Output Normalization and Compliance IDs - Unix Edition

Summary

In an effort to normalize the output from the compliance plugins, and provide a consistent identifier for the output, we are releasing a patch to the Unix compliance plugins that fixes the following:

• ID generation is more consistent between audits.
• All results should have a policy value reported.
• The majority of results should have actual value or error reported. The exception to this is policies that use a "report" check type.
• Update to checks that read files from the target will produce errors/warnings when the file does not exist or can not be read.
• Default variables are updated in custom audit uploads.
• Debug log is more verbose with the description and result of each check, and wrapped with a start and end time.

Potential Impacts:

Any customers that rely on exact content matches of actual values by using third party tools or custom audit files may have failed results following the update. This would include customers that use the known good functionality from tools that provide baseline or gold image auditing.

Any results that may have passed if a file is not readable will now error, unless the check is configured to not require the file.

Tenable Plugins

• 21157 - Unix Compliance Plugin

Target Release Date

21 September 2020

Additional Notes:

In the upcoming quarters we will be releasing more detailed updates to each plugin, which will include updating the Windows plugin.

------------------------------------------------------------------------------------------------

Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.