Kaspersky ENDPOINT SECURITY 8 FOR LINUX User Manual
Kaspersky Endpoint Security 8
INSTALLATION GUIDE
A P P L I C A T I O N V E R S I O N : 8 . 0
for Linux
2
Dear User!
Thank you for choosing our product. We hope that this documentation will help you in your work and will provide answers
regarding this software product.
Attention! This document is the property of Kaspersky Lab ZAO (herein also referred to as Kaspersky Lab): all rights to
this document are reserved by the copyright laws of the Russian Federation, and by international treaties. Illegal
reproduction and distribution of this document or parts hereof result in civil, administrative or criminal liability by
applicable law.
All materials may only be duplicated, regardless of form, or distributed, including in translation, with the written
permission of Kaspersky Lab.
This document and graphic images related to it may be used exclusively for informational, non-commercial, and personal
purposes.
The document can be modified without prior notification. For the latest version of this document, refer to the Kaspersky
Lab website at http://www.kaspersky.com/docs.
Kaspersky Lab assumes no liability for the content, quality, relevance, or accuracy of any materials used in this
document for which the rights are held by third parties, or for any potential damages associated with the use of such
documents.
This document involves the registered trademarks and service marks which are the property of their respective owners.
Revision date: 5/11/11
© 1997-2011 Kaspersky Lab ZAO. All Rights Reserved
http://www.kaspersky.com
http://support.kaspersky.com
3
CONTENTS
INTRODUCTION ............................................................................................................................................................ 5
Application purpose .................................................................................................................................................. 5
Hardware and software system requirements .......................................................................................................... 5
Obtaining the information about Kaspersky Endpoint Security ................................................................................. 6
Sources of information for further research ......................................................................................................... 7
Contacting the Technical Support Service .......................................................................................................... 8
Discussion of Kaspersky Lab's applications in web forum .................................................................................. 9
What's new in version 8 ............................................................................................................................................ 9
DISTRIBUTION CONTENTS ....................................................................................................................................... 11
INSTALLING KASPERSKY ENDPOINT SECURITY ................................................................................................... 12
Step 1. Installing the Kaspersky Endpoint Security package .................................................................................. 12
Step 2. Installing Network Agent ............................................................................................................................. 13
INSTALLING KASPERSKY ENDPOINT SECURITY REMOTELY .............................................................................. 14
Creating a deployment task .................................................................................................................................... 14
Step 1. Defining the task name ......................................................................................................................... 15
Step 2. Selecting the task type .......................................................................................................................... 15
Step 3. Selecting the installation package ........................................................................................................ 15
Step 4. Selecting the remote installation method. ............................................................................................. 15
Step 5. Defining the task settings ...................................................................................................................... 15
Step 6. Selecting the installation package for joint deployment ........................................................................ 16
Step 7. Configuring the restart settings ............................................................................................................. 16
Step 8. Defining the method for selecting computers ........................................................................................ 16
Step 9. Selecting the client computers .............................................................................................................. 16
Step 10. Specifying the user account for running tasks .................................................................................... 16
Step 11. Scheduling the task launch ................................................................................................................. 17
Step 12. Completing task creation .................................................................................................................... 17
Starting a remote installation task ........................................................................................................................... 17
Viewing and configuring the remote installation package settings .......................................................................... 18
Creating an installation package ............................................................................................................................. 18
Step 1. Defining the installation package name ................................................................................................ 19
Step 2. Selecting the application distribution package ...................................................................................... 19
Step 3. Loading the installation package .......................................................................................................... 19
Step 4. Configuring the real-time protection task .............................................................................................. 19
Step 5. Configuring update task settings .......................................................................................................... 20
Step 6. Completing creation of an installation package .................................................................................... 20
Viewing and configuring the properties of an installation package ......................................................................... 20
KASPERSKY ENDPOINT SECURITY INITIAL CONFIGURATION ............................................................................. 22
Step 1. Reviewing the license agreement .............................................................................................................. 23
Step 2. Selecting the locale .................................................................................................................................... 23
Step 3. Installing the key file ................................................................................................................................... 24
Step 4. Configuring proxy server settings ................................................................................................ ............... 24
Step 5. Downloading Kaspersky Endpoint Security database updates .................................................................. 24
Step 6. Enabling automatic database updates ....................................................................................................... 25
Step 7. Compiling the kernel module ...................................................................................................................... 25
I N S T A L L A T I O N G U I D E
4
Step 8. Integrating with Samba server .................................................................................................................... 25
Step 9. Starting graphical interface automatically ................................................................................................... 26
Step 10. Starting the real-time protection task ........................................................................................................ 26
Step 11. Configuring Network Agent settings ......................................................................................................... 27
Starting automatic initial configuration .................................................................................................................... 27
Configuring permissions for SELinux and AppArmor systems................................................................................ 29
REMOVING KASPERSKY ENDPOINT SECURITY .................................................................................................... 30
UNINSTALLING KASPERSKY ENDPOINT SECURITY REMOTELY ......................................................................... 31
STEPS TO PERFORM AFTER YOU UNINSTALL KASPERSKY ENDPOINT SECURITY ......................................... 32
VERIFYING REAL-TIME PROTECTION AND ON-DEMAND SCAN TASKS OPERATION ........................................ 33
Verifying real-time protection task operation ........................................................................................................... 33
Verifying on-demand scan task operation............................................................................................................... 33
Test virus EICAR and its modifications ................................................................................................................... 34
KASPERSKY ENDPOINT SECURITY FILE LOCATIONS ........................................................................................... 36
KASPERSKY LAB ZAO ............................................................................................................................................... 37
5
INTRODUCTION
IN THIS SECTION
Application purpose ........................................................................................................................................................... 5
Hardware and software system requirements ................................................................................................................... 5
Obtaining the information about Kaspersky Endpoint Security.......................................................................................... 6
What's new in version 8 .................................................................................................................................................... 9
This Guide contains a description of the installation procedure for Kaspersky Endpoint Security 8 for Linux (hereinafter
referred to as the Kaspersky Endpoint Security or application).
All command examples listed in this document are valid for Linux operating systems.
APPLICATION PURPOSE
Kaspersky Endpoint Security 8 for Linux is intended to provide anti-virus protection for workstations that run under Linux
operating systems.
Kaspersky Endpoint Security allows to:
provide real-time file system protection against malicious code, i.e. intercept file access requests, analyze them,
and disinfect or delete infected objects;
scan workstation objects on demand, i.e. search for infected and suspicious files in specified scan areas,
analyze them, and disinfect or delete infected objects;
quarantine infected and suspicious objects;
create copies of infected objects in backup storage before disinfection or deletion, so as to be able to recover
objects that contain valuable information;
update application databases using Kaspersky Lab update servers or Administration Server; also, Kaspersky
Endpoint Security can be configured to update the databases from a local directory;
manage the application and configure it using the management utility, Kaspersky Administration Kit.
HARDWARE AND SOFTWARE SYSTEM REQUIREMENTS
In order to ensure Kaspersky Endpoint Security runs correctly, the system must meet the following hardware and
software requirements:
Minimum hardware requirements:
processor Intel Pentium® II 400 MHz or higher;
512 MB RAM;
at least 1 GB available for swap;
I N S T A L L A T I O N G U I D E
6
2 GB available on the hard drive to install Kaspersky Endpoint Security and store temporary and log files.
Software requirements:
One of the following 32-bit operating systems:
Red Hat Enterprise Linux 5.5 Desktop;
Fedora 13;
CentOS-5.5;
SUSE Linux Enterprise Desktop 10 SP3;
SUSE Linux Enterprise Desktop 11 SP1;
openSUSE Linux 11.3;
Mandriva Linux 2010 Spring;
Ubuntu 10.04 LTS Desktop Edition;
Debian GNU/Linux 5.0.5.
One of the following 64-bit operating systems:
Red Hat Enterprise Linux 5.5 Desktop;
Fedora 13;
CentOS-5.5;
SUSE Linux Enterprise Desktop 10 SP3;
SUSE Linux Enterprise Desktop 11 SP1;
openSUSE Linux 11.3;
Ubuntu 10.04 LTS Desktop Edition;
Debian GNU/Linux 5.0.5.
Perl interpreter: version 5.0 or higher, see http://www.perl.org
Installed packages to compile programs (gcc, binutils, glibc (64-bit operating systems require the 32-bit
version of glibc), glibc-devel, make, ld), as well as the installed source code of the operating system
kernel to compile Kaspersky Endpoint Security modules.
OBTAINING THE INFORMATION ABOUT KASPERSKY
ENDPOINT SECURITY
Kaspersky Lab provides various sources of information about Kaspersky Endpoint Security. Select a source most
convenient for you depending on the importance and urgency of your question.
If you already purchased Kaspersky Endpoint Security, contact the Technical Support service. If your question does not
require an immediate answer, you can discuss it with the Kaspersky Lab experts and other users in our forum at
http://forum.kaspersky.com.
I N T R O D U C T I O N
7
SOURCES OF INFORMATION FOR FURTHER RESEARCH
The following sources of information about Kaspersky Endpoint Security are available:
Kaspersky Endpoint Security page at the Kaspersky Lab website;
documentation;
manual pages.
Page at the Kaspersky Lab website
http://www.kaspersky.com/endpoint-security-linux
This page contains general information about the application, its functionality and peculiarities. You can purchase
Kaspersky Endpoint Security or extend the period of its use in our online store.
Documentation
Installation Guide describes the purpose of Kaspersky Endpoint Security, requirements to the hardware and
software for the installation and operation of Kaspersky Endpoint Security, instructions for its installation, verification
of its operability and initial setup.
Administrator Guide includes information on how to manage Kaspersky Endpoint Security using command line
utility and Kaspersky Administration Kit.
These documents are supplied in PDF format in Kaspersky Endpoint Security distribution package. Alternatively,
you can download the documentation files from the Kaspersky Endpoint Security page at Kaspersky Lab website.
Manual pages
The following manual page files contain information about specific aspects of Kaspersky Endpoint Security:
manage Kaspersky Endpoint Security from the command line:
/opt/kaspersky/kes4lwks/share/man/man1/kes4lwks-control.1.gz;
Configuring general Kaspersky Endpoint Security settings:
/opt/kaspersky/kes4lwks/share/man/man5/kes4lwks.conf.5.gz;
configuring the real-time protection task:
/opt/kaspersky/kes4lwks/share/man/man5/kes4lwks-oas.conf.5.gz;
configuring on-demand scan tasks:
/opt/kaspersky/kes4lwks/share/man/man5/kes4lwks-ods.conf.5.gz;
configuring update tasks:
/opt/kaspersky/kes4lwks/share/man/man5/kes4lwks-update.conf.5.gz;
configuring the storage of quarantined objects and the storage of objects backed up before disinfection or
removal:
/opt/kaspersky/kes4lwks/share/man/man5/kes4lwks-quarantine.conf.5.gz;
configuring the event repository:
I N S T A L L A T I O N G U I D E
8
/opt/kaspersky/kes4lwks/share/man/man5/kes4lwks-events.conf.5.gz;
description of utility which changes settings for connection with the Kaspersky Administration Kit Administration
Server:
/opt/kaspersky/klnagent/share/man/man1/klmover.1.gz;
description of utility which checks settings for connection with the Kaspersky Administration Kit Administration
Server:
/opt/kaspersky/klnagent/share/man/man1/klnagchk.1.gz;
CONTACTING THE TECHNICAL SUPPORT SERVICE
If you have already purchased Kaspersky Endpoint Security, you can obtain information about it from the Technical
Support service by phone or via Internet.
Before contacting the Technical Support service, please read the Support rules for Kaspersky Lab’s products
(http://support.kaspersky.com/support/rules).
Email request to the Technical Support Service
You can ask your question to the Technical Support Service specialists by filling out the web form of Request to
Kaspersky Lab Technical Support at http://support.kaspersky.com/helpdesk.html.
You can send your inquiry in Russian, English, German, French or Spanish.
In order to send an email message with your question, you must indicate the client number obtained from the
Technical Support website during registration along with your password.
If you are not yet a registered user of Kaspersky Lab applications, you can fill out a registration form
(https://support.kaspersky.com/ru/personalcabinet/Registration/Form/?LANG=en). During registration, specify the
key file name.
The Technical Support service will reply to your request in your Personal Cabinet
(https://support.kaspersky.com/en/PersonalCabinet) and to the email address you have specified in your request.
Describe the problem you have encountered in the request web form providing as much detail as possible. Specify
the following information in the mandatory fields:
Request type. Select the topic, which is the closest to the problem you have encountered, e.g.: "Product
installation / removal problem", or "Virus scan / removal problem".
Kaspersky Endpoint Security version name and number.
Request text. Describe in detail the problem encountered.
Customer ID and password. Enter the customer ID and password received during registration at the Technical
Support Service website.
Email address. The experts of the Technical Support Service will send their reply to your inquiry to that
address.
Technical support by phone
If an urgent problem has occurred, you can always call the Technical Support Service in your city. When you apply to
Russian-speaking (http://support.kaspersky.ru/support/support_local) or international
(http://support.kaspersky.com/support/international) Technical Support specialists, please remember to provide the
I N T R O D U C T I O N
9
Kaspersky Endpoint Security information (http://support.kaspersky.com/support/details), so that our specialists could help
you as soon as possible.
DISCUSSION OF KASPERSKY LAB'S APPLICATIONS IN WEB FORUM
If your question does not require an immediate answer, you can discuss it with the Kaspersky Lab experts and other
users in our forum at http://forum.kaspersky.com.
In this forum you can view existing topics, leave your comments, create new topics and use the search engine.
WHAT'S NEW IN VERSION 8
Let's take a closer look at the new features in Kaspersky Endpoint Security 8 for Linux.
New protection features:
Kaspersky Endpoint Security 8 for Linux combines the capabilities of previous application versions, i.e.
Kaspersky Anti-Virus 5.7 for Linux Workstations and Kaspersky Anti-Virus 5.5 for Samba Servers, by using two
types of file operation interception: a kernel level (kernel module) interceptor and a Samba interceptor;
Quarantine / backup storage administrative capabilities have been expanded, which allow:
add objects to quarantine manually;
search for quarantined objects (by object attributes);
delete found objects;
restore found objects;
rescan objects;
save part of the quarantine / backup storage in an archive (to reduce the amount of used disk space);
import objects from the archive into the quarantine / backup storage.
New features to manage the operation of Kaspersky Endpoint Security:
Centralized management of the Kaspersky Endpoint Security life cycle and performance of on-demand scan,
real-time protection, and Kaspersky Endpoint Security database update tasks.
Centralized storage of Kaspersky Endpoint Security operation settings.
Kaspersky Endpoint Security operation settings are no longer stored in text configuration files. Text files are
used only for importing and exporting settings from the central repository of settings.
Multiple scan areas may be specified in a single task, which enables the user to:
specify scan settings for each area individually;
specify scan areas by:
full path within file system;
device name;
network access type (Shared, Mounted);
I N S T A L L A T I O N G U I D E
10
network access protocol (SMB / CIFS, NFS);
network resource name (Samba share name, NFS shared folder);
the scan area description supports ECMA-262 regular expressions;
a list of users / groups, whose file operations the real-time protection task will scan, may be defined for the scan
area.
Multiple exclusion rules may be specified for a single scan area.
Remote management via Kaspersky Administration Kit is available.
You can manage the computer using the local management interface where you can perform the following
actions:
view computer protection status with installed Kaspersky Endpoint Security;
start and manage computer scan and database update tasks;
view statistics for on-demand scan and real-time protection tasks;
view events in the events log.
Actions to perform on objects may be specified based on the type of detected threat.
A schedule for starting / stopping tasks may be configured in detail.
New in Kaspersky Endpoint Security monitoring, reporting, and operation statistics:
The following Kaspersky Endpoint Security monitoring features have been expanded:
tools for obtaining the following categories of information:
general information about the application;
information about the Kaspersky Endpoint Security databases version;
information about the license state;
information about the status of Kaspersky Endpoint Security components;
information about tasks results;
information about the state of the quarantine / backup storage;
tools for retrospective analysis of Kaspersky Endpoint Security operation that enable you to:
collect, process, and store the statistics on Kaspersky Endpoint Security operation;
display the Kaspersky Endpoint Security operation statistics collected over a user-specified period of
time;
search the events based on criteria specified by the user;
audit the following aspects of application operation: creating / starting / stopping Kaspersky Endpoint
Security tasks, modifying Kaspersky Endpoint Security settings, user actions on objects in the
quarantine and backup storage, etc.;
tools for creating reports on Kaspersky Endpoint Security operation, based on collected statistics, and tools
monitoring Kaspersky Endpoint Security operation and virus activity. Information is located in a centralized
for exporting reports (HTML, CSV formats are supported);
repository of Kaspersky Endpoint Security events. Kaspersky Endpoint Security provides its own tools for
searching, displaying, and analyzing data on its operation, as well as the capability of using external
resources.
11
DISTRIBUTION CONTENTS
PACKAGE
PURPOSE
kes4lwks-<version_number>.i386.rpm
kes4lwks_<version_number>_i386.deb
Contains the main Kaspersky Endpoint Security files. This package can be
installed both on 32-bit and 64-bit operating systems.
klnagent-<version_number>.i386.rpm
klnagent_<version_number>_i386.deb
Contains the Network Agent (a utility that connects Kaspersky Endpoint
Security with Kaspersky Administration Kit).
kes4lwks-rpm.tar.gz
kes4lwks-deb.tar.gz
Contains the files kes4lwks.kpd and akinstall.sh used in the remote
installation procedure for Kaspersky Endpoint Security using Kaspersky
Administration Kit.
klnagent-rpm.tar.gz
klnagent-deb.tar.gz
Contains the files klnagent.kpd and akinstall.sh used in the remote
installation procedure for Administration Console using Kaspersky
Administration Kit.
The contents of the Kaspersky Endpoint Security distribution are shown in the table below.
Table 1. Kaspersky Endpoint Security packages
12
INSTALLING KASPERSKY ENDPOINT
IN THIS SECTION
Step 1. Installing the Kaspersky Endpoint Security package........................................................................................... 12
Step 2. Installing Network Agent ..................................................................................................................................... 13
SECURITY
Kaspersky Endpoint Security is distributed in packages in .deb and .rpm formats.
The installation process includes several steps:
1. Installing the Kaspersky Endpoint Security package.
2. Installation of the Network Agent package (installation of this package is necessary to manage Kaspersky
STEP 1. INSTALLING THE KASPERSKY ENDPOINT
Endpoint Security using Kaspersky Administration Kit).
SECURITY PACKAGE
Before you install Kaspersky Endpoint Security 8 for Linux, remove Kaspersky Anti-Virus 5.5 for Samba Servers or
Kaspersky Anti-Virus 5.7 for Linux Workstations, installed on the computer.
You must have root privileges to initiate installation of the Kaspersky Endpoint Security package.
Before installing Kaspersky Endpoint Security, you need to install the glibc package (64-bit operating systems require the
32-bit version of glibc).
To install Kaspersky Endpoint Security from .rpm-package, execute the following command:
# rpm -i kes4lwks-<version_number>.i386.rpm
To install Kaspersky Endpoint Security from .deb-package, execute the following command:
# dpkg -i kes4lwks_<version_number>_i386.deb
To install Kaspersky Endpoint Security from .deb-package on a 64-bit operating system, execute the following
command:
# dpkg -i --force-architecture kes4lwks_<version_number>_i386.deb
After entering the command, the installation will be performed automatically.
After the Kaspersky Endpoint Security installations from the .rpm-package is completed, run the post-installation script
(see section "Kaspersky Endpoint Security initial configuration" on page 22).
Loading...