Install or Upgrade Security Monitoring
Overview
Follow the steps in this guide to install or upgrade or upgrade the NGINX Security Monitoring module.
Before You Begin
Security Considerations
To ensure that your NGINX Instance Manager deployment remains secure, follow the recommendations in this section:
- Install NGINX Instance Manager and its modules on a dedicated machine (bare metal, container, cloud, or VM).
- Make sure that no other services are running on the same machine.
- Make sure that the machine is not accessible from the Internet.
- Make sure that the machine is behind a firewall.
Installation Prerequisites
Important:
Before you can install this module, you need to have NGINX and ClickHouse installed on your system. Additionally, you will need to add the NGINX Instance Manager repository. The Prerequisites topic has detailed instructions on how to fulfill these requirements.
Dependencies with Instance Manager
The Security Monitoring module requires the following versions of NGINX Instance Manager to be installed on the management plane.
Note:
The Security Monitoring module doesn’t automatically install or upgrade NGINX Instance Manager. You’ll need to manually install or upgrade NGINX Instance Manager to a supported version.
Security Monitoring | Instance Manager |
---|---|
1.7.1 | 2.14.1–2.18.0 |
1.7.0 | 2.14.0 |
1.6.0 | 2.12.0–2.13.0 |
1.5.0 | 2.11.0 |
1.4.0 | 2.10.0–2.10.1 |
1.3.0 | 2.9.0 |
1.2.0 | 2.8.0 |
1.1.0 | 2.7.0 |
1.0.0 | 2.6.0 |
Install Security Monitoring
-
To install the latest version of the Security Monitoring module, run the following command:
sudo yum -y install nms-sm
-
To install the latest version of the Security Monitoring module, run the following commands:
sudo apt-get update sudo apt-get install -y nms-sm
-
Restart the F5 NGINX Instance Manager services:
sudo systemctl restart nms
NGINX Instance Manager components started this way run by default as the non-root
nms
user inside thenms
group, both of which are created during installation. -
Restart the NGINX web server:
sudo systemctl restart nginx
-
If running Security Monitoring v1.7.0 or higher, start the module:
sudo systemctl start nms-sm
Accessing the Web Interface
To access the NGINX Instance Manager web interface, open a web browser and go to https://<NMS_FQDN>
, replacing <NMS_FQDN>
with the Fully Qualified Domain Name of your NGINX Instance Manager host.
The default administrator username is admin
, and the generated password was displayed in the terminal during installation. If you’d like to change this password, refer to the “Set or Change User Passwords section in the Basic Authentication topic.
Add License
A valid license is required to make full use of all the features in Security Monitoring module.
Refer to the Add a License topic for instructions on how to download and apply a trial license, subscription license, or Flexible Consumption Program license.
Upgrade Security Monitoring
Instance Manager Dependency
The upgrade process for Security Monitoring does not automatically upgrade Instance Manager, which is a package dependency. To ensure compatibility with Security Monitoring, you will need to manually upgrade Instance Manager to a version supported by Security Monitoring. For specific version dependencies between Security Monitoring and Instance Manager, refer to the Security Monitoring release notes.
-
To upgrade to the latest version of Security Monitoring, run the following command:
sudo yum update -y nms-sm
-
To upgrade to the latest version of the Security Monitoring, run the following command:
sudo apt-get update sudo apt-get install -y --only-upgrade nms-sm
-
Restart the NGINX Instance Manager platform services:
sudo systemctl restart nms
NGINX Instance Manager components started this way run by default as the non-root
nms
user inside thenms
group, both of which are created during installation. -
Restart the NGINX web server:
sudo systemctl restart nginx
-
If running Security Monitoring v1.7.0 or higher, start the module:
sudo systemctl start nms-sm
-
(Optional) If you use SELinux, follow the steps in the Configure SELinux guide to restore the default SELinux labels (
restorecon
) for the files and directories related to NGINX Instance Manager.
What’s Next
Set Up Data Plane
To set up your NGINX App Protect WAF data plane instances for use with Security Monitoring, refer to the following instructions: