KSMG and KATA 4.0/4.1 integration: private fix [KATA/KEDRE]

[Antipova Anna]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

KATA 4.0/4.1 is compatible with KSMG 2.0, KSMG 1 and KLMS 8.0.3.

Second thing to notice is that KSMG integration has a few bugs on KATA side. Thankfully, all known issues are fixed in a PF, which is recommended for all who integrate KSMG/KLMS and KATA4.

KATA4.0

Step-by-step guide

Download container with fix.
file_name : kata_scanner_35f8753e6d.tar.gz
md5 :  2adb09c0bd13dfc03c6a5c8980dde4ff
container_name:  kata_scanner
container_version:  kata_scanner:35f8753e6d
service_name: kataedr_main_1_kata_scanner

Copy file kata_scanner_35f8753e6d.tar.gz to KATA CN

1. check md5:

   md5sum /var/opt/kaspersky/apt/files/kata_scanner_35f8753e6d.tar.gz

2. MD5 should be 2adb09c0bd13dfc03c6a5c8980dde4ff, after that import the container, no need to decompress:

   docker load < /var/opt/kaspersky/apt/files/kata_scanner_35f8753e6d.tar.gz

   If the load is successful, the result would be the the container version, like

   kaspersky/kata/kata_scanner:35f8753e6d

3. Change container tag in /etc/opt/kaspersky/apt-swarm/image_versions.json to the new version (kata_scanner:bb3be18444 -> kata_scanner:35f8753e6d)

   "kata_scanner": "kaspersky/kata/kata_scanner:35f8753e6d",

4. Update the image used for service kata_scanner by running the command:

   docker service update kataedr_main_1_kata_scanner --image "kaspersky/kata/kata_scanner:35f8753e6d"

5. To verify that kata_scanner service runs new container, run:

   docker service ls | grep kata_scanner

   Sample output, note container version

   4up6sm5yetnj   kataedr_main_1_kata_scanner                       replicated   1/1        kaspersky/kata/kata_scanner:35f8753e6d                       *:8081-8082->8081-8082/tcp

КАТА 4.1

Fixing mail processing Step-by-step guide

Download container with fix.
file_name : kata_scanner_66e20ed.tar.gz
md5 :  288ddb650ed9c08ca1fe57e188c41c67
container_name:  kata_scanner
container_version:  66e20ed
service_name: kataedr_main_1_kata_scanner

Step-by-step: kata_scanner

1. Download a container.

2. Copy the  file kata_scanner_66e20ed.tar.gz to KATA CN.

3. Check md5:

   md5sum /var/opt/kaspersky/apt/files/kata_scanner_66e20ed.tar.gz

4. MD5 should be 288ddb650ed9c08ca1fe57e188c41c67. After that, load the container, no need to decompress:

   docker load < /var/opt/kaspersky/apt/files/kata_scanner_66e20ed.tar.gz

   If the load is successful, the result would be the container version, like

   Loaded image: kaspersky/kata/kata_scanner:66e20ed

5. Use it to change the container version in  /etc/opt/kaspersky/apt-swarm/image_versions.json. Set the correct version:

   "kata_scanner": "kaspersky/kata/kata_scanner:66e20ed",

6. Confirm that the changes are correct and are not breaking anything:

   cat /etc/opt/kaspersky/apt-swarm/image_versions.json | python -m json.tool | grep "kata_scanner:"

7. Update the image used for the kata_scanner service with the new version of the container that we have just added:

   docker service update kataedr_main_1_kata_scanner --image "kaspersky/kata/kata_scanner:66e20ed"

8. Verify that the kataedr_main_1_kata_scanner service runs the new container by running:

   docker service ls | grep kata_scanner

9. Confirm the new version tag 66e20ed:

   Sample output, note container version

   mtgzlqu3beny   kataedr_main_1_kata_scanner                       replicated   1/1        kaspersky/kata/kata_scanner:66e20ed                       *:8081-8082->8081-8082/tcp

Fixing autoprevention rules for composite objects step-by-step guide

Download container with fix.
file_name : hunts-fixed-prevs.tar.gz
md5 :  604d0918ddcb8b91cac694a15d96d501
container_name:  hunts_event_processor
container_version:  2610c63
service_name: kataedr_main_1_hunts_event_processor

1. Copy file hunts-fixed-prevs.tar.gz to KATA CN (e.g via scp)

2. check md5:

   md5sum /var/opt/kaspersky/apt/files/hunts-fixed-prevs.tar.gz

3. MD5 should be 604d0918ddcb8b91cac694a15d96d501, after that import the container, no need to decompress:

   docker load < /var/opt/kaspersky/apt/files/hunts-fixed-prevs.tar.gz

   If the load is successful, the result would be the the container version, like

   kaspersky/kata/hunts_event_processor:2610c63

4. Change container tag in /etc/opt/kaspersky/apt-swarm/image_versions.json to the new version (hunts_event_processor:0e5fabb -> hunts_event_processor:2610c63)

   "hunts_event_processor": "kaspersky/kata/hunts_event_processor:2610c63",

5. Check that json is changed and valid (outputs the string from previous step if all is ok):

   cat /etc/opt/kaspersky/apt-swarm/image_versions.json | python -m json.tool | grep 2610c63

6. Update the image used for service kata_scanner by running the command:

   docker service update kataedr_main_1_hunts_event_processor --image "kaspersky/kata/hunts_event_processor:2610c63"

   Expected output "verify: Service converged"

7. To verify that kata_scanner service runs new container, run:

   docker service ls | grep hunts_event_processor

   Sample output, note container version

   r8m0jcrtkiu0   kataedr_main_1_hunts_event_processor              replicated   1/1        kaspersky/kata/hunts_event_processor:2610c63

Fixing dashboards step-by-step guide

For dashboards, two containers should be replaced: web_backend and clickhouse_metrics_importer.

Service name	Container name	Download link
kataedr_main_1_web_backend	kaspersky/kata/management/management_ui/web_backend:4e30ad8	https://box.kaspersky.com/f/d66c6aa3ebe1483c9558/?dl=1
kataedr_main_1_clickhouse_metrics_importer	kaspersky/kata/clickhouse_metrics_importer:0e5fabc	https://box.kaspersky.com/f/fe0e562798fe4d1e9730/

Please replace them both as per instructions above.

This cumulative fix container should be applied to all installations. https://box.kaspersky.com/f/d66c6aa3ebe1483c9558/?dl=1

file_name: web_backend_4e30ad8.tar.gz
md5: 9aa87ce646c28cc30f5002f837d10104
container_name: web_backend
container_version: "kaspersky/kata/management/management_ui/web_backend:4e30ad8"
service_name: kataedr_main_1_web_backend

Step-by-step: web_backend

Download a container. Check md5:

md5sum /var/opt/kaspersky/apt/files/web_backend_4e30ad8.tar.gz

MD5 should be 9aa87ce646c28cc30f5002f837d10104. After that, load the container:

docker load < /var/opt/kaspersky/apt/files/web_backend_4e30ad8.tar.gz

If the load is successful, the result would be the container version, like

Loaded image: kaspersky/kata/management/management_ui/web_backend:4e30ad8

Use it to change the container version in  /etc/opt/kaspersky/apt-swarm/image_versions.json. Set the correct version:

"web_backend": "kaspersky/kata/management/management_ui/web_backend:4e30ad8",

Confirm that the changes are correct and are not breaking anything:

cat /etc/opt/kaspersky/apt-swarm/image_versions.json | python -m json.tool | grep "web_backend:"

Reload the docker service with the new version of the container that we have just added:

docker service update kataedr_main_1_web_backend --image "kaspersky/kata/management/management_ui/web_backend:4e30ad8"

Verify that the kataedr_main_1_web_backend service runs the new container by running:

docker service ls | grep  kataedr_main_1_web_backend

Confirm the new version tag 4e30ad8:

Sample output, note container version

5nb5ghavmtl5   kataedr_main_1_web_backend                        replicated   1/1        kaspersky/kata/management/management_ui/web_backend:4e30ad8

KSMG

You should add vacuum command to the crontab and run it every 6 hours 

Cron scheduler should be added similar to this (under root):

For KSMG 2.0.1 there is no need to add this command to cron.

KSMG 2.0
$ sudo -i

# crontab -e

# Run at minute 0 past every 6th hour:

0 */6 * * * /opt/kaspersky/ksmg/libexec/postgresql/psql -h /var/run/ksmg -U kluser -d kata_quarantine -c 'vacuum full;'

 

KSMG 1.1.2.30

$ sudo -i

# crontab -e

# Run at minute 0 past every 6th hour:

0 */6 * * *  /opt/kaspersky/klms/libexec/postgresql/psql -h /var/run/klms -U kluser -d kata_quarantine -c 'vacuum full;'