Configuring the Administration Server with internet access to fix vulnerabilities in an isolated network

To prepare for fixing vulnerabilities and transmitting patches within an isolated network, the initial step is to configure an Administration Server with internet access, and then to configure isolated Administration Servers.

To configure an Administration Server with internet access:

1. Create two folders on the disk where the Administration Server is installed:
   • Folder for the list of required updates
   • Folder for patches

   You can name these folders as desired.

2. Grant the Modify access right to the KLAdmins group in the created folders, by using the standard administrative tools of the operating system.
3. Use the klscflag utility to specify the paths to the folders in the Administration Server properties.

   Run the command line, and then change your current directory to the directory with the klscflag utility. The klscflag utility is located in the directory where the Administration Server is installed. The default installation path is /opt/kaspersky/ksc64/sbin.

4. Run the following commands in the command line:
   • To set the path to the folder for patches:

     klscflag -fset -pv klserver -n VAPM_DATA_EXPORT_PATH -t s -v "<path to the folder>"

   • To set the path to the folder for the list of required updates:

     klscflag -fset -pv klserver -n VAPM_REQ_IMPORT_PATH -t s -v "<path to the folder>"

   Example: klscflag -fset -pv klserver -n VAPM_DATA_EXPORT_PATH -t s -v "/FolderForPatches"

5. If necessary, use the klscflag utility to specify how often the Administration Server should check for new patch requests:

   klscflag -fset -pv klserver -n VAPM_DATA_EXPORT_PERIOD_SEC -t d -v <value in seconds>

   The default value is 120 seconds.

   Example: klscflag -fset -pv klserver -n VAPM_DATA_EXPORT_PERIOD_SEC -t d -v 120

6. Create the Find vulnerabilities and required updates task to obtain information about patches for the third-party software installed on the managed devices, and then set the task schedule.
7. Create the Fix vulnerabilities task to specify patches for the third-party software used to fix vulnerabilities, and then set the task schedule.

   Run tasks manually if you want them to run earlier than it is specified in the schedule. The order in which tasks are started is important. The Fix vulnerabilities task must be run after finishing the Find vulnerabilities and required updates task.

8. Restart the Administration Server service.

The Administration Server with internet access is ready to download and transmit updates to isolated Administration Servers. Before you start fixing vulnerabilities, configure the isolated Administration Servers.

See also: Scenario: Fixing third-party software vulnerabilities in an isolated network About fixing third-party software vulnerabilities in an isolated network

Page top