Security End of Life (SEoL) - Support for Remote Linux and Unix OS Identifications

Summary

Specific Security End of Life (SEoL) plugins for Unix and Linux operating systems will leverage both local and remote checks to mirror the combined checks functionality in the generic “Unix Operating System Unsupported Version Detection”. 

Background

Specific Security End of Life (SEoL) plugins are being phased in for each of the Unix and Linux operating systems Tenable can detect. As these OS-specific plugins are added, the operating system is being removed from the generic “Unix Operating System Unsupported Version Detection” plugin. 

Before this change, the specific Security End of Life (SEoL) plugins covering Linux and Unix operating systems determined OS identification solely by authenticating to target hosts known as local detections.

The generic “Unix Operating System Unsupported Version Detection” (33850) plugin determined the operating system through local or remote detections before the changes introduced in the SEoL conversion Research Release Highlight.

Change

Based on customer feedback and to provide a consistent SEoL user experience, we are updating the specific SEoL Linux and Unix plugins listed under the Updated Plugins section below to support local or remote OS identifications so that they behave similarly to the generic  “Unix Operating System Unsupported Version Detection” plugin (33850). Remote OS identifications do not require the scanner to authenticate to the target host.

Please note, for a specific OS SEoL plugin to report on a host scanned without credentials:

• The confidence level of the OS identification must be 80 or greater.
• If a host’s operating system cannot be conclusively identified, and the scan detects multiple possible OS fingerprints, the SEoL plugins will not report for any of those operating systems, unless the “Show potential false alarms” setting is enabled for the scan.

Additionally, the OS Identification plugin (11936), along with several supporting OS identification plugins, were updated to support this change, but no impact should be observed.

Impact

Customers should anticipate that hosts with a specific SEoL OS, which were not detected during a previous unauthenticated scan, should have the OS reported as SEoL now, if the OS is among those listed as supported below. Agent scans are not impacted.

This may result in new findings and a more detailed picture of the exposure landscape associated with products in the SEoL state.

For additional details, please see the SEoL FAQ knowledge base article. This FAQ covers questions about SEoL plugin severity ratings, considerations for extended vendor support agreements, and future product coverage. 

Updated Plugins

SEoL plugins:

• CentOS
• CentOS Stream
• Debian
• Fedora
• Mac OS X
• openSUSE
• Red Hat Enterprise Linux
• SUSE Linux / SUSE Enterprise Linux
• SUSE Linux Enterprise for SAP
• Ubuntu

OS identification plugins:

• OS Identification (11936)
• OS Identification : HTTP (25247)
• OS Identification : NTP (25244)
• OS Identification : SMTP (57915)
• OS Identification : SNMP (25246)
• OS Identification : SSH (25287)

Target Release Date

April 1, 2025