Requirements
Before starting the installation process, make sure the Security Console’s host machine meets the following requirements.
System
Check our System Requirements page for details. Note the supported operating systems and browsers in particular. Also, you can run the Security Console and Scan Engine on a virtualized instance of any of our supported operating systems as long as they meet the system requirements.
Rapid7 recommends deployments with Ubuntu Linux.
Look familiar?
If you’re arriving here from the basic deployment plan, you’ll notice that we already considered some of this information.
Networking
The following network requirements must be configured to use the Security Console:
Host IP address
The IP address of your host machine must be statically assigned. You will use this address to access the Security Console’s web interface.
Ports
The Security Console communicates through these ports in order to perform the following tasks:
Port | Task | Direction | Destination |
---|---|---|---|
3780 (HTTPS protocol) | Web interface access to the Security Console | Inbound | Security Console |
40814 | Management of scan activity on Scan Engines and the retrieval of scan data | Outbound | Scan Engine |
443 | Allows the Security Console to download content and feature updates. | Outbound | updates.rapid7.com |
25, 465 (These ports are optional and feature-related) | If report distribution through an SMTP relay is enabled, the Security Console must be able to communicate through these channels to reach the relay server | Outbound | SMTP relay server |
Programs and services
Several programs and services must be disabled for the Security Console to function. In general, the following services may interfere with network scanning and may also prevent checks from loading or executing:
- Anti-virus / malware detectors
- If disabling your anti-virus or malware detection software is not an option, make sure that you configure the software to bypass the
Rapid7
installation directory on your Security Console host (the default location for this directory on Windows isC:\Program Files\Rapid7
). This ensures that Nexpose can operate without interference from this kind of software.
- If disabling your anti-virus or malware detection software is not an option, make sure that you configure the software to bypass the
- Intrusion Detection Systems (IDS)
- Personal firewalls
- Executable blocking products
- SELinux
How to Verify and Disable SELinux
If you intend to install the Security Console on a Linux host, you can verify whether or not SELinux is disabled, and take action to disable it if it isn't, with the following procedure:
- Check the status of SELinux by opening its configuration file using a text editor of your choice. Enter the following command in a terminal to do so:
1vi /etc/selinux/config
- Navigate to the line beginning with
SELINUX=
. If the value of this line showsenforcing
, you will need to make an edit to disable SELinux. - To do so, modify the value of
SELINUX=
fromenforcing
todisabled
:
1SELINUX=disabled
- When finished, save and close the configuration file.
- Run the following command in your terminal to restart the Linux host so the changes can take effect:
1shutdown -r now
Do you have what Nexpose needs?
You should now understand all the requirements for the Security Console and where you need to make any necessary adjustments. When you’re ready, let’s download an installer.