Configuration file

Oct 22, 2023

ID 234817

The configuration file with the KESL container settings uses the yaml format. To read the settings from the file, mount the /root/kesl-service/config/ path on the device where the KESL container is installed, and specify the name of the configuration file if it differs from the default one. Thus, you can specify individual configuration file for each set of KESL containers.

Example: starting a KESL container

docker run ... \

-e KRAS4D_CFGNAME='unique_file_name' \

-v <HOST_PATH>:/root/kesl-service/config \

kesl-service

The table below shows the configuration file settings and the corresponding environment variables.

Correspondence between the settings and the environment variables

Configuration file setting

Environment variable

Common section

port: <port for listening>

# KRAS4D_PORT=8085

sqlpath: <full path to the database file that contains scan results>

# KRAS4D_SQLPATH

certdir: <path to the directory with registry certificates>

# KRAS4D_CERTDIR

keypath: <path to the directory with license keys>

# KRAS4D_KEYPATH

tmppath: <full path to the temporary directory>

# KRAS4D_TMPPATH

logpath: <full path to the event log>

# KRAS4D_LOGPATH

loglevel: [noset|debug|info|warning|error|critical]

# KRAS4D_LOGLEVEL

Control section

xapikey: <request authorization key>

# KRAS4D_XAPIKEY=None

forceupdate: <forced database update at container start [True|False]>

# KRAS4D_FORCEUPDATE

activation: <activation code or key file name from /root/kesl-service/config/>

# KRAS4D_ACTIVATION

detectaction: [delete|skip]

# KRAS4D_DETECTACTION

scanoptions: <scan settings [ScanArchived=yes ScanSfxArchived=yes ...]>

# KRAS4D_SCANOPTIONS

skipimageifexist: <do not scan the image if it already exists on the server to which the scanned image is to be copied>

# KRAS4D_SKIPIMAGEIFEXIST

generaltimeout: <maximum time to wait for application commands to run>

# KRAS4D_GENERALTIMEOUT

updtasktimeout: <maximum time to wait for application database update tasks to run>

# KRAS4D_UPDTASKTIMEOUT

Repositories section

<server>:<port>: address and port of the image registry that requires authorization when requesting for verification.

 

Credentials subsection

user: user name for authorization in the image registry

 

pass: password for authorization in the image registry

 

Example of a configuration file

common:

port: 8085

sqlpath: './data/scans.sqlite'

tmppath: './tmp/'

keypath: './keys/'

certdir: './certificates/'

logpath: '/var/log/kaspersky/kesl-service/'

loglevel: 'debug'

control:

xapikey: 0000

activation: XXXX-XXXX-XXXX-XXXX or XXXX.key

scanoptions: 'ScanArchives=yes'

updateoptions: ''

forceupdate: True

skipimageifexists: False

generaltimeout: 600

updtasktimeout: 1000

repositories:

repository.any.com:

certificate: repository_any_comcert.pem

credentials:

user: user

pass: password

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.