System Requirements

Operating System Requirements

This version of Tenable Security Center is available for:

  • Red Hat Enterprise Linux 7 (RHEL 7), 64-bit

  • Red Hat Enterprise Linux 8 (RHEL 8), 64-bit

  • Red Hat Enterprise Linux 9 (RHEL 9), 64-bit

  • CentOS 7, 64-bit

  • Oracle Linux 8, 64-bit

  • Oracle Linux 9, 64-bit

SELinux Requirements

Tenable Security Center supports disabled, permissive, and enforcing mode Security-Enhanced Linux (SELinux) policy configurations.

Note: Tenable recommends testing your SELinux configurations before deploying on a live network.

Secure Environment Requirements

Tenable recommends adhering to security best practices, including:

  • Configure the operating system to ensure that security controls cannot be bypassed.

  • Configure the network to ensure that the Tenable Security Center system resides in a secure network segment that is not accessible from the Internet.

  • Configure network time synchronization to ensure that accurate time stamps are recorded in reports and log files.

    Note: The time zone is set automatically during the installation process with no user interaction. The time zone configured in php.ini must be synchronized with the system time zone in /etc/sysconfig/clock.

  • Configure access control to ensure that only authorized users have access to the operating system platform.

  • Monitor system resources to ensure that adequate disk space and memory are available, as described in Hardware Requirements. If system resources are exhausted, Tenable Security Center may not log audit data during system administrator troubleshooting or other activities. For more information about troubleshooting resource exhaustion, see General Tenable Security Center Troubleshooting.

For information about secure administration of a Red Hat installation, see the Red Hat Enterprise Linux Security Guide for your version.

Note: Even though the security concepts from this guide are written for RHEL 6, most of the concepts and methodologies apply to earlier versions of RHEL that are supported with Tenable Security Center.

Note: As with any application, the security and reliability of the installation is dependent on the environment that supports it. It is strongly recommended that organizations deploying Tenable Security Center have an established and applied IT management policy that covers system administration integrity, resource monitoring, physical security, and disaster recovery.

Dependencies

Note: Either OpenJDK or the Oracle Java JRE along with their accompanying dependencies must be installed on the system along with any additional Java installations removed for reporting to function properly.

Note: If you are running Tenable Security Center 5.20.0, you must upgrade pyTenable to version 1.4.2 or later.

Note: Tenable does not recommend forcing the installation without all required dependencies. If your version of Red Hat or CentOS is missing certain dependencies, it will cause problems that are not readily apparent with a wide variety of functions. Tenable Support has observed different types of failure modes for Tenable Security Center when dependencies are missing.

Note: To run Tenable Security Center 6.0.0, you must install binutils and initscripts. If you try to migrate from an earlier version of Tenable Security Center to Tenable Security Center 6.0.0 on a system that does not have binutils or initscripts installed, the migration will fail.

All dependencies must be installed on the system prior to installing the Tenable Security Center package. While they are not all required by the installation RPM file, some functionality of Tenable Security Center may not work properly if the packages are not installed.

Note: Tenable recommends using the latest stable production version of each package.

For a list of required packages, run the following command against the Tenable Security Center RPM file:

# yum deplist SecurityCenter-x.x.x-el6.x86_64.rpm

- or -

# dnf deplist SecurityCenter-x.x.x-el8.x86_64.rpm

To determine which version of a dependency is installed on your system, run the following command for each of the packages (replace “libtool” with the appropriate package):

# yum list installed | grep libtool

- or -

# dnf list installed | grep libtool

If one of the prerequisite packages is missing, it can be installed using the “yum” or “dnf” package managers. For example, install Java 1.8.0 with “yum” using the command below:

# yum -y install java-1.8.0-openjdk.x86_64

Tenable Security Center Communications and Directories

The following table summarizes the components’ primary directories and communication methods.

Note: Tenable Security Center does not support using symbolic links for /opt/sc/. You can use symbolic links within /opt/sc/ subdirectories if instructed by Tenable Security Center documentation or Tenable Support.

Tenable Security Center Directories

Installation Directory

/opt/sc

User Data

/opt/sc/orgs/<Organization Serial Number>

Repositories

/opt/sc/repositories/<Repository Number>

Admin Logs

/opt/sc/admin/logs/

Organization Logs

/opt/sc/orgs/<Organization Number>/logs/

Communication Interfaces

  • User Access — HTTPS

  • Feed Updates — Acquired over SSL from Tenable servers directly to Tenable Security Center or for offline installation. Plugin packages are secured via 4096-bit RSA digital signatures.

For more information, see Port Requirements.

For information about data encryption in Tenable Security Center, see Encryption Strength.