For installing Kaspersky Security Center Web Console Server on devices running Linux, you must create a response file—a .json file that contains parameters for connecting Kaspersky Security Center Web Console to the Administration Server.
Here is an example of a response file containing the minimal set of parameters and the default address and port:
{
"address": "ksc.example.com",
"port": 8080,
"trusted": "192.168.2.130|13299|/var/opt/kaspersky/klnagent_srv/1093/cert/klserver.cer|KSC Server",
"acceptEula": true
}
Here is an example of a response file containing an extended set of parameters and the default address and port:
{
"address": "ksc.example.com",
"port": 8080,
"defaultLangId": 1049,
"enableLog": false,
"trusted": "192.168.2.130|13299|/var/opt/kaspersky/klnagent_srv/1093/cert/klserver.cer|KSC Server 1||ksc2.example.com|13299|/var/opt/kaspersky/klnagent_srv/1093/cert/klserver.cer|KSC Server 2",
"acceptEula": true,
"certPath": "/var/opt/kaspersky/ksc-web-console/web-server.crt",
"keyPath": "/var/opt/kaspersky/ksc-web-console/web-server.key",
"webConsoleAccount": "Group1:User1",
"managementServiceAccount": "Group1:User2",
"serviceWebConsoleAccount": "Group1:User3",
"pluginAccount": "Group1:User4",
"messageQueueAccount": "Group1:User5"
}
The webConsoleAccount, managementServiceAccount, serviceWebConsoleAccount, pluginAccount, messageQueueAccount parameters must not be used separately from each other: specify the values either for all of these parameters, or for none of them.
If you want to use a custom certificate, specify both the certPath and keyPath parameters. If you do not specify the parameters or specify only one, the web browser keeps informing you that your connection is not private.
We recommend that you specify port numbers above 1024. If you want Kaspersky Security Center Web Console to work on ports below 1024, after installation you have to run the following command:
sudo setcap 'cap_net_bind_service=+ep' /var/opt/kaspersky/ksc-web-console/node
When you install Kaspersky Security Center Web Console on the Linux ALT operating system, you must specify a port number other than 8080, because port 8080 is used by the operating system.
The table below describes the parameters that can be specified in a response file.
Parameters for installing Kaspersky Security Center Web Console on devices running Linux
Parameter |
Description |
Available values |
|---|---|---|
|
Address for connecting to Kaspersky Security Center (required). If you install Kaspersky Security Center Web Console on Kaspersky Security Center Server, use the address that you specified when installing Kaspersky Security Center Linux. If you install Kaspersky Security Center Web Console on an external device, specify the device external IP address to be used by the web browser for connecting to Kaspersky Security Center Web Console Server. |
String value. Example: |
|
Port used by Kaspersky Security Center Web Console to receive connections from web browsers (required). |
Numerical value. The recommended value is 8080 (except for the Linux ALT operating system). |
|
Language of user interface (by default, If necessary, you can change the language of Kaspersky Security Center Web Console interface. |
Numerical code of the language:
If no value is specified, then English (en-US) language is used. |
|
Whether or not to enable Kaspersky Security Center Web Console activity logging. We recommend that you change the default value for the parameter only if a Kaspersky Technical Support specialist requests. |
Boolean value:
|
|
List of addresses for connecting Kaspersky Security Center Web Console to Kaspersky Security Center Linux:
The parameters are separated with vertical bars. If several Administration Servers are specified, separate them with two vertical bars (pipes). The Administration Server certificate is located on the device where Kaspersky Security Center Linux is installed. The default path to the certificate file is: /var/opt/kaspersky/klnagent_srv/1093/cert/klserver.cer When installing Kaspersky Security Center Web Console to an external device, copy the certificate file from the device with Kaspersky Security Center Linux installed to the external device. Specify the local path to the certificate in the response file for the Web Console installer. |
String value in the following format:
Example:
|
|
Whether or not you want to accept the terms of the End User License Agreement (EULA). The file containing the terms of the EULA is downloaded together with the installation file.
|
Boolean value:
If no value is specified, the Kaspersky Security Center Web Console installer shows you the EULA and asks whether or not you agree to accept the terms of the EULA. |
|
If you want to generate a new self-signed certificate, use this parameter to specify the FQDN for connecting web browser to Kaspersky Security Center Web Console. |
String value. |
|
Use the parameter to specify the path to the Kaspersky Security Center Web Console custom certificate that is trusted in your infrastructure and meets the requirements for custom certificates. You have to specify one certificate or a certificate chain per private key ( |
String value. Encrypted certificates are not supported by Kaspersky Security Center Web Console. On the device where Kaspersky Security Center Web Console is to be installed, specify the path to the certificate file in the PEM format. Example: |
|
Use the parameter to specify the path to the private key associated with the Kaspersky Security Center Web Console custom certificate specified in |
String value. The file with the private key must not be encrypted. On the device where Kaspersky Security Center Web Console is to be installed, specify the path to key file in the PEM format. Example: |
|
Name of the account under which the Kaspersky Security Center Web Console service is run. |
String value in the following format: Example: If no value is specified, the Kaspersky Security Center Web Console installer creates a new account with the default name |
|
Name of the privileged account under which the Kaspersky Security Center Web Console Management Service is run. |
String value in the following format: Example: If no value is specified, the Kaspersky Security Center Web Console installer creates a new account with the default name |
|
Name of the account under which the Kaspersky Security Center Web Console service is run. |
String value in the following format: Example: If no value is specified, the Kaspersky Security Center Web Console installer creates a new account with the default name |
|
Name of the account under which the Kaspersky Security Center Product Plugins service is run. |
String value in the following format: Example: If no value is specified, the Kaspersky Security Center Web Console installer creates a new account with the default name |
|
Name of the account under which the Kaspersky Security Center Web Console Message Queue service is run. |
String value in the following format: Example: If no value is specified, the Kaspersky Security Center Web Console installer creates a new account with the default name |
For security reasons, we do not recommend specifying the webConsoleAccount, managementServiceAccount, serviceWebConsoleAccount, pluginAccount, and messageQueueAccount parameters.
If you decide to specify these parameters, make sure that the custom user accounts belong to the same security group. When the parameters are not specified, the Kaspersky Security Center Web Console installer creates a default security group, and then creates user accounts with default names in this group.