TOC & Recently Viewed

Recently Viewed Topics

Software Requirements

Supported Operating Systems

SecurityCenter 5 is available for Red Hat Enterprise Server 5 (64-bit), 6 (64-bit), and 7 (64-bit) and CentOS 5 (64-bit) and 6 (64-bit). SELinux policy configuration is supported by Tenable in a “Permissive” mode. See the section labeled “Modify Security Settings” for more information.

Note: Other SELinux modes are known to work, but the required configuration varies based on policies and custom configurations that may be in place on-site. It is strongly recommended that SELinux implementation configurations are tested prior to deployment on a live network.

Supported Platforms

The SecurityCenter user interface uses HTML5 and is best-experienced using at least the minimum version specified of the following browsers:

  • Internet Explorer 10
  • Firefox 32
  • Chrome 37
  • Safari 7.1

IT Environment Requirements

Virtualized Environments

SecurityCenter is well suited to virtual platforms and comes prepackaged along with Nessus and PVS on the Tenable Appliance Virtual Machine image. Multiple VM images may be deployed on the network to support multiple products. Because of the unique performance considerations with virtualized platforms, please consult your VM software vendor for recommendations, as VMs typically see some loss in efficiency compared with dedicated servers.

Securing the Environment

It is assumed that organizations have the appropriate skill-set required to maintain the operating system environment in a secure manner and that they are configured and maintained with the following conditions:

  • The operating system must be configured in a secure manner to ensure that security controls cannot be bypassed.
  • The network must be configured to ensure that the SecurityCenter system resides in a secure network segment that is not accessible from the Internet.
  • Network time synchronization must be enabled to ensure that accurate time stamps are recorded in reports and log files.

    Note: The time zone is set automatically during the installation process with no user interaction. If steps are required for manual time zone configuration, please refer to the following KB article: https://support.tenable.com/support-center/index.php?x=&mod_id=2&root=92&id=444. Important: The time zone configured in php.ini must be synchronized with the system time zone in /etc/sysconfig/clock.

  • Access control mechanisms must be in place to ensure that only authorized users have access to the OS platform.

Of particular importance is the requirement to monitor system resources to ensure that adequate disk space and memory are available. If system resources are exhausted, there is a risk that audit data could be prevented from being logged due to the system becoming dysfunctional. Refer to the “Troubleshooting” section of the SecurityCenter 5 Administration Guide for information on how system administrators can recover the system should SecurityCenter become inoperative due to resource exhaustion. During recovery processes, actions by the system administrator may not be logged by SecurityCenter until sufficient resources have been made available.

The following resource provides details for secure administration of a Red Hat installation:

Note: Even though the security concepts from this guide are written for RHEL 6, most of the concepts and methodologies apply to earlier versions of RHEL that are supported with SecurityCenter.

Note: As with any application, the security and reliability of the installation is dependent on the environment that supports it. It is strongly recommended that organizations deploying SecurityCenter have an established and applied IT management policy that covers system administration integrity, resource monitoring, physical security, and disaster recovery.

Dependencies

Note: Either OpenJDK or the Oracle Java JRE along with their accompanying dependencies must be installed on the system along with any additional Java installations removed for reporting to function properly.

Note: Although it is possible to force the installation without all required dependencies, if your version of Red Hat or CentOS is missing certain dependencies, this will cause problems that are not readily apparent with a wide variety of functions. Tenable’s Support team has observed different types of failure modes for SecurityCenter when dependencies to the installation RPM are missing. If you require assistance or guidance in obtaining these dependencies, please contact our Support team at support@tenable.com

The following programs must be installed on the system prior to installing the SecurityCenter package. While they are not all required by the installation RPM file, some functionality of SecurityCenter may not work properly if the packages are not installed. The packages listed below are among those that are most often not installed by default:

  • java-1.7.0-openjdk (or later) (or the latest Oracle Java JRE)
  • openssh
  • expat
  • gdbm
  • libtool
  • libtool-ltdl
  • libxml2
  • ncurses
  • readline
  • compat-libstdc++
  • libxslt

Note: Using the latest stable production version of each package is recommended.

For a list of required packages, run the following command against the SecurityCenter RPM file:

# rpm –qp SecurityCenter-5.x.x-es6.x86_64.rpm --requires

To determine which version of a dependency is installed on your system, run the following command for each of the packages (replace “libtool” with the appropriate package):

# rpm –qa | grep libtool

If one of the prerequisite packages is missing, it can be installed using the “yum” or “rpm” package managers. For example, install Java 1.7.0 with “yum” using the command below:

# yum -y install java-1.7.0-openjdk.x86_64

SecurityCenter Communications and Repositories

The following table summarizes the components’ primary repositories and communication methods.

Table 2 – Repositories and Communication Methods

SecurityCenter

Installation Directory

/opt/sc

User Data

/opt/sc/orgs/<Organization Serial Number>

Repositories

/opt/sc/repositories/<Repository Number>

Admin Logs

/opt/sc/admin/logs/

Organization Logs

/opt/sc/orgs/<Organization Number>/logs/

Communication Interfaces

User Access: HTTPS

 

Feed Updates:

Acquired over SSL from Tenable servers directly to SecurityCenter or for offline installation. Plugin packages are secured via 4096-bit RSA digital signatures.

Tenable Applications

The following table lists the minimum software versions of Tenable products that work with SecurityCenter 5.

Table 3 – SecurityCenter 5.1 Product Compatibility

Product

Minimum Version

Nessus

6.3.6 (For Active Scans)

Nessus Manager

6.5.3 (For Agent Scans)

LCE

4.2

PVS

4.x

SecurityCenter (remote/offline repository*)

5.x

3D Tool

2.x

 

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.