HPE Storage Users Group https://www.3parug.com/ |
|
3PARs getting flagged by Tenable scanner https://www.3parug.com/viewtopic.php?f=18&t=3000 |
Page 1 of 1 |
Author: | jbguy [ Wed Oct 03, 2018 8:59 am ] |
Post subject: | 3PARs getting flagged by Tenable scanner |
We use Tenable for vulnerability scanning. I noticed today it flagged our 3PARs with a critical vulnerability. Unix Operating System Unsupported Version Detection (33850) The output of the vulnerability doesnt make sense: Debian 7.0 support ended on 2016-04-26 end of regular support / 2018-05-01 (end of long-term support for Wheezy-LTS). Upgrade to Debian Linux 9.x ("Stretch"). For more information, see : http://www.debian.org/releases/ Im using 3.2.2 MU4 on all of my 3PARs. Would upgrading the 3PAR OS clear this or am I missing something? Not really sure an O/S upgrade would change the underlying OS to the degree the vulnerability mentions. Anyone have thoughts? |
Author: | geddy01 [ Tue Oct 09, 2018 8:30 am ] |
Post subject: | Re: 3PARs getting flagged by Tenable scanner |
I'm curious. Does your Tenable scanner login to your array using administrative privileges? (3paradm). Our security folks wanted to be able to scan our array, but I was a little nervous about allowing the scanner to login and muck around inside the array. Sounded like asking for trouble. |
Author: | jbguy [ Thu Oct 11, 2018 8:42 am ] |
Post subject: | Re: 3PARs getting flagged by Tenable scanner |
Just an update on this from HP. Turns out its a known issue which is fixed in 3.3.1 MU3. Looks like I need to get my arrays upgraded. It's ID: 231311 Page 175 in the HPE 3PAR OS 3.3.1 GA/EGA/MU1/MU2/MU3 Release Notes. Just in case anyone else encounters it. |
Page 1 of 1 | All times are UTC - 5 hours |
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |