Installing Kaspersky Security Center Linux in silent mode

You can install Kaspersky Security Center Linux on Linux devices by using an answer file to run an installation in silent mode, that is, without user participation. The answer file contains a custom set of installation parameters: variables and their respective values.

Before installation:

To install Kaspersky Security Center Linux in silent mode:

  1. Read the End User License Agreement. Follow the steps below only if you understand and accept the terms of the End User License Agreement.
  2. If your device runs on Astra Linux 1.8 or later, do the actions described in this step. If your device runs on a different OS, proceed to the next step.
    1. Create the /etc/systemd/system/kladminserver_srv.service.d directory and create a file named override.conf with the following content:

      [Service]

      User=

      User=ksc

      CapabilitiesParsec=PARSEC_CAP_PRIV_SOCK

      ExecStart=

      ExecStart=/opt/kaspersky/ksc64/sbin/klserver -d from_wd

    2. Create a directory /etc/systemd/system/klwebsrv_srv.service.d and create a file named override.conf with the following content:

      [Service]

      User=

      User=ksc

      CapabilitiesParsec=PARSEC_CAP_PRIV_SOCK

      ExecStart=

      ExecStart=/opt/kaspersky/ksc64/sbin/klcsweb -d from_wd

  3. Create a group 'kladmins' and an unprivileged account 'ksc', that must be a member of the 'kladmins' group. To do this, sequentially run the following commands under an account with root privileges:

    # adduser ksc

    # groupadd kladmins

    # gpasswd -a ksc kladmins

    # usermod -g kladmins ksc

  4. Create the answer file (in TXT format), and add a list of variables in the VARIABLE_NAME=variable_value format to the answer file, each one in a separate line. The answer file should include the variables listed in the table below.
  5. Set the value of the KLAUTOANSWERS environment variable in the root or user environment containing the full name of the answer file including the path, for example, with the following command:

    export KLAUTOANSWERS=/tmp/ksc_install/answers.txt

  6. Run the Kaspersky Security Center Linux installation in silent mode—depending on your Linux distribution, run one of the following commands:

    In the root environment:

    • # apt install /<path>/ksc64_[version_number]_amd64.deb
    • # yum install /<path>/ksc64-[version_number].x86_64.rpm -y

    In the user environment:

    • $ sudo -E apt install /<path>/ksc64_[version_number]_amd64.deb
    • $ sudo -E yum install /<path>/ksc64-[version_number].x86_64.rpm -y
  7. Create a user to work with Kaspersky Security Center Web Console. To do this, run the following command under an account with root privileges:

    /opt/kaspersky/ksc64/sbin/kladduser -n ksc -p <password>, where the password must contain at least 8 characters.

    Variables of the answer file used as parameters of Kaspersky Security Center Linux installation in silent mode

    Variable name

    Required

    Description

    Possible values

    EULA_ACCEPTED

    Yes

    Confirms that you understand and accept the terms of the End User License Agreement.

    1

    PP_ACCEPTED

    Yes

    Confirms that you understand and accept the terms of the Privacy Policy.

    1

    KLSRV_UNATT_SERVERADDRESS

    Yes

    The Administration Server DNS-name or static IP address.

    DNS name or IP address

    KLSRV_UNATT_PORT_SRV

    No

    The Administration Server port number. Optional, default value is 14000.

    Port number

    KLSRV_UNATT_PORT_SRV_SSL

    No

    The Administration Server SSL port number. Optional, default value is 13000.

    Port number

    KLSRV_UNATT_PORT_KLOAPI

    No

    The number of the port for working with OpenAPI. Also this port is used for receiving connections from Kaspersky Security Center Web Console. Optional, default value is 13299.

    Port number

    KLSRV_UNATT_PORT_GUI

    No

    The number of the port for working with the klakaut utility. Optional, default value is 13291. The klakaut utility and a Help system for it are located in the Kaspersky Security Center Linux installation folder.

    This port is closed by default. If you want to use the klakaut utility to automate the Kaspersky Security Center Linux operation, open the 13291 port by using the klscflag utility.

    Port number

    KLSRV_UNATT_NETRANGETYPE

    No

    The approximate number of devices that you intend to manage. Optional, default value is 1.

     

    1 for 1 to 100 networked devices.
    2 for 101 to 1,000 networked devices.
    3 for more than 1,000 networked devices.

    KLSRV_UNATT_DBMS_INSTANCE

    Yes

    The database server IP address.

    IP address

    KLSRV_UNATT_DBMS_PORT

    Yes

    The database server port.

    3306

    KLSRV_UNATT_DB_NAME

    Yes

    The database name.

    kav

    KLSRV_UNATT_DBMS_LOGIN

    Yes

    The username of a user that has access to the database.

     

    KLSRV_UNATT_DBMS_PASSWORD

    Yes

    The password of a user that has access to the database.

     

    KLSRV_UNATT_KLADMINSGROUP

    Yes

    The security group name for services.

    kladmins

    KLSRV_UNATT_KLSRVUSER

    Yes

    The account name to start the Administration Server service. The account must be a member of the security group specified in KLSRV_UNATT_KLADMINSGROUP variable.

    ksc

    KLSRV_UNATT_KLSVCUSER

    Yes

    The account name to start other services. The account must be a member of the security group specified in KLSRV_UNATT_KLADMINSGROUP variable.

    ksc

    If the Administration Server is to be deployed as a Kaspersky Security Center Linux failover cluster, the answer file must include the following additional variables:

    KLFOC_UNATT_NODE

    Yes

    The node number (1 or 2).

    1
    or
    2

    KLFOC_UNATT_STATE_SHARE_MOUNT_PATH

    Yes

    The state share mount point.

     

    KLFOC_UNATT_DATA_SHARE_MOUNT_PATH

    Yes

    The data share mount point.

     

    KLFOC_UNATT_CONN_MODE

    Yes

    The failover cluster connectivity mode.

    VirtualAdapter

    or

    ExternalLoadBalancer

    In case the KLFOC_UNATT_CONN_MODE variable has VirtualAdapter value, the answer file must include the following additional variables:

    KLFOC_UNATT_CONN_MODE_VA_NAME

    Yes

    The virtual network adapter name.

     

    KLFOC_UNATT_CONN_MODE_VA_IPV4

    One of these variables is required

    The virtual network adapter IP address.

    IP address

    KLFOC_UNATT_CONN_MODE_VA_IPV6

    The virtual network adapter IPv6 address.

    IPv6 address

Page top