TOC & Recently Viewed

Recently Viewed Topics

Upgrade SecurityCenter

Note: A basic understanding of Linux is assumed throughout the installation, upgrade, and removal processes.

Caution: During the upgrade process, SecurityCenter produces a log file in a temporary location: /tmp/sc.install.log. Once the installation process finishes, the file is stored here: /opt/sc/admin/logs/install.log. Do not remove or modify these files; they are important for debugging in case of a failed upgrade.

To upgrade SecurityCenter 4.8.1 or later to SecurityCenter 5.6.0:

  1. Download the new RPM from the Tenable Support Portal to your SecurityCenter server.
  2. Confirm that no scans are in progress. If necessary, manually pause scans (you can resume them after the update).
  3. Prepare the upgrade command you intend to run:

    • Use rpm with the “-Uvh” switches from the command-line of the SecurityCenter server.
    • Use “sudo -i” when performing sudo upgrades of SecurityCenter to ensure the proper use of environmental variables

    For example:

    # rpm -Uvh SecurityCenter-5.5.0-es6.x86_64.rpm

    The upgrade begins. SecurityCenter is not available until the upgrade finishes.

    # rpm -Uvh SecurityCenter-5.5.0-es6.x86_64.rpm

    Preparing...                ########################################### [100%]

    Shutting down SecurityCenter services: [  OK  ]

    Backing up previous application files ... complete.

       1:SecurityCenter         ########################################### [100%]

     

    Applying database updates ... complete.

    Beginning data migration.

    Starting plugins database migration...complete.

    (1 of 4) Converting Repository 1 ...  complete.

    (2 of 4) Converting Repository 2 ...  complete.

    (3 of 4) Converting Repository 3 ...  complete.

    (4 of 4) Converting Repository 4 ...  complete.

    Migration complete.

    Starting SecurityCenter services: [  OK  ]

    ~]#

To upgrade custom SSL certificates:

After an upgrade of a SecurityCenter where custom Apache SSL certificates were in use prior to the upgrade they are backed up as part of the upgrade process. The existing custom SSL certificates are copied to the Apache configuration backup directory that is created during the upgrade in the /tmp/[version].apache.conf-######## directory. The exact name of the directory will vary, but is displayed during the upgrade process and is reported in the /opt/sc/admin/log/install.log file.

The commands to restore the custom SSL certificates are as follows:

# cp /tmp/[version].apache.conf-########/SecurityCenter.cert /opt/sc/support/conf/SecurityCenter.crt (Select yes to overwrite the existing file)

# cp /tmp/[version].apache.conf-########/SecurityCenter.pem /opt/sc/support/conf/SecurityCenter.key (Select yes to overwrite the existing file)

Caution: Ensure that the newly copied files have permissions of 0640 and ownership of tns:tns.

Modify the servername parameter in /opt/sc/support/conf/servername to match the Common Name (CN) of the SSL certificate. To obtain the CN run the following command and note the CN= portion of the result.

# /opt/sc/support/bin/openssl verify /opt/sc/support/conf/SecurityCenter.crt

Then edit the /opt/sc/support/conf/servername.conf file at the servername parameter to match your certificate’s CN value.

Once complete, restart the Apache server with one of the following commands:

# /opt/sc/support/bin/apachectl restart

-or-

# service SecurityCenter restart

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.