The table describes all available values and the default values of all the settings that you can specify for the Application Control task.
|
|
|
Setting
|
Description
|
Values
|
AppControlMode
|
Application Control task operation mode.
|
AllowList – Kaspersky Industrial CyberSecurity for Linux Nodes prevents users from launching any applications that are not specified in the application control rules.
DenyList (default value) – Kaspersky Industrial CyberSecurity for Linux Nodes allows users to launch any applications that are not specified in the application control rules.
|
AppControlRulesAction
|
Action performed by Kaspersky Industrial CyberSecurity for Linux Nodes when a user attempts to launch an application prohibited by the application control rules.
|
ApplyRules – Kaspersky Industrial CyberSecurity for Linux Nodes applies Application Control rules and performs the action specified in the rules.
TestRules (default value) – Kaspersky Industrial CyberSecurity for Linux Nodes tests the rules and generates an event about the detection of an application that meets the rule.
|
The [Categories.item_#] section contains the following settings:
|
Name
|
Name of the created application category to which the rule applies.
|
|
UseIncludes
|
Usage of inclusive conditions to trigger the rule.
|
Yes – apply the rule to the application if the application meets at least one inclusive condition.
No (default value) – do not apply the rule to the application, even if the application meets the inclusive conditions.
|
IncludeFileNames.item_#
|
Name of the executable file that triggers the rule.
You can use masks to specify the file name.
You can use the * (asterisk) character to create a file or directory name mask.
You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file .
You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/ .
The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.
To exclude the mount point /dir , you need to specifically indicate /dir (no asterisk).
The mask /dir/* excludes all mount points at the level below /dir but not /dir itself. The /dir/** mask excludes all mount points below the level of /dir but not /dir itself.
You can use a single ? character to represent any one character in the file or directory name.
|
|
IncludeFolders.item_#
|
Name of the directory with the application's executable file that triggers the rule.
You can use masks to specify the directory name.
You can use the * (asterisk) character to create a file or directory name mask.
You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file .
You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/ .
The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.
To exclude the mount point /dir , you need to specifically indicate /dir (no asterisk).
The mask /dir/* excludes all mount points at the level below /dir but not /dir itself. The /dir/** mask excludes all mount points below the level of /dir but not /dir itself.
You can use a single ? character to represent any one character in the file or directory name.
|
|
IncludeHashes.item_#
|
Hash (SHA-256) of the executable file that triggers the rule.
|
|
UseExcludes
|
Usage of excluding conditions to trigger the rule.
|
Yes – do not apply the rule to the application if the application meets at least one exclusive condition or does not meet any of the inclusive conditions.
No (default value) – apply the rule to the application, even if the application meets at least one exclusive condition.
|
ExcludeFileNames.item_#
|
Name of the executable file that triggers the rule.
You can use masks to specify the file name.
You can use the * (asterisk) character to create a file or directory name mask.
You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file .
You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/ .
The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.
To exclude the mount point /dir , you need to specifically indicate /dir (no asterisk).
The mask /dir/* excludes all mount points at the level below /dir but not /dir itself. The /dir/** mask excludes all mount points below the level of /dir but not /dir itself.
You can use a single ? character to represent any one character in the file or directory name.
|
|
ExcludeFolders.item_#
|
Name of the directory with the application's executable file that triggers the rule.
You can use masks to specify the directory name.
You can use the * (asterisk) character to create a file or directory name mask.
You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file .
You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/ .
The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.
To exclude the mount point /dir , you need to specifically indicate /dir (no asterisk).
The mask /dir/* excludes all mount points at the level below /dir but not /dir itself. The /dir/** mask excludes all mount points below the level of /dir but not /dir itself.
You can use a single ? character to represent any one character in the file or directory name.
|
|
ExcludeHashes.item_#
|
Hash (SHA-256) of the executable file that triggers the rule.
|
|
The [AllowListRules.item_#] section contains a list of application control rules for the AllowList operation mode.
Each [AllowListRules.item_#] section contains the following settings:
|
Description
|
Description of the application control rule.
|
|
AppControlRuleStatus
|
Operation status of the application control rule.
|
On (default value) – the rule is enabled, Kaspersky Industrial CyberSecurity for Linux Nodes applies this rule when the Application Control task is running.
Off – the rule is not used when the Application Control task is running.
Test – Kaspersky Industrial CyberSecurity for Linux Nodes allows applications covered by the rule to be launched, but logs information about the launch of these applications in the report.
|
Category
|
Name of the created application category to which the rule applies.
You can specify the "Golden Image" category.
|
|
The [AllowListRules.item_#.ACL.item_#] section contains a list of users who are allowed or denied to run applications.
|
Access
|
Access type assigned to a user or user group.
|
Allow (default value) — Allow running applications.
Block – Deny running applications.
|
Principal
|
User or user group to which the Application Control rule applies.
|
\Everyone (default value) — The access rule applies to all users.
< user name > — Name of the user to whom the access rule applies.
@< group name > — Name of the group of users to whom the access rule applies.
|
The [DenyListRules.item_#] section contains a list of application control rules for the DenyList operation mode.
Each [DenyListRules.item_#] section contains the following settings:
|
Description
|
Description of the application control rule.
|
|
AppControlRuleStatus
|
Operation status of the application control rule.
|
On (default value) – the rule is enabled, Kaspersky Industrial CyberSecurity for Linux Nodes applies this rule when the Application Control task is running.
Off – the rule is not used when the Application Control task is running.
Test – Kaspersky Industrial CyberSecurity for Linux Nodes allows applications covered by the rule to be launched, but logs information about the launch of these applications in the report.
|
Category
|
Name of the created application category to which the rule applies.
You can specify the "Golden Image" list of applications as a category.
|
|
The [DenyListRules.item_#.ACL.item_#] section contains a list of users who are allowed or denied to run applications.
|
Access
|
Access type assigned to a user or user group.
|
Allow – Allow running applications.
Block (default value) — Block running applications.
|
Principal
|
User or user group to which the Application Control rule applies.
|
\Everyone (default value) — The access rule applies to all users.
< user name > — Name of the user to whom the access rule applies.
@< group name > — Name of the group of users to whom the access rule applies.
|