Security Center 3.4.3 Release Notes
Attention - A recorded webinar by Tenable CTO, Ron Gula on the Security Center 3.4.3 features is available.
The following list describes many of the changes that are included in Security Center version 3.4.3, the significant issues that have been resolved as well as notes for upgrading. A PDF file of these release notes is also available here.
As with any application, it is always wise to perform a backup of your Security Center installation before upgrading.
Upgrading from 3.4.0
There are no special upgrade related notes. The command syntax for an RPM upgrade is as follows:
- rpm -Uvh <RPM Package File Name>
Compatibility with other Tenable software
There are a number of new features in SC 3.4.3, LCE 3.0.1 and the LCE 3.x clients that are only available if all three products are running the software versions that support the new features. The products will function together if they are not all upgraded, but some of the new features may not be available.
Upgrading from Pre-3.4.0 Security Center Versions
- Please note that existing scan policies, as well as scheduled and template scan files will be modified as part of the update process. Please be sure to verify these files after the upgrade.
- After upgrading to Security Center 3.4.x you may experience a problem with the display of the text of tickets that are entered. The issue manifests when a single quote (') is used in the text of the ticket, in which an escape character (\) is added.
For Example: "This is the vulnerability that John\'s team was worried about."
The file /opt/sc3/support/etc/php.ini does not get updated by the upgrade process in order to protect any modifications that you have made. To correct this, edit the file and change the line that reads "magic_quotes_gpc = On" to "magic_quotes_gpc = Off". Restart the HTTPD services (use the command "service httpd restart") and the issue should be resolved. New installations of Security Center will have this setting off by default.
- Security Center v3.4 is the first version in which the Red Hat ES 5 operating system is supported. Existing SC customers wishing to migrate their installations to ES 5 must first upgrade their current installation of SC to v3.4.x, then follow the OS migration procedures as documented in the Cerberus knowledge base article titled "Retaining Security Center 3 install when installing new OS".
- All release notes for Security Center versions 3.4.0 and later are applicable and should be reviewed. These release notes may be found on the Tenable Customer Support Portal, in the Downloads section, under the Security Center portion of the Security Center, 3D Tool and xTool page.
- Minor improvements for ease of use and intuitiveness have been made throughout the GUI.
- The PHP scripting language that is used by Security Center has been upgraded to the latest version available, version 5.2.8.
- The following 3rd-party dependencies which are used in Security Center have published updates which have been included in version 3.4.3:
- libpng has been upgraded to version 1.2.34
- libxml2 has been upgraded to version 2.7.2
- OpenSSL has been upgraded to version 0.9.8j
- SQLite has been upgraded to version 3.6.7
- Apache has been upgraded to version 2.2.11
- A single Security Center customer can now connect to, receive alerts and query data from multiple LCE systems.
- The new functionality in LCE that allows user names to be associated with events has been enabled in this version of Security Center.
- Security Center is now able to access the new Raw SYSLOG Search feature of LCE 3.0.
- Functionality has been added to permit a query of an archived LCE data silo. Archival of these silos was recently introduced in LCE v3.0.
LCE & IDS Related
- Functionality has been added in which email alerts can be generated for any specific event provided to the Security Center by an IDS or the Log Correlation Engine, regardless if they correlate with a vulnerability or not.
- Graphs for users, events and types when viewing log data have several improvements for readability including time scales that correspond to the active query.
- The ability to view LCE archive data has been added. This feature only applies to LCE server at version 3.0 or higher.
- Support for the updated NetScreen/IDP SYSLOG event formats has been added.
- Support for the updated TippingPoint SMS IDS alert format has been added.
Data Query Tools/Query Results Display
- End-users are able to open tickets with comments or recommendations from any of the Vulnerability analysis pages.
- When viewing information using any analysis screen's Sum by IP tool, clicking on an IP address will pop-up an information window that includes the following sections:
- System Info: Displays information about the OS, NetBIOS, DNS Name (if known), MAC address, Last Scan as well as the availability of Passive and Compliance data.
- Assets: Displays which Security Center asset lists the IP address belongs to.
- Vulnerabilities: Displays a bar chart summary of vulnerabilities for this IP.
- Resources: Provides URLs for obtaining further information. It is also possible to add custom links to this section.
- Significant improvements to the query management system have been made.
- Minor ease of use modifications have been made to filtering when using the analysis tools.
- Support has been added for the three new Nessus PCI DSS compliance plugins:
- 33929 PCI DSS compliance
- 33930 PCI DSS compliance: passed
- 33931 PCI DSS compliance: tests requirements
- Support has been added for the new Nessus feature that limits attempts to login to scan targets so that only the credentials provided in the scan policy, and no generic accounts, will be used.
- The sorting and searching of plugins has been improved for ease of use.
- Credentialed scans on Unix/Linux target hosts now have the ability to elevate privileges via su/sudo.
- The NetStat port scanner is now integrated into the Add Scan and Scan Policy Options screens as a port scan option and may be used in addition to, or in place of, the TCP Full and TCP SYN port scans.
- The plugins selection (enabling and disabling plugins) for scan policies has been modified for ease of use and consistency.
- Configuring scans with SSH keys that include a passphrase now works properly.
- It is now possible to enter long strings of port ranges when configuring a scan or scan policy.
- Manually launching a recurring scheduled scan, then deleting it, no longer causes the vpolicy file to delete.
- Setting the Disable Host Ping option now works properly.
- The Nessus Scanner Management administrator option has been redesigned for ease of use and to remove the 10 zones and 16 scanners per zone limitations. You may now add up to 100 scanners, 100 zones and 500 network ranges from the Security Center management interface.
- The Log Correlation Management administrator option has been redesigned for ease of use and provides new features in support of multiple Log Correlation Engines.
- The "LCE Status Message Legend" button displays an information box containing possible returned status messages from LCE and a brief description of these messages.
- All default settings for options in the "Configure the Security Center" menu are now displayed.
- The Security Center status may now be determined from the command line on the SC server with the following command:
# service SecurityCenter status
- A new configuration option has been added to allow Security Center administrators to define the interval in which SC resynchronizes with its Nessus scanners. This is most relevant to large SC installations with many Nessus scanners from which very frequent or constant scanning is performed.
- Facility for SC administrators to "Reset" the Nessus plugins activation code has been added for ease of code replacement and troubleshooting connectivity issues.
- A new tab labeled "Customization" is now displayed for the admin user and provides the following selections:
- Security Center Logo Management
- Security Center Reports Logo Management
- Manage "IP Address Information" Links
- The "Manage IP Address Information" selection provides the ability to add dynamic URLs to the list of resource links displayed in the "Sum by IP" Analysis Tool.
- The functionality for the addition of a custom report logo has been modified so that they can now fit in the bottom of the page, to an effective max size of 500x175.
- Report generation process logging has been enhanced.
- An issue which prevented certain user accounts from downloading reports has been resolved.
Security Center User Accounts
- A period (.) is now a permitted character in both Security Center user account names, as well as asset list names.
- It is now possible to create a security manager user account with no scanning privileges.