Installing Kaspersky Security Center Linux in silent mode

You can install Kaspersky Security Center Linux on Linux devices by using an answer file to run an installation in silent mode, that is, without user participation. The answer file contains a custom set of installation parameters: variables and their respective values.

Before installation:

• Install a database management system (DBMS).
• Make sure that your device with the DBMS installed does not have user accounts with the following names:
  • client
  • iam
  • ksc
  • locker
  • pat
  • scope
  • voltron
• Make sure that the device on which you want to install Kaspersky Security Center Linux is running one of the supported Linux distributions.

  If you use the operating system RED OS 7.3.4 or later or MSVSPHERE 9.2 or later, install the libxcrypt-compat package for the correct function of Administration Server.

• Download the installation file from the Kaspersky website. Choose the installation file that corresponds to the Linux distribution installed on your device—ksc64_[version_number]_amd64.deb or ksc64-[version_number].x86_64.rpm.

To install Kaspersky Security Center Linux in silent mode:

1. Read the End User License Agreement. Follow the steps below only if you understand and accept the terms of the End User License Agreement.
2. Create a group 'kladmins' and unprivileged accounts 'ksc' and 'ksciam' that must be members of the 'kladmins' group. To do this, sequentially run the following commands under an account with root privileges:

   # adduser ksc

   # groupadd kladmins

   # gpasswd -a ksc kladmins

   # usermod -g kladmins ksc

   # adduser ksciam

   # gpasswd -a ksciam kladmins

   # usermod -g kladmins ksciam

3. On the device intended to be the IAM server, create a database for IAM:
   • For PostgreSQL, run the following command:

     psql -U postgres; CREATE DATABASE <iam_db_name>;

   • For MariaDB, run the following command:

     mysql -u root -p; CREATE DATABASE <iam_db_name>;

4. Create the answer file (in TXT format), and add a list of variables in the VARIABLE_NAME=variable_value format to the answer file, each one in a separate line. The answer file should include the variables listed in the table below.
5. Set the value of the KLAUTOANSWERS environment variable in the root or user environment containing the full name of the answer file including the path, for example, with the following command:

   export KLAUTOANSWERS=/tmp/ksc_install/answers.txt

6. Run the Kaspersky Security Center Linux installation in silent mode—depending on your Linux distribution, run one of the following commands:

   In the root environment:

   • # apt install /<path>/ksc64_[version_number]_amd64.deb
   • # yum install /<path>/ksc64-[version_number].x86_64.rpm -y

   In the user environment:

   • $ sudo -E apt install /<path>/ksc64_[version_number]_amd64.deb
   • $ sudo -E yum install /<path>/ksc64-[version_number].x86_64.rpm -y
7. Create a user to work with Kaspersky Security Center Web Console. To do this, run the following command under an account with root privileges:

   /opt/kaspersky/ksc64/sbin/kladduser -n ksc -p <password>, where the password must contain at least 8 characters.

   Variables of the answer file used as parameters of Kaspersky Security Center Linux installation in silent mode

   Variable name	Required	Description	Possible values
   EULA_ACCEPTED	Yes	Confirms that you understand and accept the terms of the End User License Agreement.	1
   PP_ACCEPTED	Yes	Confirms that you understand and accept the terms of the Privacy Policy.	1
   KLSRV_UNATT_SERVERADDRESS	Yes	The Administration Server DNS-name or static IP address.	DNS name or IP address
   KLSRV_UNATT_PORT_SRV	No	The Administration Server port number. Optional, default value is 14000.	Port number
   KLSRV_UNATT_PORT_SRV_SSL	No	The Administration Server SSL port number. Optional, default value is 13000.	Port number
   KLSRV_UNATT_PORT_KLOAPI	No	The number of the port for working with OpenAPI. Also this port is used for receiving connections from Kaspersky Security Center Web Console.Optional, default value is 13299.	Port number
   KLSRV_UNATT_PORT_GUI	No	The number of the port for working with the klakaut utility. Optional, default value is 13291. The klakaut utility and a Help system for it are located in the Kaspersky Security Center Linux installation folder. This port is closed by default. If you want to use the klakaut utility to automate the Kaspersky Security Center Linux operation, open the 13291 port by using the klscflag utility.	Port number
   KLSRV_UNATT_NETRANGETYPE	No	The approximate number of devices that you intend to manage. This setting is used to optimize network load. Optional, default value is 1.	1 for 1 to 100 managed devices. 2 for 101 to 1,000 managed devices. 3 for more than 1,000 managed devices.
   KLSRV_UNATT_DBMS_TYPE	Yes	The database management system type: MySQL (MariaDB) or Postgres.	mysql or postgres
   KLSRV_UNATT_DBMS_INSTANCE	Yes	The database server IP address. To use a PostgreSQL, a Postgres Pro Built-in High Availability cluster, or a Platform V Pangolin DBMS cluster, enter DNS names or IP addresses and ports of all nodes in the following format: <fqdn1>:<port>,<fqdn2>:<port>,<...><fqdnX>:<port>; Alternatively, if you want to use a Platform V Pangolin DBMS cluster, you can specify only the DNS name or IP address of the master node, or the replica node, when specifying the DBMS address.	IP address
   KLSRV_UNATT_DBMS_PORT	Yes	The database server port. Default value for MySQL (MariaDB) is 3306; default value for Postgres is 5432.	3306 or 5432
   KLSRV_UNATT_DB_NAME	Yes	The database name. The name of the database must be different from the IAM database name specified in the KLSRV_UNATT_DB_IAM_NAME variable.	kav
   KLSRV_UNATT_DBMS_LOGIN	Yes	The username of a user that has access to the database.
   KLSRV_UNATT_DBMS_PASSWORD	Yes	The password of a user that has access to the database.
   KLSRV_UNATT_IAM_ADDRESS	No	The address to connect to IAM by Node.js. User browsers will be redirected to this address by OpenIDConnect as well. If you do not specify this variable, the DNS name of the computer with Administration Server installed is used.	FQDN
   KLSRV_UNATT_KLIAMUSER	Yes	The account name to start the IAM service. The account must be a member of the security group specified in KLSRV_UNATT_KLADMINSGROUP variable.	ksciam
   KLSRV_UNATT_DBMS_IAM_TYPE	Yes	The IAM database management system type: MySQL (MariaDB) or Postgres.	mysql or postgres
   KLSRV_UNATT_DBMS_IAM_INSTANCE	Yes	The IAM database server address. To use a PostgreSQL, a Postgres Pro Built-in High Availability cluster, or a Platform V Pangolin DBMS cluster, enter DNS names or IP addresses and ports of all nodes in the following format: <fqdn1>:<port>,<fqdn2>:<port>,<...><fqdnX>:<port>; Alternatively, if you want to use a Platform V Pangolin DBMS cluster, you can specify only the DNS name or IP address of the master node, or the replica node, when specifying the DBMS address.	IP address
   KLSRV_UNATT_DBMS_IAM_PORT	Yes	The IAM database server port. Default value for MySQL (MariaDB) is 3306; default value for Postgres is 5432.	3306 or 5432
   KLSRV_UNATT_DBMS_IAM_LOGIN	Yes	The username of a user that has access to the IAM database. If the IAM database type is MySQL (MariaDB) and has both of the following settings: gtid_mode=ON gtid_purged=ON|AUTO ensure that the specified user has either of the following DBMS privileges: RELOAD FLUSH_TABLES
   KLSRV_UNATT_DBMS_IAM_PASSWORD	Yes	The password of a user that has access to the IAM database.
   KLSRV_UNATT_DB_IAM_NAME	Yes	The IAM database name. The name of the IAM database must be different from the database name specified in the KLSRV_UNATT_DB_NAME variable. Specify a manually created empty database.	iamdb
   KLSRV_UNATT_KLADMINSGROUP	Yes	The security group name for services.	kladmins
   KLSRV_UNATT_KLSRVUSER	Yes	The account name to start the Administration Server service. The account must be a member of the security group specified in KLSRV_UNATT_KLADMINSGROUP variable.	ksc
   KLSRV_UNATT_KLSVCUSER	Yes	The account name to start other services. The account must be a member of the security group specified in KLSRV_UNATT_KLADMINSGROUP variable.	ksc
   If the Administration Server is to be deployed as a Kaspersky Security Center Linux failover cluster, the answer file must include the following additional variables:
   KLFOC_UNATT_NODE	Yes	The node number (1 or 2).	1 or 2
   KLFOC_UNATT_STATE_SHARE_MOUNT_PATH	Yes	The state share mount point.
   KLFOC_UNATT_DATA_SHARE_MOUNT_PATH	Yes	The data share mount point.
   KLFOC_UNATT_CONN_MODE	Yes	The failover cluster connectivity mode.	VirtualAdapter or ExternalLoadBalancer
   In case the KLFOC_UNATT_CONN_MODE variable has VirtualAdapter value, the answer file must include the following additional variables:
   KLFOC_UNATT_CONN_MODE_VA_NAME	Yes	The virtual network adapter name.
   KLFOC_UNATT_CONN_MODE_VA_IPV4	One of these variables is required	The virtual network adapter IP address.	IP address
   KLFOC_UNATT_CONN_MODE_VA_IPV6		The virtual network adapter IPv6 address.	IPv6 address

Page top