Integrity check of KUMA files

You can check the integrity of KUMA components in the following ways:

• Manually, by running the script below
• On a schedule or automatically at application startup, with results recorded in the system log

Manual integrity check

The integrity of KUMA components is checked using a set of scripts based on the integrity_checker tool and located in the/opt/kaspersky/kuma/integrity/bin directory. An integrity check uses manifest xml files in the/opt/kaspersky/kuma/integrity/manifest/* directory, protected by a Kaspersky cryptographic signature.

Running the integrity check tool requires a user account with permissions at least matching those of the KUMA account.

The integrity check tool processes each KUMA component individually, and it must be run on servers that has the appropriate components installed. An integrity check also checks the xml file that was used.

To check the integrity of component files:

1. Run the following command to navigate to the directory that contains the set of scripts:

   cd /opt/kaspersky/kuma/integrity/bin

2. Then run one of the following commands that matches the KUMA component you want to check:
   • ./check_all.sh for KUMA Core and Storage components.
   • ./check_core.sh for KUMA Core components.
   • ./check_collector.sh for KUMA collector components.
   • ./check_collector.sh for KUMA correlator components.
   • ./check_storage.sh for storage components.
   • ./check_event_router.sh for event router components.
   • ./check_kuma_exe.sh <full path to kuma.exe omitting file name> for KUMA Agent for Windows. The standard location of the agent executable file on the Windows device is: C:\Program Files\Kaspersky Lab\KUMA\.

The integrity of the component files is checked.

The result of checking each component is displayed in the following format:

• The Summary section describes the number of scanned objects along with the scan status: integrity not confirmed / object skipped / integrity confirmed:
  • Manifests – the number of manifest files processed.
  • Files – the number of KUMA files processed.
  • Directories – not used when KUMA integrity checking is performed.
  • Registries – not used when KUMA integrity checking is performed.
  • Registry values – not used when KUMA integrity checking is performed.
• Component integrity check result:
  • SUCCEEDED – integrity confirmed.
  • FAILED – integrity violated.

On a schedule or automatically at application startup

KUMA is a distributed, multi-component solution, and the location of its components on hosts is not known before the installation stage, therefore the configuration of the automatic integrity check of the components cannot be provided with the distribution kit and must be configured at the deployment stage.

We recommend checking the integrity of KUMA components when starting the application and on a schedule. We recommend scheduling an integrity check once a day. You can do this using scripts included in the distribution kit:

• manual_integrity_check.sh

  The script checks the integrity of all components or selected components. You can configure the scheduled integrity check with third-party applications and utilities, such as the cron utility. You can also run this script to manually check the integrity of components.

• systemd_integrity_check.sh

  Use this script to self-test the integrity of application components at startup. To add automatic integrity checking, run this script on each host where KUMA components are installed. The script should be run once. The integrity of the component is checked every time the KUMA service is started or restarted.

  If, after deployment, you add new KUMA services (for example, a new collector), run the systemd_integrity_check.sh script on the hosts with the new services. Otherwise, the integrity of the new components will not be checked at startup.

  If the check cannot verify the integrity of the component, the component does not run. KUMA will keep trying to start the service after checking its integrity. The results of the check are recorded in the system audit log. In this situation, either stop the service or eliminate the cause of the integrity violation.

Prerequisites

Before running the scripts:

• Move the script files to the /opt/kaspersky/kuma/integrity/bin/ directory.
• Grant the necessary permissions to run scripts to the 'kuma' user. To do so, run the following commands:

  chown kuma:kuma ./systemd_integrity_check.sh

  chmod +x ./systemd_integrity_check.sh

  chown kuma:kuma ./manual_integrity_check.sh

  chmod +x ./manual_integrity_check.sh

Running scripts

manual_integrity_check.sh

To check the integrity of the components, run the script on the host where the KUMA components are installed:

/opt/kaspersky/kuma/integrity/bin# ./manual_integrity_check.sh --core --collector --eventRouter --correlator --storage

This script checks the integrity of components which you specify in command line options. If you do not specify any components, the script checks all components.

systemd_integrity_check.sh

To add an automatic integrity check of application components at startup or on restart of the KUMA service, run the following command:

/opt/kaspersky/kuma/integrity/bin# ./systemd_integrity_check.sh

Both scripts log the results of component integrity checks in the system audit log. To view the log, use the dmesg command:

sudo dmesg

Page top