The Security audit task looks for vulnerabilities on devices and assesses the compliance of devices with operating system standards.
To perform the security audit task, Kaspersky Industrial CyberSecurity for Linux Nodes uses predefined or custom rule databases in XML files:
The Security Audit task requires 3 GB of memory on the device.
You can configure and run the Security audit task only on the command line. Managing the Security audit task using application management plug-ins is not supported.
To configure and start the Security audit task, run the following command:
kics-control --scan-oval --source {kl|file} [--input-package <path to archive>] [--mode {all|exclude|include}] [--definitions <vulnerability_type_1;vulnerability_type_2;...;vulnerability_type_N>] --output-package <path to report>
where:
--scan-oval is the mode of the security audit task. --source is source of OVAL rules for tthe scan:kl means the Kaspersky ICS CERT database of vulnerabilities for ICS included in the distribution kit.file means a file with OVAL rules specified in the --input-package option.--input-package <path to archive> is the full path to a zip archive with OVAL rules. This option is used together with the --source file option.--mode is OVAL definitions checking mode:all checks all OVAL definitions in the collection of OVAL rules.exclude checks all OVAL definitions, except for the OVAL definitions specified in the --definitions option.include checks only OVAL definitions specified in the --definitions option.If this option is not specified, the all mode is used by default.
--definitions is the list of OVAL definitions to be checked or excluded from the scan. OVAL definitions in the list must be separated by semicolons. This option is used together with the --mode include or --mode exclude option.--output-package <path to report> is the full path to the zip archive in which you want to save the scan results.