Download the following files from the Kaspersky website or the website of a partner company to your server:
KSMG installation package in DEB or RPM format, depending on your operating system.
KSMG localization packages in DEB or RPM format, depending on your operating system.
File with a key in the GPG format for working in the closed software environment mode (when installing on Astra Linux Special Edition).
A mechanism for controlling the integrity (immutability) of files to improve security in Astra Linux Special Edition. A closed software environment makes it possible to define a list of permitted software.
Remove Kaspersky Security for Linux Mail Server version 10 or earlier.
Consider the following when removing the application:
If you manually configured the Exim or Postfix mail server when you installed the application, you must manually restore the configuration files of the mail server to their original state.
If integration with Kaspersky Security Center was used in the previous version of the application, you must remove the Network Agent of the previous version.
Make sure that the English locale is installed in the operating system and install it if necessary.
Run the following command:
locale -a
Check if the list includes the en_US.UTF-8 or en_US.utf8 locale.
If the locale is already installed, no further action is required.
If the locale is not installed, run the following commands:
For Red Hat Enterprise Linux, Rocky Linux, RED OS operating systems:
yum install glibc-langpack-en
For Ubuntu, Debian, Astra Linux Special Edition operating systems:
apt install locales
dpkg-reconfigure locales
The locale is added to the operating system.
Verify that the locale was added successfully by running the command again:
locale -a
The initial configuration script of the application displays the texts of the End User License Agreement and the Privacy Policy. To have them displayed correctly, make sure that your terminal supports characters of the language selected for viewing the texts of the End User License Agreement and the Privacy Policy.
Disable SELinux (for Red Hat Enterprise Linux, RED OS, and Rocky Linux operating systems).
If you want KSMG to work in the mandatory access control mode, make sure to enable the mandatory access control mode in the settings of your Astra Linux Special Edition operating system. If you are not planning to use the mandatory access control mode, disable this mode in your operating system settings.
Restricting the access of subjects to objects by assigning security labels to information contained in the objects and issuing an official permission (clearance) to subjects which allows accessing information of the corresponding security level.
Make sure the sudo and less packages are installed. If necessary, install these packages using the package manager of your operating system.
When installing on Red Hat Enterprise Linux, Rocky Linux, or RED OS, make sure the libxcrypt-compat package is installed. If necessary, install it using the package manager of your operating system.
If you are installing the application on Astra Linux Special Edition and want to use PostgreSQL provided by the operating system instead of PostgreSQL provided as part of KSMG, install the postgresql package using the package manager of the operating system.
When installing KSMG on Ubuntu, Debian, Red Hat Enterprise Linux, Rocky Linux, or RED OS, integration is supported only with the Nginx web server. Make sure the web server is installed and running.
The initial configuration script automatically looks for an Nginx web server on your computer. For a successful discovery, make sure that the settings of your web server satisfy the conditions listed in the table below.
Nginx web server settings
Setting description
When the setting is detected
Name of the Nginx service
The output of the 'systemctl cat nginx' utility does not include any error messages.
Path to the Nginx executable file
The output of the which utility contains the path to the Nginx executable file
Path to the directory with Nginx configuration files
The /etc/nginx directory exists
Path to Nginx configuration file
The nginx.conf file exists in the /etc/nginx directory
Path to the directory with the web sites
The /etc/nginx directory has a 'conf.d' subdirectory
The user that started the Nginx process
The output of the following command:
<path to the Nginx executable file> -T
includes the line:
user <user name>;
When installing KSMG on Astra Linux Special Edition, integration is supported only with the Apache web server. Make sure the web server is installed and running.
Install and enable the following Apache modules:
headers
proxy
proxy_http
deflate
ssl
socache_shmcb
Enable the required modules in the Astra Linux Special Edition operating system:
KSMG runs with AstraMode disabled. If you need Apache with AstraMode enabled to use web services other than KSMG, you can leave AstraMode enabled in the Apache settings. This does not affect the performance of KSMG, Apache, or web services managed by Apache.
The initial configuration script automatically looks for an Apache web server on your computer. For a successful discovery, make sure that the settings of your web server satisfy the conditions listed in the table below.
Apache web server settings
Setting description
When the setting is detected
Name of the Apache service
At least one of the following commands runs without errors:
systemctl cat httpd
systemctl cat apache2
Apache web server management utility
The 'which' utility run for one of the following commands returns the path to the executable file:
httpd
apachectl
No errors occur when running the executable file with each of the following options:
-S (show configuration options)
-t (check the syntax of configuration files)
-M (show available extensions)
Path to the directory with the web sites
One of the following directories contains a 'sites-enabled' or 'conf.d' directory:
/etc/apache2/
/etc/httpd/
/etc/httpd/conf/
The user that started the Apache process
The output of the following command:
<path to the executable file obtained by running which httpdorwhich apachectl> -S