Starting in CSE Mode (Astra Linux SE 1.6 and 1.7)

The Astra Linux SE OS supports a special closed software environment (CSE) mode. In this mode, applications can be started only if their executable files are signed with a digital signature of a developer whose public key is added to the OS list of trusted keys.

Dr.Web Server Security Suite components supplied for Astra Linux SE are signed with the digital signature of the Doctor Web company, and the public key for this signature is automatically added to the list of trusted keys during the application installation; therefore, Dr.Web Server Security Suite should start correctly when activating the CSE mode on Astra Linux SE 1.5 and earlier.

Starting with Astra Linux SE 1.6, the signing mechanism has been changed. You must configure Astra Linux SE 1.6 and 1.7 prior to starting Dr.Web Server Security Suite in CSE mode.

To configure Astra Linux SE 1.6 and 1.7 to start Dr.Web Server Security Suite in CSE mode

1.Install the astra-digsig-oldkeys package, if not installed, using an OS installation disk.

2.Add the public key of the Doctor Web company to the directory /etc/digsig/keys/legacy/keys (if the directory is absent, create it):

# cp /opt/drweb.com/share/doc/digsig.gost.gpg /etc/digsig/keys/legacy/keys

3.Run the command:

# update-initramfs -k all -u

4.Restart the operating system.