Checking the integrity of solution components

Kaspersky Security solution components contain many different binary modules in the form of dynamic-link libraries, executable files, configuration files, and interface files. A hacker may replace one or more solution modules or files with other modules or files containing malicious code. To prevent the replacement of solution modules and files, Kaspersky Security can check the integrity of solution files and modules. The solution scans files and modules for unauthorized changes or corruption. If a solution file or module has an incorrect checksum, it is considered corrupted.

The integrity of the files and modules of the following solution components is checked:

• Protection Server
• Integration Server
• Integration Server Console
• Light Agent for Linux (of the Kaspersky Endpoint Security for Linux application)
• Protection Server management MMC plug-in
• Protection Server management web plug-in
• Light Agent for Linux (Kaspersky Endpoint Security for Linux) management MMC plug-in

Special lists called manifest files are used to check the integrity of solution components. The manifest file for a solution component lists the files and modules whose integrity is critical for correct operation of the solution component. The manifest files are digitally signed and their integrity is checked as well.

The integrity of the components is checked using an integrity check tool.

To run the integrity check tool on the SVM and on the virtual machine with Light Agent for Linux installed, you need the root account. An administrator account is required for running the integrity check tool for all other solution components.

For detailed information about checking the integrity of Light Agent for Linux and the Light Agent for Linux management MMC plug-in, see the Kaspersky Endpoint Security for Linux Help.

The manifest files and tool for checking the integrity of the Protection Server, management plug-ins for the Protection Server, Integration Server, and Integration Server Console are located at the following paths:

• Protection Server:
  • Combined manifest file for the Protection Server and Network Agent for Linux: /opt/kaspersky/la/bin/integrity_check.xml.
  • Protection Server manifest file: /opt/kaspersky/la/config/integrity.xml.
  • Network Agent for Linux manifest file: /opt/kaspersky/la/config/klnagent_integrity.xml.
  • Integrity check tool for the Protection Server and Network Agent for Linux: /opt/kaspersky/la/bin/integrity_check_tool.
• Integration Server:
  • Manifest file: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA\integrity_check.xml.
  • Integrity check tool: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA\integrity_check_tool.exe.
• Integration Server Console:
  • Manifest file: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA Console\integrity_check.xml.
  • Integrity check tool: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA Console\integrity_check_tool.exe.
• MMC plug-in for managing the Protection Server:
  • Manifest file: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security Center\Plugins\KSVLA<plug-in version>.SVM.plg\integrity_check.xml.
  • Integrity check tool: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security Center\Plugins\KSVLA<plug-in version>.SVM.plg\integrity_check_tool.exe.
• The Protection Server management web plug-in:
  • Manifest file: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security Center Web Console\server\plugins\svm_<plug-in version>\integrity_check.xml.
  • Integrity check tool: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security Center Web Console\integrity_checker.exe.

To check the integrity of a solution component, you need to run the tool from the folder of that component's tool.

To run the integrity check tool, run one of the following commands:

• To check the integrity of the Protection Server:

  integrity_check_tool -v[|--verify] -m[|--manifest] <path to the manifest file>

• To check the integrity of the Protection Server, Integration Server, or Integration Server management MMC plug-in:

  integrity_check_tool.exe -v[|--verify] -m[|--manifest] <path to the manifest file>

• To check the integrity of the Protection Server management web plug-in:

  integrity_checker.exe -v[|--verify] -m[|--manifest] <path to the manifest file>

where <path to manifest file> is the full path to the manifest file of the component being checked.

You can run the tool with the following optional settings:

• -V, --verbose – display additional information about successfully checked files and modules. If this setting is not specified, only the check result (succeeded/failed), information about errors and general check statistics are displayed.
• -L, --log-file <file>, where <file> is the name of the file where the events that occurred during the scan are logged. By default, the events are sent to the standard stdout stream.
• -l, --log-level <0-1000>, where <0-1000> is the verbosity level for events. The default verbosity level is 0.

You can view the description of all available integrity check tool options in the tool options help. To do this, run the tool with the -h [--help] setting.

The results of checking the integrity of solution components are displayed as follows:

• SUCCEEDED – integrity of the files and modules is confirmed (return code 0).
• FAILED – integrity of the files is not confirmed (return code is other than 0).