Contents
- Deploying the application using the command line
- Installing the application using the command line
- Post-installation configuration of the application in interactive mode
- Selecting the locale
- Viewing the End User License Agreement and the Privacy Policy
- Accepting the End User License Agreement
- Accepting the Privacy Policy
- Using Kaspersky Security Network
- Assigning the Administrator role to a user
- Determining the file operation interceptor type
- Enabling automatic configuration of SELinux
- Configuring the update source
- Configuring proxy server settings
- Downloading application databases
- Enabling automatic application database update
- Application activation
- Post-installation configuration of the application in automatic mode
- Settings in the configuration file for post-installation configuration
Deploying the application using the command line
Kaspersky Embedded Systems Security is distributed in the DEB and RPM packages. There are separate packages for the application and for the graphical user interface.
You can perform the following actions when installing the application:
- Install only the application package, without the graphical user interface.
- Install the graphical user interface package.
It is not possible to install the graphical user interface package on a client device that does not have the application package installed.
If the version of the apt package manager is lower than 1.1.X, use the dpkg/rpm package manager (depending on the operating system) for installation.
After the application installation using the command line is completed, perform the post-installation configuration of the application by running the post-installation configuration script or in the automatic mode.
Installing the application using the command line
Installing the application package without a graphical user interface
To install Kaspersky Embedded Systems Security from an RPM package on a 32-bit operating system, execute the following command:
# rpm -i kess-3.3.0-<build number>.i386.rpm
To install Kaspersky Embedded Systems Security from an RPM package on a 64-bit operating system, execute the following command:
# rpm -i kess-3.3.0-<build number>.x86_64.rpm
To install Kaspersky Embedded Systems Security from a DEB package on a 32-bit operating system, execute the following command:
# apt-get install ./kess_3.3.0-<build number>_i386.deb
To install Kaspersky Embedded Systems Security from a DEB package on a 64-bit operating system, execute the following command:
# apt-get install ./kess_3.3.0-<build number>_amd64.deb
Installing the graphical user interface package
To install the graphical user interface from the RPM package to a 32-bit operating system, execute the following command:
# rpm -i kess-gui-3.3.0-<build number>.i386.rpm
To install the graphical user interface from the RPM package to a 64-bit operating system, execute the following command:
# rpm -i kess-gui-3.3.0-<build number>.x86_64.rpm
To install the graphical user interface from the DEB package to a 32-bit operating system, execute the following command:
# apt-get install ./kess-gui_3.3.0-<build number>_i386.deb
To install the graphical user interface from the DEB package to a 64-bit operating system, execute the following command:
# apt-get install ./kess-gui_3.3.0-<build number>_amd64.deb
Post-installation configuration of the application in interactive mode
After installing Kaspersky Embedded Systems Security using the command line, perform the post-installation configuration of the application by running the post-installation configuration script. The post-installation configuration script is included in the Kaspersky Embedded Systems Security distribution kit.
Performing the post-installation configuration after installing the application using the command line is required to enable the protection of the client device.
To run the Kaspersky Embedded Systems Security post-installation configuration script, execute the following command:
# /opt/kaspersky/kess/bin/kess-setup.pl
The post-installation configuration must be run with root privileges after the installation of Kaspersky Embedded Systems Security package is finished. The script requests the values of Kaspersky Embedded Systems Security settings step-by-step. The script finishing and the console being released indicate that the post-installation configuration is completed.
To check the return code, execute the following command:
echo $?
If the command returns code 0, the initial application setup is finished successfully.
Kaspersky Embedded Systems Security can protect the device only after the application databases are updated.
Selecting the locale
At this step, the application displays the list of supported locale identifiers in RFC 3066 format.
Specify the locale in the format as identified in this list. This locale will be used for application events sent to Kaspersky Security Center, as well as for the texts of the License Agreement, Privacy Policy, and Kaspersky Security Network Statement.
The locale of the graphical interface and the application command line depends on the value of the LANG environment variable. If the locale that is not supported by Kaspersky Embedded Systems Security is specified as the value of the LANG environment variable, the graphical interface and the command line are displayed in English.
Viewing the End User License Agreement and the Privacy Policy
At this step, read the End User License Agreement concluded between you and Kaspersky, and the Privacy Policy describing the handling and transmission of data.
Accepting the End User License Agreement
At this step, you must either accept or decline the terms of the End User License Agreement.
After exiting viewing mode, enter one of the following values:
yes(ory), if you accept the terms of the End User License Agreement.no(orn), if you do not accept the terms of the End User License Agreement.
If you do not accept the terms of the End User License Agreement, the application terminates Kaspersky Embedded Systems Security setup process.
Accepting the Privacy Policy
At this step, you must either accept or decline the terms of the Privacy Policy.
After exiting viewing mode, enter one of the following values:
yes(ory), if you accept the terms of the Privacy Policy.no(orn), if you do not accept the terms of the Privacy Policy.
If you do not accept the terms of the Privacy Policy, the application terminates Kaspersky Embedded Systems Security setup process.
Page topUsing Kaspersky Security Network
At this step, you must either accept or decline the terms of use of the Kaspersky Security Network Statement. The file ksn_license.<language ID> containing the text of the Kaspersky Security Network Statement is located in the directory /opt/kaspersky/kess/doc/.
Enter one of the following values:
yes(ory), if you accept the terms of the Kaspersky Security Network Statement. KSN with statistics sharing (extended KSN mode) will be enabled.no(orn), if you do not accept the terms of the Kaspersky Security Network Statement.
Refusing to use Kaspersky Security Network will not halt the Kaspersky Embedded Systems Security installation process. You can enable, disable, or change the Kaspersky Security Network mode at any time.
Assigning the Administrator role to a user
At this step, you can grant the administrator (admin) role to the user.
Enter the name of the user to whom you want to grant the administrator role.
You can grant the administrator role to the user later at any time.
Determining the file operation interceptor type
At this step, the file operation interceptor type for the utilized operating system is determined. For operating systems that do not support fanotify technology, kernel module compilation will begin.
If the necessary packages are not detected during the kernel module compilation process, Kaspersky Embedded Systems Security will prompt you to install them. If the package download fails, an error message will be displayed.
If all the required packages are available, the kernel module will be automatically compiled when the File Threat Protection task starts.
You can compile the kernel module later after completing the Kaspersky Embedded Systems Security post-installation configuration.
Enabling automatic configuration of SELinux
This step is displayed only if SELinux is installed on your operating system.
At this step, you can enable automatic configuration of SELinux for working with Kaspersky Embedded Systems Security.
Enter yes to enable automatic configuration of SELinux. If SELinux cannot be configured automatically, the application displays an error message and prompts the user to configure SELinux manually.
Enter no if you do not want the application to automatically configure SELinux.
By default, the application suggests yes.
If necessary, you can manually configure SELinux to work with the application later, after the initial setup of Kaspersky Embedded Systems Security is complete.
Page topConfiguring the update source
At this step, specify the update sources for databases and application modules.
Enter one of the following values:
KLServers: the application receives updates from one of the Kaspersky update servers.SCServer: the application downloads updates to the protected device from Kaspersky Security Center Administration Server installed in your organization. You can select this update source if you use Kaspersky Security Center for centralized administration of device protection in your organization.<URL>: the application downloads updates from a custom source. You can specify the address of the custom source of updates in the local area network or on the Internet.<path>– the application receives updates from the specified directory.
Configuring proxy server settings
At this step, you must specify the proxy server settings if you are using a proxy server to access the Internet. Internet connection is required to download the application databases from the update servers.
To configure proxy server settings, perform one of the following actions:
- If you use a proxy server to connect to the Internet, specify the address of the proxy server using one of the following formats:
<IP address of the proxy server>:<port number>, if the proxy server connection does not require authentication;<user name>:<password>@<IP address of the proxy server>:<port number>, if the proxy server connection requires authentication.When connecting via an HTTP proxy, we recommend to use a separate account that is not used to sign in to other systems. An HTTP proxy uses an insecure connection, and the account may be compromised.
- If you do not use a proxy server to connect to the Internet, enter no as your answer.
By default, the application suggests no.
You can configure the proxy server settings later, without using the post-installation configuration script.
Page topDownloading application databases
At this step, you can download the application databases to the client device. The application databases contain descriptions of the threat signatures and methods of countering them. The application uses these records when searching and neutralizing threats. Kaspersky virus analysts regularly add new records about threats.
To download the application databases to the device, enter yes.
If you do not want to immediately download the application databases, enter no.
By default, the application suggests yes.
Kaspersky Embedded Systems Security protects the device only after the application databases are downloaded.
You can start the Update task without using the post-installation configuration script.
Page topEnabling automatic application database update
At this step, you can enable automatic update of the application databases.
Enter yes to enable automatic application database update. By default, the application checks for available database updates every 60 minutes. If updates are available, the application downloads the updated databases.
Enter no if you do not want the application to automatically update the databases.
You can enable automatic database update later without using the post-installation configuration by configuring the update task schedule.
Page topApplication activation
At this step, you can activate the application using an activation code or a key file.
To activate the application using an activation code, enter the activation code.
To activate the application using a key file, specify the full path to the key file.
If no activation code or key file is specified, the application is activated using a trial key for one month.
You can activate the application without using the post-installation configuration script.
Page topPost-installation configuration of the application in automatic mode
You can perform post-installation configuration of the application in automatic mode.
To start the post-installation configuration of the application in automatic mode, run the following command:
# /opt/kaspersky/kess/bin/kess-setup.pl --autoinstall=<post-installation configuration file>
where <post-installation configuration file> is a path to the configuration file that contains post-installation configuration settings. You can create this file or copy the necessary structure from the autoinstall.ini configuration file used for remote installation of the application using Kaspersky Security Center.
When the post-installation configuration script is finished and releases the console, the post-installation configuration of the application is complete.
To check the return code, execute the following command:
echo $?
If the command returns code 0, the initial application setup is finished successfully.
Kaspersky Embedded Systems Security protects the device only after the application databases are updated.
To correctly update application modules after the script has finished, you may need to restart the application. Check the status of updates for the application using the kess-control --app-info command.
Settings in the configuration file for post-installation configuration
The configuration file for the post-installation configuration must contain the settings listed in the table below.
Settings in the configuration file for post-installation configuration
Setting |
Description |
Values |
|---|---|---|
EULA_AGREED |
Required setting. Acceptance of the terms of the End User License Agreement. |
|
PRIVACY_POLICY_AGREED |
Required setting. Acceptance of the Privacy Policy. |
|
USE_KSN |
Required setting. Acceptance of Kaspersky Security Network Statement. |
|
LOCALE |
Optional setting. The locale used for the application events sent to Kaspersky Security Center. |
Locale in the format specified by RFC 3066. If the The locale of the graphical interface and the application command line depends on the value of the |
INSTALL_LICENSE |
Activation code or key file. |
|
UPDATER_SOURCE |
Update source. |
Update source address |
PROXY_SERVER |
Address of the proxy server used to connect to the Internet. |
Proxy server address |
UPDATE_EXECUTE |
Start application database update task during setup. |
|
KERNEL_SRCS_INSTALL |
Automatic start of kernel module compilation. |
|
ADMIN_USER |
A user to whom you can grant the administrator role (admin). |
|
CONFIGURE_SELINUX |
Automatic configuration of SELinux for working with Kaspersky Embedded Systems Security. |
yes – configure SELinux to work with Kaspersky Embedded Systems Security. no – do not configure SELinux to work with Kaspersky Embedded Systems Security. |
If you want to change the settings in the configuration file for initial setup of the application, specify the values of settings in the following format: <setting name>=<setting value> (the application does not process spaces between the name of a setting and its value).