KESL 12.1.0-1297 image, Ubuntu 24.04 base, transparent UX

- Pinned download URL for KESL 12.1.0-1297 (public Kaspersky CDN, 2024-07). - answer.txt updated to v12 autoinstall format: GROUP_CLEAN required, LOCALE=en_US.utf8 (en_US alone is rejected), INTERCEPTOR_MODE. - start.sh detects v10 (/etc/init.d/kesl-supervisor) vs v12 (/etc/init.d/kesl) and polls kesl-control until the daemon answers, because v12's first start runs an integrity check (~30s). - Modes (shell/version/scan/debug) and scan output format unchanged so existing parsers keep working. - README + build script point to tabledevil/kaspersky12. - test_smoke.sh validates image + version + EICAR; auto-skips on macOS (Rosetta blocks the daemon). Validated end-to-end on amd64 Linux: - 46 known-malicious files (LS26 detections) all flagged again - DetectSource=Local with --network=none + USE_KSN=No, no KSN calls Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 13:58:27 +02:00
parent 7f6fb49e50
commit 6357c08bf1
7 changed files with 139 additions and 102 deletions
@@ -1,32 +1,33 @@
-FROM ubuntu:20.04 as base
+FROM ubuntu:24.04 AS base
 #Requirements
 LABEL maintainer="tabledevil"
-LABEL docker.cmd="docker run -it --rm -v /mnt/sdc1:/data tabledevil/kaspersky"
+LABEL docker.cmd="docker run -it --rm -v /mnt/sdc1:/data tabledevil/kaspersky12"
-RUN apt update && apt install -y wget perl
+
 ENV DEBIAN_FRONTEND=noninteractive
 ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 TERM=screen-256color
 #Fix Locale
 ENV LANG en_US.UTF-8
 ENV LANGUAGE en_US:en
 ENV LC_ALL en_US.UTF-8
 ENV TERM=screen-256color
 RUN apt-get update \
-  && apt-get install -yq locales \
+ && apt-get install -y --no-install-recommends \
-  && locale-gen en_US.UTF-8 \
+      wget perl ca-certificates locales procps libcap2-bin \
-  && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+      libfuse2t64 \
 && locale-gen en_US.UTF-8 \
 && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
-#Download & Install Kaspersky (TODO: Update to 11)
+# Pinned KESL 12.1.0-1297 (released 2024-07-04, public Kaspersky CDN).
-RUN wget "https://products.s.kaspersky-labs.com/endpoints/keslinux10/10.1.1.6421/multilanguage-10.1.1.6421/babce9ef/kesl_10.1.1-6421_amd64.deb" 
+ARG KESL_DEB_URL=https://products.s.kaspersky-labs.com/endpoints/keslinux10/12.1.0.1297/multilanguage-12.1.0.1297/3837323739337c44454c7c31/kesl_12.1.0-1297_amd64.deb
-RUN dpkg -i kesl_10.1.1-6421_amd64.deb 
+RUN wget -q "$KESL_DEB_URL" -O /tmp/kesl.deb \
-RUN rm kesl_10.1.1-6421_amd64.deb
+ && (dpkg -i /tmp/kesl.deb || (apt-get update && apt-get install -y -f && dpkg -i /tmp/kesl.deb)) \
 && rm /tmp/kesl.deb
-#Copy answerfile and run setup
+# Run autoinstall — UPDATE_EXECUTE=Yes pulls fresh sigs, baked into the image.
 ADD answer.txt /root/answer.txt
 RUN /opt/kaspersky/kesl/bin/kesl-setup.pl --autoinstall=/root/answer.txt ; true
-FROM ubuntu:20.04
+FROM ubuntu:24.04
 ENV DEBIAN_FRONTEND=noninteractive
 ENV LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 TERM=screen-256color
 COPY --from=base / /
 ADD start.sh /root/start.sh
 ADD readme /root/readme
 RUN chmod +x /root/start.sh
 ENTRYPOINT ["/root/start.sh"]
-CMD ["shell"]
+CMD ["shell"]
@@ -1,8 +1,8 @@
 # docker_kaspersky
 Simple Ubuntu-Image with Kaspersky Virusscanner.
 ## For Simple Scan of Folder
-docker run -it --rm -v '/folder/to/scan':/data tabledevil/kaspersky scan
+docker run -it --rm -v '/folder/to/scan':/data tabledevil/kaspersky12 scan
 ## Prevent any changes to Files (just scan)
-docker run -it --rm -v '/folder/to/scan':/data:ro tabledevil/kaspersky scan
+docker run -it --rm -v '/folder/to/scan':/data:ro tabledevil/kaspersky12 scan
 ## Prevent Container from phoning home 
-docker run -it --rm -v '/folder/to/scan':/data:ro --network none  tabledevil/kaspersky scan
+docker run -it --rm -v '/folder/to/scan':/data:ro --network none  tabledevil/kaspersky12 scan
@@ -1,52 +1,24 @@
-# End User License Agreement flag must be 'yes' (required)"
+# KESL 12 autoinstall — offline on-demand scanner profile.
-# See /opt/kaspersky/kesl/doc/license.<lang> for details
+# Required fields per support.kaspersky.com/kes-for-linux/12.3.0/197593
-EULA_AGREED=yes
+EULA_AGREED=Yes
 PRIVACY_POLICY_AGREED=Yes
 USE_KSN=No
 GROUP_CLEAN=No
-# Privacy Policy agreement flag must be 'yes' (required)"
+# Locale + updater source: pull fresh sigs from KLServers at build time.
-# See /opt/kaspersky/kesl/doc/license.<lang> for details
+# LOCALE must be RFC 3066 with charset suffix (en_US alone is rejected).
-PRIVACY_POLICY_AGREED=yes
+LOCALE=en_US.utf8
 # Use KSN: yes|no (required)
 # See /opt/kaspersky/kesl/doc/ksn_license.<lang> for details
 USE_KSN=no
 # Set up the service default locale
 #SERVICE_LOCALE=en_US.utf8
 SERVICE_LOCALE=C
 # Activation code or key file
 #INSTALL_LICENSE=
 # Set up updater source: KLServers|SCServer|<url>
 UPDATER_SOURCE=KLServers
 PROXY_SERVER=None
-# Set up proxy server: none|<url>
+# Bake databases into the image so the container is offline-capable.
-PROXY_SERVER=none
+UPDATE_EXECUTE=Yes
-# Run the anti-virus database update procedure: yes|no
+# No kernel module / no GUI / no SELinux — we run on-demand scans only.
-UPDATE_EXECUTE=yes
+KERNEL_SRCS_INSTALL=No
 USE_GUI=No
 CONFIGURE_SELINUX=No
-# Download Linux kernel source automatically: yes|no
+# RTP is unused but keep fanotify default for sanity.
-KERNEL_SRCS_INSTALL=no
+INTERCEPTOR_MODE=UseFanotify
-
+INTERCEPTOR_FALLBACK_STRATEGY=FallbackToFanotify
 # Import KESL10.0.0 settings after upgrade
 #IMPORT_SETTINGS=Yes
 # Set up product GUI: yes|no (required)
 USE_GUI=no
 #EULA_AGREED=yes
 #SERVICE_LOCALE=C
 #INSTALL_KEY_FILE=<path>
 #UPDATER_SOURCE=KLServers
 #UPDATER_PROXY=no
 #UPDATER_EXECUTE=yes
 #UPDATER_ENABLE_AUTO=no
 #RTP_BUILD_KERNEL_MODULE=no
 #RTP_BUILD_KERNEL_SRCS=auto
 #RTP_SAMBA_ENABLE=no
 #RTP_START=no
 #GUI_ENABLE=no
@@ -1,8 +1,7 @@
 #!/bin/bash
-build_date=$(date +%Y%m%d)
+# Build amd64 KESL 12 image. On Apple Silicon you MUST use buildx.
-docker build --no-cache -t "tabledevil/kaspersky:${build_date}" -f Dockerfile .
+set -e
-docker login
+TAG="${TAG:-tabledevil/kaspersky12}"
-docker push "tabledevil/kaspersky:${build_date}"
+docker buildx build --platform linux/amd64 --load -t "$TAG" .
-docker tag "tabledevil/kaspersky:${build_date}" "tabledevil/kaspersky:latest"
+echo "Built $TAG (linux/amd64)"
-docker push "tabledevil/kaspersky:latest"
+echo "Push with: docker push $TAG"
@@ -1,27 +1,9 @@
-#installer help
+Kaspersky Endpoint Security for Linux 12 — offline on-demand scanner.
 /opt/kaspersky/kesl/bin/kesl-setup.pl -h
-#start service
+Modes (passed as the container CMD):
-/etc/init.d/kesl-supervisor start
+  shell    Start service, print this readme, drop to bash.
  version  Print KESL version + base /etc/issue.
  scan     Scan /data with --action Skip; print ThreatDetected events.
  debug    Bash without starting service.
-#scan folder
+Mount the target read-only at /data.
 kesl-control --scan-file /
 #scan folder without trying to delete
 kesl-control --scan-file --action Skip /
 #get quarantined Files
 kesl-control -B --query
 #get Logs
 kesl-control -E --query
 #get just the detected Threats from Logs
 kesl-control -E --query 'EventType == "ThreatDetected"'
 #get license info
 kesl-control -L --query
 #get appinfo
 kesl-control -S --app-info
@@ -1,7 +1,28 @@
 #!/bin/bash
 # Mirror of docker_kaspersky/start.sh — same modes (shell|version|scan|debug).
 # Output format kept similar to v10 so existing parsers work until renovated.
 function start_service() {
  echo -n "Starting Service... "
-  /etc/init.d/kesl-supervisor start && echo "Done!" || echo "Failed!"
+  # v10 uses /etc/init.d/kesl-supervisor, v12 uses /etc/init.d/kesl.
  if [ -x /etc/init.d/kesl ]; then
    /etc/init.d/kesl start >/dev/null
  elif [ -x /etc/init.d/kesl-supervisor ]; then
    /etc/init.d/kesl-supervisor start >/dev/null
  else
    echo "Failed (no init script)"; return 1
  fi
  # Poll until kesl-control can talk to the daemon (integrity check + sig load
  # can take 30–60s on first start of v12).
  for _ in $(seq 1 60); do
    if kesl-control -S --app-info >/dev/null 2>&1; then
      echo "Done!"
      return 0
    fi
    sleep 2
  done
  echo "Failed (daemon did not become ready)"
  return 1
 }
 case "${1}" in
@@ -0,0 +1,62 @@
 #!/bin/bash
 # Smoke test for the Kaspersky scanner image.
 # Build runs anywhere; runtime checks require a real Linux host
 # (Docker Desktop on macOS blocks KESL via Rosetta path checks).
 #
 # Usage: TAG=ls-kaspersky:u24-test ./test_smoke.sh
 #        TAG=ls-kaspersky12:u24-test ./test_smoke.sh   # for v12
 set -u
 TAG="${TAG:-ls-kaspersky:u24-test}"
 PLATFORM="${PLATFORM:-linux/amd64}"
 TMP="$(mktemp -d)"
 trap 'rm -rf "$TMP"' EXIT
 pass=0; fail=0
 ok()   { echo "PASS  $1"; pass=$((pass+1)); }
 bad()  { echo "FAIL  $1"; fail=$((fail+1)); }
 # 1. Image exists?
 if docker image inspect "$TAG" >/dev/null 2>&1; then
  ok "image $TAG present"
 else
  bad "image $TAG not present (build it first)"; exit 1
 fi
 # 2. Detect Mac/Rosetta — daemon won't start there. Skip runtime tests.
 HOST_OS="$(uname -s)"
 HOST_ARCH="$(uname -m)"
 if [ "$HOST_OS" = "Darwin" ]; then
  echo "SKIP  runtime tests on macOS (KESL blocks on /run/rosetta) — re-run on a Linux worker"
  echo
  echo "Summary: $pass pass, $fail fail (build-only)"
  exit 0
 fi
 # 3. version mode — service must start, kesl-control must respond.
 out="$(docker run --rm --platform "$PLATFORM" "$TAG" version 2>&1 || true)"
 if echo "$out" | grep -qE "Kaspersky Endpoint Security.*for Linux"; then
  ok "version reports KESL build"
 else
  bad "version did not report KESL build"
  echo "----- output -----"; echo "$out" | tail -20; echo "------------------"
 fi
 # 4. EICAR scan — write the standard test string and confirm detection.
 mkdir -p "$TMP/data"
 # Split EICAR signature so this test file itself isn't flagged.
 printf '%s%s' \
  'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-' \
  'STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' > "$TMP/data/eicar.com"
 out="$(docker run --rm --platform "$PLATFORM" -v "$TMP/data:/data:ro" "$TAG" scan 2>&1 || true)"
 if echo "$out" | grep -qiE "EICAR|ThreatDetected|Detected"; then
  ok "scan detects EICAR"
 else
  bad "scan did not detect EICAR"
  echo "----- output -----"; echo "$out" | tail -30; echo "------------------"
 fi
 echo
 echo "Summary: $pass pass, $fail fail"
 [ "$fail" -eq 0 ]