HPE Storage Users Group

A Storage Administrator Community




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: 3PARs getting flagged by Tenable scanner
PostPosted: Wed Oct 03, 2018 8:59 am 

Joined: Thu Nov 30, 2017 11:20 am
Posts: 70
Location: WI
We use Tenable for vulnerability scanning. I noticed today it flagged our 3PARs with a critical vulnerability.

Unix Operating System Unsupported Version Detection (33850)

The output of the vulnerability doesnt make sense:

Debian 7.0 support ended on 2016-04-26 end of regular support / 2018-05-01 (end of long-term support for Wheezy-LTS).
Upgrade to Debian Linux 9.x ("Stretch").

For more information, see : http://www.debian.org/releases/


Im using 3.2.2 MU4 on all of my 3PARs. Would upgrading the 3PAR OS clear this or am I missing something? Not really sure an O/S upgrade would change the underlying OS to the degree the vulnerability mentions.

Anyone have thoughts?


Top
 Profile  
Reply with quote  
 Post subject: Re: 3PARs getting flagged by Tenable scanner
PostPosted: Tue Oct 09, 2018 8:30 am 

Joined: Mon Jun 02, 2014 1:47 pm
Posts: 34
Location: United States
I'm curious. Does your Tenable scanner login to your array using administrative privileges? (3paradm). Our security folks wanted to be able to scan our array, but I was a little nervous about allowing the scanner to login and muck around inside the array. Sounded like asking for trouble.


Top
 Profile  
Reply with quote  
 Post subject: Re: 3PARs getting flagged by Tenable scanner
PostPosted: Thu Oct 11, 2018 8:42 am 

Joined: Thu Nov 30, 2017 11:20 am
Posts: 70
Location: WI
Just an update on this from HP. Turns out its a known issue which is fixed in 3.3.1 MU3.

Looks like I need to get my arrays upgraded.

It's ID: 231311

Page 175 in the HPE 3PAR OS 3.3.1 GA/EGA/MU1/MU2/MU3 Release Notes.

Just in case anyone else encounters it.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 


Who is online

Users browsing this forum: Google [Bot] and 65 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group | DVGFX2 by: Matt