Kaspersky Security

Center 15 for Linux

Proof of Concept guide

Kaspersky

22.09.2023
Changelog

This version is made for Kaspersky Security Center 15 for Linux and Kaspersky Endpoint Security for Linux 11.4.
Contents

Introduction ...................................................................................................................................................................3
Who should use this guide? ......................................................................................................................................3
About Kaspersky Security Center for Linux ...............................................................................................................3
Prepare the environment ..............................................................................................................................................4
Review the hardware and software requirements .....................................................................................................4
Download required files .............................................................................................................................................4
Setup and deploy ..........................................................................................................................................................5
Install MariaDB server ...............................................................................................................................................5
Install Kaspersky Security Center for Linux ...............................................................................................................8
Install and configure Kaspersky Security Center Web Console ..............................................................................10
Capability scenarios ....................................................................................................................................................17
Remote Protection Deployment for Linux ................................................................................................................17
File Threat Protection for Linux ...............................................................................................................................28
Web Threat Protection for Linux ..............................................................................................................................31
Network Threat Protection for Linux ........................................................................................................................33
Behavior Detection ..................................................................................................................................................35
Device Control .........................................................................................................................................................37
Useful information .......................................................................................................................................................39
Appendix A: POC success criteria ..............................................................................................................................40
Introduction
Who should use this guide?
This guide is built to help you quickly deploy and configure Kaspersky Security Center for Linux for evaluation1. It
guides you through the process of Kaspersky Security Center for Linux installation and configuration and
Kaspersky Endpoint Security for Linux deployment. It also demonstrates protection capabilities for Linux devices.
This document is intended for use by Kaspersky presales engineers and 3rd parties willing to evaluate Kaspersky
Security Center for Linux.

It’s assumed that the reader will have:

1. Experience in systems administration;

2. A basic knowledge of computer networking.

About Kaspersky Security Center for Linux

Kaspersky Security Center Linux is designed to deploy and manage protection of Linux devices by using Linux-
based Administration Server to meet the requirements of pure Linux environments.

Kaspersky Security Center Linux enables the administrator to install Kaspersky security applications on devices on
a corporate network, remotely run scan and update tasks, and manage the security policies of managed
applications. The administrator can use a detailed dashboard that provides a snapshot of corporate device
statuses, detailed reports, and granular settings in protection policies.

Using Kaspersky Security Center, you can do the following:

• Create a hierarchy of Administration Servers to manage the organization's network, as well as networks at
remote offices or client organizations.
• The client organization is an organization whose anti-virus protection is ensured by the service provider.
• Create a hierarchy of administration groups to manage a selection of client devices as a whole.
• Manage an anti-virus protection system built based on Kaspersky applications.
• Perform remote installation of applications by Kaspersky and other software vendors.
• Perform centralized deployment of license keys for Kaspersky applications to client devices, monitor their
use, and renew licenses.t
• Receive statistics and reports about the operation of applications and devices.
• Receive notifications about critical events during the operation of Kaspersky applications.
• Perform inventory of hardware connected to the organization's network.
• Centrally manage files moved to Quarantine or Backup by security applications, as well as manage files for
which processing by security applications has been postponed.

Feature comparison between the product for Windows and Linux OS is available in Online Help.

1 If you need to deploy Kaspersky Security Center for Linux in production environment, then please refer to Online Help.
Prepare the environment
Review the hardware and software requirements
Administration Server, Database Server, Web Console Server and Network Agent:
https://support.kaspersky.com/help/KSCLinux/15/en-US/96255.htm.

Kaspersky Endpoint Security for Linux: Hardware and software requirements.

Information about ports used by Kaspersky Security Center 15 for Linux is specified in Online Help.

Download required files

You can download the latest versions of Kaspersky product from the following page:
https://www.kaspersky.com/small-to-medium-business-security/downloads/endpoint.

You should download the following:

• Kaspersky Security Center for Linux Full package.

• Kaspersky Security Center for Linux Web console.
• Kaspersky Security Center Network Agent.
• Kaspersky Endpoint Security for Linux distributive and Product GUI.

How to download and install MariaDB Server is described during the deployment step.
Setup and deploy
Main installation scenario is described in Online Help. However, in purpose of this guide we will cover the following
main steps:

1. Install MariaDB server.

2. Install Kaspersky Security Center for Linux.
3. Install and configure Kaspersky Security Center Web Console.
4. Deploy Kaspersky protection for managed devices.

Install MariaDB server

In this guide MariaDB server is installed on Ubuntu 20.04.1 LTS.

1. Go to official MariaDB Server

downloads and repositories page
and specify the required parameters
of your system and MariaDB server.
In this guide it is Ubuntu – 20.04
LTS “focal” – 10.5.

2. Installation instructions specific for your Linux Distro will appear. For Ubuntu 20.04 and a repository in UK run
the following commands in terminal:

Import the MariaDB repository key:

sudo apt-get install apt-transport-https curl
sudo mkdir -p /etc/apt/keyrings
sudo curl -o /etc/apt/keyrings/mariadb-keyring.pgp
'https://mariadb.org/mariadb_release_signing_key.pgp'

Copy and paste the following into a file, with the command:
sudo nano /etc/apt/sources.list.d/mariadb.sources

# MariaDB 10.5 repository list - created 2023-09-18 09:30 UTC

# https://mariadb.org/download/
X-Repolib-Name: MariaDB
Types: deb
# deb.mariadb.org is a dynamic mirror if your preferred mirror goes offline. See
https://mariadb.org/mirrorbits/ for details.
# URIs: https://deb.mariadb.org/10.5/ubuntu
URIs: https://mariadb.gb.ssimn.org/repo/10.5/ubuntu
Suites: focal
Components: main main/debug
Signed-By: /etc/apt/keyrings/mariadb-keyring.pgp

Install MariaDB 10.5 from the MariaDB repository with the commands:
sudo apt update
sudo apt install mariadb-server mariadb-client
 3. After installation check the status of
the MariaDB Server (one-line
command):

sudo systemctl status

mariadb.service

Make sure that no errors returned.

4. Now it is necessary to configure a

few security settings. Run the
command:

sudo
mysql_secure_installation

and enter current password for root.

4.1.

4.2. You will be asked for several

questions. They are provided
below with the answers to
them:

Change the root password? Y.

4.3. Remove anonymous users? Y

4.4. Disallow ‘root’ login remotely?

Y

4.5. Remove test databases and

access to it? Y

4.6. Reload privilege tables now? Y

Now proceed to the next step.

5. The next step is to configure MariaDB server. Create a backup copy of the my.cnf file:
sudo cp /etc/mysql/my.cnf /etc/mysql/my.cnf.bk

Then open the original /etc/mysql/my.cnf file by executing this command:

sudo nano /etc/mysql/my.cnf

Configure the following parameters in [mysqld] section 2(modify existing or add new if they’re missing):
sort_buffer_size=10M
join_buffer_size=100M
join_buffer_space_limit=300M
join_cache_level=8

2 Check the latest recommendations in Online Help.

 tmp_table_size=512M
max_heap_table_size=512M
key_buffer_size=200M
innodb_buffer_pool_size=<value>
innodb_thread_concurrency=20
innodb_flush_log_at_trx_commit=0
innodb_lock_wait_timeout=300
max_allowed_packet=32M
max_connections=151
max_prepared_stmt_count=12800
table_open_cache=60000
table_open_cache_instances=4
table_definition_cache=60000

The value of the "innodb_buffer_pool_size” must be no less than 80 percent of the expected KAV
database size. In this guide 6500M is used. It is completely enough for quick testing purposes.

Note that depending on the MariaDB server version the my.cnf file may contain different
sections. You should add the lines to the [mysqld] section.

Save and close the modified file and restart mariadb.service by the following command:

sudo systemctl restart mariadb.service

Then check the status of mariadb.service

sudo systemctl status mariadb.service

Make sure that no errors returned.

6. By default, the optimizer add-ons

join_cache_incremental,
join_cache_hashed,
join_cache_bka are enabled. If
these add-ons are not enabled, you
must enable them.

Run the MySQL Command-Line

Client:
mysql --user root --
password

and run the following command:

SELECT @@optimizer_switch;

Make sure that in the command

result you see that these add-ons
are enabled.

Quit from the MySQL Command-

Line Client:
\q

After completing these steps, you successfully installed and configured MariaDB Server.
Install Kaspersky Security Center for Linux
1. Create a group 'kladmins' and an unprivileged account 'ksc'. The account must be a member of the 'kladmins'
group. To do this, sequentially run the following commands:
sudo adduser ksc
sudo groupadd kladmins
sudo gpasswd -a ksc kladmins
sudo usermod -g kladmins ksc

2. Install Kaspersky Security Center for Linux by executing the following command in the terminal:

sudo apt install /<path>/ksc64_[version_number]_amd64.deb

and then run the /opt/kaspersky/ksc64/lib/bin/setup/postinstall.pl script.

3. Accept the terms of the EULA and Privacy Policy

4. Choose the Administration Server installation

mode.

5. Enter the address of the Administration Server.

6. Enter the Administration Server SSL port

number.
7. Specify an infrastructure size. In this guide, 1 to
100 networked devices is selected.

8. Enter the security group name for services. By

default, the 'kladmins' group is used.

9. Enter the account name to start the

Administration Server service. The account must
be a member of the entered security group. By
default, the 'ksc' account is used.

10. Enter the account name to start other services.

The account must be a member of the entered
security group. By default, the 'ksc' account is
used.

11.

12. Enter the IP address of the device on which the

database is installed.

13. Enter the database port number. By default, port

3306 is used.

14. Enter the database name.

15. Enter the login of the database ‘root’ account

that you use to access the database.

16. Enter the database password.

Wait for the services to be added and started

automatically:
• klnagent_srv
• kladminserver_srv
• klactprx_srv
• klwebsrv_srv

17. Create an account that will act as an

Administration Server administrator. Enter the
user name and password. The user password
cannot have less than 8 or more than 16
characters.
 18. Check the status of the Administration Server
(one line command):

systemctl status
kladminserver_srv.service

Make sure that it is running.

After completing these steps, you successfully installed Kaspersky Security Center.

Install and configure Kaspersky Security Center Web Console

1. For installing Kaspersky Security Center 15 Web Console you must create a response file in JSON format that
contains parameters for connecting Kaspersky Security Center 15 Web Console to the Administration Server.
Execute the following command:

sudo nano /etc/ksc-web-console-setup.json

2. Specify the following parameters3:

• address of Kaspersky Security Center 13 Web Console Server,
• port that Kaspersky Security Center 13 Web Console Server uses to connect to the Administration Server,
• trusted Administration Server address, port, certificate path and Administration server name,
• specify ‘true’ for the acceptEula parameter.

Below is the example of the file content.

Save and close the file.

3. Run the following command to start Kaspersky Security Center 13 Web Console installation:

sudo dpkg -i KSCWebConsoleInstaller.[version_number].x86_64.deb

Wait for the installation to finish.

3 Full description of available parameters is available in Online Help.

4. Run a web browser and go to
https://server_address:8080/ .

Enter credentials.

5. You will see the Hardening Guide overview

page.

Mark the checkbox in the bottom of the page

and click Accept button.

6. On the next page you will see a quick start

wizard greetings window.

Click Start button to proceed with the basic

configuration steps.

7. Select your Internet connection parameters. In

this guide Direct connection is used.
8. On Step 2 the required updates are being
downloaded.

9. Select the assets you need to protect on Step 3.

10. Select the encryption algorithm on Step 4.

11. Mark the management plugins you want to

install on Step 5.

12. Wait until the plugin installation is finished.

13. Select Installation packages to download.

14. Accept KSN statement

15. You can add license later.

16. Agree to use KSN for KES for Linux and the rest
of the applications selected earlier.
17. Create basic policies and tasks.

18. Configure notifications if necessary.

19. Close the Quick Start Wizard.

20. Open the Discovery & deployment -
Discovery – IP ranges section.

It is necessary to allow IP ranges polling. To do

that in the right pane select a required IP range
and click Properties.

21. In the appeared windows allow polling and save

the settings.

22. Now add the license Kaspersky Security Center.

In the main Kaspersky Security Center 15 Web

Console window click the wrench icon to open
the Administration Server properties.

23. Select License keys – and if there is no license

in the right pane under the Current license,
then click Select.

24. Click + Add new license key.

25. Add an activation code or a key file and click
Send button.

26. Mark the Radio button and close the window.

27. Make sure that the license is shown in the

properties of the Administration Server. Click
Save and close the Administration Server
properties.

After completing these steps, you successfully install Kaspersky Security Center 15 Web Console and performed initial
configuration of the Administration Server.
Capability scenarios
Remote Protection Deployment for Linux
To deploy Kaspersky Endpoint Security for Linux using Kaspersky Security Center you should perform the
following basic steps:

1. Make sure that Kaspersky Endpoint Security for Linux management plug-in is installed in Kaspersky
Security Center 15 Web Console.
2. Create installation packages for both Network Agent and Kaspersky Endpoint Security for Linux.
3. Create and run remote installation tasks for Network Agent and Kaspersky Endpoint Security for Linux.

1. In order to make sure the Kaspersky Endpoint

Security for Linux management plug-in is
installed click Settings – Web plug-ins.

2. Review the list of plugins.

3. Now create installation packages for Network
Agent and Kaspersky Endpoint Security for
Linux.

Go to Discovery & deployment – Deployment

& assignments – Installation packages.

In the right pane click + Add.

4. Select Create an installation package from a

file.

5. Place the files for remote installation and the

Network Agent distribution package within one
archive. For instance, you can unzip the archive
with the files for remote installation to a folder,
copy the Network Agent distribution package to
this folder and add the contents of the folder to
an archive.

Specify a package name and select the newly

created archive containing the files for remote
installation and the Network Agent distribution
package.

6. Wait until download is finished.

7. Accept the terms of the EULA.

8. Close the New Package Wizard.

9. Create an installation package for Kaspersky

Endpoint Security for Linux.

Click + Add.

10. Select Create an installation package from a

file.
11. Select the required application from the list of
available packages.

In this demo it will be KES for Linux 11.4.

12. Click Download and create installation

package button.

Wait until the download is finished.

13. Accept the Privacy Policy and the terms of

EULA.

14. Close the New Package Wizard.

15. Prior to Kaspersky applications deployment prepare a Linux device to remote deployment. Do the following:
 • Make sure that sudo is installed on the target Linux device.
• Test the device configuration:
▪ Check whether you can connect to the device through an SSH client (such as PuTTY).
If you cannot connect to the device, open the /etc/ssh/sshd_config file and make sure that
the following settings have the respective values listed below:
PasswordAuthentication no
ChallengeResponseAuthentication yes
Save the file and restart the SSH service by using the sudo service ssh restart
command.
▪ Disable the sudo password for the user account under which the device is to be connected.
Use the visudo command in sudo to open the sudoers configuration file. In the file you have
opened, specify the following: username ALL = (ALL) NOPASSWD: ALL. This file is
processed in the “top-to-bottom” order, therefore add this new line to the end of the file. In this
case, username is the user account, which is to be used for the device connection using SSH.
▪ Save the sudoers file and then close it.
▪ Connect to the device again through SSH and make sure that the Sudo service does not prompt
you to enter a password; you can do this using the sudo whoami command.

16. Select the Network Agent installation package

and click + Deploy.

17. Select the Using the remote installation task

deployment method.
18. Select a device for installation.

Click Add button and specify an IP address of a

device for installation.

19. Specify a task name and clear the selection of

the Using Network Agent item.

20. Leave the settings by default on this page.

21. Select Move unassigned devices to group and

choose Managed devices.
22. Specify an account having administrator’s rights
on a device where you’re installing Network
Agent.

23. Select Run the task after the Wizard finishes

and close the Wizard.

24. Go to Devices – Tasks.

Click the newly created installation task.

25. Make sure that this task completed successfully.

26. Select the Kaspersky Endpoint Security for Linux
installation package and click + Deploy.

27. Select the Using the remote installation task

deployment method.

28. Select the Network Agent package to be

installed with Kaspersky Endpoint Security for
Linux. It is impossible to skip Network Agent
selection on this step.

29. Select a device for installation.

30. Specify a task name.

31. Leave the settings by default on this page.

32. Select Do not move devices, because the

device is already in the Managed devices
group.

33. Select No account required (Network Agent

installed).

34. Select Run the task after the Wizard finishes

and close the Wizard.
35. Go to Devices – Tasks.

Select the newly created installation task and

click Result.

Make sure that this task completed successfully.

36. Now we need to activate the application.

Add new task.

37. Specify the task parameters.

Application: KES 11.4 for Linux

Task type: Add key
Task name (optional): Activate KESL

38. Define the task scope.

Select the management group where the task

will be applied.
39. If a key is not stored in KSC storage, add a
license key on this step.

40. Enter an activation code and click Send button.

Click Save button.

41. Now select the key and proceed to the next step.

42. Review the key properties and proceed.

43. Finish the task creation and run the task.

After completing these steps, you successfully deployed Kaspersky protection in your network.
File Threat Protection for Linux
In this scenario we will demonstrate File Threat Protection of Kaspersky Endpoint Security 11 for Linux.

Evaluation steps:

1. Disable Web Threat Protection.

2. Download the EICAR test file from the Internet.
3. Check the event log.

Expected results:

The EICAR test virus file will be deleted by a File Threat Protection On-Access Scan as soon as it’s downloaded.

Instructions:

1. Open the Kaspersky Security Center Web

Console and switch to the Devices – Policies &
profiles section.

Click on the KES for Linux policy properties,

switch to the Application settings tab –
Essential Threat Protection section and in the
right pane click on Web Threat Protection

2. Disable Web Threat Protection and close this

window.
3. Click on File Threat Protection.

4. Make sure that File Threat Protection is

enabled and close the policy properties.

5. Switch to the protected Linux device and open

Firefox.

Go to https://www.eicar.org/?page_id=3950 and
try to download the eicar.com file.
Check that the file has been downloaded and
that it’s been deleted after downloading.

6. You can also view the event either in the local

KES GUI or in the Kaspersky Security Center
Administration Console.

To do that in the Kaspersky Security Center Web

Console go to Monitoring & reporting – Event
selection – click on Critical events.
7. Check that you see the appropriate event.

After completing these steps, you have successfully demonstrated File Threat Protection of Kaspersky Endpoint
Security 11 for Linux.
Web Threat Protection for Linux
In this scenario we will demonstrate that using Kaspersky Endpoint Security 11 for Linux you will protect your
computer from the web threats.

Evaluation steps:

1. Enable the Web Threat Protection component in the administration policy.

2. Try to access a malicious web-page (test page in this case).
3. Review the events.

Expected results:

Access to the malicious web-page will be blocked by the Web Threat Protection component.

Instructions:

1. Open the Kaspersky Security Center Web

Console and switch to the Devices – Policies &
profiles section.

Click on the KES for Linux policy properties,

switch to the Application settings tab –
Essential Threat Protection section and in the
right pane click on Web Threat Protection.

2. Check that Web Threat Protection is enabled. If

not, enable it and close the policy properties.
3. On the protected machine open a web browser
and try to access one of the following pages:

https://www.kaspersky.com/test/wmuf
https://www.kaspersky.com/test/aphish_h

Check that they are blocked by Web Threat

Protection.

4. You can also view the event either in the local

KES GUI or in the Kaspersky Security Center
Administration Console.

To do that in the Kaspersky Security Center Web

Console go to MONITORING & REPORTING –
EVENT SELECTION – click on Critical events.

5. Check that you see the appropriate event.

After completing these steps, you have successfully demonstrated that Kaspersky Endpoint Security 11 for Linux
can protect your computer from the web threats.
Network Threat Protection for Linux
In this scenario we will demonstrate that Kaspersky Endpoint Security 11 for Linux can detect and block network
attacks.

Evaluation steps:

1. Ensure that Network Threat Protection component is enabled.

2. Download and install Nmap to the “attacker” computer.
3. Download and install the Netcat utility on the protected system.
4. Try to transfer a test file from the “attacker” host to the protected system.
5. Check the event log.

Expected results:

The Network Threat Protection component will detect the network attack and block the attacking computer.

Instructions:

1. Open the Kaspersky Security Center Web

Console and switch to the Devices – Policies &
profiles section.

Click on the KES for Linux policy properties,

switch to the Application settings tab –
Essential Threat Protection section and in the
right pane click on Network Threat Protection.

2. Make sure Network Threat Protection is

enabled.

If not, enable it and set the following value for

the Block the attacking host for (min) option: 1
min.

Save and close the policy properties.

3. To install the Netcat utility it is necessary to do the following:

• For Windows: download and install the Nmap utility. Ncat is included in the distribution package of Nmap
• For Linux: download and install Ncat from the following link https://nmap.org/download.html or you can
install the Netcat utility via a terminal, e.g. for Ubuntu execute the following command:

sudo apt install netcat

4. On the protected computer open terminal and run the following command with elevated rights:
 nc -l 80 > umids_Test.Eicar.Ban.pcap

where umids_Test.Eicar.Ban.pcap – is arbitrary file name.

Netcat will start listening port 80 in order to receive a file.

5. On the attacker host in the Command Prompt open a folder with Ncat (it is in the nmap installation folder) and
run the following command:
Ncat 10.0.0.3 80 < umids_Test.Eicar.Ban.pcap
where umids_Test.Eicar.Ban.pcap is the test file to be transferred to the protected host. If the file is not
in the same folder as Ncat, then you should specify the full path to the file.

For Kaspersky employees: request the umids_Test.Eicar.Ban.pcap file from [email protected].

6. Check that the connection was forcibly closed by

the protected host.

You can view the event in the Kaspersky

Security Center Administration Console.

To do that in the Kaspersky Security Center Web

Console go to Monitoring & reporting – Event
selection – click on Critical events

7. Check that there are events related to the recent

network attack detection.

After completing these steps, you have successfully demonstrated that Kaspersky Endpoint Security 11 for Linux
can detect and block network attacks.

NB: if you performed this attack from the Kaspersky Security Center host, it may be blocked on the protected
host, so there it may be delay in the event appearing on Kaspersky Security Center.
Behavior Detection
In this scenario we will demonstrate that Kaspersky Endpoint Security 11 for Linux can detect and block malicious
activity by using behavior detection.

Evaluation steps:

1. Try to run a test file on a target Linux device.

2. Check the results.

For Kaspersky employees: request a test file for this scenario from [email protected] .

Expected results:

The Behavior Detection task will detect and delete the test file.

Instructions:

1. Open the Kaspersky Security Center Web

Console and switch to the Devices – Policies &
profiles section.

Click on the KES for Linux policy properties,

switch to the Application settings tab –
Advanced Threat Protection section and in the
right pane click on Behavior Detection.

2. Check that Behavior Detection is enabled.

Otherwise enable it and close the policy
properties.
3. Switch to a protected Linux device.
Run a test file and check that it’s disappeared.

Check events in KSC. Check that you see the

appropriate event in the Behavior Detection
section.

4. You can also view the event in the Kaspersky

Security Center Administration Console.

To do that in the Kaspersky Security Center Web

Console go to Monitoring & reporting – Event
selection – click on Critical events.

5. Check that you see the appropriate event.

After completing these steps, you have successfully demonstrated that Kaspersky Endpoint Security 11 for Linux
can detect and block malicious activity by using behavior detection.
Device Control
In this scenario we will demonstrate how to restrict certain types of devices on managed computers using
Kaspersky Endpoint Security 11 for Linux.

Evaluation steps:

1. Configure a policy to restrict using CD/DVD drives.

2. Insert a disk into a CD/DVD drive on the protected system.
3. Review the event log.

Expected results:

Use of CD/DVD drive will be blocked by Kaspersky Endpoint Security 11 for Linux.

For most cases it is common to show the restriction for USB devices, however in a cloud environment it is
easier to demonstrate the Device Control functionality for CD/DVD drives. The process of demonstration is
the same for USB devices and other types of devices.

Instructions:

1. Open the Kaspersky Security Center Web

Console and switch to the Devices – Policies &
profiles section.

Click on the KES for Linux policy properties,

switch to the application settings tab –
Advanced Threat Protection section and in the
right pane click on Device Control.

2. Check that Device Control is enabled and click

Configure settings for devices types.
3. In the Access to storage devices section find
CD/DVD drives and set Block in the Access
column.

Save and close the policy.

4. Switch to a managed computer.

Try to insert a CD/DVD disk or an iso image into

a CD/DVD drive of the protected system. The
use of the drive will be blocked and a user will
get a blocking event popup.

You can view the event in the local KES GUI in

the Device Control section.

After completing these steps, you have successfully demonstrated that Kaspersky Endpoint Security 11 for Linux
can block access to forbidden types of devices.
Useful information
1. Online Help is the main source of information.
2. Kaspersky Security Center page on the Kaspersky website. On the Kaspersky Security Center page on the
Kaspersky website, you can view general information about the application, its functions, and features.
3. The Knowledge Base is a section on the Kaspersky Technical Support website. On the Kaspersky Security
Center 13 Linux page in the Knowledge Base, you can read articles that provide useful information,
recommendations, and answers to frequently asked questions on how to buy, install, and use the
application. Articles in the Knowledge Base may provide answers to questions that relate both to
Kaspersky Security Center as well as to other Kaspersky applications. Articles in the Knowledge Base may
also contain Technical Support news.
4. If your question does not require an immediate answer, you can discuss it with Kaspersky experts and
other users in our community. In the community, you can view discussion topics, post your comments, and
create new discussion topics.
5. If you cannot find a solution to your problem, contact Technical Support.
Appendix A: POC success criteria
# Task Success criteria Notes

1. Prepare environment

1.1. Review the requirements POC environments meets all the imposed
requirements

1.2. Download required files All required installation files are downloaded.

2. Setup and deploy

2.1. Install MariaDB server MariaDB server is installed and configured.

Service status check does not return errors.

2.2. Install Kaspersky Security Kaspersky Security Center Administration

Center Server and Administration Consoles are
installed. Kaspersky Security Center is
activated with a valid license

2.3. Install Kaspersky Security You can successfully log into Kaspersky
Center Web Console Security Center Web Console. Basic
configuration is performed without errors in
accordance with the guide instructions.

3. Capability scenarios

3.1. Deploy Kaspersky protection Network Agents for Linux and Kaspersky
for Linux remotely Endpoint Security for Linux are installed on
the target devices

3.2. File Threat Protection EICAR test virus file is detected

3.3. Web Threat Protection Access to the malicious web-page is blocked

by the Web Threat Protection component

3.4. Network Threat Protection Network attack is detected

3.5. Behavior Detection Behavior Detection detected and deleted the

test file

3.6. Device Control Use of the forbidden device type is denied