Contents
- Installing and initially configuring the application using the command line
- Installing the application using the command line
- Post-installation configuration of the application in interactive mode
- Selecting the locale
- Viewing the End User License Agreement and the Privacy Policy
- Accepting the End User License Agreement
- Accepting the Privacy Policy
- Using Kaspersky Security Network
- Removing users from privileged groups
- Assigning the Administrator role to a user
- Determining the file operation interceptor type
- Enabling automatic configuration of SELinux
- Configuring the update source
- Configuring proxy server settings
- Starting an application database update
- Enabling automatic application database update
- Application activation
- Post-installation configuration of the application in automatic mode
- Settings in the configuration file for post-installation configuration
Installing and initially configuring the application using the command line
You can install the Kaspersky Embedded Systems Security application on a client device using the command line.
Installation using the command line involves the following steps:
- Installing the application and the graphical interface of the application. You can choose one of the following installation options:
- Install the application with the graphical interface.
- Install the application without the graphical interface.
- Install the graphical interface on the device where the application is installed.
It is not possible to install the graphical interface on a device on which the application is not installed.
If the version of the apt package manager is lower than 1.1.X, use the dpkg/rpm package manager (depending on the operating system) for installation.
- Initial configuration of the application
The application needs initial configuration to prepare it for operation and enable the protection of the client device.
If initial configuration of the application has not been completed on a device, you cannot use or update the application on that device.
Initial configuration of the application is performed by running the special initial configuration script from the distribution kit of Kaspersky Embedded Systems Security. You can perform the initial configuration of the application in interactive mode or in automatic mode.
Installing the application using the command line
Installing the application without the graphical interface.
To install Kaspersky Embedded Systems Security from an RPM package on a 32-bit operating system, execute the following command:
# rpm -i kess-3.4.0-<build number>.i386.rpm
To install Kaspersky Embedded Systems Security from an RPM package on a 64-bit operating system, execute the following command:
# rpm -i kess-3.4.0-<build number>.x86_64.rpm
To install Kaspersky Embedded Systems Security from a DEB package on a 32-bit operating system, execute the following command:
# apt-get install ./kess_3.4.0-<build number>_i386.deb
To install Kaspersky Embedded Systems Security from a DEB package on a 64-bit operating system, execute the following command:
# apt-get install ./kess_3.4.0-<build number>_amd64.deb
Installing the graphical interface of the application
To install the graphical interface from the RPM package to a 32-bit operating system, execute the following command:
# rpm -i kess-gui-3.4.0-<build number>.i386.rpm
To install the graphical interface from the RPM package to a 32-bit operating system, execute the following command:
# rpm -i kess-gui-3.4.0-<build number>.x86_64.rpm
To install the graphical interface from the DEB package to a 32-bit operating system, execute the following command:
# apt-get install ./kess-gui_3.4.0-<build number>_i386.deb
To install the graphical interface from the DEB package to a 64-bit operating system, execute the following command:
# apt-get install ./kess-gui_3.4.0-<build number>_amd64.deb
Post-installation configuration of the application in interactive mode
To perform initial configuration of the application in interactive mode, you need to run the initial configuration script of the Kaspersky Embedded Systems Security application.
You must run the initial configuration script as root.
To run the initial configuration script, execute the following command:
# /opt/kaspersky/kess/bin/kess-setup.pl
The script requests the values of Kaspersky Embedded Systems Security settings step-by-step. The script finishing and the console being released indicate that the post-installation configuration is completed.
To check the return code, execute the following command:
echo $?
If the command returns code 0, the initial configuration of the application has finished successfully.
Kaspersky Embedded Systems Security can protect the device only after the application databases are updated.
Selecting the locale
At this step, the application displays the list of supported locale identifiers in RFC 3066 format.
Specify the locale in the format as identified in this list. This locale will be used for application events sent to Kaspersky Security Center, as well as for the texts of the License Agreement, Privacy Policy, and Kaspersky Security Network Statement.
The locale of the graphical interface and the application command line depends on the value of the LANG environment variable. If the locale that is not supported by Kaspersky Embedded Systems Security is specified as the value of the LANG environment variable, the graphical interface and the command line are displayed in English.
Viewing the End User License Agreement and the Privacy Policy
At this step, read the End User License Agreement concluded between you and Kaspersky, and the Privacy Policy describing the handling and transmission of data.
Accepting the End User License Agreement
At this step, you must either accept or decline the terms of the End User License Agreement.
After exiting viewing mode, enter one of the following values:
yes(ory), if you accept the terms of the End User License Agreement.no(orn), if you do not accept the terms of the End User License Agreement.
If you did not accept the terms and conditions of the End User License Agreement, the Kaspersky Embedded Systems Security setup process is aborted.
Accepting the Privacy Policy
At this step, you must either accept or decline the terms of the Privacy Policy.
After exiting viewing mode, enter one of the following values:
yes(ory), if you accept the terms of the Privacy Policy.no(orn), if you do not accept the terms of the Privacy Policy.
If you did not accept the terms and conditions of the Privacy Policy, the Kaspersky Embedded Systems Security setup process is aborted.
Page topUsing Kaspersky Security Network
At this step, you must either accept or decline the terms of use of the Kaspersky Security Network Statement. The file ksn_license.<language ID> containing the text of the Kaspersky Security Network Statement is located in the directory /opt/kaspersky/kess/doc/.
Enter one of the following values:
yes(ory), if you accept the terms of the Kaspersky Security Network Statement. This enables the extended KSN mode.no(orn), if you do not accept the terms of the Kaspersky Security Network Statement.
Refusal to participate in Kaspersky Security Network does not interrupt the initial configuration of Kaspersky Embedded Systems Security. You can enable, disable, or change the Kaspersky Security Network mode at any time.
If Kaspersky Security Network is enabled, the cloud mode is automatically enabled, in which Kaspersky Embedded Systems Security uses the lightweight version of malware databases.
Page topRemoving users from privileged groups
This step is displayed only if users are detected in the kessadmin group and/or in the kessaudit group.
At this step, specify whether or not to remove users from the kessadmin and kessaudit privileged groups. Users included in the kessadmin and kessaudit groups get privileged access to the application's functions.
Enter yes to remove all detected users from the kessadmin and/or kessaudit group. Users whose primary group is kessadmin or kessaudit are moved to the nogroup group. If there is no nogroup group, the installation will fail and you will be prompted to manually remove users from privileged groups.
Enter no if you do not want the application to remove users from the privileged groups.
Assigning the Administrator role to a user
At this step, you can grant the administrator (admin) role to the user.
Enter the name of the user to whom you want to grant the administrator role.
You can grant the administrator role to the user later at any time.
Determining the file operation interceptor type
At this step, the file operation interceptor type for the utilized operating system is determined. For operating systems that do not support fanotify technology, kernel module compilation will begin.
If all the required packages are available, the kernel module will be automatically compiled when the File Threat Protection task starts.
If, during the compilation of the kernel module, any dependencies are not found on the device, the Kaspersky Embedded Systems Security application suggests installing the relevant packages. If the package download fails, an error message will be displayed.
Page topEnabling automatic configuration of SELinux
This step is displayed only if SELinux is installed on your operating system.
At this step, you can enable automatic configuration of SELinux for working with Kaspersky Embedded Systems Security.
Enter yes to enable automatic configuration of SELinux. If SELinux cannot be configured automatically, the application displays an error message and prompts the user to configure SELinux manually.
Enter no if you do not want the application to automatically configure SELinux.
By default, the application suggests yes.
If necessary, you can manually configure SELinux to work with the application later, after completing the post-installation configuration of Kaspersky Embedded Systems Security.
Page topConfiguring the update source
At this step, you must specify the update source for databases and application modules. The application databases contain descriptions of the threat signatures and methods of countering them. The application uses these records when searching and neutralizing threats. Kaspersky virus analysts regularly add new records about threats.
Enter one of the following values:
KLServers: the application receives updates from one of the Kaspersky update servers.SCServer: the application downloads updates to the protected device from Kaspersky Security Center Administration Server installed in your organization. You can select this update source if you use Kaspersky Security Center for centralized administration of device protection in your organization.<URL>: the application downloads updates from a custom source. You can specify the address of the custom source of updates in the local area network or on the Internet.<path>– the application receives updates from the specified directory.
Configuring proxy server settings
At this step, you must specify the proxy server settings if you are using a proxy server to access the Internet. Internet connection is required to download the application databases from the update servers.
To configure proxy server settings, perform one of the following actions:
- If you use a proxy server to connect to the Internet, specify the address of the proxy server using one of the following formats:
<connection protocol>://<IP address of the proxy server>:<port number>if the proxy server connection does not require authentication<connection protocol>://<user name>:<password>@<IP address of the proxy server>:<port number>if the proxy server connection requires authenticationConnecting to a proxy server over HTTPS is not supported.
When connecting via an HTTP proxy, we recommend to use a separate account that is not used to sign in to other systems. An HTTP proxy uses an insecure connection, and the account may be compromised.
- If you do not use a proxy server to connect to the Internet, enter no as your answer.
By default, the application suggests no.
You can configure the proxy server settings later, without using the post-installation configuration script.
Page topStarting an application database update
At this step, you can run the application database update task on the client device.
If you do not want to start to download the application databases, enter no.
If you want to start the database update task on the device, enter yes.
By default, the application suggests yes.
If yes is selected, the application will be automatically restarted after the databases are updated.
Kaspersky Embedded Systems Security protects the device only after the application databases are updated.
You can start the Update task later without using the initial configuration script.
Page topEnabling automatic application database update
At this step, you can enable automatic update of the application databases.
Enter yes to enable automatic application database update. By default, the application checks for available database updates every 60 minutes. If updates are available, the application downloads the updated databases.
Enter no if you do not want the application to automatically update the databases.
You can enable automatic database update later without using the post-installation configuration by configuring the update task schedule.
Page topApplication activation
At this step, you can activate the application using an activation code or a key file.
To activate the application using an activation code, enter the activation code.
To activate the application using a key file, specify the full path to the key file.
If no activation code or key file is specified, the application is activated using a trial key for one month.
You can activate the application later without using the initial configuration script.
Page topPost-installation configuration of the application in automatic mode
To perform the initial configuration of the application in automatic mode:
- Prepare a configuration file that contains the initial configuration settings. You can create this file or copy the necessary structure from the autoinstall.ini configuration file used for remote installation of the application using Kaspersky Security Center.
- Pass the path to the configuration file to the initial configuration script of the Kaspersky Embedded Systems Security application.
You must run the initial configuration script as root.
To start the post-installation configuration of the application in automatic mode, run the following command:
# /opt/kaspersky/kess/bin/kess-setup.pl --autoinstall=<post-installation configuration file>
where <initial configuration file> is the path to the configuration file that contains the initial configuration settings.
When the post-installation configuration script is finished and releases the console, the post-installation configuration of the application is complete.
To check the return code, execute the following command:
echo $?
If the command returns code 0, the initial configuration of the application has finished successfully.
Kaspersky Embedded Systems Security can protect the device only after the application databases are updated.
To correctly update application modules after the script has finished, you may need to restart the application. Check the status of updates for the application using the kess-control --app-info command.
Settings in the configuration file for post-installation configuration
In the post-installation configuration file, you can specify the settings shown in the table below. The set of applicable settings depends on the application usage mode.
Settings in the configuration file for post-installation configuration
Setting |
Description |
Values |
|---|---|---|
EULA_AGREED |
Required setting. Acceptance of the terms of the End User License Agreement. |
|
PRIVACY_POLICY_AGREED |
Required setting. Acceptance of the terms of the Privacy Policy. |
|
USE_KSN |
Required setting. Enabling Kaspersky Security Network usage: To enable the use of KSN, the terms of the Kaspersky Security Network Statement must be accepted. |
If KSN is enabled, the cloud mode is automatically enabled, in which Kaspersky Embedded Systems Security uses the lightweight version of malware databases. |
GROUP_CLEAN |
Required setting. Removing users from the kessadmin and kessaudit privileged groups. |
|
LOCALE |
Optional setting. The locale used for the texts of the End User License Agreement, the Privacy Policy and the Kaspersky Security Network Statement, as well as application events sent to Kaspersky Security Center. |
The locale in the format specified by RFC 3066. If the The locale of the graphical interface and the application command line depends on the value of the |
INSTALL_LICENSE |
Activation code or full path to the key file. |
|
UPDATER_SOURCE |
Update source for databases and application modules. |
|
PROXY_SERVER |
Address of the proxy server used to connect to the Internet. |
Address of the proxy server in one of the following formats:
Connecting to a proxy server over HTTPS is not supported. |
UPDATE_EXECUTE |
Start the application database update task during the initial configuration. |
|
KERNEL_SRCS_INSTALL |
Automatically start the compilation of the kernel module when the File Threat Protection task is started on operating systems that do not support the fanotify technology. |
|
ADMIN_USER |
A user assigned the administrator role (admin). |
|
CONFIGURE_SELINUX |
Automatic configuration of SELinux for working with Kaspersky Embedded Systems Security. |
|
DISABLE_PROTECTION |
Disable protection components and scan tasks after the application is installed. An installation with protection components disabled can be convenient, for example, in order to reproduce a problem in the operation of the application and create a trace file. If you enable the necessary components and tasks after installing the application with the |
|
If you want to change the settings in the configuration file for initial setup of the application, specify the values of settings in the following format: <setting_name>=<setting_value> (the application does not process spaces between the name of a setting and its value).