This section describes how to manually install Kaspersky Scan Engine on Linux systems.
To install Kaspersky Scan Engine manually:
/opt/kaspersky/ScanEngine
directory. This directory is called %service_dir%
in this Help document.%service_dir%
directory on your system.%service_dir%/doc/license.txt
.If you agree to the terms of the EULA, proceed to the next step. If you decline the terms of the EULA, cancel the installation.
%service_dir%/etc/klScanEngineUI.xml
.<Common>rejected</Common>
to <Common>accepted</Common>
in the klScanEngineUI.xml
file.%service_dir%/doc/ksn_license.txt
and contains the link to the Privacy Policy.If you agree to the terms of the EULA for KSN and the Privacy Policy, proceed to the next step. If you decline the terms of the EULA for KSN or the Privacy Policy, proceed to step 9.
<KSN>rejected</KSN>
to <KSN>accepted</KSN>
in klScanEngineUI.xml
.%service_dir%/etc/klScanEngineUI.xml
.%service_dir%/etc/klScanEngineUI.xml
from the /etc/
directory:ln -s |
/etc/
directory:%service_dir%/etc/kavhttpd.xml
file to the /etc/
directory.%service_dir%/etc/kavicapd.xml
file to the /etc/
directory.For example, in HTTP mode you have to run the following command:
ln -s |
/etc/init.d
directory:%service_dir%/etc/init.d/kavhttpd
file to the /etc/init.d
directory.%service_dir%/etc/init.d/kavicapd
file to the /etc/init.d
directory.For example, in HTTP mode you have to run the following command:
ln -s |
/etc/init.d/
directory.chkconfig --add kavhttpd
update-rc.d kavhttpd defaults
chkconfig --add kavicapd
update-rc.d kavicapd defaults
After you install Kaspersky Scan Engine, you can check the integrity of its components at any time by using the integrity check tool.
Enabling Kaspersky Scan Engine GUI
To enable Kaspersky Scan Engine GUI:
scanengine
:CREATE USER scanengine;
scanengine
user:ALTER USER scanengine WITH PASSWORD '%PASSWORD%';
kavebase
:CREATE DATABASE kavebase OWNER scanengine;
kavebase
database run the queries described in %service_dir%/samples/tables.sql
.psql -d kavebase -a -f tables.sql
/etc/klScanEngineUI.xml
.<Mode>
element, specify the mode that Kaspersky Scan Engine will work in:For HTTP mode:
<Mode>httpd</Mode> |
For ICAP mode:
<Mode>icap</Mode> |
<EnableUI>false</EnableUI>
to <EnableUI>true</EnableUI>
.<ConnectionString>
element, specify the address of the Kaspersky Scan Engine GUI web service in %IP%:%port% format.For example:
<ConnectionString>198.51.100.0:443</ConnectionString> |
<SSLCertificatePath>
element, specify the path to your SSL certificate.<SSLPrivateKeyPath>
element, specify the path to your private key.%service_dir%/tools/openssl
utility as follows:/opt/kaspersky/ScanEngine/tools/openssl req -x509 -nodes -days 1825 -subj /C=RU/CN="%ConnectionString%" -newkey rsa: |
Here %ConnectionString%
is the value that is specified in the <ConnectionString>
element. It is recommended to use values rsa:4096
or rsa:3072
with the -newkey
parameter. The minimum supported value is rsa:2048
.
You must configure access to the private key file for ScanEngine GUI so that only the root user and the user account under which the service is running can have the read permission.
openssl rand -out %service_dir%/httpsrv/kl_scanengine_db.key 512 |
chmod 400 %service_dir%/httpsrv/kl_scanengine_db.key |
DatabaseSettings > ConnectionString
element, specify the address of a new or existing kavebase database that you want to connect to by using the format %IP%:%port%./etc/klScanEngineUI.xml
.To encrypt the credentials, use the kav_encrypt utility. This utility also automatically writes the encrypted user name and password to /etc/klScanEngineUI.xml
. The utility is located in the %service_dir%/tools/
directory.
Run the kav_encrypt utility with the following options:
-d '%USERNAME%:%PASSWORD%'
%service_dir%/etc/init.d/klScanEngineUI
from /etc/init.d
:ln -s |
/etc/init.d/
directory.chkconfig --add klScanEngineUI
update-rc.d klScanEngineUI defaults
/etc/init.d/klScanEngineUI start |