Kaspersky Security Center Web Console installation parameters

For installing Kaspersky Security Center Web Console Server on devices running Linux, you must create a response file—a .json file that contains parameters for connecting Kaspersky Security Center Web Console to the Administration Server.

Here is an example of a response file containing the minimal set of parameters and the default address and port:

{

"address": "127.0.0.1",

"port": 8080,

"trusted": "127.0.0.1|13299|/var/opt/kaspersky/klnagent_srv/1093/cert/klserver.cer|KSC Server",

"acceptEula": true

}

Here is an example of a response file containing an extended set of parameters and the default address and port:

{

"address": "127.0.0.1",

"port": 8080,

"defaultLangId": 1049,

"enableLog": false,

"trusted": "127.0.0.1|13299|/var/opt/kaspersky/klnagent_srv/1093/cert/klserver.cer|KSC Server 1||127.0.0.2|13299|/var/opt/kaspersky/klnagent_srv/1093/cert/klserver.cer|KSC Server 2",

"acceptEula": true,

"certPath": "/var/opt/kaspersky/ksc-web-console/web-server.crt",

"keyPath": "/var/opt/kaspersky/ksc-web-console/web-server.key",

"webConsoleAccount": "Group1:User1",

"managementServiceAccount": "Group1:User2",

"serviceWebConsoleAccount": "Group1:User3",

"pluginAccount": "Group1:User4",

"messageQueueAccount": "Group1:User5"

}

If you want to use a custom certificate, specify both the certPath and keyPath parameters. If you do not specify the parameters or specify only one, the web browser keeps informing you that your connection is not private.

We recommend that you specify port numbers above 1024. If you want Kaspersky Security Center Web Console to work on ports below 1024, after installation you have to run the following command:

sudo setcap 'cap_net_bind_service=+ep' /var/opt/kaspersky/ksc-web-console/node

When you install Kaspersky Security Center Web Console on the Linux ALT operating system, you must specify a port number other than 8080, because port 8080 is used by the operating system.

The table below describes the parameters that can be specified in a response file.

Parameters for installing Kaspersky Security Center Web Console on devices running Linux

Parameter

Description

Available values

address

Address of Kaspersky Security Center Web Console Server (required).

String value.

The recommended value is "127.0.0.1"

port

Port used by Kaspersky Security Center Web Console to receive connections from web browsers (required).

Numerical value.

The recommended value is 8080 (except for the Linux ALT operating system).

defaultLangId

Language of user interface (by default, 1033).

If necessary, you can change the language of Kaspersky Security Center Web Console interface.

Numerical code of the language:

  • German: 1031
  • English: 1033
  • Spanish: 3082
  • Spanish (Mexico): 2058
  • French: 1036
  • Japanese: 1041
  • Kazakh: 1087
  • Polish: 1045
  • Portuguese (Brazil): 1046
  • Russian: 1049
  • Turkish: 1055
  • Simplified Chinese: 4
  • Traditional Chinese: 31748

If no value is specified, then English (en-US) language is used.

enableLog

Whether or not to enable Kaspersky Security Center Web Console activity logging.

We recommend that you change the default value for the parameter only if a Kaspersky support specialist requests.

Boolean value:

  • true—Logging is enabled.
  • false—Logging is disabled (selected by default).

trusted

List of addresses for connecting Kaspersky Security Center Web Console to Kaspersky Security Center Linux:

  • Address for connecting Kaspersky Security Center Web Console Server to Administration Server.
  • OpenAPI port that is used for connecting Kaspersky Security Center Web Console Server to Administration Server (by default, 13299).
  • Path to the certificate of the Administration Server.
  • Administration Server name that will be displayed in the login window.

The parameters are separated with vertical bars. If several Administration Servers are specified, separate them with two vertical bars (pipes).

The Administration Server certificate is located on the device where Kaspersky Security Center Linux is installed. The default path to the certificate file is: /var/opt/kaspersky/klnagent_srv/1093/cert/klserver.cer

When installing Kaspersky Security Center Web Console to an external device, copy the certificate file from the device with Kaspersky Security Center Linux installed to the external device. Specify the local path to the certificate in the response file for the Web Console installer.

String value in the following format:

"web console server address|port|certificate path|server name".

Example:

"X.X.X.X|13299|/cert/server-1.cer|Server 1||Y.Y.Y.Y|13299|/cert/server-2.cer|Server 2".

acceptEula

Whether or not you want to accept the terms of the End User License Agreement (EULA). The file containing the terms of the EULA is downloaded together with the installation file.

 

Boolean value:

  • true—I confirm that I have fully read, understand, and accept the terms and conditions of this End User License Agreement.
  • false—I do not accept the terms of the License Agreement (selected by default).

If no value is specified, the Kaspersky Security Center Web Console installer shows you the EULA and asks whether or not you agree to accept the terms of the EULA.

certDomain

If you want to generate a new self-signed certificate, use this parameter to specify the FQDN for connecting web browser to Kaspersky Security Center Web Console.

String value.

certPath

Use the parameter to specify the path to the Kaspersky Security Center Web Console custom certificate that is trusted in your infrastructure and meets the requirements for custom certificates.

You have to specify one certificate or a certificate chain per private key (keyPath).

String value.

Encrypted certificates are not supported by Kaspersky Security Center Web Console.

On the device where Kaspersky Security Center Web Console is to be installed, specify the path to the certificate file in the PEM format.

Example: /var/opt/kaspersky/ksc-web-console/web-server.crt

keyPath

Use the parameter to specify the path to the private key associated with the Kaspersky Security Center Web Console custom certificate specified in certPath parameter.

String value.

The file with the private key must not be encrypted.

On the device where Kaspersky Security Center Web Console is to be installed, specify the path to key file in the PEM format.

Example: /var/opt/kaspersky/ksc-web-console/web-server.key

webConsoleAccount

Name of the account under which the Kaspersky Security Center Web Console service is run.

String value in the following format: "group name:user name".

Example: "Group1:User1".

If no value is specified, the Kaspersky Security Center Web Console installer creates a new account with the default name user_management_%uid%.

managementServiceAccount

Name of the privileged account under which the Kaspersky Security Center Web Console Management Service is run.

String value in the following format: "group name:user name".

Example: "Group1:User1".

If no value is specified, the Kaspersky Security Center Web Console installer creates a new account with the default name user_nodejs_%uid%.

serviceWebConsoleAccount

Name of the account under which the Kaspersky Security Center Web Console service is run.

String value in the following format: "group name:user name".

Example: "Group1:User1".

If no value is specified, the Kaspersky Security Center Web Console installer creates a new account with the default name user_svc_nodejs_%uid%.

pluginAccount

Name of the account under which the Kaspersky Security Center Product Plugins service is run.

String value in the following format: "group name:user name".

Example: "Group1:User1".

If no value is specified, the Kaspersky Security Center Web Console installer creates a new account with the default name user_web_plugin_%uid%.

messageQueueAccount

Name of the account under which the Kaspersky Security Center Web Console Message Queue service is run.

String value in the following format: "group name:user name".

Example: "Group1:User1".

If no value is specified, the Kaspersky Security Center Web Console installer creates a new account with the default name user_message_queue_%uid%.

For security reasons, we do not recommend using the webConsoleAccount, managementServiceAccount, serviceWebConsoleAccount, pluginAccount, and messageQueueAccount parameters.

If you specify the webConsoleAccount, managementServiceAccount, serviceWebConsoleAccount, pluginAccount, or messageQueueAccount parameters, make sure that the custom user accounts belong to the same security group. If these parameters are not specified, the Kaspersky Security Center Web Console installer creates a default security group, and then creates user accounts with default names in this group.

See also:

Ports used by Kaspersky Security Center Linux

Page top