Reinforcing the security of computers with application components installed

After installing Kaspersky Industrial CyberSecurity for Networks, it is recommended to reinforce the security of the operating systems on computers that have application components installed. To reinforce security, you can use the application components centralized installation script named kics4net-deploy-<application version number>.bundle.sh or locally run the kics4net-harden.sh script, which is located on the computer with the installed application component in the /opt/kaspersky/kics4net/sbin/ folder.

You can use the script to perform the following actions:

• Enable prevention of the startup of operating system services that are not required for the operation of application components (for example, avahi-daemon and cups).
• Change the network configuration settings that impact the security of the operating system (for example, enable prevention of redirected network packet processing over the ICMP protocol).

The centralized application components installation script performs actions that harden the security on all computers that have application components installed.

To reinforce security, this script uses the centralized installation settings file that was saved on the computer. If the centralized installation settings file on this computer is corrupt or missing from its original folder, the script searches for a copy of the file on the computer and on other computers that have application components installed.

To reinforce security of computers using the kics4net-deploy-<application version>.bundle.sh script:

1. On the computer from which the centralized installation performed, go to the folder with the unpacked files of scripts and packages for installing, verifying and removing application components, included in the distribution kit. The files are located in the kics4net-release_<application version>/linux-centos subfolder.
2. Enter the following command:

   bash kics4net-deploy-<application version>.bundle.sh --harden <setting>

   where <parameter> is one of the following startup parameters:

   • -s enables prevention of the startup of operating system services.
   • -n modifies the network configuration settings.
   • -a enables prevention of the startup of operating system services and modifies the network configuration settings.
3. In the SSH password and BECOME password prompts, enter the password for the user account that is running the centralized installation.

Wait for completion of the script kics4net-deploy-<application version number>.bundle.sh. If it completes successfully, information is displayed about the actions performed on computers with application components installed.