Requirements

Before starting the installation process, make sure the Security Console’s host machine meets the following requirements.

System

Check our System Requirements page for details. Note the supported operating systems and browsers in particular. Also, you can run the Security Console and Scan Engine on a virtualized instance of any of our supported operating systems as long as they meet the system requirements.

Rapid7 recommends deployments with Ubuntu Linux.

Look familiar?

If you’re arriving here from the basic deployment plan, you’ll notice that we already considered some of this information.

Networking

The following network requirements must be configured to use the Security Console:

Host IP address

The IP address of your host machine must be statically assigned. You will use this address to access the Security Console’s web interface.

Ports

The Security Console communicates through these ports in order to perform the following tasks:

Port

Task

Direction

Destination

3780 (HTTPS protocol)

Web interface access to the Security Console

Inbound

Security Console

40814

Management of scan activity on Scan Engines and the retrieval of scan data

Outbound

Scan Engine

443

Allows the Security Console to download content and feature updates.

You must allow the server hosting Nexpose to make outbound connections to updates.rapid7.com on port 443. The Security Console connects to updates.rapid7.com regularly to check for new product versions (every 6 hours) and vulnerability/policy content (every 2 hours). With every connection, the console uploads a JSON file containing license and usage information that helps Rapid7 understand how Nexpose is being used. This upload does not contain any vulnerability assessment data from your assets or any other sensitive information on your environment.

You can see the contents of this JSON file yourself by running the generate statistics command in the command console.

Outbound

updates.rapid7.com

25, 465 (These ports are optional and feature-related)

If report distribution through an SMTP relay is enabled, the Security Console must be able to communicate through these channels to reach the relay server

Outbound

SMTP relay server

Programs and services

Several programs and services must be disabled for the Security Console to function. In general, the following services may interfere with network scanning and may also prevent checks from loading or executing:

  • Anti-virus / malware detectors
    • If disabling your anti-virus or malware detection software is not an option, make sure that you configure the software to bypass the Rapid7 installation directory on your Security Console host (the default location for this directory on Windows is C:\Program Files\Rapid7). This ensures that Nexpose can operate without interference from this kind of software.
  • Intrusion Detection Systems (IDS)
  • Personal firewalls
  • Executable blocking products
  • SELinux

How to Verify and Disable SELinux

If you intend to install the Security Console on a Linux host, you can verify whether or not SELinux is disabled, and take action to disable it if it isn't, with the following procedure:

  1. Check the status of SELinux by opening its configuration file using a text editor of your choice. Enter the following command in a terminal to do so:
 
1
vi /etc/selinux/config
  1. Navigate to the line beginning with SELINUX=. If the value of this line shows enforcing, you will need to make an edit to disable SELinux.
  2. To do so, modify the value of SELINUX= from enforcing to disabled:
 
1
SELINUX=disabled
  1. When finished, save and close the configuration file.
  2. Run the following command in your terminal to restart the Linux host so the changes can take effect:
 
1
shutdown -r now

Do you have what Nexpose needs?

You should now understand all the requirements for the Security Console and where you need to make any necessary adjustments. When you’re ready, let’s download an installer.