Kaspersky Embedded Systems Security for Linux

Creating an installation package in the Web Console

In Kaspersky Security Center Web Console, you can create an installation package in one of the following ways:

• From an archive file that you have prepared previously.
• From a distribution kit hosted on Kaspersky servers.

To prepare an archive for creating an installation package:

1. Download the kess.zip archive from the application download page. It is located in the Kaspersky Embedded Systems Security for Linux -> Additional distribution → Files for Product remote installation section.
2. Unpack the kess.zip archive to a folder accessible to Kaspersky Security Center Administration Server. Place the distribution files, that correspond to the type of operating system where you want to install the application and the type of its package manager, to the same folder:
   • To install Kaspersky Embedded Systems Security:
     • kess-3.4.0-<build number>.i386.rpm (for 32-bit operating systems with rpm)
     • kess_3.4.0-<build number>_i386.deb (for 32-bit operating systems with dpkg)
     • kess_3.4.0-<build number>.x86_64.rpm (for 64-bit operating systems with rpm)
     • kess_3.4.0-<build number>_amd64.deb (for 64-bit operating systems with dpkg)
   • To install the graphical user interface of the application:
     • kess-gui-3.4.0-<build number>.i386.rpm (for 32-bit operating systems with rpm)
     • kess-gui-3.4.0-<build number>_i386.deb (for 32-bit operating systems with dpkg)
     • kess-gui-3.4.0-<build number>.x86_64.rpm (for 64-bit operating systems with rpm)
     • kess-gui-3.4.0-<build number>_amd64.deb (for 64-bit operating systems with dpkg)

     If you do not want to install the graphical user interface, do not add these files to the folder; this will make the installation package smaller.

   If you do not plan to use the graphical interface, disable it by editing the appropriate setting (USE_GUI=No) in the properties of the created installation package or in the autoinstall.ini configuration file. Otherwise, the installation will fail.

   If you want to use the created installation package with different operating systems or package managers, place the files for all the types of operating systems and package managers that you need in the directory.

3. If you want to use offline application databases downloaded in advance:
   1. Place prepared archives with databases for all your operating system types into the folder.
   2. In initial configuration settings, disable the database update task after installing the application. You can configure the corresponding parameter in the properties of the created installation package or in the autoinstall.ini configuration file (UPDATE_EXECUTE=no). The autoinstall.ini file is located in the directory where you extracted the kess.zip archive.
4. If you want to perform the initial configuration of the application using a configuration file, open the autoinstall.ini configuration file and edit it as necessary.

   You can also perform the initial configuration of the application later in the properties of the created installation package on the Settings tab.

5. Place all prepared files in an archive in ZIP, CAB, TAR, or TAR.GZ format with any name.

To create an installation package for Kaspersky Embedded Systems Security in Kaspersky Security Center Web Console:

1. In the main Web Console window, select one of the following sections:
   • Device discovery and deployment → Deployment and assignment → Installation packages.
   • Operations → Repositories → Installation packages.

   A list of installation packages available on the Administration Server opens.

2. Click Add.

   The wizard for creating an installation package will start. Follow the instructions of the Wizard.

3. On the first page of the wizard, select the method for creating an installation package:
   • Create an installation package from a file. The installation package will be created from an archive that you have prepared in advance.
   • Create the installation package for a Kaspersky application. The installation package will be created from a distribution package located on Kaspersky servers.

   Kaspersky Security Center Cloud Console does not allow creation of installation packages from a file.

4. Depending on the selected package creation method:
   • Specify the package name, click the Browse button, and specify the path to the archive that you have prepared for creating the installation package.
   • Select Kaspersky Embedded Systems Security distribution package. In the window on the right, read the information about the distribution package and click the Download and create installation package button. The installation package creation process starts.
5. When prompted by the Wizard, read the License Agreement between you and Kaspersky and the Privacy Policy that describes the processing and transmission of data. To continue creating the installation package, you must confirm that you have read and accept the full terms of the End User License Agreement and the Privacy Policy.
6. Complete the wizard.

   The installation package will be created and added to the list of installation packages. Using the installation package, you can install the application on devices in the corporate network or update the application version.

7. If necessary, edit initial configuration settings (see the table below). To do this, open the properties of the installation package and go to Settings tab.

   Initial configuration settings

   Section	Description
   Specify the locale.	Select this check box if you want to specify the locale to be used by the application. In the displayed field, enter the locale in the RFC 3066 format. If this setting is not specified, the default locale is used.
   Activate the application	Select this check box if you want to activate the application during installation. In the displayed field, enter the activation code. You can also activate the application after installation.
   Select the update source.	Select the update source for databases and application modules: Kaspersky update servers. Kaspersky Security Center. Other source in the local or global network. If you select this option, enter the address of the update source in the field that opens.
   Run the database update task after installation.	Select this check box if you want to run the databases and application modules update task after installing the application.
   Specify the proxy server settings.	Select this check box if you use a proxy server for internet access. In the displayed field, enter the proxy server address in one of the following formats: <connection protocol>://<IP address of the proxy server>:<port number> if the proxy server connection does not require authentication <connection protocol>://<user name>:<password>@<IP address of the proxy server>:<port number> if the proxy server connection requires authentication Connecting to a proxy server over HTTPS is not supported.
   Install kernel source	Select this check box to automatically start of kernel module compilation.
   Use the graphical user interface.	Select this check box if you plan to install the graphical user interface of the application (the files for installing the graphical interface are included in the installation package).
   Specify a user with the admin role	Select the check box to specify the user to be assigned the administrator (admin) role. In the displayed field, enter the user name.
   Configure SELinux automatically	Select the check box to automatically configure SELinux to work with Kaspersky Embedded Systems Security.
   Remove users from privileged groups	Select this check box to remove users from the 'kessadmin' and 'kessaudit' privileged groups before installing the application. If the check box is selected and the 'nogroup' group does not exist, the installation fails and you are prompted to manually remove users from privileged groups.
   Disable protection components and scan tasks when the application is started for the first time after installation.	Select this check box if, after completing the installation process, you want to run the application with protection components and scan tasks disabled. An installation with protection components disabled can be convenient, for example, in order to reproduce a problem in the operation of the application and create a trace file. If you enable the necessary components and tasks, the enabled components and tasks will continue to work after the application is restarted.