Managing Kaspersky Endpoint Agent for Linux using the command line

You can use the command line interface to run individual commands of Kaspersky Endpoint Agent for Linux.

The command line interface functionality is provided by the lenactl utility. This utility is included in the application distribution kit and is installed on each workstation in the /opt/kaspersky/epagent/sbin/ directory.

To run application commands on the command line:

1. Run the command line terminal on the device.
2. Enter the following command: export PATH="$PATH:/opt/kaspersky/epagent/sbin/".
3. Press Enter.

   Now you can evoke the lenactl utility without specifying the path to the file.

4. Enter the command in the following format: lenactl --param1 value
5. Press Enter.

The command is executed.

The complete list of options and corresponding values is provided below.

Main commands of the application

--product

This option is used to run or stop the application and to display its current state.

Allowed values:

• --product start runs the unloaded application; this command runs the stopped service of the application
• --product stop stops the running application; this command stops the running service of the application
• --product state writes the current state of the application ("running" or "stopped") to the console

--update

This option lets you perform a single update of the application databases and modules.

Allowed values and additional options:

• --update updates program databases from Kaspersky servers
• --update <update_source> updates application databases from the specified source
• --update --app updates databases and modules of the application from Kaspersky servers
• --update <update_source> --app updates databases and modules of the application from the specified source

--local-update-task

This option updates application databases and modules on a schedule using a local task.

The local update task is created automatically when the application is run for the first time. By default, the task is in an inactive state. When an update task is created using Kaspersky Security Center, the local task is automatically and permanently deleted.

Allowed values and additional options:

• --local-update-task enable-schedule to enable hourly updates of application databases from Kaspersky servers.
• --local-update-task --app enable-schedule to enable hourly updates of application databases and modules from Kaspersky servers.
• --local-update-task disable-schedule to disable hourly updates of application databases from Kaspersky servers.
• --local-update-task --app disable-schedule to disable hourly updates of application databases and modules from Kaspersky servers.
• --local-update-task <update_source> to update application databases from the specified source.

--proxy

This option lets you use a proxy server.

Kaspersky Endpoint Agent for Linux does not encrypt the connection with the proxy server. You must take steps to make sure the network connection between your proxy server and Kaspersky Endpoint Agent for Linux is secure.

Allowed values and additional options:

• --server — address of the proxy server
• --port — port of the proxy server
• --user — name of the proxy server user (optional)
• --password — password of the proxy server (if user name is specified)
• --use-for-local — use the proxy server for local addresses

--traces

This option is used to manage trace files of the application.

All files in the trace file directory are considered to be trace files.

Allowed values and additional options:

• --traces --on turns on the trace file collection mode
• --traces --off turns off the trace file collection mode
• --traces --clear deletes all trace files in a directory
• --traces --copyto <path to a directory> copies trace files to the specified directory

The systemd-journald system logging service can be active independently of the application and can maintain its own operation logs. This may slow down the interaction of the application with trace files and reduce available disk space.

To turn off audit logs of the systemd-journald system service:

1. systemctl mask systemd-journald-audit.socket
2. systemctl restart systemd-journald

--help

This option displays a command line option reference text.

Commands for configuring the interaction of the program with the EDR server

--servers

This option lets you specify the address and port of the EDR server.

The arguments can be represented by a semicolon-separated list of server:port pairs. Multiple server:port pairs can be passed to the input, however the application ignores all pairs except the first in the list.

Default value: none.

--timeout

This option lets you specify the timeout of the connection to the EDR server in milliseconds.

The argument can be represented by a number.

Default value: 100,000.

--sync-period

This option lets you specify the synchronization period with the EDR server in seconds.

The argument can be represented by a number; the allowed range is 5-3,600.

Default value: 300.

--send-packet-period

This option lets you specify the frequency with which telemetry packets are sent.

Argument: number; allowed range: 5-999.

Default value: 30

--max-events-per-packet

This option lets you specify the maximum number of events in a telemetry packet.

Argument: number; allowed range: 5-10,000

Default value: 1,024.

--compression

This option lets you apply compression.

Arguments: <yes|no>.

Default value: no.

--tls

This option lets you apply TLS encryption.

Arguments: <yes|no>.

Default value: no.

--pinned-certificate

This option lets you specify the path to the public part of the server certificate.

Argument: <path to public part of server pinned certificate>.

Default value: none.

--client-certificate

This option lets you specify the path to the container with the client certificate.

Argument: <path to client certificate>.

Default value: none.

--client-password

This option lets you specify the password of the container with the client certificate.

Argument: <password>.

Default value: none.