Recently Viewed Topics
Before You Install
Note: A basic understanding of Linux is assumed throughout the installation, upgrade, and removal processes.
Understand SecurityCenter Licenses
Confirm your licenses are valid for your SecurityCenter deployment. SecurityCenter does not support an unlicensed demo mode – a license key is required.
SecurityCenter licenses are valid for a specific hostname and for a maximum number of discovered, active IP addresses. For example, if you purchase a 500 IP SecurityCenter license for a SecurityCenter with the hostname security, the license key allows you to scan several networks but you cannot discover more than 500 IP addresses.
Tip: To obtain the hostname of the machine where SecurityCenter will be installed, type the hostname command at the shell prompt.
SecurityCenter generates a warning in the web interface when you approach or exceed the license limit. Contact Tenable Sales for an expanded license key.
Offline repositories are not counted towards the IP license count. Additionally, the following plugins (listed by ID) are not counted towards the license IP count when scanned using the Ping Host port scanner:
- Nessus plugin IDs: 10180, 10287, 10335, 11219, 11933, 11936, 12053, 14272, 14274, 19506, 22964, 33812, 33813, 34220, 34277, 45590, and 54615
- NNM plugin IDs: 00003 and 00012
- LCE plugin IDs: 800000 through 800099
Note: Using other port scanners will cause the detected IPs to be counted against the license.
You configure your SecurityCenter licenses during Quick Start, as described in Quick Setup.
Disable Default Web Servers
SecurityCenter provides its own Apache web server listening on port 443. If the installation target already has another web server or other service listening on port 443, you must disable that service on that port or configure SecurityCenter to use a different port after installation.
Identify which services, if any, are listening on port 443 by running the following command:
# ss -pan | grep ':443 '
Modify Security Settings
The default Red Hat firewall settings cause issues with SecurityCenter’s web services. To alleviate this, set SELinux to Disabled in Enforcing mode or to Enabled in Permissive mode.
To disable SELinux in Enforcing mode:
- Navigate to: /etc/selinux.
- Edit the
- Change the SELINUX line from
- Save the file.
- Reboot the system.
- Confirm the following incoming services are permitted by the firewall rules:
- SSH (port 22 by default)
- HTTPS (port 443 by default)
RHEL 6, RHEL 7/CentOS 6, CentOS 7 - the local firewall may be disabled upon install and the user should re-enable it with the appropriate access information
- Confirm the following ports are open for SecurityCenter to communicate with other Tenable products:
- NNM (port 8835 by default)
- Nessus (port 8834 by default)
- Log Correlation Engine (port 1243 by default)
Note: Please consult local security and best practices within your environment for the proper usage and configuration of SELinux. SecurityCenter is known to work with SELinux in Enforcing mode with some customization of the SELinux rules. However, permitted rules vary from organization to organization.
Perform Log File Rotation
The installation does not include a log rotate utility; however, the native Linux
logrotate tool is supported post-installation. In most Red Hat environments,
logrotate is installed by default. The following logs are rotated if the
logrotate utility is installed:
- All files in
/opt/sc/support/logs matching *log
During an install/upgrade, the installer drops a file named SecurityCenter into
/etc/logrotate.d/ that contains log rotate rules for the files mentioned above.
Log files are rotated on a monthly basis. This file is owned by
Obtain the Installation Package
The installer comes in a number of versions based on OS level and architecture:
- or -
Depending on the OS of the host, you may also need to move the installer to it using your preferred file transfer tool.