Find & Unzip Execution Options

Summary 

Instead of running native OS commands of “find” and “unzip”, plugins will use binaries included within the plugin feed for agent-based scanning. This allows CPU consumption to be controlled for the Tenable Nessus Agent for the ‘find’ command.  This change will not affect or limit memory consumption. An additional benefit is that if ‘find’ or ‘unzip’ are not found natively on the OS, using from the feed allows full plugin execution with these commands to continue.

What is the impact?

The change should be transparent to customers and no action is required to be taken except for new scans if you’d like to opt-in to this feature.

New Scans

Be aware if you have adjusted the Agent CPU settings of Scan Performance to a setting other than the default, which is High, the resulting scan findings may be different than previous scans with the same configuration. This is because the scan may experience timeouts in finding files due to the lower CPU resources. See the next section for how to opt-in to the change, if desired.

Existing Scans

This change will not apply.  The native OS binaries will continue to be used and not subject to Tenable Nessus Agent CPU control settings.

PCI-DSS Scans

This change will not apply.  The native OS binaries will continue to be used and not subject to Tenable Nessus Agent CPU control settings. Due to the PCI-DSS standard requirements, the most complete scan results are required for reporting.

Audits

Due to the need for thorough and complete results, Audits do not leverage the find or unzip binaries from the Tenable feed.

How do I opt-in to the change?

An advanced setting within the scan configuration will allow customers to opt-in to using the binaries from the feed.  By default, native OS commands will run for ‘find’ and ‘unzip’ as before.  Please note, these commands are not subject to agent CPU constraints.

For PCI scanning and existing scans, the scan template setting will be not visible and the scanning behavior will be equivalent to opting-out. 

What are the affected plugins? 

At the time of this release highlight publication, the following plugins are leveraging find or unzip:

Find

• 142023 - Apache Cassandra Installed (Linux)
• 133766 - Apache Maven Installed (Linux / Unix)
• 135172 - Oracle NoSQL Database Installed (Linux)
• 117706 - MagniComp SysInfo Installed (Linux/UNIX)
• 111679 - FasterXML Jackson Databind Detection for Linux/UNIX
• 112063 - Kubernetes Installed (Linux)
• 136340 - nginx Installed (Linux/UNIX)
• 131566 - Atlassian Jira Installed (Unix / Linux)
• 147817 - Java Detection and Identification (Linux / Unix)
• 132771 - Palo Alto Cortex XSOAR Installed (Unix / Linux)
• 132872 - Foxit Reader Installed (Linux)
• 174788 - SQLite Local Detection (Linux)
• 151883 - Libgcrypt Installed (Linux/UNIX)
• 99671 - Apache Struts Detection for Linux/UNIX
• 156000 - Apache Log4j Installed (Linux / Unix)
• 141394 - Apache HTTP Server Installed (Linux)
• 71642 - Oracle Installed Software Enumeration (Linux / Unix)
• 156551 - Oracle MySQL Enterprise Monitor Installed (macOS)
• 124276 - Oracle Tuxedo Installed (Linux/UNIX)
• 73913 - Oracle WebLogic Server Detection
• 133962 - Sophos Anti-Virus Installed (Linux)
• 186361 - VMWare Tools or Open VM Tools Installed (Linux)
• 187057 - OwnCloud OwnCloud Installed (Linux)
• 70349 - Adobe Acrobat Installed (Mac OS X)
• 72202 - JBoss Detection
• 147022 - SAP Adaptive Server Enterprise (ASE) Installed (Linux)
• 163488 - Terraform Configuration Detection for Linux/UNIX
• 77028 - IBM Installation Manager Detection (Linux / Unix)
• 145032 - IBM WebSphere eXtreme Scale (Linux)
• 144633 - IBM MQ Server and Client Installed (Linux)
• 136341 - Dell EMC Data Protection Central Installed (Linux)
• 133964 - SELinux Status Check
• 159273 - Dockerfile Detection for Linux/UNIX
• 174164 - Google Protobuf Go Module Installed (Linux/UNIX)
• 158567 - Citrix Workspace App Installed (nix)
• 55420 - Adobe Reader Installed (Mac OS X)

Unzip

• 193884 - CrushFTP Server Installed (Linux / Unix)
• 130175 - Apache Tomcat Local Detection
• 166230 - Apache Commons Text JAR Detection
• 176069 - Potix ZK Framework Installed (Linux)
• 130595 - Jenkins Installed (Linux)
• 123005 - Spring Framework JAR Detection
• 156000 - Apache Log4j Installed (Linux / Unix)
• 192571 - Fortra FileCatalyst Direct Server Installed (Linux / Unix)
• 72202 - JBoss Detection
• 134049 - Spring Projects Linux Detection
• 185488 - IBM WebSphere Application Server Liberty Installed (Linux / Unix)
• 170106 - TIBCO JasperReports Library JAR Detection

Target Release Date

July 9, 2024 - Tenable Vulnerability Management and Nessus

July 15, 2024 - Tenable Security Center