Security Center

Version

  • Linux Control Center = 2.10.5 or higher

  • Tenable Security Center Plus = 6.4.0 or higher

Requirements

  • Tenable Security Center Access Key and Secret Key

  • Tenable Security Center Plus with previously configured scans

  • Hosts in the LCC database previously configured

Overview

  • This guide provides information and step-by-step instructions for integrating Linux Control Center (LCC) with the Tenable Security Center vulnerability manager.

Objective

  • This integration allows you to run Tenable Security Center scans from the LCC and use the scan results to quickly and easily identify vulnerabilities on hosts managed by the LCC.

Integration Configuration

  1. To create the LCC connection with Tenable, access the menu on the left of the LCC and click on the Config option

  1. Click on Tenable

  1. Click on Tenable Security Center

  1. Click on the Create button

  1. Enter the data in the fields below;

  • Enter the name to identify the synchronization in the Name field.

  • Enter the Tenable Security Center URL in the URL field.

  • Enter the Access Key and Secret Key in their respective fields.

  1. Click Save

  1. After saving, click on the previously saved item to open the Tenable SC integration window.

  1. Click the Test Connection button to test the connection with Tenable Security Center.

  1. The Status will turn green to confirm that the connection was successful

Sync Assets

  1. Then, click on the HOSTS tab

  1. Click on the SYNC ASSETS button and wait for the LCC hosts to synchronize with the Tenable Security Center Hosts.

  1. After the Hosts are synchronized, click on the Repositories tab to define the repository to search for the scan results.

  1. Check the box for the desired repository in the Active column and click Save

Scan Execution

  1. After completing the Sync Assets step, the hosts will be listed on the screen.

  1. Then, click on the SCANS tab and click on Sync Scans

  1. Wait for the synchronization to finish, and you will be able to view the scans from Tenable Security Center.

  2. Click on Run for the desired scan.

Sync Results

  1. After the scan in Tenable Security Center is complete, open the integration item again and click on the Hosts tab.

  1. Click on Sync Results and wait for the scan results to synchronize with the LCC.

  1. After the Sync Results are complete, you will be able to obtain the risk indexes that Tenable Security Center makes available in the Risk column.

  1. To obtain the output of the Scan executed on the Hosts screen, access the menu on the left of the LCC and click on Hosts

  1. Click on the desired Host which will open the Host window.

  2. Click on Tenable Plugins.

  1. Click on the Tenable Plugins tab and you will be able to obtain the separate numbering of the plugins ID relating with AES, ACR, VPR, CVE ID, CVSS indexes, along with the suggested remediation provided by Tenable Security Center.

Schedules

  1. On the Tenable Security Center integration screen, click on the Schedule tab

  1. Click on Add Schedule

Test Connection: Performs a connection test with Tenable Security Center to validate the integration Sync Scans: Updates the list of scans available in Tenable Security Center on the LCC integration Scans screen Sync Assets: Updates the list of Tenable Security Center assets according to the LCC host database Launch Scan: Sends the command to run a desired scan in Tenable Security Center Sync Results: Synchronizes the results of the last scan run in Tenable Security Center with the hosts integrated in LCC.

  1. Then, define a name for the schedule in the Name field and choose one of the actions in the Action line

By default, the scheduling screen opens with the One Time option, to schedule a single execution at a specific hour, minute and date, as shown in the image below;

  1. By checking the Repeatedly box together with Minutes, you can run the action every X defined minutes.

  1. By checking the Repeatedly box together with Daily, you can run the action every day every X hours and X minutes.

  1. Check the Repeatedly box along with the Advanced box to choose the custom schedule, where you can choose the hour, minute, day of the week, day of the month and the desired month.

  1. After creating and saving a schedule, you can pause it if necessary by clicking Disable and monitor the status of whether it is enabled or not in the Active column.

  1. The Next Run column displays when the next run will be and the Last Run column displays when the last run was. The Count column counts how many times the schedule has been run.

  1. You can also delete a schedule by clicking the trash can icon next to the Disable/Enable button.

Vulnerability fix

Fix Plugin ID 153588 - Weak SSH ciphers

The LCC 7 Library has a script to change SSH encryption ciphers, configuring hosts to use stronger ciphers for SSH authentication.

To download and run this script, follow the steps below.

  1. Click 7 Library in the LCC left menu

  1. Click Sync Feed to update the 7 Library feed

  1. Click on the Config SSH Ciphers Algorithms script

  1. Click Download and the script will be saved in the LCC and will be available in the Scripts screen

  1. Click on Scripts in the left side menu.

  1. Click on the script that was downloaded.

  1. Click on User for Execution.

  1. Choose which user will run the script (We recommend using the lcc.local user to avoid failures due to lack of permission.)

  1. Click on Save

  1. Then, click on Workflow in the left menu of the LCC

  1. Click Create

  1. Enter a name for the Workflow in the Name field

  1. Click Start New Workflow.

  1. Click Actions and choose the Execute Custom Script option

  1. Define one or more Hosts in the Host field

  1. If you have a pre-configured group, choose it in the Target Group field

  1. Choose the Config SSH Ciphers Algorithms script.

  1. Click Create.

  1. Click Save to save the Workflow.

  1. After creating the Workflow, click the Actions button, then Run.

  1. Click AGREE to confirm the execution of the Workflow.

  1. Wait for the Workflow to finish executing.

  2. After the Workflow is successfully executed, run the Tenable Security Center scan again, according to step Scan Execution

  3. Run Sync Results, according to item 2 of the Sync Results topic

  4. Access the menu on the left of the LCC and click on Hosts

  1. Click on the desired Host that will open the Host window.

  2. Click on Tenable Plugins.

  1. Click on the Tenable Plugins tab and search for the number 153588 in the Search field

  1. We can see that the ID 153588 is no longer present in the Plugin ID column.

Last updated