Preparing for application installation

Expand all | Collapse all

Before starting the installation of Kaspersky Industrial CyberSecurity for Networks, make sure that the computers meet the hardware and software requirements. Also make sure that the equipment, hardware, and software of the computers are compliant with all operational security recommendations.

To ensure proper functioning of application components, it is recommended to use specially dedicated computers that only have software from the operating system installed. If third-party applications are installed on computers, the performance of components of Kaspersky Industrial CyberSecurity for Networks may be reduced.

To install application components, each computer must have a user account with root privileges that will be used to perform the installation. You can use the standard tools of the operating system to add the necessary user accounts.

In Kaspersky Industrial CyberSecurity for Networks version 4.0.1, if a user account with root privileges is created after the Astra Linux Special Edition operating system is installed, you must define the maximum level of integrity for this user account so that it can write to the folder used for storing application data (the integrity level is defined by using the sudo pdpl-user -i 63 <user name> command).

Depending on the utilized application components installation script from the distribution kit, and on the type of application components being installed, you can do the following to prepare for application installation:

• Preparing for centralized installation of components

  On the computers where components will be centrally installed, verify that the following conditions are fulfilled:

  • The computers have network access, and access over SSH is configured and open.
  • The computers have user accounts with root privileges (application components will be installed under these user accounts).
  • The computers do not have any user accounts or groups with the following names that are reserved for interaction between application components (if these accounts exist, they could receive elevated access rights, even root privileges, after the application is installed):
    • kics4net
    • kics4net-postgresql
    • kics4net-webserver
    • kics4net-fts
    • kics4net-epp-proxy
    • kics4net-connectors
    • kics4net-nats-server
    • kics4net-websensor
    • kics4net-connectors-launcher
    • kics4net-apm
    • kics4net-report-renderer
    • kics4net-email-gateway
    • kics4net-report-data-source
    • kics4net-scheduler
    • kics4net-report-tcv
    • kics4net-report-tc
    • kics4net-report-builder
    • kics4net-task-m
    • kics4net-task-mv
    • kics4net-blob-storage

  To prepare computers for installation of application components:

  1. On all computers on which application components will be installed, set the same password for the user account with root privileges (application components will be installed under this user account). By default, the root user account is used to perform the installation. Memorize the user names and password. You will need to provide this data while the application installation script is running.

     After application components are installed, you are advised to change the passwords for these users.

  2. Find out and save the following information about the computers:
     • Name and IP address of the computer that will perform Server functions.
     • IP addresses of the computers that will perform sensor functions.
     • Name or IP address and SSL port of the computer with Kaspersky Security Center.

     To display the computer name, you can enter the hostname command in the command line. To display information about IP addresses and network interfaces, you can enter the sudo ifconfig command in the command line (in a Windows operating system, use the ipconfig command).

  3. On the computer from which the centralized installation will be performed, use the SSH protocol to connect to each computer where the application components will be installed. A connection needs to be made to verify access over SSH.

     To connect:

     1. Enter the following command in the command line:

        ssh <user name>@<computer IP address>

     2. After entering this command, perform the necessary actions at the operating system prompts.
     3. To terminate the connection session, use the following command:

        exit

  4. Copy the kics4net-release_<application version>.tar.gz archive from the distribution kit to the computer from which the installation will be performed.
  5. Go to the folder containing the copied archive and enter the following command to unpack it:

     tar -zxvf kics4net-release_<application version>.tar.gz

  The unpacked folders and files will appear in the subfolder kics4net-release_<application version>.

• Preparing for local installation of the Server or a sensor

  On the computer where the Server or sensor will be installed, verify that the following conditions are fulfilled:

  • There is network access to the computer.
  • The computer has a user account with root privileges (the local installation script will be run under this user account).
  • The computer does not have any user accounts or groups with the following names that are reserved for interaction between application components (if these accounts exist, they could receive elevated access rights, even root privileges, after the application is installed):
    • If the Server will be installed:
      • kics4net
      • kics4net-postgresql
      • kics4net-webserver
      • kics4net-fts
      • kics4net-epp-proxy
      • kics4net-connectors
      • kics4net-nats-server
      • kics4net-connectors-launcher
      • kics4net-apm
      • kics4net-report-renderer
      • kics4net-email-gateway
      • kics4net-report-data-source
      • kics4net-scheduler
      • kics4net-report-tcv
      • kics4net-report-tc
      • kics4net-report-builder
      • kics4net-task-m
      • kics4net-task-mv
      • kics4net-blob-storage
    • If a sensor will be installed:
      • kics4net
      • kics4net-websensor
      • kics4net-epp-proxy
      • kics4net-connectors-launcher
      • kics4net-apm
      • kics4net-connectors

  To prepare the computer for the local installation of the Server or a sensor:

  1. Find out and save the following information about the computer:
     • User account credentials for the account with root privileges that will be used to run the local installation script.
     • Name and IP address of the computer (for subsequent connection to this computer).

     To display the computer name, you can enter the hostname command in the command line. To display information about IP addresses and network interfaces, you can enter the sudo ifconfig command in the command line.

  2. Copy the kics4net-release_<application version>.tar.gz archive from the distribution kit to the computer.
  3. Go to the folder containing the copied archive and enter the following command to unpack it:

     tar -zxvf kics4net-release_<application version>.tar.gz

  The unpacked folders and files will appear in the subfolder kics4net-release_<application version>.

Page top