The table describes all available values and the default values of all the settings that you can specify for the Application Control task.
|
|
|
Setting
|
Description
|
Values
|
AppControlMode
|
Method for applying Application Control rules:
|
AllowList – Kaspersky Industrial CyberSecurity for Linux Nodes prevents all users from running any applications except those listed in Application Control rules.
DenyList (default value) – Kaspersky Industrial CyberSecurity for Linux Nodes allows users to launch any applications that are not specified in the Application Control rules.
|
AppControlRulesAction
|
What Application Control does when it detects an attempt to run an application that satisfies the configured rules
|
Block – Kaspersky Industrial CyberSecurity for Linux Nodes blocks attempts to run applications that match the rules.
Notify (default value) – Kaspersky Industrial CyberSecurity for Linux Nodes tests the rules and generates an event about the detection of an application that satisfies the rules.
|
The [Categories.item_#] section contains the following settings:
|
Name
|
Name of the application category to which the rule applies.
|
|
UseIncludes
|
Usage of inclusive conditions to trigger the rule.
|
Yes – apply the rule to the application if the application meets at least one inclusive condition.
No (default value) – do not apply the rule to the application, even if the application meets the inclusive conditions.
|
IncludeFileNames.item_#
|
Name of the executable file that triggers the rule.
|
You can use masks to specify the file name.
You can use the * character (any sequence of characters) or the ? character (any one character) as the file or directory name mask.
You can put the * character to represent any set of characters (including an empty set) in a file or directory name that includes the / character. For example, /dir/*/file*/ or /dir/file*/.
You can put a single ? character to represent any one character (including /) in the file or directory name.
|
IncludeFolders.item_#
|
Name of the directory with the application's executable file that triggers the rule.
|
You can use masks to specify the directory name.
You can use the * character (any sequence of characters) or the ? character (any one character) as the file or directory name mask.
You can put the * character to represent any set of characters (including an empty set) in a file or directory name that includes the / character. For example, /dir/*/file*/ or /dir/file*/.
You can put a single ? character to represent any one character (including /) in the file or directory name.
|
IncludeHashes.item_#
|
SHA256 hash of the executable file that triggers the rule.
|
Only SHA256 can be used.
|
UseExcludes
|
Usage of excluding conditions to trigger the rule.
|
Yes – do not apply the rule to the application if the application meets at least one exclusive condition or does not meet any of the inclusive conditions.
No (default value) – apply the rule to the application, even if the application meets at least one exclusive condition.
|
ExcludeFileNames.item_#
|
Name of the executable file that triggers the rule.
|
You can use masks to specify the file name.
You can use the * character (any sequence of characters) or the ? character (any one character) as the file or directory name mask.
You can put the * character to represent any set of characters (including an empty set) in a file or directory name that includes the / character. For example, /dir/*/file*/ or /dir/file*/.
You can put a single ? character to represent any one character (including /) in the file or directory name.
|
ExcludeFolders.item_#
|
Name of the directory with the application's executable file that triggers the rule.
|
You can use masks to specify the directory name.
You can use the * character (any sequence of characters) or the ? character (any one character) as the file or directory name mask.
You can put the * character to represent any set of characters (including an empty set) in a file or directory name that includes the / character. For example, /dir/*/file*/ or /dir/file*/.
You can put a single ? character to represent any one character (including /) in the file or directory name.
|
ExcludeHashes.item_#
|
SHA256 hash of the executable file that triggers the rule.
|
Only SHA256 can be used.
|
The [AllowListRules.item_#] section contains a list of Application Control rules for the AllowList operation mode.
Each [AllowListRules.item_#] section contains the following settings:
|
Description
|
Description of the Application Control rule.
|
|
AppControlRuleStatus
|
Operation status of the Application Control rule:
|
On (default value): the rule is enabled, Kaspersky Industrial CyberSecurity for Linux Nodes applies this rule for Application Control.
Off: the rule is not used for the Application Control.
Test – Kaspersky Industrial CyberSecurity for Linux Nodes allows applications covered by the rule to be launched, but logs information about the launch of these applications in the report.
|
Category
|
Name of the application category for which the rule applies.
You can specify the "Golden Image" category.
|
|
The [AllowListRules.item_#.ACL.item_#] section contains a list of users who are allowed or denied to run applications.
|
Access
|
Access type assigned to a user or user group.
|
Allow (default value) — Allow running applications.
Block – Deny running applications.
|
Principal
|
User or user group to which the Application Control rule applies.
|
\Everyone (default value): the rule applies to all users.
<user name>: name of the user to whom the rule applies.
@<group name>: name of the group of users to whom the rule applies.
|
The [DenyListRules.item_#] section contains a list of Application Control rules for the DenyList operation mode.
Each [DenyListRules.item_#] section contains the following settings:
|
Description
|
Description of the Application Control rule.
|
|
AppControlRuleStatus
|
Operation status of the Application Control rule:
|
On (default value): the rule is enabled, Kaspersky Industrial CyberSecurity for Linux Nodes applies this rule for Application Control.
Off: the rule is not used for the Application Control.
Test – Kaspersky Industrial CyberSecurity for Linux Nodes allows applications covered by the rule to be launched, but logs information about the launch of these applications in the report.
|
Category
|
Name of the created application category to which the rule applies.
You can specify the "Golden Image" list of applications as a category.
|
|
The [DenyListRules.item_#.ACL.item_#] section contains a list of users who are allowed or denied to run applications.
|
Access
|
Access type assigned to a user or user group.
|
Allow – allow applications to start.
Block (default value) – do not allow applications to start.
|
Principal
|
User or user group to which the Application Control rule applies.
|
\Everyone (default value): the rule applies to all users.
<user name>: name of the user to whom the rule applies.
@<group name>: name of the group of users to whom the rule applies.
|