You are here: Install > Upgrading SecurityCenter

Upgrading SecurityCenter

Note: A basic understanding of Linux is assumed throughout the installation, upgrade, and removal processes.

To perform an upgrade, download the new RPM to your current SecurityCenter server from the Tenable Support Portal. Within SecurityCenter, wait for any in-progress scans to finish or manually pause them (scans are held in a state where they can be resumed at any point). Once the upgrade process has begun, normal usage of SecurityCenter will not be available until after the completion of the process.

Important Prerequisites

It is important to ensure that the following conditions are met prior to beginning the upgrade process.

SecurityCenter Version

SecurityCenter 5.2 upgrades require that the SecurityCenter currently be running version 4.8.1, 4.8.2, or 5.0.0.1 and greater.

Java Version

If the Oracle Java JRE or OpenJDK is not installed, the following warning is displayed:

[WARNING] SecurityCenter has determined that Oracle Java JRE and OpenJDK is not installed. One of two must be installed for SecurityCenter reporting to function properly.

Remove any existing non-compatible versions and install the latest version of either of these software packages before running any reports.

Halt or Complete Running Jobs

The SecurityCenter processes do not need to be stopped manually prior to the upgrade, but is recommended. However, if any jobs are currently running on SecurityCenter (e.g., Nessus scans), the following message is displayed along with the related process names and their PIDs:

“SecurityCenter has determined that the following jobs are still running. Please wait a few minutes before performing the upgrade again. This will allow the running jobs to complete their tasks”

Either stop the processes manually or try the upgrade again after the jobs complete.

Perform Backup

Prior to upgrading, it is recommended that the /opt/sc4 or /opt/sc directory (as appropriate) be backed up to a separate location. After stopping the SecurityCenter services, run the following command from a directory outside of /opt/sc4 or /opt/sc (such as / or /home) to create the backup:

# tar -pzcf sc_backup.tar.gz /opt/sc4

# tar -pzcf sc_backup.tar.gz /opt/sc

After running this backup command, move the sc_backup.tar.gz file to a different location if the backup leaves too little space to perform the upgrade.

Maintain Installation Log

During the upgrade process, SecurityCenter will produce the log file /tmp/sc.install.log. This file is important for debugging purposes and should not be removed. Once the upgrade process is complete, the file will be moved to /opt/sc/admin/logs/install.log.

Renaming Mount Point

If the existing /opt/sc4 or /opt/sc directory is or contains a mount point to another location it must be updated. During the rpm upgrade process, a message will be displayed with information about the discovered mount point and instruct you to contact Tenable Support for a mount point tool to help identify and migrate your mount points for the upgrade to continue.

CoSign Authentication

The use of CoSign as an authentication method is not supported in SecurityCenter 5. If the existing SecurityCenter 4 installation uses CoSign servers for authentication, the authentication method must be changed to a supported method prior to performing the upgrade.

SecurityCenter 4.8.1 or Higher to 5.3 Upgrade

Command Line Upgrades

To upgrade from a supported version of SecurityCenter to SecurityCenter 5.3.0, use rpm with the “-Uvh” switches from the command-line of the SecurityCenter server. Use “sudo -i” when performing sudo upgrades of SecurityCenter to ensure the proper use of environmental variables. Upgrade SecurityCenter using a command similar to the following:

# rpm -Uvh SecurityCenter-5.3.0-es6.x86_64.rpm

# rpm -uvh SecurityCenter-5.3.0-es6.x86_64.rpm

Preparing...                ########################################### [100%]

Shutting down SecurityCenter services: [  OK  ]

Backing up previous application files ... complete.

   1:SecurityCenter         ########################################### [100%]

 

Applying database updates ... complete.

Beginning data migration.

Starting plugins database migration...complete.

(1 of 4) Converting Repository 1 ...  complete.

(2 of 4) Converting Repository 2 ...  complete.

(3 of 4) Converting Repository 3 ...  complete.

(4 of 4) Converting Repository 4 ...  complete.

Migration complete.

Starting SecurityCenter services: [  OK  ]

~]#

Upgrading Custom SSL Certificates

After an upgrade of a SecurityCenter where custom Apache SSL certificates were in use prior to the upgrade they are backed up as part of the upgrade process. The existing custom SSL certificates are copied to the Apache configuration backup directory that is created during the upgrade in the /tmp/[version].apache.conf-######## directory. The exact name of the directory will vary, but is displayed during the upgrade process and is reported in the /opt/sc/admin/log/install.log file.

The commands to restore the custom SSL certificates are as follows:

# cp /tmp/[version].apache.conf-########/SecurityCenter.cert /opt/sc/support/conf/SecurityCenter.crt (Select yes to overwrite the existing file)

# cp /tmp/[version].apache.conf-########/SecurityCenter.pem /opt/sc/support/conf/SecurityCenter.key (Select yes to overwrite the existing file)

Caution: Ensure that the newly copied files have permissions of 0640 and ownership of tns:tns.

Modify the servername parameter in /opt/sc/support/conf/servername to match the Common Name (CN) of the SSL certificate. To obtain the CN run the following command and note the CN= portion of the result.

# /opt/sc/support/bin/openssl verify /opt/sc/support/conf/SecurityCenter.crt

Then edit the /opt/sc/support/conf/servername.conf file at the servername parameter to match your certificate’s CN value.

Once complete, restart the Apache server with one of the following commands:

# /opt/sc/support/bin/apachectl restart

-or-

# service SecurityCenter restart

Copyright © 2016. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of Tenable Network Security, Inc. SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.