Before You Install

Note: A basic understanding of Linux is assumed throughout the installation, upgrade, and removal processes.

Understand Tenable.sc Licenses

Confirm your licenses are valid for your Tenable.sc deployment. Tenable.sc does not support an unlicensed demo mode.

For more information, see License Requirements.

Disable Default Web Servers

Tenable.sc provides its own Apache web server listening on port 443. If the installation target already has another web server or other service listening on port 443, you must disable that service on that port or configure Tenable.sc to use a different port after installation.

Identify which services, if any, are listening on port 443 by running the following command:

# ss -pan | grep ':443 '

Modify Security Settings

Tenable.sc supports disabled, permissive, and enforcing mode Security-Enhanced Linux (SELinux) policy configurations. For more information, see SELinux Requirements.

Perform Log File Rotation

The installation does not include a log rotate utility; however, the native Linux logrotate tool is supported post-installation. In most Red Hat environments, logrotate is installed by default. The following logs are rotated if the logrotate utility is installed:

  • All files in /opt/sc/support/logs matching *log
  • /opt/sc/admin/logs/sc-error.log

During an install/upgrade, the installer drops a file named SecurityCenter into /etc/logrotate.d/ that contains log rotate rules for the files mentioned above.

Log files are rotated on a monthly basis. This file is owned by root/root.

Allow Tenable Sites

To allow Tenable.sc to communicate with Tenable servers for product updates and plugin updates, Tenable recommends adding Tenable sites to an allow list at the perimeter firewall. For more information, see the knowledge base article.