Preparing to install Kaspersky Embedded Systems Security

Before starting installation of Kaspersky Embedded Systems Security, you need to perform the following actions:

• Check that your device meets the hardware and software requirements of the application.
• Be sure third-party anti-virus software is not installed on your device.
• Be sure that Kaspersky Endpoint Agent for Linux is not installed on your device. If Kaspersky Endpoint Agent for Linux is installed, during the installation process you will see a message about the need to manually remote it.
• Make sure that the Perl interpreter 5.10 or later is installed on your device.
• Make sure the semanage utility is installed in the system. If the utility is not installed, install the policycoreutils-python or policycoreutils-python-utils package, depending on the package manager.
• Make sure that the required dependencies for installing the GUI package are available on your device. If the device is in an isolated network segment and does not have access to the repositories of the package manager, we recommend to check the list of dependencies on the reference device, and then download and distribute the packages to all devices before installing the GUI.
• On devices with operating systems that do not support fanotify technology, make sure that the following are installed:
  • Packages for compiling applications and running tasks (gcc, binutils, glibc, glibc-devel, make)
  • Package with header files of the operating system kernel for compiling Kaspersky Embedded Systems Security modules.
• Install one of the following packages on your device depending on the operating system:
  • On devices running the SUSE Linux Enterprise Server 15 operating system, the insserv-compat package must be installed.
  • On devices running the Red Hat Enterprise Linux 8 or RED OS operating system, install the perl-Getopt-Long package.
  • On devices running the Red Hat Enterprise Linux or RED OS operating systems, install the perl-File-Copy package. This package is required for the initial application configuration script to work, but may be absent by default.
• By default, Astra Linux operating systems block ptrace (Disable ptrace capability), which may affect the operation of Kaspersky Embedded Systems Security. For Kaspersky Embedded Systems Security to work correctly, unblock ptrace when installing Astra Linux. If Astra Linux is already installed, see the Astra Linux Help Center website for instructions on how to enable/disable this mode (Configuring protection and blocking mechanisms in the Blocking ptrace section).
• For the Firewall Management, Web Threat Protection and Network Threat Protection components to work, the iptables utility needs to be installed on your device.
• For the Kaspersky Embedded Systems Security administration MMC plug-in to work, Microsoft Visual C++ 2015 Redistributable Update 3 RC (see https://www.microsoft.com/en-us/download/details.aspx?id=52685) must be installed on device where Kaspersky Security Center Administration Server is installed.
• For the application to run correctly, make sure that the root account is the owner of the following directories and that only the owner has the right to write to them: /var, /var/opt, /var/opt/kaspersky, /var/log/kaspersky, /opt, /opt/kaspersky, /usr/bin, /usr/lib, /usr/lib64.
• Make sure that file descriptor limits recommended by the operating system vendor are configured in the operating system. To check the limit, run the command cat /proc/sys/fs/file-max. When the application is running, the operating system may use significantly more descriptors. In general, we recommend disabling the file limit by specifying fs.file-max=9223372036854775807 in the /etc/sysctl.conf file. After changing the value of this setting, you must restart the operating system.