Passive Vulnerability Scanner 3.8.1 Release Notes - 2/28/2013
Note: Passive Vulnerability Scanner (PVS) is now known as Nessus Network Monitor (NNM).
The document describes the changes that are introduced in PVS 3.8.1, as well as significant issues that have been resolved and notes for upgrading. A PDF file of these release notes is also available here.
If you were running PVS 3.8.0 previously with hosts backup file ("backup-file") enabled, it is recommended that you remove the /opt/pvs/var/pvs/pvs-hosts.bin file. This will improve the initialization process and allow PVS to rediscover the hosts on the network.
Stop the PVS daemon before performing the upgrade:
# /etc/init.d/pvs stop
The command syntax for an RPM upgrade is as follows:
# rpm -Uvh [RPM Package File Name]
Support is available for the following platforms:
- Red Hat Linux ES 5 / CentOS 5 32/64-bit
- Red Hat Linux ES 6 / CentOS 6 32/64-bit
- Windows Server 2008 32/64-bit
- Windows 7 32/64-bit
The Microsoft Visual C++ Redistributable package is a prerequisite which needs to be installed on Windows before installing PVS. Refer to the documentation for more information.
File Names & MD5 Checksums
Connection Tracking Enhancements
Improved reporting on connections between hosts and ports. For PVS, a connection is any unique combination of a source IP, destination IP, and a destination port.
Plugin 3 - "Internal Client Trusted Connection"
Plugin 3 has been renamed from "Show connections" to "Internal Client Trusted Connection". The functionality has changed to now include a summary of all internal servers that a particular host has connected to on a port. The summary is limited to only display the last 1,000 addresses but also provides a count of the total number of hosts.
Plugin 15 - "Internal Server Trusted Connection"
Plugin 15 has been renamed from "Server Connection" to "Internal Server Trusted Connection". This plugin is essentially the opposite of plugin ID 3 as it displays all client systems that have connected to a server on a particular port. The functionality of this plugin has also changed to report a summary of connections with a total count.
New Plugin 16 - "Outbound External Connection"
Plugin 16 is a new plugin that has been added to help identify outbound connections from the monitored network. The plugin identifies which systems are connecting outbound and which destination ports they are connecting outbound to.
- Updated OpenSSL to 1.0.0k (includes security fixes for CVE-2013-0169, CVE-2013-0166)
- Security improvements include more secure Windows configuration and digitally signed all remaining binaries.
- ContinousView licenses now include support for IPv6 monitoring
- Corrected an IP range calculation error that occurred when the monitored ranges specified was a subset of the licensed range.
- Fixed an issue that reported on IP addresses outside of the monitored range.