This quick start guide explains how to initially configure the Log Correlation Engine (LCE) server virtual machine (VM). There are two versions of the LCE VM available: one for Microsoft’s Hyper-V and the other for VMware platforms. When launched on either host type, the VM is configured and performs in the same manner. When the configuration is completed, the VM is in a nearly identical state as if the user created a CentOS 6.6 virtual machine with LCE server installed on it. Before proceeding, ensure that the LCE license key and code obtained from Tenable are available to configure the LCE server.
Launch VM and Set Password
Upon the initial launch of the VM, the only access to the VM is through the console interface. The initial login must be performed by the user “root” with the password of “AppVM” (without the quotes in both cases). After the initial login, the root user is forced to change the password. This must be a password that complies with the default CentOS password complexity rules. Enter the current password of “AppVM” followed by the new password. If the new password is acceptable, a prompt will appear to retype the password for confirmation. If it does not meet the complexity rules, you will be notified it is an unacceptable password and asked to type in a new password.
Set Hostname and Network Interface
After the password is successfully changed, enter a hostname for the VM. This must match the hostname provided to Tenable to acquire the LCE license key. When the hostname is entered, the network interface is configured via DHCP, SSH host keys are created, the SSH server is started, and the available IP addresses are displayed. Make a note of the IP address for use in configuring the LCE server.
At this point the available IP address(es) are displayed along with a message reading: Connect to the LCE Web Interface to finish LCE configuration.
Navigate to the DNS name or the IP address of the LCE server over port 8836 (https://<dns name or IP address>:8836>) in your preferred web browser to begin the LCE installation process.
For details on the LCE installation and configuration process, please refer to the LCE Quick Start Guide or the LCE Administration and User guide, both available from https://support.tenable.com.
The LCE Virtual Machine configuration is now complete. At this stage, it is operating as if CentOS 6.6 and LCE were installed by any other method. The only customizations made by Tenable are the initial configuration startup script, enabling access to the LCE ports through the firewall, and the file /etc/init/tty.override file to enable the number lock key on boot. This file may be removed if desired. Maintaining security updates via the yum update command or other method is solely the responsibility of the organization deploying and maintaining the LCE virtual machine.
Third Party License Declarations
The LCE Server Virtual Machine is built on a CentOS 6.6 Linux distribution and the use is bound by the CentOS Project end user license agreement (EULA):
CentOS-6 comes with no guarantees or warranties of any sorts, either written or implied.
The Distribution is released as GPL. Individual packages in the distribution come with their own licenses.
About Tenable Network Security
Tenable Network Security provides continuous network monitoring to identify vulnerabilities, reduce risk, and ensure compliance. Our family of products includes SecurityCenter Continuous View™, which provides the most comprehensive and integrated view of network health, and Nessus®, the global standard in detecting and assessing network data.
Tenable is relied upon by more than 24,000 organizations, including the entire U.S. Department of Defense and many of the world’s largest companies and governments. We offer customers peace of mind thanks to the largest install base, the best expertise, and the ability to identify their biggest threats and enable them to respond quickly.
For more information, please visit tenable.com.