TufinOS (Undefined variable: Local.TOSVersionLatestTufinOS) Release Notes

What is TufinOS?

TufinOS 3 is a hardened Linux operating system that is based on CentOS 7. As a hardened OS, TufinOS includes only the RPMs and services necessary for the operation of Tufin Orchestration Suite. By removing unnecessary RPMs and services, TufinOS helps minimize the attack surface of the operating system. To maintain the integrity and security of TufinOS, we do not support installing third party RPMs.

TufinOS is updated at regular intervals, using the latest version of CentOS 7 available. CentOS is a community-supported distribution of Linux based on Redhat’s RHEL operating system.

Build information

Build 246426
Release Date August 2021

Upgrade image

TufinOS-3.60-246426-x86_64-2009-Final-Update.run.tgz
ISO for VMware TufinOS-3.60-246426-x86_64-2009-Final.iso.tgz

USB image for Tufin appliances

TufinOS-3.60-246426-x86_64-2009-Final.usb.img.tgz
Important! Due to a kernel vulnerability, immediately after installing/upgrading TufinOS 3.60, you need to upgrade to TufinOS 3.70. See TufinOS 3.70 Release Notes.

What's New

TufinOS 3.60 can run Tufin Orchestration Suite R20-2 and above only.

TufinOS (Undefined variable: Local.TOSVersionLatestTufinOS) includes the following new features:

  • We increased the var/log partition size to 4 GB

  • Improved the log rotation mechanism to prevent log files from filling up the partition.

The new log partition features are only available for new TufinOS installations, and not when upgrading from a previous version of TufinOS 3.x

  • You can now detect which TOS product TufinOS supports (Classic or Aurora), by running the following command:

    get-supported-tos

  • We changed the following commands:

    • kvm-tos2 is now kvm-aurora

    • serial-tos2 is now serial-aurora

  • PostgreSQL 11 for TOS Classic has been updated to version 11.12-1PGDG.rhel7

  • The updated RPMs are based on the latest version of CentOS 7.9

  • CIS hardening benchmarks

Additional information

  • The service command has been replaced with the systemctl command, for example:

    systemctl restart httpd

  • For security reasons, connecting to the server via SSH as the root user has been disabled. You must connect and log in as another user, and use the su or sudo to run commands as the root user for installing, upgrading and configuring TufinOS.

  • The new default admin user: is tufin-admin

  • The network and DNS settings have changed. For the current settings, see Configuring Network and DNS Settings.

  • Network interfaces are assigned according to PCI ID order. See Discovering The First Network Interface for instructions on how to discover the name of the first network interface.

  • ntpd has been replaced with chrony (AUT-37892)

  • The partition structure has changed. The biggest partition is now under /opt, and all databases have moved under this partition as follows:

    • /opt/tufin/data/volumes/postgres

    • /opt/tufin/data/volumes/mongo

    • /opt/tufin/data/volumes/lucene

RPMs and CVEs

For a full listing of RPMs that have been added or updated in this release, see the TufinOS Hardening Guide. The TufinOS Hardening Guide also lists all CVEs that are fixed by updates to this version.