OS Compatibility & Prerequisites

OS Server OS Compatibility

MinusNow application server and database server support the following operating systems.

Operating System	Version	Architecture	App Server	DB Server	Status
Ubuntu	22.04 LTS, 24.04 LTS	x86_64 / ARM64	Supported	Supported	Recommended
Debian	11 (Bullseye), 12 (Bookworm)	x86_64 / ARM64	Supported	Supported	Supported
RHEL	8.x, 9.x	x86_64	Supported	Supported	Supported
CentOS Stream	8, 9	x86_64	Supported	Supported	Supported
Rocky Linux	8.x, 9.x	x86_64	Supported	Supported	Supported
AlmaLinux	8.x, 9.x	x86_64	Supported	Supported	Supported
Amazon Linux	2, 2023	x86_64 / ARM64	Supported	Supported	Supported
SUSE SLES	15 SP4+	x86_64	Supported	Limited	Supported
Oracle Linux	8.x, 9.x	x86_64	Supported	Supported	Supported
Windows Server	2019, 2022	x86_64	Supported	Supported	Supported
Windows Server Core	2019, 2022	x86_64	Supported	N/A	Supported

Note

Ubuntu 22.04 LTS on x86_64 is the recommended platform for production deployments. ARM64 support is available for containerized deployments on AWS Graviton and Apple Silicon.

AG Agent OS Compatibility

MinusNow lightweight agent for monitoring, autohealing, capacity scanning, and vulnerability assessment.

Operating System	Version	Architecture	Monitoring	Autohealing	Vuln Scan
Ubuntu	18.04+	x86_64 / ARM64	Yes	Yes	Yes
Debian	10+	x86_64 / ARM64	Yes	Yes	Yes
RHEL / CentOS	7+	x86_64	Yes	Yes	Yes
Rocky / AlmaLinux	8+	x86_64	Yes	Yes	Yes
Amazon Linux	2, 2023	x86_64 / ARM64	Yes	Yes	Yes
SUSE SLES	15+	x86_64	Yes	Limited	Yes
Oracle Linux	7+	x86_64	Yes	Yes	Yes
Windows Server	2012 R2+	x86_64	Yes	Yes	Yes
Windows 10/11	1809+	x86_64	Yes	Limited	Yes
macOS	12 Monterey+	x86_64 / ARM64	Yes	N/A	Limited

Agent Requirements

Agent binary size: ~12 MB. Memory footprint: ~25-40 MB. CPU usage: <1% under normal operation. Self-updating with zero downtime.

BR Browser Support

MinusNow web portal and dashboards support the following browsers.

Browser	Minimum Version	Status
Google Chrome	100+	Recommended
Microsoft Edge	100+ (Chromium)	Supported
Mozilla Firefox	100+	Supported
Safari	16+	Supported
Opera	90+	Supported
Internet Explorer	Any	Not Supported

HW Hardware Requirements

Minimum and recommended specifications for different deployment tiers.

Application Server

Tier	Users	vCPUs	RAM	Disk	Network
Starter	Up to 50	2 cores	4 GB	40 GB SSD	100 Mbps
Standard	50-500	4 cores	8 GB	80 GB SSD	1 Gbps
Enterprise	500-5,000	8 cores	16 GB	200 GB SSD	1 Gbps
Large-Scale	5,000+	16+ cores	32+ GB	500+ GB NVMe	10 Gbps

Database Server

Tier	CIs / Assets	vCPUs	RAM	Disk	IOPS
Starter	Up to 1,000	2 cores	4 GB	60 GB SSD	3,000
Standard	1K-10K	4 cores	8 GB	150 GB SSD	6,000
Enterprise	10K-100K	8 cores	32 GB	500 GB NVMe	16,000
Large-Scale	100K+	16+ cores	64+ GB	1+ TB NVMe	64,000+

SW Software Prerequisites

Software dependencies that must be installed before deploying the MinusNow platform.

Application Server

Node.js Runtime

VersionNode.js 20 LTS or 22 LTS
Package Managernpm 10+ (bundled with Node.js)
Installcurl -fsSL https://deb.nodesource.com/setup_20.x | sudo bash -

Python Runtime

VersionPython 3.10+ (for AI/ML modules)
Packagespip, venv, wheel
PurposeAI chatbot, RCA forensics, ML pipelines

System Packages

Build Toolsgcc, g++, make, autoconf
Librarieslibssl-dev, libffi-dev, zlib1g-dev
Utilitiescurl, wget, git, unzip, jq

Container Runtime (Optional)

DockerDocker Engine 24+ or Docker Desktop
ComposeDocker Compose v2.20+
KubernetesK8s 1.28+ (for HA deployments)

Quick Install (Ubuntu 22.04)

# Update system packages
sudo apt update && sudo apt upgrade -y

# Install system dependencies
sudo apt install -y curl wget git unzip jq build-essential libssl-dev libffi-dev

# Install Node.js 20 LTS
curl -fsSL https://deb.nodesource.com/setup_20.x | sudo bash -
sudo apt install -y nodejs

# Install Python 3.10+
sudo apt install -y python3 python3-pip python3-venv

# Verify installations
node --version    # Should print v20.x.x
npm --version     # Should print 10.x.x
python3 --version # Should print 3.10+

Quick Install (RHEL 9 / Rocky 9)

# Update system
sudo dnf update -y

# Install system dependencies
sudo dnf install -y curl wget git unzip jq gcc gcc-c++ make openssl-devel libffi-devel

# Install Node.js 20 LTS
curl -fsSL https://rpm.nodesource.com/setup_20.x | sudo bash -
sudo dnf install -y nodejs

# Install Python 3
sudo dnf install -y python3 python3-pip python3-devel

# Verify
node --version && npm --version && python3 --version

Quick Install (Windows Server 2022)

# Run PowerShell as Administrator

# Install Chocolatey package manager
Set-ExecutionPolicy Bypass -Scope Process -Force
iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))

# Install prerequisites
choco install nodejs-lts python3 git curl jq -y

# Verify installations
node --version
npm --version
python --version

DB Database Requirements

MinusNow uses PostgreSQL as the primary database with optional Redis for caching and session management.

Component	Supported Versions	Purpose	Required
PostgreSQL	14, 15, 16 (recommended)	Primary database for all platform data	Required
Redis	7.0+	Session cache, pub/sub, real-time events	Recommended
SQLite	3.35+	Single-node / development only	Dev Only

PostgreSQL Configuration

max_connections200 (Standard) / 500 (Enterprise)
shared_buffers25% of available RAM
effective_cache_size75% of available RAM
work_mem64 MB
wal_levelreplica (for HA setups)
SSLEnabled for production

Database User Setup

-- Create dedicated database & user
CREATE USER minusnow WITH PASSWORD 'secure_password';
CREATE DATABASE minusnow_db OWNER minusnow;

-- Grant privileges
GRANT ALL PRIVILEGES ON DATABASE minusnow_db TO minusnow;

-- Enable extensions (connect to minusnow_db first)
\c minusnow_db
CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
CREATE EXTENSION IF NOT EXISTS "pg_trgm";

NW Network & Firewall Requirements

Required ports and network configuration for MinusNow platform communication.

Port	Protocol	Direction	Service	Description
443	TCP	Inbound	HTTPS	Web UI and API access (TLS required)
80	TCP	Inbound	HTTP	Redirect to HTTPS (optional)
5000	TCP	Internal	App Server	Application server port (behind reverse proxy)
5432	TCP	Internal	PostgreSQL	Database connections (app → DB only)
6379	TCP	Internal	Redis	Cache and session store
8443	TCP	Inbound	Agent API	Agent check-in and telemetry endpoint
9090	TCP	Internal	Metrics	Prometheus metrics exporter
514	UDP/TCP	Inbound	Syslog	Log ingestion from network devices
162	UDP	Inbound	SNMP Traps	SNMP trap receiver for monitoring

Security

Never expose ports 5000, 5432, 6379, or 9090 to the public internet. Use a reverse proxy (Nginx/Caddy) for TLS termination. All agent ↔ server communication is encrypted with mTLS.

PM User & Permission Requirements

Required OS-level users and permissions for application server, database, and agent components.

Application Server User

Userminusnow (non-root, dedicated)
Shell/bin/bash
Home Dir/opt/minusnow
SudoNot required for normal operation
File AccessRead/write to /opt/minusnow, /var/log/minusnow

# Create application user
sudo useradd -r -m -d /opt/minusnow -s /bin/bash minusnow
sudo mkdir -p /var/log/minusnow
sudo chown minusnow:minusnow /var/log/minusnow

Agent User

Usermnow-agent (dedicated service account)
SudoRequired for autohealing module
Sudoers EntryScoped to specific commands only
Groupsmnow-agent, systemd-journal

# Create agent user with controlled sudo
sudo useradd -r -s /usr/sbin/nologin mnow-agent
echo "mnow-agent ALL=(ALL) NOPASSWD: \
  /bin/systemctl restart *, \
  /bin/systemctl start *, \
  /bin/systemctl stop *, \
  /usr/bin/apt, \
  /usr/bin/yum, \
  /usr/bin/dnf, \
  /usr/sbin/reboot" \
  | sudo tee /etc/sudoers.d/mnow-agent

Autohealing Requirement

The mnow-agent user requires sudo access for autohealing actions (service restarts, package updates, disk cleanup). Without sudo, autohealing will operate in recommendation-only mode. The sudoers file is scoped to specific commands for security.

Windows Agent Permissions

Service AccountNT SERVICE\MinusNowAgent or domain service account
Admin RightsLocal Administrator required for autohealing & patch management
WMI AccessRequired for hardware inventory & monitoring
Event LogRead access to Application, System, and Security event logs
PowerShellExecution policy: RemoteSigned minimum

MU Module-Specific User & Account Requirements

Detailed breakdown of service accounts, permissions, and operational processes required for each MinusNow module. Each module may share the base mnow-agent user or require dedicated service accounts depending on your security policy.

Service Account Summary

Module	# of Accounts	Linux User(s)	Windows User(s)	Sudo / Admin	Key Permissions
Autohealing	1	`mnow-agent`	`NT SERVICE\MinusNowAgent`	Yes (scoped)	Service restart, package install, disk cleanup, reboot
Monitoring & Metrics	1	`mnow-agent`	`NT SERVICE\MinusNowAgent`	No	Read /proc, /sys, WMI, process list, network stats
Vulnerability & Patching	1–2	`mnow-agent`, `mnow-patch` (optional)	`NT SERVICE\MinusNowPatch` (optional)	Yes (scoped)	Package manager, CVE scan, kernel info, patch apply
RCA & Forensic Logs	1	`mnow-agent`	`NT SERVICE\MinusNowAgent`	No (read only)	Read syslog, journal, app logs, DB logs, event logs
CMDB & Inventory	1	`mnow-agent`	`NT SERVICE\MinusNowAgent`	No (read only)	Hardware enumeration, network interfaces, installed software

Minimum Deployment

For most deployments, a single mnow-agent service account handles all modules. Dedicated accounts (e.g., mnow-patch) are optional and recommended only in high-security environments that enforce per-function identity separation.

1. Autohealing Module

Linux — User & Permissions

Service Usermnow-agent (shared agent user)
Sudo RequiredYes — scoped to specific commands
Groupsmnow-agent, systemd-journal
CapabilitiesService restart/start/stop, package install/update, disk cleanup (tmpwatch, journalctl --vacuum), scheduled reboot

# Sudoers for autohealing (Linux)
mnow-agent ALL=(ALL) NOPASSWD: \
  /bin/systemctl restart *, \
  /bin/systemctl start *, \
  /bin/systemctl stop *, \
  /usr/bin/apt install -y *, \
  /usr/bin/apt upgrade -y, \
  /usr/bin/yum install -y *, \
  /usr/bin/yum update -y, \
  /usr/bin/dnf install -y *, \
  /usr/sbin/reboot, \
  /usr/bin/journalctl --vacuum-size=*, \
  /usr/bin/find /tmp -type f -mtime +7 -delete

Windows — User & Permissions

Service AccountNT SERVICE\MinusNowAgent or domain MSA
Local AdminRequired for service control and patch operations
CapabilitiesRestart-Service, Start/Stop-Service, WSUS/WU patch apply, Disk Cleanup, scheduled reboot

# Grant minimal autohealing permissions (PowerShell)
$svc = "MinusNowAgent"
sc.exe sdset $svc "D:(A;;RPWPDTRC;;;SY)(A;;CCLCSWRPWPDTLOCRRC;;;BA)"

# Or add to local Administrators group
Add-LocalGroupMember -Group "Administrators" `
  -Member "NT SERVICE\MinusNowAgent"

Autohealing Process Flow

The autohealing engine continuously monitors system health and executes remediation runbooks when thresholds are breached:

Detection — Agent detects anomaly (high CPU, disk full, service down, OOM) via polling or event subscription
Correlation — Event is correlated with ITSM incident rules; if auto-heal is enabled for the category, a runbook is selected
Approval Gate — For critical actions (reboot, package install), an optional approval workflow is triggered
Execution — Agent executes the runbook using mnow-agent sudo privileges (Linux) or admin context (Windows)
Verification — Post-action health check confirms resolution; incident is auto-closed or escalated if unresolved
Audit Trail — Every action, command, and output is logged to the audit ledger with immutable timestamps

Without Sudo Access

If mnow-agent does not have sudo, autohealing operates in recommendation-only mode: incidents are created with suggested remediation commands, but execution requires manual intervention by a privileged operator.

2. Monitoring & Metric Collection

Linux — User & Permissions

Service Usermnow-agent (shared)
Sudo RequiredNo — read-only access is sufficient
Groupsmnow-agent, systemd-journal, docker (if container monitoring)
Read Access/proc, /sys, /var/log, /etc/os-release

# Ensure agent can read system metrics
sudo usermod -aG systemd-journal mnow-agent
# For Docker container monitoring (optional)
sudo usermod -aG docker mnow-agent

Windows — User & Permissions

Service AccountNT SERVICE\MinusNowAgent
Admin RightsNot required for basic metrics
WMI AccessRequired — add to WMI Users group
Perf CountersAdd to Performance Monitor Users group

# Add to performance monitoring groups (PowerShell)
Add-LocalGroupMember -Group "Performance Monitor Users" `
  -Member "NT SERVICE\MinusNowAgent"

# Enable WMI access for the service account
winmgmt /verifyrepository

Metrics Collected & Process

Asset Type	Metrics Collected	Collection Method	Interval
Servers (Linux)	CPU, memory, disk, load, network I/O, process list, uptime	Read `/proc` & `/sys`	60s (configurable 15s–5min)
Servers (Windows)	CPU, memory, disk, network, services, event counts	WMI + Performance Counters	60s
Databases	Connections, query latency, replication lag, table sizes, locks	SQL queries via read-only DB user	120s
Applications	HTTP response time, error rates, queue depth, JVM/CLR stats	API probes + agent-side instrumentation	30s
Network Devices	Interface utilization, error rates, BGP state, SNMP traps	SNMP v2c/v3 polling + trap receiver	300s (polling), real-time (traps)
Containers/K8s	Pod CPU/memory, restart count, node pressure	Kubernetes API + cAdvisor	30s

Database Monitoring User

For database metric collection, create a dedicated read-only database user: CREATE USER mnow_monitor WITH PASSWORD '...' LOGIN; GRANT pg_monitor TO mnow_monitor; (PostgreSQL). MySQL: GRANT PROCESS, REPLICATION CLIENT, SELECT ON *.* TO 'mnow_monitor'@'localhost';

3. Vulnerability & Patch Management

Linux — User & Permissions

Scan Usermnow-agent — read-only scan requires no sudo
Patch Usermnow-agent (with sudo) or dedicated mnow-patch
Sudo (patch)Required — scoped to package managers
Read Access/var/lib/dpkg, /var/lib/rpm, /proc/version, kernel info

# Sudoers for patch management
mnow-agent ALL=(ALL) NOPASSWD: \
  /usr/bin/apt update, \
  /usr/bin/apt upgrade -y, \
  /usr/bin/apt install -y *, \
  /usr/bin/yum update -y, \
  /usr/bin/yum install -y *, \
  /usr/bin/dnf upgrade -y, \
  /usr/bin/dnf install -y *

# Optional: create dedicated patch user
sudo useradd -r -s /usr/sbin/nologin mnow-patch
echo "mnow-patch ALL=(ALL) NOPASSWD: /usr/bin/apt*, /usr/bin/yum*, /usr/bin/dnf*" \
  | sudo tee /etc/sudoers.d/mnow-patch

Windows — User & Permissions

Scan UserNT SERVICE\MinusNowAgent (no admin for scan)
Patch UserNT SERVICE\MinusNowPatch (optional dedicated) or admin agent
Local AdminRequired for patch installation
WSUS IntegrationIf using WSUS, service account needs WSUS Reporter role

# Optional: create dedicated patch service account
New-LocalUser -Name "MinusNowPatch" `
  -Description "MinusNow Patch Management" `
  -PasswordNeverExpires -UserMayNotChangePassword
Add-LocalGroupMember -Group "Administrators" `
  -Member "MinusNowPatch"

Vulnerability & Patching Process

Inventory Scan — Agent reads installed packages (dpkg -l, rpm -qa, Get-WmiObject Win32_QuickFixEngineering) and kernel version
CVE Matching — Package list is compared against CVE databases (NVD, vendor advisories) on the MinusNow server
Risk Scoring — Each vulnerability is scored by CVSS, exploit availability, and asset criticality from CMDB
Patch Planning — Patches are grouped into maintenance windows with rollback plans; Change Management ticket is auto-created
Patch Execution — Agent applies patches using mnow-agent (or mnow-patch) sudo privileges; reboot is scheduled if kernel update
Verification — Post-patch re-scan confirms vulnerabilities are remediated; results are linked to the Change ticket

4. RCA & Forensic Log Collection

Linux — User & Permissions

Service Usermnow-agent (shared)
Sudo RequiredNo — read-only log access
Groupssystemd-journal, adm (for /var/log access)
Read Paths/var/log/syslog, /var/log/messages, /var/log/kern.log, /var/log/auth.log, app-specific log dirs

# Grant log read access
sudo usermod -aG adm mnow-agent
sudo usermod -aG systemd-journal mnow-agent

# Grant read access to application logs
sudo setfacl -R -m u:mnow-agent:rX /var/log/nginx
sudo setfacl -R -m u:mnow-agent:rX /var/log/postgresql
sudo setfacl -R -m u:mnow-agent:rX /opt/app/logs

Windows — User & Permissions

Service AccountNT SERVICE\MinusNowAgent
Admin RightsNot required for event log reading
Event Log AccessAdd to Event Log Readers group
Log SourcesApplication, System, Security, IIS, SQL Server logs

# Grant event log read access (PowerShell)
Add-LocalGroupMember -Group "Event Log Readers" `
  -Member "NT SERVICE\MinusNowAgent"

# Verify access
Get-WinEvent -LogName Application -MaxEvents 1

Log Collection by Asset Type

Asset Type	Logs Collected	Collection Method	Retention
Servers (Linux)	syslog, journal, auth.log, kern.log, dmesg, audit.log	File tail + journalctl streaming	Per policy (default 90 days)
Servers (Windows)	Application, System, Security event logs, PowerShell logs	Windows Event Forwarding (WEF)	Per policy (default 90 days)
Databases	PostgreSQL: pg_log, slow query log; MySQL: error log, slow log; MSSQL: error log	Read-only DB user + file tail	30 days (configurable)
Applications	Stdout/stderr, structured logs (JSON), access logs, error logs	File tail, syslog forwarding, or API	Per policy (default 60 days)
Network Devices	Syslog messages, SNMP traps, config change logs	Syslog receiver (UDP/TCP 514) + SNMP trap (162)	90 days

RCA & Forensic Process

Incident Trigger — When a P1/P2 incident is opened, the RCA engine automatically begins evidence collection from affected assets
Log Snapshot — Agent captures a time-windowed snapshot (default: −30 min to +10 min around incident start) from all configured log sources
Timeline Correlation — Logs are correlated across servers, databases, applications, and network devices using timestamps and trace IDs
AI Analysis — Explainable AI engine identifies probable root cause, contributing factors, and blast radius
Evidence Package — Forensic bundle is assembled with log excerpts, metrics snapshots, config diffs, and dependency graph
RCA Report — Structured report is generated (PDF/HTML) and attached to the Problem Management ticket with full audit chain

Database Log Access

For database forensic log collection, create a read-only role: PostgreSQL — GRANT pg_read_all_data TO mnow_monitor; + file-level read on pg_log directory. MySQL — GRANT SELECT, PROCESS ON *.* TO 'mnow_monitor'@'localhost';

5. CMDB & Inventory Scanning

Linux — User & Permissions

Service Usermnow-agent (shared)
Sudo RequiredNo — read-only hardware and software enumeration
Read Access/sys/class/dmi, /proc/cpuinfo, /proc/meminfo, /etc/*-release
Tools Usedlshw, dmidecode (if available), ip, ss, package managers

# Ensure agent can read hardware info
# dmidecode requires root — agent uses /sys fallback
ls /sys/class/dmi/id/  # Available without root
cat /sys/class/dmi/id/product_name
cat /sys/class/dmi/id/sys_vendor

# Network interface enumeration (no root needed)
ip -j addr show
ss -tlnp

Windows — User & Permissions

Service AccountNT SERVICE\MinusNowAgent
Admin RightsNot required for basic inventory
WMI AccessRequired — Win32_ComputerSystem, Win32_OperatingSystem, Win32_Product
Registry ReadHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

# Verify WMI access for inventory
Get-WmiObject Win32_ComputerSystem | Select Manufacturer,Model
Get-WmiObject Win32_OperatingSystem | Select Caption,Version
Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* |
  Select DisplayName, DisplayVersion | Sort DisplayName

Inventory Data Collected by Asset Category

Asset Category	Data Collected	Discovery Method	Scan Frequency
Servers	Hostname, OS, CPU, RAM, disk, serial, IP addresses, running services	Agent on-host enumeration	Every 4 hours
Databases	Engine type, version, instance name, port, DB sizes, replication topology	SQL queries via `mnow_monitor` user	Every 6 hours
Applications	Name, version, install path, listening ports, dependencies	Agent process scan + config file parse	Every 4 hours
Network Devices	Make, model, firmware, interfaces, ARP/MAC table, VLAN config	SNMP v2c/v3 walk + LLDP/CDP	Every 12 hours
Containers/VMs	Image, tag, resource limits, host mapping, orchestrator metadata	Kubernetes API / Docker API / hypervisor API	Every 2 hours
Cloud Resources	Instance type, region, tags, security groups, storage volumes	AWS/Azure/GCP API (read-only IAM role)	Every 6 hours

CMDB Scanning Process

Discovery Sweep — Agents report local asset data; network scanner probes SNMP-enabled devices; cloud connectors query provider APIs
Normalization — Raw discovery data is normalized into Configuration Items (CIs) with standardized attributes
Relationship Mapping — Dependencies between CIs are auto-detected (app → DB, server → switch, VM → host)
Reconciliation — New CIs are created, changed CIs are updated, and missing CIs are flagged for decommission review
Validation — CMDB health score is computed; orphan CIs, stale records, and missing relationships are reported
Audit — Every CI change is versioned with before/after snapshots and linked to the responsible discovery source

Cloud & Network Scanning

For agentless assets (network switches, cloud resources), configure read-only credentials: SNMP v3 community for network devices, IAM read-only role (ReadOnlyAccess on AWS, Reader on Azure) for cloud resources. These credentials are stored encrypted in MinusNow with AES-256.

SAT Satellite Server Requirements

Satellite servers extend MinusNow into remote sites, air-gapped networks, and multi-region deployments.

What is a Satellite Server?

A satellite server acts as a local proxy and cache for the MinusNow platform in remote or network-segmented environments. Agents in satellite zones communicate with the satellite instead of the central server, reducing WAN bandwidth and providing resilience if the central server is temporarily unreachable.

Component	Requirement
OS	Same as Application Server (Ubuntu 22.04 recommended)
CPU	2+ vCPUs (4 recommended for 500+ agents)
RAM	4 GB minimum, 8 GB for 500+ agents
Disk	40 GB SSD (stores local cache and pending telemetry)
Network to Central	HTTPS (port 443) outbound to central MinusNow server
Network to Agents	Port 8443 inbound from local agents
Software	Node.js 20 LTS, MinusNow Satellite package
Agents Supported	Up to 2,000 agents per satellite
Sync Interval	Configurable: 30s-5min (default 60s)

Air-Gapped Environments

For air-gapped deployments, the satellite can operate in store-and-forward mode. Data is queued locally and synced when network connectivity is restored. Vulnerability definitions and agent updates are delivered via offline bundles.

✓ Pre-Installation Checklist

Verify these items before beginning MinusNow installation.

Server Infrastructure

☐ OS InstalledSupported OS from compatibility matrix
☐ HardwareMeets minimum specs for your tier
☐ DNSFQDN configured for the platform
☐ TLS CertificateValid SSL cert (or use Let's Encrypt)
☐ NTPTime synchronization configured
☐ FirewallRequired ports opened per matrix

Software Dependencies

☐ Node.jsv20 LTS or v22 LTS installed
☐ Python3.10+ installed (for AI modules)
☐ PostgreSQL14-16 installed and running
☐ Redis7.0+ installed (recommended)
☐ Build Toolsgcc, make, libssl-dev present
☐ GitGit 2.30+ installed

User & Permissions

☐ App Userminusnow user created
☐ DB UserPostgreSQL user and database created
☐ Agent Usermnow-agent with sudoers (for autohealing)
☐ DB Monitormnow_monitor read-only DB user created
☐ Log Accessmnow-agent in adm + systemd-journal groups
☐ Log Directory/var/log/minusnow writable
☐ Patch Usermnow-patch (optional, for separated patch ops)

Network & Connectivity

☐ Outbound HTTPSAccess to update servers
☐ Internal Ports5000, 5432, 6379 reachable between nodes
☐ Agent Port8443 reachable from managed hosts
☐ SMTPEmail relay configured (for notifications)

On This Page

OS Server OS Compatibility

AG Agent OS Compatibility

BR Browser Support

HW Hardware Requirements

Application Server

Database Server

SW Software Prerequisites

Application Server

Node.js Runtime

Python Runtime

System Packages

Container Runtime (Optional)

Quick Install (Ubuntu 22.04)

Quick Install (RHEL 9 / Rocky 9)

Quick Install (Windows Server 2022)

DB Database Requirements

PostgreSQL Configuration

Database User Setup

NW Network & Firewall Requirements

PM User & Permission Requirements

Application Server User

Agent User

Windows Agent Permissions

MU Module-Specific User & Account Requirements

Service Account Summary

1. Autohealing Module

Linux — User & Permissions

Windows — User & Permissions

Autohealing Process Flow

2. Monitoring & Metric Collection

Linux — User & Permissions

Windows — User & Permissions

Metrics Collected & Process

3. Vulnerability & Patch Management

Linux — User & Permissions

Windows — User & Permissions

Vulnerability & Patching Process

4. RCA & Forensic Log Collection

Linux — User & Permissions

Windows — User & Permissions

Log Collection by Asset Type

RCA & Forensic Process

5. CMDB & Inventory Scanning

Linux — User & Permissions

Windows — User & Permissions

Inventory Data Collected by Asset Category

CMDB Scanning Process

SAT Satellite Server Requirements

What is a Satellite Server?

✓ Pre-Installation Checklist

Server Infrastructure

Software Dependencies

User & Permissions

Network & Connectivity