KSMG and KATA 4.0/4.1 integration: private fix [KATA/KEDRE]
Entry posted by svc_kms in Known Problem
5 views
KATA 4.0/4.1 is compatible with KSMG 2.0, KSMG 1 and KLMS 8.0.3.
Second thing to notice is that KSMG integration has a few bugs on KATA side. Thankfully, all known issues are fixed in a PF, which is recommended for all who integrate KSMG/KLMS and KATA4.
KATA4.0
Step-by-step guide
file_name : kata_scanner_35f8753e6d.tar.gz
md5 : 2adb09c0bd13dfc03c6a5c8980dde4ff
container_name: kata_scanner
container_version: kata_scanner:35f8753e6d
service_name: kataedr_main_1_kata_scanner
Copy file kata_scanner_35f8753e6d.tar.gz to KATA CN
-
check md5:
md5sum /var/opt/kaspersky/apt/files/kata_scanner_35f8753e6d.tar.gz -
MD5 should be
2adb09c0bd13dfc03c6a5c8980dde4ff, after that import the container, no need to decompress:docker load < /var/opt/kaspersky/apt/files/kata_scanner_35f8753e6d.tar.gzIf the load is successful, the result would be the the container version, like
kaspersky/kata/kata_scanner:35f8753e6d -
Change container tag in
/etc/opt/kaspersky/apt-swarm/image_versions.jsonto the new version (kata_scanner:bb3be18444 -> kata_scanner:35f8753e6d)"kata_scanner":"kaspersky/kata/kata_scanner:35f8753e6d", -
Update the image used for service kata_scanner by running the command:
docker service update kataedr_main_1_kata_scanner --image"kaspersky/kata/kata_scanner:35f8753e6d" -
To verify that kata_scanner service runs new container, run:
docker service ls | grep kata_scannerSample output, note container version4up6sm5yetnj kataedr_main_1_kata_scanner replicated1/1kaspersky/kata/kata_scanner:35f8753e6d *:8081-8082->8081-8082/tcp
КАТА 4.1
Fixing mail processing Step-by-step guide
file_name : kata_scanner_66e20ed.tar.gz
md5 : 288ddb650ed9c08ca1fe57e188c41c67
container_name: kata_scanner
container_version: 66e20ed
service_name: kataedr_main_1_kata_scanner
-
Download a container.
-
Copy the file
kata_scanner_66e20ed.tar.gzto KATA CN. -
Check md5:
md5sum /var/opt/kaspersky/apt/files/kata_scanner_66e20ed.tar.gz -
MD5 should be
288ddb650ed9c08ca1fe57e188c41c67. After that, load the container, no need to decompress:docker load < /var/opt/kaspersky/apt/files/kata_scanner_66e20ed.tar.gzIf the load is successful, the result would be the container version, like
Loaded image: kaspersky/kata/kata_scanner:66e20ed -
Use it to change the container version in
/etc/opt/kaspersky/apt-swarm/image_versions.json.Set the correct version:"kata_scanner":"kaspersky/kata/kata_scanner:66e20ed", -
Confirm that the changes are correct and are not breaking anything:
cat /etc/opt/kaspersky/apt-swarm/image_versions.json | python -m json.tool | grep"kata_scanner:" -
Update the image used for the kata_scanner service with the new version of the container that we have just added:
docker service update kataedr_main_1_kata_scanner --image"kaspersky/kata/kata_scanner:66e20ed" -
Verify that the
kataedr_main_1_kata_scannerservice runs the new container by running:docker service ls | grep kata_scanner -
Confirm the new version tag 66e20ed:
Sample output, note container versionmtgzlqu3beny kataedr_main_1_kata_scanner replicated1/1kaspersky/kata/kata_scanner:66e20ed *:8081-8082->8081-8082/tcp
Fixing autoprevention rules for composite objects step-by-step guide
file_name : hunts-fixed-prevs.tar.gz
md5 : 604d0918ddcb8b91cac694a15d96d501
container_name: hunts_event_processor
container_version: 2610c63
service_name: kataedr_main_1_hunts_event_processor
-
Copy file
hunts-fixed-prevs.tar.gzto KATA CN (e.g via scp) -
check md5:
md5sum /var/opt/kaspersky/apt/files/hunts-fixed-prevs.tar.gz -
MD5 should be 604d0918ddcb8b91cac694a15d96d501, after that import the container, no need to decompress:
docker load < /var/opt/kaspersky/apt/files/hunts-fixed-prevs.tar.gzIf the load is successful, the result would be the the container version, like
kaspersky/kata/hunts_event_processor:2610c63 -
Change container tag in
/etc/opt/kaspersky/apt-swarm/image_versions.jsonto the new version (hunts_event_processor:0e5fabb -> hunts_event_processor:2610c63)"hunts_event_processor":"kaspersky/kata/hunts_event_processor:2610c63", -
Check that json is changed and valid (outputs the string from previous step if all is ok):
cat /etc/opt/kaspersky/apt-swarm/image_versions.json | python -m json.tool | grep 2610c63 -
Update the image used for service kata_scanner by running the command:
docker service update kataedr_main_1_hunts_event_processor --image"kaspersky/kata/hunts_event_processor:2610c63"Expected output "verify: Service converged"
-
To verify that kata_scanner service runs new container, run:
docker service ls | grep hunts_event_processorSample output, note container versionr8m0jcrtkiu0 kataedr_main_1_hunts_event_processor replicated1/1kaspersky/kata/hunts_event_processor:2610c63
Fixing dashboards step-by-step guide
For dashboards, two containers should be replaced: web_backend and clickhouse_metrics_importer.
|
Service name
|
Container name
|
Download link
|
|---|---|---|
| kataedr_main_1_web_backend | kaspersky/kata/management/management_ui/web_backend:4e30ad8 | https://box.kaspersky.com/f/d66c6aa3ebe1483c9558/?dl=1 |
| kataedr_main_1_clickhouse_metrics_importer | kaspersky/kata/clickhouse_metrics_importer:0e5fabc | https://box.kaspersky.com/f/fe0e562798fe4d1e9730/ |
Please replace them both as per instructions above.
file_name: web_backend_4e30ad8.tar.gz
md5: 9aa87ce646c28cc30f5002f837d10104
container_name: web_backend
container_version: "kaspersky/kata/management/management_ui/web_backend:4e30ad8"
service_name: kataedr_main_1_web_backend
Download a container. Check md5:
md5sum /var/opt/kaspersky/apt/files/web_backend_4e30ad8.tar.gz
|
MD5 should be 9aa87ce646c28cc30f5002f837d10104. After that, load the container:
docker load < /var/opt/kaspersky/apt/files/web_backend_4e30ad8.tar.gz
|
If the load is successful, the result would be the container version, like
Loaded image: kaspersky/kata/management/management_ui/web_backend:4e30ad8
|
Use it to change the container version in /etc/opt/kaspersky/apt-swarm/image_versions.json. Set the correct version:
"web_backend": "kaspersky/kata/management/management_ui/web_backend:4e30ad8",
|
Confirm that the changes are correct and are not breaking anything:
cat /etc/opt/kaspersky/apt-swarm/image_versions.json | python -m json.tool | grep "web_backend:"
|
Reload the docker service with the new version of the container that we have just added:
docker service update kataedr_main_1_web_backend --image "kaspersky/kata/management/management_ui/web_backend:4e30ad8"
|
Verify that the kataedr_main_1_web_backend service runs the new container by running:
docker service ls | grep kataedr_main_1_web_backend
|
Confirm the new version tag 4e30ad8:
5nb5ghavmtl5 kataedr_main_1_web_backend replicated 1/1 kaspersky/kata/management/management_ui/web_backend:4e30ad8
|
KSMG
You should add vacuum command to the crontab and run it every 6 hours
Cron scheduler should be added similar to this (under root):
For KSMG 2.0.1 there is no need to add this command to cron.
KSMG 2.0
$ sudo -i
# crontab -e
# Run at minute 0 past every 6th hour:
0 */6 * * * /opt/kaspersky/ksmg/libexec/postgresql/psql -h /var/run/ksmg -U kluser -d kata_quarantine -c 'vacuum full;'
KSMG 1.1.2.30
$ sudo -i
# crontab -e
# Run at minute 0 past every 6th hour:
0 */6 * * * /opt/kaspersky/klms/libexec/postgresql/psql -h /var/run/klms -U kluser -d kata_quarantine -c 'vacuum full;'
0 Comments
Recommended Comments
There are no comments to display.
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now