Support

Support for business applications

Kaspersky Endpoint Security 10 for Linux ARM Edition

Installing the application

Configuring permissions in the SELinux system

Kaspersky Endpoint Security 10 for Linux ARM Edition
Knowledge Base Online Help
FAQ System requirements Forum Contact support Recovery tools Product videos

Configuring permissions in the SELinux system

January 20, 2022

ID 196986

To configure SELinux for operation of Kaspersky Endpoint Security:

  1. Switch SELinux to permissive mode:
    • If SELinux has been activated, execute the following command:

      # setenforce Permissive

    • If SELinux was disabled, in the configuration file /etc/selinux/config, specify the SELINUX=permissive parameter value, and restart the operating system.
  2. Ensure that the semanage utility is installed on the operating system. If it is not installed, install the policycoreutils-python* package.
  3. Install the Kaspersky Endpoint Security package.
  4. Relabel Kaspersky Endpoint Security binaries with bin_t by using the following commands:

    semanage fcontext -a -t bin_t <binary>

    restorecon -v <binary>

    Here, <binary> are the binaries under the following paths:

    • /var/opt/kaspersky/kesl/10.1.4.<build number>_<installation timestamp>/opt/kaspersky/kesl/libexec/kesl
    • /var/opt/kaspersky/kesl/10.1.4.<build number>_<installation timestamp>/opt/kaspersky/kesl/bin/kesl-control
    • /var/opt/kaspersky/kesl/10.1.4.<build number>_<installation timestamp>/opt/kaspersky/kesl/libexec/kesl-gui
    • /var/opt/kaspersky/kesl/10.1.4.<build number>_<installation timestamp>/opt/kaspersky/kesl/shared/kesl-supervisor

    If you use the custom SELinux policy, relabel Kaspersky Endpoint Security binaries according to the SELinux policy.

  5. Run the Kaspersky Endpoint Security configuration script:

    # /opt/kaspersky/kesl/bin/kesl-setup.pl

  6. Run the following tasks:
    • File Threat Protection task:

      kesl-control --start-task 1

    • Boot sector scan task:

      kesl-control --start-task 4 -W

    • System memory scan task:

      kesl-control --start-task 5 -W

    It is recommended to run all the tasks that you plan to run while using Kaspersky Endpoint Security.

  7. Ensure that there are no errors in the audit.log file:

    grep kesl /var/log/audit/audit.log

    If there are errors, create and load a new rules module on the basis of blocking records in order to fix the errors, and then run all the tasks that you plan to run while using Kaspersky Endpoint Security.

    If new audit messages related to Kaspersky Endpoint Security appear, the rules module file needs to be updated.

  8. Switch SELinux to enforcing mode:

    # setenforce Enforcing

If you install the application updates, you need to relabel Kaspersky Endpoint Security binaries again (repeat steps 1, 4, 6, 7, and 8 of this procedure).

For additional information, please refer to the documentation on the relevant operating system.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.