Upgrading Kaspersky Security Center Web Console on Astra Linux in the closed software environment mode

This article describes how to upgrade Kaspersky Security Center Web Console Server (also referred to as Kaspersky Security Center Web Console) on the Astra Linux Special Edition operating system.

To upgrade Kaspersky Security Center Web Console:

1. Make sure that the device on which you want to upgrade Kaspersky Security Center Web Console is running one of the supported Linux distributions.
2. Read and accept the End User License Agreement (EULA). If the Kaspersky Security Center Linux distribution kit does not include a TXT file with the text of the EULA, you can download the file from the Kaspersky website. If you do not accept the terms of the License Agreement, do not upgrade Kaspersky Security Center Web Console by using the installation file.
3. Use the same response file that you prepared before installing Kaspersky Security Center Web Console. The response file name is ksc-web-console-setup.json, and the file location is /etc/ksc-web-console-setup.json.

   If the response file does not exist, create a new response file that contains the parameters for connecting Kaspersky Security Center Web Console to Administration Server. Name the file ksc-web-console-setup.json, and then place it in the /etc directory.

   Example of a response file containing the minimal set of parameters

   The set of parameters of the response file depends on the version of the Administration Server to which the Kaspersky Security Center Web Console connects.

   • Administration Server version 16 or later

     Example of a response file with the minimum set of parameters for signing in to Administration Server version 16 or later:

     {

     "address": "ksc-web-console.example.com",

     "port": 8080,

     "trusted": {

     "Administration Server with SSO": {

     "iamHost": "ksc-iam.example.com",

     "iamOAuthPort": 4444,

     "iamProxyPort": 9050,

     "iamCertPath": "/var/opt/kaspersky/klnagent_srv/iam/main_certificate.pem",

     "iamPATPath": "/var/opt/kaspersky/klnagent_srv/iam/initial_token.txt",

     "kscPort": 13299,

     "kscCertPath": "/var/opt/kaspersky/klnagent_srv/1093/cert/klserver.cer"

     }

     },

     "acceptEula": true

     }

   • Administration Server version 15.4 or earlier

     Example of a response file with the minimum set of parameters for signing in to Administration Server version 15.4 or earlier:

     {

     "address": "ksc-web-console.example.com",

     "port": 8080,

     "trusted": {

     "Administration Server without SSO": {

     "kscHost": "ksc.example.com",

     "kscPort": 13299,

     "kscCertPath": "/var/opt/kaspersky/klnagent_srv/1093/cert/klserver.cer"

     }

     },

     "acceptEula": true

     }

   You can install the Kaspersky Security Center Web Console either on the same device as the Administration Server or on a separate device. When installing Kaspersky Security Center Web Console to an external device, the Kaspersky Security Center Web Console (specified by address) and Administration Server address (specified by iamHost or kscHost) are different. Otherwise, these parameters have the same values.

   You can add multiple Administration Servers of different versions to the list of trusted servers. In this case, the Servers may use different authentication methods.

4. Ensure that in the /etc/digsig/digsig_initramfs.conf file, the DIGSIG_ELF_MODE parameter is specified as follows:

   DIGSIG_ELF_MODE=1

5. Ensure that the astra-digsig-oldkeys compatibility package is installed.

   If this package is not installed, run the following command:

   apt install astra-digsig-oldkeys

6. Create a directory for the application key, if it does not exist:

   mkdir -p /etc/digsig/keys/legacy/kaspersky/

7. Place the application key /opt/kaspersky/ksc64/share/kaspersky_astra_pub_key.gpg in the directory created in the previous step:

   cp kaspersky_astra_pub_key.gpg /etc/digsig/keys/legacy/kaspersky/

   If the Kaspersky Security Center Linux distribution kit does not include the kaspersky_astra_pub_key.gpg application key, you can download it by clicking the link: https://media.kaspersky.com/utilities/CorporateUtilities/kaspersky_astra_pub_key.gpg.

8. Update the RAM disks:

   update-initramfs -u -k all

   Reboot the system.

9. Under an account with root privileges, use the command line to run the setup file. You receive the setup file by downloading it from the Kaspersky website.

   To upgrade from a previous version of Kaspersky Security Center Web Console, run the following command:

   sudo dpkg -i ksc-web-console-<build number>.x86_64.deb

   This starts unpacking the setup file. Please wait until the installation is complete.

10. Restart all of the Kaspersky Security Center Web Console services by running the following command:

    sudo systemctl restart KSC*

When the upgrade is complete, you can use your browser to open and log in to Kaspersky Security Center Web Console.

Page top