This section describes how to manually install Kaspersky Scan Engine on Linux systems.
Before installing and configuring Kaspersky Scan Engine, you need to specify the locale of the computer on which Kaspersky Scan Engine is installed. Use the following commands:
LC_ALL=en_US.utf8 export LC_ALL |
To install Kaspersky Scan Engine manually:
/opt/kaspersky/ScanEngine
directory. This directory is called %service_dir%
in this Help document.%service_dir%
directory on your system.%SDK_kit%
) as follows:%SDK_kit%/bin/bases
to %service_dir%/bin/bases
%SDK_kit%/include
to %service_dir%/include
%SDK_kit%/lib
to %service_dir%/lib
%SDK_kit%/ppl
to %service_dir%/ppl
%SDK_kit%/tools/kavsigner
file to %service_dir%/tools
%SDK_kit%/tools/integrity_check_sdk.xml
file to %service_dir%
Only users with administrator rights must have access to the objects from %SDK_kit%
.
For compatibility with Kaspersky Scan Engine, use the KAV SDK version 8.9.2.595 or later.
%service_dir%/doc/license.txt
.If you agree to the terms of the EULA, proceed to the next step. If you decline the terms of the EULA, cancel the installation.
%service_dir%/etc/klScanEngineUI.xml
.<Common>rejected</Common>
to <Common>accepted</Common>
in the klScanEngineUI.xml
file.%service_dir%/doc/ksn_license.txt
and contains the link to the Privacy Policy.If you agree to the terms of the EULA for KSN and the Privacy Policy, proceed to the next step. If you decline the terms of the EULA for KSN or the Privacy Policy, proceed to step 10.
<KSN>rejected</KSN>
to <KSN>accepted</KSN>
in klScanEngineUI.xml
.%service_dir%/etc/klScanEngineUI.xml
.%service_dir%/etc/klScanEngineUI.xml
from the /etc/
directory:ln -s |
/etc/
directory:%service_dir%/etc/kavhttpd.xml
file to the /etc/
directory.%service_dir%/etc/kavicapd.xml
file to the /etc/
directory.For example, in HTTP mode you have to run the following command:
ln -s |
openssl rand -out %service_dir%/httpsrv/kl_scanengine_db.key 512
chmod 400 %service_dir%/httpsrv/kl_scanengine_db.key
kav_encrypt
utility. This utility also automatically writes the encrypted user name and password to the configuration file kavhttpd.xml
(for HTTP mode) or kavicapd.xml
(for ICAP mode). The utility is located in the %service_dir%/tools/
directory.Run the kav_encrypt
utility with the following options:
-m <httpd | icap> -p <user_name:password>
/etc/systemd/system/multi-user.target.wants/
, make symbolic links to the following files:/opt/kaspersky/ScanEngine/etc/kavicapd.service
by using the following command:ln -s /opt/kaspersky/ScanEngine/etc/kavicapd.service /etc/systemd/system/kavicapd.service |
/opt/kaspersky/ScanEngine/etc/kavhttpd.service
by using the following command:ln -s /opt/kaspersky/ScanEngine/etc/kavhttpd.service /etc/systemd/system/kavhttpd.service |
|
service kavicapd start |
service kavhttpd start |
After you install Kaspersky Scan Engine, you can check the integrity of its components at any time by using the integrity check tool.
Enabling Kaspersky Scan Engine GUI
To enable Kaspersky Scan Engine GUI:
Make sure that the user running the database queries has access to the directory containing tables.sql
and also has read access to tables.sql
itself.
scanengine
:CREATE USER scanengine;
scanengine
user:ALTER USER scanengine WITH PASSWORD '%PASSWORD%';
kavebase
:CREATE DATABASE kavebase OWNER scanengine;
kavebase
database run the queries described in %service_dir%/samples/tables.sql
.psql -d kavebase -a -f tables.sql
/etc/klScanEngineUI.xml
.<Mode>
element, specify the mode that Kaspersky Scan Engine will work in:For HTTP mode:
<Mode>httpd</Mode> |
For ICAP mode:
<Mode>icap</Mode> |
<EnableUI>false</EnableUI>
to <EnableUI>true</EnableUI>
.<ConnectionString>
element, specify the address of the Kaspersky Scan Engine GUI web service in %IP%:%port% format.For example:
<ConnectionString>198.51.100.0:443</ConnectionString> |
<SSLCertificatePath>
element, specify the path to your SSL certificate.<SSLPrivateKeyPath>
element, specify the path to your private key.%service_dir%/tools/openssl
utility as follows:/opt/kaspersky/ScanEngine/tools/openssl req -x509 -nodes -days 1825 -subj /C=RU/CN="%ConnectionString%" -newkey rsa: |
Here %ConnectionString%
is the value that is specified in the <ConnectionString>
element. It is recommended to use the values rsa:4096
or rsa:3072
with the -newkey
parameter. The minimum supported value is rsa:2048
.
You must configure access to the private key file for Kaspersky Scan Engine GUI so that only the root user and the user account under which the service is running can have the read permission.
openssl rand -out %service_dir%/httpsrv/kl_scanengine_db.key 512 |
chmod 400 %service_dir%/httpsrv/kl_scanengine_db.key |
DatabaseSettings > ConnectionString
element, specify the address of a new or existing kavebase database that you want to connect to by using the format %IP%:%port%./etc/klScanEngineUI.xml
.To encrypt the credentials, use the kav_encrypt utility. This utility also automatically writes the encrypted user name and password to /etc/klScanEngineUI.xml
. The utility is located in the %service_dir%/tools/
directory.
Run the kav_encrypt utility with the following options:
-d '%username%:%password%'
/etc/systemd/system/multi-user.target.wants/
, make a symbolic link to /opt/kaspersky/ScanEngine/etc/klScanEngineUI.service
by using the following command:ln -s /opt/kaspersky/ScanEngine/etc/klScanEngineUI.service /etc/systemd/system/klScanEngineUI.service |
|
|