Preparing to install the application

Before starting the installation of Kaspersky Industrial CyberSecurity for Linux Nodes, you must:

• Check that your device meets the hardware and software requirements of the application.
• Be sure third-party anti-virus software is not installed on your device.
• Be sure that Kaspersky Endpoint Agent for Linux is not installed on your device. If Kaspersky Endpoint Agent for Linux is installed, during the installation process you will see a message about the need to manually remote it.
• If you plan to manage Kaspersky Industrial CyberSecurity for Linux Nodes using Kaspersky Security Center, prepare the installation of Kaspersky Security Center Network Agent on the device (for details, see the Kaspersky Security Center Help).
• Make sure the semanage utility is installed in the system. If the utility is not installed, install the policycoreutils-python or policycoreutils-python-utils package, depending on the package manager.
• Make sure that the required dependencies for installing the GUI package are available on your device. If the device is in an isolated network segment and does not have access to the repositories of the package manager, we recommend to check the list of dependencies on the reference device, and then download and distribute the packages to all devices before installing the GUI.
• On devices with operating systems that do not support fanotify technology, make sure that the following are installed:
  • Packages for compiling applications and running tasks (gcc, binutils, glibc, glibc-devel, make)
  • Package with operating system kernel header files for compiling Kaspersky Industrial CyberSecurity for Linux Nodes modules
• On devices running the SUSE Linux Enterprise Server 15 operating system, the insserv-compat package must be installed.
• By default, Astra Linux operating systems block ptrace (Disable ptrace capability), which may affect the operation of Kaspersky Industrial CyberSecurity for Linux Nodes. For Kaspersky Industrial CyberSecurity for Linux Nodes to work correctly, unblock ptrace when installing Astra Linux. If Astra Linux is already installed, see the Astra Linux Help Center website for instructions on how to enable/disable this mode (Configuring protection and blocking mechanisms in the Blocking ptrace section).

  You can disable ptrace tracing by specifying the kernel parameter-value pair kernel.yama.ptrace_scope = 3. In this case, the following will happen in the application:

  • Creating dump files of the kics process when the application crashes will not be possible.
  • The Behavior Detection component will not be able to receive the environment settings of processes.
  • On operating systems with a kernel version higher than 5.7, the Application Control component will not be able to read command line arguments and process environment variables, because reading /proc/pid/syscall and /proc/pid/mem is prohibited. On operating systems with kernel version 5.0, the Application Control component will not function properly.
  • The process memory and kernel memory scan will not work in scan tasks, since reading / proc / pid / mem is prohibited.
• For the Firewall Management, Web Threat Protection and Network Threat Protection components to work, the iptables utility needs to be installed on your device.
• For the Kaspersky Industrial CyberSecurity for Linux Nodes management MMC plug-in to work, Microsoft® Visual C++® 2015 Redistributable Update 3 RC (see https://www.microsoft.com/en-us/download/details.aspx?id=52685) must be installed on the Administration Server.
• For the application to run correctly, make sure that the root account is the owner of the following directories and that only the owner has the right to write to them: /var, /var/opt, /var/opt/kaspersky, /var/log/kaspersky, /opt, /opt/kaspersky, /usr/bin, /usr/lib, /usr/lib64.
• Make sure that file descriptor limits recommended by the operating system vendor are configured in the operating system. To check the limit, run the command cat /proc/sys/fs/file-max. When the application is running, the operating system may use significantly more descriptors. In general, we recommend disabling the file limit by specifying fs.file-max=9223372036854775807 in the /etc/sysctl.conf file. After changing the value of this setting, you must restart the operating system.

Page top