Installing Kaspersky Security Center Linux on Astra Linux in the closed software environment mode

This section describes how to install Kaspersky Security Center Linux on the Astra Linux Special Edition operating system.

Before installation:

Use the ksc64_[version_number]_amd64.deb installation file. You receive the installation file by downloading it from the Kaspersky website.

Under an account with root privileges, run the commands provided in this instruction with high integrity and zero confidentiality.

To install Kaspersky Security Center Linux on the Astra Linux Special Edition (operational update 1.7.2) and Astra Linux Special Edition (operational update 1.6) operating system:

  1. Open the /etc/digsig/digsig_initramfs.conf file, and then specify the following setting:

    DIGSIG_ELF_MODE=1

  2. In the command line, run the following command to install the compatibility package:

    apt install astra-digsig-oldkeys

  3. Create a directory for the application key:

    mkdir -p /etc/digsig/keys/legacy/kaspersky/

  4. Place the application key in the directory created in the previous step:

    cp kaspersky_astra_pub_key.gpg /etc/digsig/keys/legacy/kaspersky/

  5. Update the initial RAM file system image for all kernels of the system:

    update-initramfs -u -k all

    Reboot the system.

  6. If your device runs on Astra Linux 1.8 or later, do the actions described in this step. If your device runs on a different OS, proceed to the next step.
    1. Create the /etc/systemd/system/kladminserver_srv.service.d directory and create a file named override.conf with the following content:

      [Service]

      User=

      User=ksc

      CapabilitiesParsec=PARSEC_CAP_PRIV_SOCK

      ExecStart=

      ExecStart=/opt/kaspersky/ksc64/sbin/klserver -d from_wd

    2. Create a directory /etc/systemd/system/klwebsrv_srv.service.d and create a file named override.conf with the following content:

      [Service]

      User=

      User=ksc

      CapabilitiesParsec=PARSEC_CAP_PRIV_SOCK

      ExecStart=

      ExecStart=/opt/kaspersky/ksc64/sbin/klcsweb -d from_wd

  7. Create a group 'kladmins' and an unprivileged account 'ksc'. The account must be a member of the 'kladmins' group. To do this, sequentially run the following commands:

    # adduser ksc

    # groupadd kladmins

    # gpasswd -a ksc kladmins

    # usermod -g kladmins ksc

  8. Run the Kaspersky Security Center Linux installation:

    # apt install /<path>/ksc64_[version_number]_amd64.deb

  9. Run the Kaspersky Security Center Linux configuration:

    # /opt/kaspersky/ksc64/lib/bin/setup/postinstall.pl

  10. Read the End User License Agreement (EULA) and the Privacy Policy. The text is displayed in the command line window. Press the space bar to view the next text segment. When prompted, enter the following values:
    1. Enter y if you understand and accept the terms of the EULA. Enter n if you do not accept the terms of the EULA. To use Kaspersky Security Center Linux, you must accept the terms of the EULA.
    2. Enter y if you understand and accept the terms of the Privacy Policy, and you agree that your data will be handled and transmitted (including to third countries) as described in the Privacy Policy. Enter n if you do not accept the terms of the Privacy Policy. To use Kaspersky Security Center Linux, you must accept the terms of the Privacy Policy.
  11. When prompted, enter the following settings:
    1. Enter the Administration Server DNS name or static IP address.
    2. Enter the Administration Server port number. By default, port 14000 is used.
    3. Enter the Administration Server SSL port number. By default, port 13000 is used.
    4. Evaluate the approximate number of devices that you intend to manage:
      • If you have from 1 to 100 networked devices, enter 1.
      • If you have from 101 to 1000 networked devices, enter 2.
      • If you have more than 1000 networked devices, enter 3.
    5. Enter the security group name for services. By default, the 'kladmins' group is used.
    6. Enter the account name to start the Administration Server service. The account must be a member of the entered security group. By default, the 'ksc' account is used.
    7. Enter the account name to start other services. The account must be a member of the entered security group. By default, the 'ksc' account is used.
    8. Enter the IP address of the device on which the database is installed.
    9. Enter the database port number. This port is used to communicate with Administration Server. By default, port 3306 is used.
    10. Enter the database name.
    11. Enter the login of the database root account that you use to access the database.
    12. Enter the password of the database root account that you use to access the database.

      Wait for the services to be added and started automatically:

      • klnagent_srv
      • kladminserver_srv
      • klactprx_srv
      • klwebsrv_srv
    13. Create an account that will act as an Administration Server administrator. Enter the user name and password.

      The password must comply with the following rules:

      • The user password must have a minimum of 8, and a maximum of 16, characters.
      • The password must contain characters from at least three of the groups listed below:
        • Uppercase letters (A-Z)
        • Lowercase letters (a-z)
        • Numbers (0-9)
        • Special characters (@ # $ % ^ & * - _ ! + = [ ] { } | : ' , . ? / \ ` ~ " ( ) ;)

Kaspersky Security Center Linux is installed and the user is added.

Service verification

Use the following commands to check whether or not a service is running:

Page top