Configuring the Launch in the CSE Mode (Astra Linux SE 1.6 and 1.7)

The OS Astra Linux SE supports a special closed software environment (CSE) mode. In the mode, applications can be launched only if their executable files are signed with the developer digital signature. The developer’s public key must be added to the OS list of trusted keys.

By default, Dr.Web for Linux components supplied for Astra Linux SE are signed with the Doctor Web digital signature and the public key for the signature is automatically added to the list of trusted keys during the application installation therefore Dr.Web for Linux should be launched correctly when activating CSE mode in Astra Linux SE 1.5 and earlier versions.

However, in Astra Linux SE 1.6, the signature mechanism has been changed. To launch Dr.Web for Linux in the CSE mode in Astra Linux SE 1.6 and 1.7, configure the OS.

Configuring Astra Linux SE 1.6 and 1.7 to Launch Dr.Web for Linux in the CSE Mode

1.Install the package astra-digsig-oldkeys using the OS installation disk if it is not installed yet.

2.Add the Doctor Web public key to the directory /etc/digsig/keys/legacy/keys (if the directory is absent, create it):

# cp /opt/drweb.com/share/doc/digsig.gost.gpg /etc/digsig/keys/legacy/keys

3.Execute the command:

# update-initramfs -k all -u

4.Reboot the operating system.