Integrity check of KUMA files

The integrity of KUMA components is checked using a set of scripts based on the integrity_checker tool and located in the/opt/kaspersky/kuma/integrity/bin directory. An integrity check uses manifest xml files in the/opt/kaspersky/kuma/integrity/manifest/* directory, protected by a Kaspersky cryptographic signature.

Running the integrity check tool requires a user account with permissions at least matching those of the KUMA account.

The integrity check tool processes each KUMA component individually, and it must be run on servers that has the appropriate components installed. An integrity check also checks the xml file that was used.

We recommend checking the integrity of KUMA components when starting the application and on a schedule. The results of the check should be recorded in the system audit log. To initiate a self-test of the application, you can use the self_test.py script, which performs a number of checks in addition to the integrity check. You can request this script from Technical Support.

You can have the integrity of KUMA components checked automatically. For the integrity check at application startup, you can add Bash scripts listed in the instructions to your systemd script. You can configure the scheduled integrity check with third-party applications and utilities, such as the cron utility. Please note that KUMA is a distributed, multi-component solution, and the location of its components on hosts is not known before the installation stage, therefore the configuration of the automatic integrity check of the components cannot be provided with the distribution kit and must be configured at the deployment stage.

To check the integrity of component files:

1. Run the following command to navigate to the directory that contains the set of scripts:

   cd /opt/kaspersky/kuma/integrity/bin

2. Then run one of the following commands depending on the KUMA component that you want to check:
   • ./check_all.sh for KUMA Core and Storage components.
   • ./check_core.sh for KUMA Core components.
   • ./check_collector.sh for KUMA collector components.
   • ./check_collector.sh for KUMA correlator components.
   • ./check_storage.sh for storage components.
   • ./check_kuma_exe.sh <full path to kuma.exe omitting file name> for KUMA Agent for Windows. The standard location of the agent executable file on the Windows device is: C:\Program Files\Kaspersky Lab\KUMA\.

The integrity of the component files is checked.

The result of checking each component is displayed in the following format:

• The Summary section describes the number of scanned objects along with the scan status: integrity not confirmed / object skipped / integrity confirmed:
  • Manifests – the number of manifest files processed.
  • Files – the number of KUMA files processed.
  • Directories – not used when KUMA integrity checking is performed.
  • Registries – not used when KUMA integrity checking is performed.
  • Registry values – not used when KUMA integrity checking is performed.
• Component integrity check result:
  • SUCCEEDED – integrity confirmed.
  • FAILED – integrity violated.

Page top