Before You Install

Note: A basic understanding of Linux is assumed throughout the installation, upgrade, and removal processes.

Check System Requirements

Before you begin the installation, ensure that the target system meets the hardware and software requirements for your specific deployment size. Failure to meet these requirements can lead to performance degradation or installation failure.

For more information, see Requirements.

Understand Tenable Security Center Licenses

Confirm your licenses are valid for your Tenable Security Center deployment. Tenable Security Center does not support an unlicensed demo mode.

For more information, see License Requirements.

Disable Default Web Servers

Tenable Security Center provides its own Apache web server listening on port 443. If the installation target already has another web server or other service listening on port 443, you must disable that service on that port or configure Tenable Security Center to use a different port after installation.

To identify which services are listening on port 443, run the following command:

# ss -pan | grep ':443 '

If there are any services listening on port 443, you must either disable them or configure them to use a different port.

Modify Security Settings

Tenable Security Center supports disabled, permissive, and enforcing mode Security-Enhanced Linux (SELinux) policy configurations.

For more information, see SELinux Requirements.

Perform Log File Rotation

The installation does not include a log rotate utility; however, the native Linux logrotate tool is supported post-installation. In most Red Hat environments, logrotate is installed by default. The following logs are rotated if the logrotate utility is installed:

  • All files in /opt/sc/support/logs matching *log

  • /opt/sc/admin/logs/sc-error.log

During an installation or upgrade, the installer adds a file named SecurityCenter to /etc/logrotate.d/ that contains log rotation rules for the files mentioned above. Log files are rotated on a monthly basis. This file is owned by root/root.

Allow Tenable Sites

To allow Tenable Security Center to communicate with Tenable servers for product and plugin updates, Tenable recommends adding Tenable sites to an allow list at your perimeter firewall.

For more information, see the knowledge base article.

Connect a PostgreSQL Server

You must configure an external PostgreSQL database if your Tenable Security Center installation meets any of the following criteria:

  • Your Tenable Security Center instance has over 100,000 assets.

  • Your Tenable Security Center instance is a non-rpm installation.

Before you install or upgrade Tenable Security Center, you must configure specific environment variables to connect the PostgreSQL server.

For more information, see Connect an External PostgreSQL Server.