Before starting the installation process, make sure the Security Console’s host machine meets the following requirements.
Check our System Requirements page for details. Note the supported operating systems and browsers in particular. Also, you can run the Security Console and Scan Engine on a virtualized instance of any of our supported operating systems as long as they meet the system requirements.
Rapid7 recommends deployments with Ubuntu Linux.
If you’re arriving here from the basic deployment plan, you’ll notice that we already considered some of this information.
The following network requirements must be configured to use the Security Console:
Host IP address
The IP address of your host machine must be statically assigned. You will use this address to access the Security Console’s web interface.
The Security Console communicates through these ports in order to perform the following tasks:
3780 (HTTPS protocol)
Web interface access to the Security Console
Management of scan activity on Scan Engines and the retrieval of scan data
Allows the Security Console to download S/MIME validated content and feature updates.
Upload of PGP-encrypted diagnostic information
25, 465 (These ports are optional and feature-related)
If report distribution through an SMTP relay is enabled, the Security Console must be able to communicate through these channels to reach the relay server
SMTP relay server
Don’t forget to opt into the Insight platform!
InsightVM’s platform-only features like Dashboards and Remediation Projects require some additional connectivity in order to function properly. See our communications page for detailed platform connectivity requirements.
Programs and services
Several programs and services must be disabled for the Security Console to function. In general, the following services may interfere with network scanning and may also prevent checks from loading or executing:
- Anti-virus / malware detectors
- Intrusion Detection Systems (IDS)
- Personal firewalls
- Executable blocking products
How to Verify and Disable SELinux
If you intend to install the Security Console on a Linux host, you can verify whether or not SELinux is disabled, and take action to disable it if it isn't, with the following procedure:
- Check the status of SELinux by opening its configuration file using a text editor of your choice. Enter the following command in a terminal to do so:
- Navigate to the line beginning with
SELINUX=. If the value of this line shows
enforcing, you will need to make an edit to disable SELinux.
- To do so, modify the value of
- When finished, save and close the configuration file.
- Run the following command in your terminal to restart the Linux host so the changes can take effect:
1shutdown -r now
Do you have what InsightVM needs?
You should now understand all the requirements for the Security Console and where you need to make any necessary adjustments. When you’re ready, let’s download an installer.