Configuring permissions in the AppArmor system

To update the AppArmor profiles required to run Kaspersky Endpoint Security:

1. Make sure that the AppArmor module is loaded by typing one of the following in the command line:
   • systemctl status apparmor
   • /etc/init.d/apparmor status
2. Create a Kaspersky Endpoint Security profile:
   1. In the first console, execute the following commands:

      cd /etc/apparmor.d

      aa-genprof /opt/kaspersky/kesl/libexec/kesl

   2. To create a comprehensive profile, it is recommended to perform all operations that you plan to do while using Kaspersky Endpoint Security. For example, run tasks in the second console:
      • File Threat Protection task:

        kesl-control --start-task 1

      • Boot sector scan task:

        kesl-control --start-task 4 -W

      • Process and kernel memory scan task:

        kesl-control --start-task 5 -W

      • Update task:

        kesl-control --start-task 6 -W

        It is recommended to run all tasks that you plan to run while using Kaspersky Endpoint Security.

   3. In the first console, press S. After event scanning completes, press F.

      After that, the Kaspersky Endpoint Security profile for the AppArmor system is generated in /etc/apparmor.d/ directory. Profile file name is unique for each installation (for example, var.opt.kaspersky.kesl.10.1.1.5960_1537783807.opt.kaspersky.kesl.libexec.kesl).

      You can define the created profile manually, or by executing the command:

      basename /etc/apparmor.d/*kesl*

3. Switch the created Kaspersky Endpoint Security profile to message display mode:

   aa-complain <Kaspersky Endpoint Security profile file name>

4. After the application has run for several days, update the profile by running the following command:

   aa-logprof

   Specify the Allow or Glob permissions for all files that Kaspersky Endpoint Security used during this period.

5. Switch the Kaspersky Endpoint Security profile to blocking mode:

   aa-enforce <Kaspersky Endpoint Security profile file name>

If new audit messages related to Kaspersky Endpoint Security appear, the rules module file needs to be updated.

For additional information, please refer to the documentation on the relevant operating system.

Page top