Support

Support for business applications

Kaspersky Industrial CyberSecurity for Networks

Administration of Kaspersky Industrial CyberSecurity for Networks

Monitoring the state of Kaspersky Industrial CyberSecurity for Networks

Checking the integrity of application modules

Kaspersky Industrial CyberSecurity for Networks
Нет результатов
Online Help
FAQ Download Forum Contact support Recovery tools Product videos

Checking the integrity of application modules

March 22, 2024

ID 239569

Get as PDF

You can check the integrity of installed software modules to make sure that there were no changes to those modules after installation. This check is performed by comparing the checksums of installed application modules with their reference values. An integrity check must be run separately on each node hosting installed application modules.

You can run an integrity check on a node in the following ways:

  • Run the check locally using the kics4net-manifest-checker-<application version>.bundle.sh script.
  • Run the check when connected to the Server through the web interface (this option is available in Kaspersky Industrial CyberSecurity for Networks 4.0.1).

Running an integrity check locally using a script

The kics4net-manifest-checker-<application version>.bundle.sh script is included in the Kaspersky Industrial CyberSecurity for Networks distribution kit. The script checks the application module files against special lists that are stored in the manifest files. The manifest files are included in the application installation packages and contain file lists of the corresponding packages. Each application package has a corresponding manifest file. The manifest files are digitally signed and their integrity is also verified.

If you make any changes to the kics4net-manifest-checker-<application version number>.bundle.sh script file, its results may be invalid. For valid results, use only that version of the script which is include in the Kaspersky Industrial CyberSecurity for Networks distribution kit.

While running, the script sequentially checks the checksums of files from the application packages installed in the operating system.

To check the integrity of application modules on a node computer by using the kics4net-manifest-checker-<application version>.bundle.sh script:

  1. Copy to any folder the script file kics4net-manifest-checker-<application version number>.bundle.sh from the folder with unpacked script files and packages for installing, validating and removing application components, contained in the distribution kit. For Kaspersky Industrial CyberSecurity for Networks 4.0, the files are located in the kics4net-release_<application version>/linux-centos subfolder. For Kaspersky Industrial CyberSecurity for Networks 4.0.1, the files are located in the kics4net-release_<application version>/linux-astra subfolder.
  2. In the operating system console, go to the folder containing the script file, and enter the following command:

    sudo bash kics4net-manifest-checker-<application version>.bundle.sh

Information about the results of the check are displayed in the operating system console.

The results of the software module integrity check on the computer are considered successful if the following two conditions are met:

  • The kics4net-manifest-checker-<application version number>.bundle.sh script terminates with the message: All files of installed packages containing the manifest file have been successfully checked.
  • All application packages that should be installed on the computer in accordance with their proper functions do not return error messages or at least do not return either of the following messages:
    • The package is not installed in the operating system.
    • The manifest file for the package could not be found.

Running an integrity check when connected to the Server through the web interface

You can run an integrity check of application modules on a node when connected to the Server through the web interface. An integrity check started in this way is performed using similar methods as the kics4net-manifest-checker-<application version>.bundle.sh script. This option for running an integrity check is available in Kaspersky Industrial CyberSecurity for Networks version 4.0.1.

To check the integrity of application modules on a node computer when connected to the Server through the web interface:

  1. Connect to the Kaspersky Industrial CyberSecurity for Networks Server through the web interface using the Administrator account.
  2. Select Settings → Deployment.
  3. Select the tile of the relevant node.

    The details area appears in the right part of the web interface window.

  4. Click Check integrity.

    You will see a message informing you that an integrity check was started, and information about its progress will be available in the list of background operations for some time. If necessary, you can view the current list of background operations by clicking the button button in the application web interface menu.

  5. To view the integrity check results, go to Settings → Application messages.

The results of an integrity check of application modules on a computer are deemed successful if the list of application messages includes the following message for the corresponding node: Integrity check of application modules on node completed successfully.

If the list of application messages does not include a message indicating a successful integrity check but instead contains an error message, the integrity check is deemed unsuccessful. You can identify the application packages that did not pass the integrity check by using the kics4net-manifest-checker-<application version>.bundle.sh script (see above).

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.