Installation on Linux systems

This section describes the process of installing Kaspersky CyberTrace on Linux systems.

After installation, make sure that only users with administrator rights have access to the folder where Kaspersky CyberTrace is installed.

We also recommend that you install and run anti-virus software before installing Kaspersky CyberTrace.

Installation methods

On Linux systems, you can install Kaspersky CyberTrace by three methods:

• RPM installation

  In this type of installation, you run the installation script, run.sh. The installation script installs the RPM package and runs the configurator. The configurator generates certificates for Kaspersky CyberTrace Web and configures the Elasticsearch indicator database.

• DEB installation

  The same as RPM installation.

• TGZ installation

  In this type of installation, you manually unpack the TGZ archive to the /opt/kaspersky/ktfs directory and create symbolic links for configuration files and startup scripts. You must then manually run the configurator binary file and accept the End User License Agreement.

  If you do not run the configurator after performing the TGZ installation, Kaspersky CyberTrace will not work. You must accept the End User License Agreement.

RPM installation

Kaspersky CyberTrace is installed in the /opt/kaspersky/ktfs directory. This directory is called %service_dir% in this document.

The user account that performs the RPM installation must have root privileges.

To perform the RPM installation of Kaspersky CyberTrace:

1. Unpack the distribution kit contents to any directory on your system. In the following command, substitute %temp_dir% with this directory and %VERSION% with the version of the installation package.

   tar -C %temp_dir% -xvzf Kaspersky_CyberTrace-Linux-x86_64-%VERSION%-Release-RPM.tar.gz --no-same-owner

   The RPM package, installation script, and documentation will be unpacked to this directory.

   The archive can have a different name, for example, %SIEM%-rpm.tar.gz. You can either use the existing name or rename the archive by using the mv command.

2. Run the installation script:

   ./run.sh install

   The installation script will install the RPM package and add Feed Service to the list of services by using chkconfig. Feed Service will start automatically on system boot.

   After the RPM package is installed, the installation script automatically runs the configurator.

3. In the configurator, accept the End User License Agreement.

   For more information about using the configurator, see subsection "Interactive setup with the configurator" below.

   If you interrupt the configuration process, you can resume it by running the following command: /opt/kaspersky/ktfs/bin/configure –i.

4. Perform the post-installation configuration by using the Initial Setup Wizard.

DEB installation

Kaspersky CyberTrace is installed in the /opt/kaspersky/ktfs directory. This directory is called %service_dir% in this document.

The user account that performs the DEB installation must have root privileges.

To perform the DEB installation of Kaspersky CyberTrace:

1. Unpack the distribution kit contents to any directory on your system. In the following command, substitute %temp_dir% with this directory and %VERSION% with the version of the installation package.

   tar -C %temp_dir% -xvzf Kaspersky_CyberTrace-Linux-x86_64-%VERSION%-Release-DEB.tar.gz --no-same-owner

   The DEB package, installation script, and documentation will be unpacked to this directory.

   The archive can have a different name, for example, %SIEM%-deb.tar.gz. You can either use the existing name or rename the archive by using the mv command.

2. Run the installation script:

   ./run.sh install

   The installation script will install the DEB package and add Feed Service to the list of services started on boot by systemd. Feed Service will start automatically on system boot.

3. After the DEB package is installed, the installation script automatically runs the configurator.
4. In the configurator, accept the End User License Agreement.

   For more information about using the configurator, see subsection "Interactive setup with the configurator" below.

   If you interrupt the configuration process, you can resume it by running the following command: /opt/kaspersky/ktfs/bin/configure –i.

5. Perform the post-installation configuration by using the Initial Setup Wizard.

TGZ installation

To perform the TGZ installation of Kaspersky CyberTrace:

1. Unpack the archive. The directory to which you unpack the archive is called %service_dir% in this document. To do this, run the following command:

   tar -C %service_dir% -xvzf Kaspersky_CyberTrace-Linux-x86_64-%VERSION%-Release.tar.gz --strip-components=1

2. Create the cybertrace_db account for the database service and set its login shell to /bin/nologin:

   id -u cybertrace_db > /dev/null 2>&1 || useradd -M cybertrace_db -d %service_dir%/db -s /sbin/nologin

3. Make cybertrace_db the owner of the database directory:

   chown -R cybertrace_db %service_dir%/db

4. Increase the system limit on the maximum number of memory regions allocated to a process:

   echo 'vm.max_map_count=262144' > /etc/sysctl.d/98-elasticsearch.conf && sysctl --system

5. Increase the limit on the maximum number of open files:

   echo -e "cybertrace_db\t-\tnofile\t65535" > /etc/security/limits.d/10-cybertrace.conf

6. Create a symlink for the database service:

   ln -s $%service_dir%/etc/systemd/system/cybertrace_db.service /etc/systemd/system/cybertrace_db.service

7. Create a symlink for the Kaspersky CyberTrace service:

   ln -s $%service_dir%/etc/systemd/system/cybertrace.service /etc/systemd/system/cybertrace.service

8. Reload the systemd daemon to make it reread the list of services:

   systemctl daemon-reload

9. Allow Kaspersky CyberTrace databases and services in systemd:

   systemctl enable cybertrace_db.service && systemctl enable cybertrace.service

10. Run the configurator:

    %service_dir%/bin/configure -i

11. Launch Kaspersky CyberTrace service:

    systemctl start cybertrace

12. Perform the post-installation configuration by using the Initial Setup Wizard.

Interactive setup with the configurator

To perform the interactive setup with the configurator:

1. In the configurator, accept the End User License Agreement:

   Use the PAGE UP and PAGE DOWN keys to navigate. Type q to quit.

   To accept the End User License Agreement, print Yes.

2. If the configurator does not automatically determine ports for Kaspersky CyberTrace Web and the Elastic database, specify this information.
3. After that, Kaspersky CyberTrace will be launched. Two links will be displayed:
   • Link to the Kaspersky CyberTrace web user interface.
   • Link to the Kaspersky CyberTrace documentation, where you can find the credentials for logging into Kaspersky CyberTrace Web.

Configurator command-line parameters

The configurator is a binary file that configures and runs Kaspersky CyberTrace.

The file has the following command-line syntax:

configure [options]

The following options are available:

• -h [ --help ]

  Display a help message and exit.

• -i [ --install ]

  Perform the initial configuration of Kaspersky CyberTrace.

• -c [ --change ]

  Update the certificate used for Kaspersky CyberTrace Web.

Page top