Deploying and activating KESL container

Distribution package description

The distribution package contains the following files:

• docker-service-<version>.tgz – Archive with files necessary to create the image
• kesl-<version>.rpm – Kaspersky Endpoint Security installation package
• klnagent.rpm – Kaspersky Security Center Network Agent installation package

The docker-service-<version>.tgz archive contains the following files:

• kesl-service – directory of the container application files.
• Dockerfile – file for building a docker image of a version below 18.06.
• Dockerfile.1809 – file for building a docker image of a version later than 18.05.
• build.sh.example – example of a script for building an image.
• run.sh.example – example of a script for launching a KESL container.
• kesl-service.config.example – example of a container application configuration file.
• klnagent.conf.example – example of a configuration file for connecting to Kaspersky Security Center.
• readme.md – quick reference.

KESL container deployment and activation

To prepare a KESL container for use:

1. Unpack the tar -xvf docker-service-<version>.tgz archive.
2. If you want to configure the KESL container settings using Kaspersky Security Center, do the following:
   1. In the klnagent.conf.example file, specify the values ​​of the Network Agent variables. For more information, refer to Kaspersky Security Center documentation (the "Installing Network Agent for Linux in silent mode (with an answer file)" section).
   2. Copy klnagent.conf.example to kesl-service/klnagent.conf.
3. Build the KESL container Docker image using the build.sh.example installation script:
   1. If you use a proxy server, specify the desired values ​​for the COMMON_AGRS variable.
   2. If necessary, change the name of the target kesl-service image to the desired one.
   3. Copy build.sh.example to build.sh and assign an executable file attribute to it.
   4. Run build.sh.
4. Make sure that the build completed successfully by executing the docker images -a command.

   The following command execution result is displayed:

   REPOSITORY TAG IMAGE ID CREATED SIZE

   kesl-service latest <hex> <creation time> <size>

5. Activate the KESL container in one of the following ways:
   • Using Kaspersky Security Center.
   • Using a configuration file.
   • Using an environment variable (see step 8).
6. Configure the KESL container.
7. Start the KESL container using the following command docker run --privileged --init -p < <KESL container_port>:<device_port> \

   -e <variable_1> -e <variable_2> ... -e <variable_n> \

   -v <mount point_1> -v <mount point_2> ... -v <mount point_n> \

   <image name>

   where:

   <KESL container port> is the port of the KESL container, which must be accessible by the network from outside the KESL container.

   <device_port> –is the port of the device where the KESL container is installed.

   You can see an example of the run command in the file run.sh.example.

8. If you want to activate the KESL container using an environment variable, do one of the following:
   • If you want to specify an activation code, add the following setting when starting the KESL container (see step 7): KRAS4D_ACTIVATION ='<activation code>':

     docker run ... -e KRAS4D_ACTIVATION='<activation code>'

   • If you want to apply the key file, add the following options when starting the KESL container (see step 7): KRAS4D_ACTIVATION ='<key file>' and KRAS4D_KEYPATH=/root/kesl-service/keys:

     docker run ... -e KRAS4D_ACTIVATION='<key file>' -e KRAS4D_KEYPATH=/root/kesl-service/keys -v <path to the directory with keys>:/root/kesl-service/keys