGISTER message is received to the moment the SUCCESSFUL_STARTUP message is received.

Default value: 3 minutes.

TimeoutAfterKill

Maximum time to wait for the controlled process to complete from the moment the Watchdog server sends the SIGKILL signal to the kics process.

If the kics process does not finish before this time elapses, the action specified by the --failed-kill setting is performed.

Default value: 2 days.

PingInterval

The interval with which the application attempts to send a PONG message to a server in response to a received PING message.

Default value: 2000 milliseconds.

MaxRestartCount

Maximum number of consecutive unsuccessful attempts to start the application.

Default value: 5.

ActivityTimeout

Maximum time interval during which the application should send a message to the Watchdog server.

If a message is not received from the application within this time interval, the Watchdog server begins the procedure to terminate the kics process.

Default value: 2 minutes.

ConnectTimeout

Maximum time from the start of the kics process to the moment when a connection with the Watchdog server is established by the application.

If the application does not establish a connection in this time interval, the Watchdog server begins the procedure to terminate the kics process.

Default value: 3 minutes.

RegisterTimeout

Maximum time from the moment the application connects to the Watchdog server to the moment the server receives a REGISTER message.

Default value: 500 milliseconds.

TimeoutAfterShutdown

Maximum time to wait for the kics process to complete from the moment the Watchdog server sends the SHUTDOWN signal to the kics process.

Default value: 2 minutes.

MaxMemory

Limit on the use of resident memory by the kics process.

If the process uses more resident memory than this limit, the Watchdog server begins the procedure to terminate the kics process.

off – the resident set size is not limited.

<value >% – a value between 0 and 100, expressing a percentage of memory.

<value>MB – a value in megabytes.

lowest/<value>%/<value>MB – the smaller value between the value as a percentage and the value in megabytes.

highest/<value>%/<value>MB – the larger value between the value as a percentage and the value in megabytes.

auto – up to 50% of available memory, but not less than 2GB and not more than 16GB.

Default value: auto.

MaxVirtualMemory

Limit on the use of virtual memory by the kics process.

If the process uses more virtual memory than this limit, the Watchdog server begins the procedure to terminate the kics process.

off (default value) – The virtual memory size is not limited.

<value>MB – a value in megabytes.

MaxSwapMemory

Limit on the size of the swap file of the kics process.

If the swap file of the process exceeds this limit, the Watchdog server begins the procedure to terminate the kics process.

off (default value) – The size of the swap file is not limited.

<value >% – a value between 0 and 100, expressing a percentage of memory.

<value>MB – a value in megabytes.

lowest/<value>%/<value>MB – the smaller value between the value as a percentage and the value in megabytes.

highest/<value>%/<value>MB– the larger value between the value as a percentage and the value in megabytes.

TrackProductCrashes

Enabling application stability monitoring.

If application stability monitoring is enabled, the Watchdog server tracks the number of abnormal halts of the application.

true/yes – enable application stability monitoring.

false/no (default value) – disable application stability monitoring.

ProductHealthLogFile

The path to the file used for application stability monitoring.

Default value: /var/opt/kaspersky/kics/private/kics_health.log.

WarnThreshold

Time interval (in seconds) in which the application must experience the specified number of abnormal halts before displaying a notification about unstable operation.

Default value: 3600 seconds.

WarnAfter_#_crash

Number of abnormal halts of the application that are required before displaying a notification about unstable application operation.

Default value: 10.

If the value is 0, an unstable application notification is not displayed.

WarnRemovingThreshold

Time interval after which the application's unstable status is cleared.

Default value: 86400 seconds.

The [Environment] section contains the following settings:

ExperimentalContainerdSupport

Enabling support for the containerd environment when running the Container Monitoring component.

By default, this section is absent from the configuration file. If you want to use the containerd environment when the Container Monitoring component is running, you need to manually add the [Environment] section to the configuration file and inside it, the ExperimentalContainerdSupport setting.

true/yes – enable support for the containerd environment in the operation of the Container Monitoring component.

false/no – do not enable support for the containerd environment in the operation of the Container Monitoring component.