Use /dev/random for Random Number Data Generation

Required User Role: Root user

If your organization requires Tenable Security Center Director to use /dev/random instead of /dev/urandom to generate random number data for secure communication functions, modify the random data source using an environment variable.

Unlike /dev/urandom, /dev/random blocks HTTPS and SSL/TLS functions if there is not enough entropy to perform the functions. The functions resume after the system generates enough entropy.

Note: If /dev/random blocks during an installation or upgrade, the system waits up to 10 minutes for more entropy to be generated before halting the operation.

Tenable does not recommend using /dev/random unless required by your organization.

To use /dev/random for random number data generation in Tenable Security Center Director:

1. Log in to Tenable Security Center Director via the command line interface (CLI).

2. In the CLI in Tenable Security Center Director, run the following command:

   export TSC_ENTROPY_CHECK=true

   Tenable Security Center Director recognizes the environment variable and uses /dev/random.

What to do next:

• Install or upgrade Tenable Security Center Director in order for your changes to take effect, as described in Install Tenable Security Center Director or Upgrade Tenable Security Center Director.