Installing Kaspersky Security Center Linux in silent mode

You can install Kaspersky Security Center Linux on Linux devices by using an answer file to run an installation in silent mode, that is, without user participation. The answer file contains a custom set of installation parameters: variables and their respective values.

Before installation:

• Install a database management system (DBMS).
• Make sure that the device on which you want to install Kaspersky Security Center Linux is running one of the supported Linux distributions.

To install Kaspersky Security Center Linux in silent mode:

1. Read the End User License Agreement. Follow the steps below only if you understand and accept the terms of the End User License Agreement.
2. If your device runs on Astra Linux 1.8 or later, do the actions described in this step. If your device runs on a different OS, proceed to the next step.
   1. Create the /etc/systemd/system/kladminserver_srv.service.d directory and create a file named override.conf with the following content:

      [Service]

      User=

      User=ksc

      CapabilitiesParsec=PARSEC_CAP_PRIV_SOCK

      ExecStart=

      ExecStart=/opt/kaspersky/ksc64/sbin/klserver -d from_wd

   2. Create a directory /etc/systemd/system/klwebsrv_srv.service.d and create a file named override.conf with the following content:

      [Service]

      User=

      User=ksc

      CapabilitiesParsec=PARSEC_CAP_PRIV_SOCK

      ExecStart=

      ExecStart=/opt/kaspersky/ksc64/sbin/klcsweb -d from_wd

3. Create a group 'kladmins' and an unprivileged account 'ksc', that must be a member of the 'kladmins' group. To do this, sequentially run the following commands under an account with root privileges:

   # adduser ksc

   # groupadd kladmins

   # gpasswd -a ksc kladmins

   # usermod -g kladmins ksc

4. Create the answer file (in TXT format), and add a list of variables in the VARIABLE_NAME=variable_value format to the answer file, each one in a separate line. The answer file should include the variables listed in the table below.
5. Set the value of the KLAUTOANSWERS environment variable in the root environment containing the full name of the answer file including the path, for example, with the following command:

   export KLAUTOANSWERS=/tmp/ksc_install/answers.txt

6. Run the Kaspersky Security Center Linux installation in silent mode—depending on your Linux distribution, run one of the following commands:
   • # apt install /<path>/ksc64_[version_number]_amd64.deb
   • # yum install /<path>/ksc64-[version_number].x86_64.rpm -y
7. Create a user to work with Kaspersky Security Center Web Console. To do this, run the following command under an account with root privileges:

   /opt/kaspersky/ksc64/sbin/kladduser -n ksc -p <password>, where the password must contain at least 8 characters.

   Variables of the answer file used as parameters of Kaspersky Security Center Linux installation in silent mode

   Variable name	Required	Description	Possible values
   EULA_ACCEPTED	Yes	Confirms that you understand and accept the terms of the End User License Agreement.	1
   PP_ACCEPTED	Yes	Confirms that you understand and accept the terms of the Privacy Policy.	1
   KLSRV_UNATT_SERVERADDRESS	Yes	The Administration Server DNS-name or static IP address.	DNS name or IP address
   KLSRV_UNATT_PORT_SRV	No	The Administration Server port number. Optional, default value is 14000.	Port number
   KLSRV_UNATT_PORT_SRV_SSL	No	The Administration Server SSL port number. Optional, default value is 13000.	Port number
   KLSRV_UNATT_PORT_KLOAPI	No	The Administration Server KLOAPI port number. Optional, default value is 13299.	Port number
   KLSRV_UNATT_PORT_GUI	No	The Administration Server GUI port number. Optional, default value is 13291.	Port number
   KLSRV_UNATT_NETRANGETYPE	No	The approximate number of devices that you intend to manage. Optional, default value is 1.	1 for 1 to 100 networked devices. 2 for 101 to 1,000 networked devices. 3 for more than 1,000 networked devices.
   KLSRV_UNATT_DBMS_INSTANCE	Yes	The database server IP address.	IP address
   KLSRV_UNATT_DBMS_PORT	Yes	The database server port.	3306
   KLSRV_UNATT_DB_NAME	Yes	The database name.	kav
   KLSRV_UNATT_DBMS_LOGIN	Yes	The username of a user that has access to the database.
   KLSRV_UNATT_DBMS_PASSWORD	Yes	The password of a user that has access to the database.
   KLSRV_UNATT_KLADMINSGROUP	Yes	The security group name for services.	kladmins
   KLSRV_UNATT_KLSRVUSER	Yes	The account name to start the Administration Server service. The account must be a member of the security group specified in KLSRV_UNATT_KLADMINSGROUP variable.	ksc
   KLSRV_UNATT_KLSVCUSER	Yes	The account name to start other services. The account must be a member of the security group specified in KLSRV_UNATT_KLADMINSGROUP variable.	ksc
   If the Administration Server is to be deployed as a Kaspersky Security Center Linux failover cluster, the answer file must include the following additional variables:
   KLFOC_UNATT_NODE	Yes	The node number (1 or 2).	1 or 2
   KLFOC_UNATT_STATE_SHARE_MOUNT_PATH	Yes	The state share mount point.
   KLFOC_UNATT_DATA_SHARE_MOUNT_PATH	Yes	The data share mount point.
   KLFOC_UNATT_CONN_MODE	Yes	The failover cluster connectivity mode.	VirtualAdapter or ExternalLoadBalancer
   In case the KLFOC_UNATT_CONN_MODE variable has VirtualAdapter value, the answer file must include the following additional variables:
   KLFOC_UNATT_CONN_MODE_VA_NAME	Yes	The virtual network adapter name.
   KLFOC_UNATT_CONN_MODE_VA_IPV4	One of these variables is required	The virtual network adapter IP address.	IP address
   KLFOC_UNATT_CONN_MODE_VA_IPV6		The virtual network adapter IPv6 address.	IPv6 address