Post-installation configuration of the application in interactive mode

After installing Kaspersky Embedded Systems Security using the command line, perform the post-installation configuration of the application by running the post-installation configuration script. The post-installation configuration script is included in the Kaspersky Embedded Systems Security distribution kit.

Performing the post-installation configuration after installing the application using the command line is required to enable the protection of the client device.

To run the Kaspersky Embedded Systems Security post-installation configuration script, execute the following command:

# /opt/kaspersky/kess/bin/kess-setup.pl

The post-installation configuration must be run with root privileges after the installation of Kaspersky Embedded Systems Security package is finished. The script requests the values of Kaspersky Embedded Systems Security settings step-by-step. The script finishing and the console being released indicate that the post-installation configuration is completed.

To check the return code, execute the following command:

echo $?

If the command returns code 0, the initial application setup is finished successfully.

Kaspersky Embedded Systems Security can protect the device only after the application databases are updated.

Selecting the locale

At this step, the application displays the list of supported locale identifiers in RFC 3066 format.

Specify the locale in the format as identified in this list. This locale will be used for application events sent to Kaspersky Security Center, as well as for the texts of the License Agreement, Privacy Policy, and Kaspersky Security Network Statement.

The locale of the graphical interface and the application command line depends on the value of the LANG environment variable. If the locale that is not supported by Kaspersky Embedded Systems Security is specified as the value of the LANG environment variable, the graphical interface and the command line are displayed in English.

Viewing the End User License Agreement and the Privacy Policy

At this step, read the End User License Agreement concluded between you and Kaspersky, and the Privacy Policy describing the handling and transmission of data.

Page top

Accepting the End User License Agreement

At this step, you must either accept or decline the terms of the End User License Agreement.

After exiting viewing mode, enter one of the following values:

• yes (or y), if you accept the terms of the End User License Agreement.
• no (or n), if you do not accept the terms of the End User License Agreement.

If you do not accept the terms of the End User License Agreement, the application terminates Kaspersky Embedded Systems Security setup process.

Page top

Accepting the Privacy Policy

At this step, you must either accept or decline the terms of the Privacy Policy.

After exiting viewing mode, enter one of the following values:

• yes (or y), if you accept the terms of the Privacy Policy.
• no (or n), if you do not accept the terms of the Privacy Policy.

If you do not accept the terms of the Privacy Policy, the application terminates Kaspersky Embedded Systems Security setup process.

Using Kaspersky Security Network

At this step, you must either accept or decline the terms of use of the Kaspersky Security Network Statement. The file ksn_license.<language ID> containing the text of the Kaspersky Security Network Statement is located in the directory /opt/kaspersky/kess/doc/.

Enter one of the following values:

• yes (or y), if you accept the terms of the Kaspersky Security Network Statement. KSN with statistics sharing (extended KSN mode) will be enabled.
• no (or n), if you do not accept the terms of the Kaspersky Security Network Statement.

Refusing to use Kaspersky Security Network will not halt the Kaspersky Embedded Systems Security installation process. You can enable, disable, or change the Kaspersky Security Network mode at any time.

Page top

Assigning the Administrator role to a user

At this step, you can grant the administrator (admin) role to the user.

Enter the name of the user to whom you want to grant the administrator role.

You can grant the administrator role to the user later at any time.

Page top

Determining the file operation interceptor type

At this step, the file operation interceptor type for the utilized operating system is determined. For operating systems that do not support fanotify technology, kernel module compilation will begin.

If the necessary packages are not detected during the kernel module compilation process, Kaspersky Embedded Systems Security will prompt you to install them. If the package download fails, an error message will be displayed.

If all the required packages are available, the kernel module will be automatically compiled when the File Threat Protection task starts.

You can compile the kernel module later after completing the Kaspersky Embedded Systems Security post-installation configuration.

Page top

Enabling automatic configuration of SELinux

This step is displayed only if SELinux is installed on your operating system.

At this step, you can enable automatic configuration of SELinux for working with Kaspersky Embedded Systems Security.

Enter yes to enable automatic configuration of SELinux. If SELinux cannot be configured automatically, the application displays an error message and prompts the user to configure SELinux manually.

Enter no if you do not want the application to automatically configure SELinux.

By default, the application suggests yes.

If necessary, you can manually configure SELinux to work with the application later, after the initial setup of Kaspersky Embedded Systems Security is complete.

Configuring the update source

At this step, specify the update sources for databases and application modules.

Enter one of the following values:

• KLServers: the application receives updates from one of the Kaspersky update servers.
• SCServer: the application downloads updates to the protected device from Kaspersky Security Center Administration Server installed in your organization. You can select this update source if you use Kaspersky Security Center for centralized administration of device protection in your organization.
• <URL>: the application downloads updates from a custom source. You can specify the address of the custom source of updates in the local area network or on the Internet.
• <path> – the application receives updates from the specified directory.

Page top

Configuring proxy server settings

At this step, you must specify the proxy server settings if you are using a proxy server to access the Internet. Internet connection is required to download the application databases from the update servers.

To configure proxy server settings, perform one of the following actions:

• If you use a proxy server to connect to the Internet, specify the address of the proxy server using one of the following formats:
  • <IP address of the proxy server>:<port number>, if the proxy server connection does not require authentication;
  • <user name>:<password>@<IP address of the proxy server>:<port number>, if the proxy server connection requires authentication.

    When connecting via an HTTP proxy, we recommend to use a separate account that is not used to sign in to other systems. An HTTP proxy uses an insecure connection, and the account may be compromised.

• If you do not use a proxy server to connect to the Internet, enter no as your answer.

By default, the application suggests no.

You can configure the proxy server settings later, without using the post-installation configuration script.

Downloading application databases

At this step, you can download the application databases to the client device. The application databases contain descriptions of the threat signatures and methods of countering them. The application uses these records when searching and neutralizing threats. Kaspersky virus analysts regularly add new records about threats.

To download the application databases to the device, enter yes.

If you do not want to immediately download the application databases, enter no.

By default, the application suggests yes.

Kaspersky Embedded Systems Security protects the device only after the application databases are downloaded.

You can start the Update task without using the post-installation configuration script.

Enabling automatic application database update

At this step, you can enable automatic update of the application databases.

Enter yes to enable automatic application database update. By default, the application checks for available database updates every 60 minutes. If updates are available, the application downloads the updated databases.

Enter no if you do not want the application to automatically update the databases.

You can enable automatic database update later without using the post-installation configuration by configuring the update task schedule.

Application activation

At this step, you can activate the application using an activation code or a key file.

To activate the application using an activation code, enter the activation code.

To activate the application using a key file, specify the full path to the key file.

If no activation code or key file is specified, the application is activated using a trial key for one month.

You can activate the application without using the post-installation configuration script.