Installing Kaspersky Security Center Linux

This procedure describes how to install Kaspersky Security Center Linux.

Before installation, you have to do the following:

To install Kaspersky Security Center Linux, you have to run the commands provided in the instruction below under an account with root privileges.

To install Kaspersky Security Center Linux:

  1. Create a group 'kladmins' and unprivileged accounts 'ksc' and 'ksciam'. The accounts must be members of the 'kladmins' group. To do this, sequentially run the following commands:

    # adduser ksc

    # groupadd kladmins

    # gpasswd -a ksc kladmins

    # usermod -g kladmins ksc

    # adduser ksciam

    # gpasswd -a ksciam kladmins

    # usermod -g kladmins ksciam

  2. On the device intended to be the IAM server, create a database for IAM:
    • For PostgreSQL, run the following command:

      psql -U postgres; CREATE DATABASE <iam_db_name>;

    • For MariaDB, run the following command:

      mysql -u root -p; CREATE DATABASE <iam_db_name>;

  3. If necessary, increase the default limit of files that can be opened (file descriptors) for the accounts used for the function of Administration Server services. To do this, open the /etc/security/limits.conf file, and then specify the soft and hard limits of the file descriptors as follows:

    ksc soft nofile <max_number_of_opened_files>

    ksc hard nofile <max_number_of_opened_files>

    By default, limits of the file descriptors are specified during the installation. The soft file limit is 32 768 files, the hard file limit is 131 072 files.

  4. Run the Kaspersky Security Center Linux installation. Depending on your Linux distribution, run one of the following commands:
    • # apt install /<path>/ksc64_<version_number>_amd64.deb
    • # yum install /<path>/ksc64-<version_number>.x86_64.rpm -y
  5. Run the Kaspersky Security Center Linux configuration:

    # /opt/kaspersky/ksc64/lib/bin/setup/postinstall.pl

  6. Read the End User License Agreement (EULA) and the Privacy Policy. The text is displayed in the command line window. Press the space bar to view the next text segment. Then, when prompted, enter the following values:
    1. Enter y if you understand and accept the terms of the EULA. Enter n if you do not accept the terms of the EULA. To use Kaspersky Security Center Linux, you must accept the terms of the EULA.
    2. Enter y if you understand and accept the terms of the Privacy Policy, and you agree that your data will be handled and transmitted (including to third countries) as described in the Privacy Policy. Enter n if you do not accept the terms of the Privacy Policy. To use Kaspersky Security Center Linux, you must accept the terms of the Privacy Policy.
  7. When prompted, enter the following settings:
    1. Enter the Administration Server DNS name or static IP address. That address will be used by other devices to connect to the Administration Server.
    2. Enter the Administration Server SSL port number. By default, port 13000 is used.
    3. Evaluate the approximate number of devices that you intend to manage:
      • If you have from 1 to 100 managed devices, enter 1.
      • If you have from 101 to 1000 managed devices, enter 2.
      • If you have more than 1000 managed devices, enter 3.

      This setting is used for automatically randomized delay of task starts to optimize network load. The list below shows the interval within which the delay is calculated:

      • 1 to 100 managed devices, value 1. Delay is not used.
      • 101 to 1000 managed devices, value 2. Delay is 5 minutes.
      • More than 1000 managed devices, value 3. Delay is 10 minutes.
    4. Enter the security group name for services. By default, the kladmins group is used.
    5. Enter the account name to start the Administration Server service. The account must be a member of the entered security group. By default, the ksc account is used.
    6. Enter the account name to start other services. The account must be a member of the entered security group. By default, the ksc account is used.
    7. Select the DBMS that you installed to work with Kaspersky Security Center Linux:
      • If you installed MySQL or MariaDB, enter 1.
      • If you installed PostgreSQL or Postgres Pro, enter 2.
    8. Enter the DNS name or IP address of the device on which the database is installed. 127.0.0.1 by default for a local DBMS installation.

      To use a PostgreSQL, a Postgres Pro Built-in High Availability cluster, or a Platform V Pangolin DBMS cluster, enter DNS names or IP addresses and ports of all nodes in the following format:

      <fqdn1>:<port>,<fqdn2>:<port>,<...><fqdnX>:<port>;

      Alternatively, if you want to use a Platform V Pangolin DBMS cluster, you can specify only the DNS name or IP address of the master node, or the replica node, when specifying the DBMS address.

    9. Enter the database port number. This port is used to communicate with Administration Server. By default, the following ports are used:
      • Port 3306 for MySQL or MariaDB
      • Port 5432 for PostgreSQL or Postgres Pro
    10. Enter the database name.
    11. Enter the login of the database root account that you use to access the database.
    12. Enter the password of the database root account that you use to access the database.
    13. Enter the IAM Server FQDN.
    14. Enter the account name to start the IAM service. The account must be a member of the entered security group. By default, the ksciam account is used.
    15. Select the DBMS that you installed to work with the IAM service:
      • If you installed MySQL or MariaDB, enter 1.
      • If you installed PostgreSQL or Postgres Pro, enter 2.
    16. Enter the IAM DBMS address to be used by the IAM service.
    17. Enter the IAM DBMS port number. This port is used to communicate with the IAM service. By default, the following ports are used:
      • Port 3306 for MySQL or MariaDB
      • Port 5432 for PostgreSQL or Postgres Pro
    18. Enter the IAM database name to be used by the IAM service. The name of the database used by IAM service should be different from database used by the Administration Server.
    19. Enter the login of the database account that you use to access the IAM database.
    20. Enter the password of the database account that you use to access the IAM database.

      Wait for the services to be added and started automatically:

      • klnagent_srv
      • kladminserver_srv
      • klactprx_srv
      • klwebsrv_srv
      • kliam_srv
    21. Create an account that will act as an Administration Server administrator. Enter the user name and password.

      The password must comply with the following rules:

      • The user password cannot have less than 8 or more than 256 characters.
      • The password must contain characters from at least three of the groups listed below:
        • Uppercase letters (A-Z)
        • Lowercase letters (a-z)
        • Numbers (0-9)
        • Special characters (@ # $ % ^ & * - _ ! + = [ ] { } | : ' , . ? / \ ` ~ " ( ) ;)

      If you skip this step, you can use the following command to create a new user later: /opt/kaspersky/ksc64/sbin/kladduser -n ksc -p <password>

The user is added and Kaspersky Security Center Linux is installed.

Network Agent installation

To manage the Administration Server device as any other managed device, install Network Agent for Linux on the Administration Server device. In this case, Network Agent for Linux is installed and works independently from the server version of Network Agent that you installed together with Administration Server.

Service verification

Use the following commands to check whether or not a service is running:

Page top