Passive Vulnerability Scanner 3.8.0 Release Notes - 12/4/2012
Note: Passive Vulnerability Scanner (PVS) is now known as Nessus Network Monitor (NNM).
The following list describes many of the changes that are included in PVS 3.8, as well as significant issues that have been resolved and notes for upgrading. A PDF file of these release notes is also available here.
Upgrades are only supported for those users running PVS 3.6.0 and later. Users upgrading from an older version must first perform an upgrade to PVS 3.6 before attempting to install version 3.8 or uninstall the previous version and performing a fresh installation of PVS 3.8.
PVS 3.8.0 is compatibile with existing versions of SecurityCenter 4.x and the new SC 4.6 release, however for integration with SC 4.6 you must ensure that the nessus-report format is enabled in the pvs.conf file.
Stop the PVS daemon before performing the upgrade:
# /etc/init.d/pvs stop
The command syntax for an RPM upgrade is as follows:
# rpm -Uvh [RPM Package File Name]
Support is available for the following platforms:
- Red Hat Linux ES 5 / CentOS 5 32/64-bit
- Red Hat Linux ES 6 / CentOS 6 32/64-bit
- Windows Server 2008 32/64-bit
- Windows 7 32/64-bit
The Microsoft Visual C++ Redistributable package is a prerequisite which needs to be installed on Windows before installing PVS. Refer to the documentation for more information.
File Names & MD5 Checksums
Changes and New Features
- PVS now provides the ability to monitor IPv6 traffic including:
- Real-time host or asset discovery
- Detection of both encrypted and interactive sessions
- Monitoring of traffic located within a 6to4 tunnel
- IPv6 addresses are supported in the configuration of include/exclude filters and for syslog destinations
- Added support for monitoring both VLAN & non-VLAN traffic simultaneously. Using a "VLAN" prefix for network inclusion VLAN networks can now be declared in the "monitored" and "excluded" networks section of the config file with the following syntax:
- New plugin for Server Connections (ID 15); Similar to "show connections" but identifies the clients a "server" has established trusted relationships with
- Supports a user-defined port number for syslog destinations instead of just the default
- Reduced the default report-lifetime value to 7 days from 30. This is more closely inline with the default value used by SecurityCenter. If upgrading from a prior PVS version, it is recommended to manually change this value to 7.
- Improved real-time logging performance
- Tightened the file permissions of configuration files on Windows installations
- Added support for additional Nessus plugin tags. These will be included in the plugin feed in the near future.
- Addressed an issue that prevented the aging out of Knowledgebase Entries
- Addressed an issue with the transfer of large reports from PVS Proxy to SecurityCenter
- Removed the ability to generate XML and HTML reports
- Removed the "strip-vlan-tags" option in the config file in lieu of the new VLAN filtering syntax described above
- Does not support IPv6 connectivity for the management connection from SecurityCenter (pvs proxy)
- There is no support for Teredo tunnels or IPv6 Extension Headers