User guide

Manuals Brands Red Hat Manuals Other NETWORK BASIC - USER REFERENCE GUIDE 4.0

Passive Vulnerability Scanner 4.0

User Guide

September 18, 2014

(Revision 12)

Summary of content (79 pages)

PAGE 1

Passive Vulnerability Scanner 4.
PAGE 2

Table of Contents Introduction ......................................................................................................................................... 5 Standards and Conventions ....................................................................................................................... 5 Passive Vulnerability Scanner Background and Theory .......................................................................... 5 Pre-Installation .............................................
PAGE 3

Define Unknown or Customized Ports ..................................................................................................... 53 PVS Real-Time Traffic Analysis Configuration Theory .................................................................. 53 Focus Network ........................................................................................................................................... 53 Detecting Server and Client Ports ..........................................................
PAGE 4

The Passive Vulnerability Scanner is Real-Time ..................................................................................... 74 Appendix 2: Syslog Message Formats ........................................................................................... 75 Appendix 3: PVS Activation without Internet Access .................................................................... 77 About Tenable Network Security ...........................................................................................
PAGE 5

Introduction This document describes the Passive Vulnerability Scanner 4.0 (Patent 7,761,918 B2) architecture, installation, operation, integration with SecurityCenter, and export of data to third parties. Please email any comments and suggestions to support@tenable.com. The Passive Vulnerability Scanner 4.0 is available for the following platforms:     Red Hat Linux ES 5 / CentOS 5 32-bit and 64-bit Red Hat Linux ES 6 / CentOS 6 32-bit and 64-bit Mac OS X 10.8 and 10.
PAGE 6

Pre-Installation To ensure a streamlined installation process, it is important to ensure that the appropriate hardware, software, and licensing requirements are in place prior to installation. Hardware requirements Enterprise networks can vary in performance, capacity, protocols, and overall activity. Resource requirements to consider for PVS deployments include raw network speed, the size of the network being monitored, and the configuration of the PVS application.
PAGE 7

Obtain a License Key for SecurityCenter When using a PVS with SecurityCenter, a license key may be purchased as an upgrade to an existing SecurityCenter installation. A license key is needed for each PVS installation attached to a SecurityCenter.  Host-Based – A separate license is needed for each host where a PVS is deployed.  Network-Based – This licensing method is based on the network that the PVS will monitor.
PAGE 8

# service pvs start After starting PVS, navigate to https://:8835, which will display the PVS web frontend to log in for the first time. Follow the directions described in the section Initial Configuration of the PVS Server to complete the initial login. Ensure that organizational firewall rules permit access to port 8835 on the PVS server. Upgrading PVS on Windows Before upgrading, the PVS services must be stopped. Failure to do so may result in errors.
PAGE 9

This will start the upgrade process by launching the InstallShield Wizard: Clicking the “Next” button will begin the automated upgrade process. If the version of WinPcap is not at the appropriate level during the upgrade process, an upgrade window will be displayed to begin the process of upgrading WinPcap. Failure to install the recommended version of WinPcap may result in error with PVS monitoring.
PAGE 10

Once completed, an “Update Complete” dialog will be displayed indicating that PVS has been updated to version 4.0. Select the “Finish” button to close the window. After starting the PVS, navigate to https://:8835 to display the PVS web frontend to log in for the first time. Follow the directions described in the section Initial Configuration of the PVS Server to complete the initial login. Ensure that organizational firewall rules permit access to port 8835 on the PVS server.
PAGE 11

Upgrading PVS on Mac OS X Before upgrading, the PVS services must be stopped. Failure to do so may result in errors. See the “Starting and Stopping PVS for Mac OS X” section for instructions. Custom SSL certificates must be backed up before an upgrade. All programs are run as a root user. Begin upgrading the PVS software for Mac OS X by double clicking on the .dmg file downloaded from the Tenable Support Portal to mount the disk image “PVS Install”.
PAGE 12

The next screen displays the End User License Agreement (EULA). The text of the agreement can be copied and pasted into a separate document file for reference, saved using the “Save…” button, or it can be printed directly from this interface using the “Print…” button. You must agree to the license to continue the upgrade process and use PVS.
PAGE 13
PAGE 14

Click “Install” to begin the upgrade: Next, the installation process will ask for authentication for permission to install the software. The installer will request permission to allow PVS to accept incoming network connections. If this option is denied, PVS will be installed but will have severely reduced functionality.
PAGE 15

The installation will then be completed. Immediately after the successful upgrade of PVS, the Installer will automatically launch the Safari browser to allow configuration of PVS for the environment. When presented with the identity dialog box, click “Continue”. Once the upgrade process is complete it is suggested to eject the PVS install volume.
PAGE 16
PAGE 17

Initial Installation This section describes the steps required for an initial installation of PVS on Linux, Mac OS X, and Windows platforms. Linux Installation To ensure audit record time stamp consistency between PVS and SecurityCenter, make sure that the underlying OS makes use of NTP as described in: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sectDate_and_Time_Configuration-Command_Line_Configuration-Network_Time_Protocol.
PAGE 18

Unless otherwise noted, perform all commands as a local administrator user. When UAC is enabled, right click on the installer program and select “Run as Administrator”. Prior to installing PVS, ensure that any other programs on the system utilizing WinPcap are stopped. Install the PVS software for Windows by double-clicking on the .exe file downloaded from Tenable.
PAGE 19

The InstallShield Wizard will walk you through the installation process and any required configuration. At any point prior to completion, configuration option can be changed by clicking “Back” to go to the previous step. Clicking “Cancel” will abort the installation process completely. The next screen displays the End User License Agreement (EULA).
PAGE 20
PAGE 21

The installation process will then verify the path where the PVS binaries will be installed. Clicking on “Change…” will allow you to specify a custom path: User data generated by PVS can be stored in a separate location, as specified in the next installation option. Clicking “Change…” will allow you to specify an alternate location for user data: If connecting the PVS to a SecurityCenter, altering the data path will result in the SecurityCenter not being able to retrieve reports.
PAGE 22

The final screen of the PVS installation configuration options provides the opportunity to go back to make any edits to information supplied on previous screens. If all of the configuration options specified are satisfactory, click “Install…” to complete the PVS installation process.
PAGE 23

Once PVS has been installed, it will determine if WinPcap is already installed on the system. If the current version of WinPcap is installed and detected, the PVS installation process will ask if you wish to force installation or cancel installation of WinPcap. If it does not detect WinPcap or detects an older version, a second installer will be launched to install or upgrade that software: It is advised to use the provided version of WinPcap or newer.
PAGE 24
PAGE 25

You must agree to the WinPcap end-user license agreement in order to complete the installation: WinPcap can be configured to start during boot time. This is highly recommended as PVS cannot operate if this software is not running.
PAGE 26

Once the license has been agreed to and the configuration option specified, click “Install” to complete the process. After WinPcap is installed, the PVS installation process is complete. The user will be returned to the desktop. As a part of the installation process, a new service is installed called “Tenable PVS Proxy Service”. The service is configured to start automatically when the server starts. Ether navigate to Services and manually launch the service or restart the system to start the service.
PAGE 27

Double click on the Install PVS.pkg file to launch the Installer: This will launch the Tenable PVS Installer, which will walk you through the installation process and any required configuration. At any point prior to completion, configuration options may be changed by clicking “Back” to go to the previous step. Clicking “Cancel” will abort the installation process completely. The next screen displays the End User License Agreement (EULA).
PAGE 28
PAGE 29

Click “Install” to begin the installation: Next, the installation process will ask for authentication for permission to install the software. The installer will request permission to allow PVS to accept incoming network connections. If this option is denied, PVS will be installed but will have severely reduced functionality.
PAGE 30

The installation will then be completed. Immediately after the successful installation of PVS, the Installer will automatically launch the Safari browser to allow configuration of PVS for the environment. When presented with the identity dialog box, click “Continue”. Once the installation process is complete it is suggested to eject the PVS install volume.
PAGE 31
PAGE 32

Starting and Stopping PVS for Mac OS X The preferred method to start and stop the PVS service on Mac OS X is to use the “PVS Preferences” tab under “System Preferences”. Once launched, the following window will be displayed. To make changes to any of the states of PVS a root user or equivalent privileges must be used. The window displays if the PVS is started or stopped and provides a button to start or stop the service.
PAGE 33

This will open the InstallShield Wizard. Follow the directions in this wizard to completely remove PVS. If you select “Yes”, the PVS program and its features will be removed from the system. In some cases, scan data and user modified files may be left in the c:\program files\Tenable\PVS and c:\programdata\Tenable\PVS directories. These files must be manually removed. Additionally, the WinPcap program must be removed separately. Removing PVS for Mac OS X To remove PVS, first stop the PVS services.
PAGE 34

After the initial login, a quick setup process begins. The first step is to change the default admin password. At a minimum, the new password must be at least 5 characters long, contain one capital letter, one lowercase letter, one digit, and one special character from the list of !@#$%^&*(). The second step is to enter an Activation Code or license key. An Activation Code is required if the PVS will be acting as a standalone device.
PAGE 35

selected. The “Monitored Network IP Addresses and Ranges” option determines the IP address ranges that PVS will monitor. The “Excluded Network IP Addresses and Ranges” option determines the IP address ranges that PVS will not monitor. Both fields accept IPv4 and/or IPv6 CIDR address definitions. When multiple addresses are used, separate the entries using commas. Once the Quick Setup steps are completed, log out of the web interface.
PAGE 36

PVS version, Web Server Version, HTML client version, links to support and documentation, and license and feed status can be viewed by selecting the Help & Support link. Selecting the “Sign Out” link will end the current user’s session. An additional feature introduced with the PVS HTML client 1.2 is the Notification Center, which is in the shape of a bell and is found to the far right on the menu bar.
PAGE 37

The notification icon will change from blue to red making the user aware that there are unread alerts in the notification area. Each individual notification can be removed by clicking the “X” to the right of the description of each event, or the entire history can be deleted by clicking the “Clear History” button in the lower right corner of the notification pane. Notifications are not preserved between sessions. Unread notifications will be removed from the list when the user logs out.
PAGE 38

The “Sort Hosts” drop-down provides an option to sort the host either by hostname or by the count of severity items found on the hosts. These sorting options can be displayed in either ascending or descending order. The Actions drop-down tab allows results to either be exported in Nessus V2 format, CSV format for use in other programs, HTML for viewing the report in a web browser, or for results to be deleted.
PAGE 39

Name Description Bugtraq ID Filter the results of discovered vulnerabilities based on their Bugtraq identification. CPE Filter the results of discovered vulnerabilities based on their CPE identifier. CVE Filter the results of discovered vulnerabilities based on their CVE identifier. CVSS Base Score Filter the results of discovered vulnerabilities based on the base CVSS score as reported by the vulnerability plugins.
PAGE 40

See Also Filter the results of the discovered vulnerabilities based on the text available in the “See Also” field of the plugin. Solution Filter the results of the discovered vulnerabilities based on text available in the solution section of the plugin. STIG Severity Filter the results of the discovered vulnerabilities based on STIG severity level in the plugin. Synopsis Filter the results of the discovered vulnerabilities based on text available in the synopsis section of the plugin.
PAGE 41

The Applications tab provides a list of discovered applications and their affected vulnerabilities. The summary page displays a list sorted by the highest reported severity and includes the name and the number of discoveries. Selecting a particular application will present a list of affected hosts. Clicking on a host will display the affected port and protocol, the software and version, and the service as available. The Operating Systems tab provides a list of discovered operating systems.
PAGE 42

Users The Users screen provides a list of the available users on the PVS server. This screen is only available to Administrator level users. User accounts may be managed from this screen. The list includes a user’s login ID, date of last login, and a true/false message indicating if the account is an administrator or not. Hovering over a user account will display an “x” on the right hand side. When clicked, a dialog box opens asking to confirm the deletion of the user.
PAGE 43

The Activation Code and manual plugin update buttons are only used when using PVS in a stand-alone mode (not attached to a SecurityCenter). The Activation Code will only need to be updated when it expires. When PVS is used with SecurityCenter, entering “SecurityCenter” in the Activation Code box will enable the ability to upload and apply the appropriate license key to work with SecurityCenter installations.
PAGE 44

Monitored Network IP Addresses and Ranges Specifies the network(s) to be monitored. The default setting is to monitor all IPv4 addresses with the setting of 0.0.0.0/0. This should be changed to only monitor target networks; otherwise PVS may quickly become overwhelmed. It may contain both IPv4 and IPv6 addresses. Multiple addresses are separated by commas. When monitoring VLAN networks, a syntax of “vlan ipaddress/subnet” must be used. Example: 192.168.1.0/24,2001:DB8::/64,10.2.3.0/22,vlan 172.16.0.
PAGE 45

PVS Web Server Idle Session Timeout This setting is the number of minutes after which a web session becomes idle. The default setting for this timeout is 30 minutes. The valid settings are between 5 and 60 minutes. Enable SSL Client Certificate Authentication When selected, the web server will only accept SSL client certificates for user authentication.
PAGE 46

New Asset Discovery Interval PVS listens to network traffic and attempts to discover when a new host has been added. To do this, the PVS constantly compares a list of hosts that have generated traffic in the past to those currently generating traffic. If it finds a new host generating traffic, it will issue a “new host alert” via the real-time log. For large networks, PVS can be configured to run for several days to gain knowledge about which hosts are active.
PAGE 47

Command Line Operation The PVS engine provides many options to update and configure PVS from the command line in both Windows and Linux versions. The HTML5 interface is considered the primary method to make changes. When using the command line interface in Linux, it is assumed the commands are being performed by a root user or equivalent. When the command line is used in Microsoft Windows, it is assumed that the shell has been launched using the “Run as Administrator” or an equivalent option.
PAGE 48

/opt/pvs/etc (deprecated) Configuration files for PVS and the PVS Proxy /opt/pvs/bin Location of the PVS and PVS Proxy executables, plus several helper tools for the PVS Proxy daemon /opt/pvs/var Contains the folders for PVS and the PVS-Proxy /opt/pvs/var/pvs Plugins, discovered vulnerabilities, log files, keys, software license agreement, and other miscellaneous items among its directories and subdirectories db This directory contains the database files relating to the configuration, reports, and
PAGE 49

Command Line Operations for Windows This section describes some operations that are performed on the PVS server from a command line in Windows. Command line operations need to be executed from a Windows shell that has been launched using the “Run as Administrator” command or similar, depending on the Windows version.
PAGE 50

pvs-proxy Parent folder for files used/created by the PVS proxy logs Contains PVS proxy and PVS proxy service logs scans By default, PVS creates the .nsr file in the scans folder. The proxy is then responsible for handing the report to SecurityCenter when SecurityCenter attempts to pull it.
PAGE 51

directories db This directory contains the database files relating to the configuration, reports, and users for PVS. kb This directory stores the PVS knowledgebase, if used. logs Contains PVS logs plugins Contains the tenable_plugins.prmx pushed down by SecurityCenter. May also contain custom plugins. Do not change from the default of C:\ProgramData\Tenable\PVS\pvs if SecurityCenter is being used to manage the plugins. pvs-services A file that PVS uses to map service names to ports.
PAGE 52

C:\Program Files\Tenable\PVS>pvs.exe The PVS binary for Mac OS X is located at: # /Library/PVS/bin The PVS binary for Linux is located at: # /opt/pvs/bin/pvs Running the pvs command on Linux without specifying the full path will result in launching the Linux pvs (physical disk volume) tool rather than the Tenable Passive Vulnerability Scanner. Option Purpose -m Shows various aspects of memory usage during the processing of the pvs command.
PAGE 53

--config --add "custom_paramater name" "parameter value" Add a custom configuration parameter for PVS or PVS Proxy. The double quote characters are required, and single quotes may be used when special characters are required. --config "parameter name" ["parameter value"] Displays the defined parameter value. If a value is added at the end of the command, the parameter is updated with the new setting.
PAGE 54

In the above picture, three sessions labeled A, B, and C are shown communicating to, from, and inside a focus network. In session A, the PVS only analyzes vulnerabilities observed on the server inside the focus network and does not report client side vulnerabilities. In session B, the PVS ignores vulnerabilities on the destination server, but reports client side vulnerabilities. In session C, both client and server vulnerabilities are reported.
PAGE 55

 SSH 2001:DB8::AE59:3FC2 -> SSH Using the “connections-to-services” option lets you know that the system at 1.1.1.1 and 2001:DB8::AE59:3FC2 uses the SSH protocol. This information may be useful to know regardless of where the service is being used. The PVS does not log a session-by-session list of communications. Instead, it logs the relationship between the systems.
PAGE 56

Windows C:\ProgramData\Tenable\PVS\pvs\ Mac OS X /Library/PVS/var/pvs If the PVS is being managed by the SecurityCenter, it will automatically update the libraries shipped. In this case, any changes to PVS plugins should be made by disabling specific plugins or by creating new libraries to augment the plugin set delivered by Tenable. Detecting Encrypted and Interactive Sessions The PVS can be configured to detect both encrypted and interactive sessions.
PAGE 57

Initially, the PVS has no knowledge of your network’s active hosts. The first packets that the PVS sniffs would send an alert. To avoid this, the PVS can be configured to learn the network over a period of days. Once this period is over, any “new” traffic would be from a host that has not communicated during the initial training. To prevent the PVS from having to relearn the network each time it starts, a file can be specified to save the active host information.
PAGE 58

00008 Outbound Encrypted Session The PVS has detected one or more encrypted network sessions originating from within your focus network and destined for one or more addresses on the Internet. 00009 Inbound Encrypted Session The PVS has detected one or more encrypted network sessions originating from one or more addresses on the Internet to this address within your focus network. 00012 Host TTL Discovered The PVS logs the number of hops away each host is located.
PAGE 59

have an even number of alphanumeric characters. clientissue If a vulnerability is determined in a network client such as a web browser or an email tool, a server “port” will be associated with the reported vulnerability. cve Tenable also assigns Common Vulnerability and Exposure (CVE) tags to each PVS plugin. This allows a user reading a report generated by the PVS to link to more information available at http://cve.mitre.org/. Multiple CVE entries can be entered on one line separated by commas.
PAGE 60

see a simple pattern, the entire plugin will not match. name This is the name of the vulnerability the PVS has detected. Multiple PVS plugins can have the same name, but this is not encouraged. nid To track compatibility with the Nessus vulnerability scanner, Tenable has attempted to associate PVS vulnerability checks with relevant Nessus vulnerability checks. Multiple Nessus IDs can be listed under one “nid” entry such as “nid=10222,10223”.
PAGE 61

timed-dependency With this keyword, the functionality of the “noplugin” and “dependency” keywords is slightly modified such that the evaluation must have occurred within the last “n” seconds. udp All plugins are assumed to be based on the TCP protocol unless this keyword is specified. In addition to tcp or udp, the following protocols are supported: sctp, icmp, igmp, ipip, egp, pup, idp, tp, rsvp, gre, pim, esp, ah, mtp, encap, pim, comp, raw or other. Plugin Libraries When writing PVS plugins in a .
PAGE 62

nid=10382 cve=CVE-2000-0318 bid=1144 hs_sport=143 name=Atrium Mercur Mailserver description=The remote imap server is Mercur Mailserver 3.20. There is a flaw in this server (present up to version 3.20.02) which allow any authenticated user to read any file on the system. This includes other users mailboxes, or any system file.
PAGE 63

Passive Vulnerability Scanner Network Client Detection id=1010 hs_dport=25 clientissue name=Buffer overflow in multiple IMAP clients description=The remote e-mail client is Mozilla 1.3 or 1.4a which is vulnerable to a boundary condition error whereby a malicious IMAP server may be able to crash or execute code on the client. solution=Upgrade to either 1.3.1 or 1.4a risk=HIGH match=^From: match=^To: match=^Date: match=^User-Agent: Mozilla match=!^Received: regex=^User-Agent: Mozilla/.* \(.*rv:(1\.3|1\.
PAGE 64

2) client Contents of password file: root:.*:0:0:.*:.* <------------------------- server:port 80 Our match pattern would key on the contents in packet 2) and our pmatch pattern would key on packet 1) payload contents. The Passive Vulnerability Scanner can Match Binary Data The PVS also allows matching against binary patterns.
PAGE 65

In each of these cases, the plugin would not match if the patterns contained in these “not” statements were present. For example, in the first pmatch statement, if the pattern “pattern” were present, then the plugin would not match. In the second statement, the binary pattern of “AAA” (the letter “A” in ASCII hex is 0x41) would match only if it were not presenting the first three characters.
PAGE 66

Writing Passive Vulnerability Scanner Real-Time Plugins Real-Time Plugin Model PVS real-time plugins are exactly the same as PVS vulnerability plugins with two exceptions:  they can occur multiple times  their occurrence may not be recorded as a vulnerability For example, an attacker may attempt to retrieve the source code for a Perl script from an Apache web server. If the PVS observes this event, it would be logical to send a real-time alert.
PAGE 67

# Look for failed logins into an FreeBSD telnet server id=0400 hs_sport=23 dependency=1903 realtimeonly name=Failed login attempt description=PVS detected a failed login attempt to a telnet server risk=LOW match=Login incorrect This plugin has many of the same features as a vulnerability plugin. The ID of the plugin is 0400. The high-speed port is 23. We need to be dependent on plugin 1903 (which detects a Telnet service).
PAGE 68

risk=HIGH match=! match=! match=^root:x:0:0:root:/root:/bin/bash match=^bin:x:1:1:bin: match=^daemon:x:2:2:daemon: The plugin is dependent on PVS ID 1442, which detects web servers. In the match statements, we are attempting to ignore any traffic that contains valid HTML tags, but also has lines that start with common Unix password file entries.
PAGE 69

In this case, a user has attempted to use the “cd” command to change directories within a file system and the attempt was not allowed. This is a very common event that occurs once a remote hacker has compromised a Windows 2000 or Windows 2003 server with a buffer overflow. What the PVS plugin is looking for in this specific event is a network session that should not be there.
PAGE 70

 tunneling software or applications like Tor, GoToMyPC and LogMeIn Detecting Custom Activity Prohibited by Policy The plugins provided with PVS are useful for detecting generally inappropriate activities, but there may be times when more specific activities need to be detected. For example, a company may want to have an alert generated when email is sent to a competitor’s mail service or if users are managing their Facebook accounts from the corporate network.
PAGE 71

Finally, we have a match and regex statement that detects the user’s login credentials: match=email= regex=email=.*%40[^&]+ Putting it all together, we have a single plugin as follows: id=9000 family=Web Clients clientissue dependency=1735 name=Facebook_Usage description=The remote client was observed logging into a Facebook account. You should ensure that such behavior is in alignment with Corporate Policies and guidelines.
PAGE 72

dependency=2004 dependency=2005 hs_dport=25 description=POLICY - Confidential data passed outside the corporate network. The Confidential file don'tshare.doc was just observed leaving the network via email. name=Confidential file misuse family=Generic clientissue risk=HIGH bmatch=de1d7f362734c4d71ecc93a23bb5dd4c bmatch=747f029fbf8f7e0ade2a6198560c3278 These binary codes were created by simply generating md5 hashes of the following strings: "Copyright 2006 BigCorp, file: don'tshare.doc" "file: don'tshare.
PAGE 73

The PVS has the ability to identify the likely operating system of a host by looking at the packets it generates. Specific combinations of TCP packet entries, such as the window size and initial time-to-live (TTL) values, allow the PVS to predict the operating system generating the traffic. These unique TCP values are present when a server makes or responds to a TCP request. All TCP traffic is initiated with a “SYN” packet.
PAGE 74

Appendix 1: Working with SecurityCenter Architecture One mode PVS operates under is under the control of a SecurityCenter that provides it with passive vulnerability data and retrieves scanned data. SecurityCenter has a variety of reporting, remediation, and notification mechanisms to efficiently distribute vulnerability information across large enterprises. In addition, it can also control a distributed set of Nessus active vulnerability scanners.
PAGE 75

Appendix 2: Syslog Message Formats PVS provides options to send real-time and vulnerability data as syslog messages. There are four formats of syslog files sent from PVS as described here. 1. Syslog message format for syslog generated by real-time PRMs: timestamp pvs: src_ip:src_port|dst_ip:dst_port|protocol|plugin_id|plugin_name|matched_text_cur rent_packet|matched_text_previous_packet|risk 2.
PAGE 76

plugin_id The reported PVS plugin id triggered by the reported traffic.
PAGE 77

Appendix 3: PVS Activation without Internet Access If your PVS installation cannot reach the Internet directly, use the following procedure to register and update plugins: On the system running PVS, type the following command: Platform Command to Run Red Hat Linux / CentOS # /opt/pvs/bin/pvs –-challenge Mac OS X # /Library/PVS/bin/pvs --challenge Windows C:\Program Files\Tenable\PVS>pvs --challenge This will produce a string called “challenge” that appears similar to following: 569ccd9ac72ab3a62a311
PAGE 78

Platform Command Red Hat Linux / CentOS # /opt/pvs/sbin/pvs --update-plugins /path/to/sc-passive.tar.gz Mac OS X # /Library/PVS/bin/pvs --update-plugins /path/to/sc-passive.tar.gz Windows C:\Program Files\Tenable\PVS>pvs --update-plugins C:\path\to\scpassive.tar.
PAGE 79

About Tenable Network Security Tenable Network Security provides continuous network monitoring to identify vulnerabilities, reduce risk, and ensure compliance. Our family of products includes SecurityCenter Continuous View™, which provides the most comprehensive and integrated view of network health, and Nessus®, the global standard in detecting and assessing network data. Tenable is relied upon by more than 24,000 organizations, including the entire U.S.