TufinOS 3.80 Release Notes

What is TufinOS?

TufinOS 3 is a hardened Linux operating system that is based on CentOS 7. As a hardened OS, TufinOS includes only the RPMs and services necessary for the operation of Tufin Orchestration Suite. By removing unnecessary RPMs and services, TufinOS helps minimize the attack surface of the operating system. To maintain the integrity and security of TufinOS, we do not support installing third party RPMs.

TufinOS is updated at regular intervals, using the latest version of CentOS 7 available. CentOS is a community-supported distribution of Linux based on Redhat’s RHEL operating system.

Build Information

Build 285312
Release Date December 2021

Upgrade image

TufinOS-3.80-285312-x86_64-2009-Final-Update.run.tgz
ISO for VMware TufinOS-3.80-285312-x86_64-2009-Final.iso.tgz

USB image for Tufin appliances

TufinOS-3.80-285312-x86_64-2009-Final.usb.img.tgz
Important! After installing TufinOS, you need to upgrade Tufin Orchestration Suite Classic to a supported version. Tufin Orchestration Suite will be unavailable until it is upgraded.

What's New

TufinOS 3.80 includes the following new features:

  • CIS 4.1.1.3 is no longer supported. Tufin auditID logs are now automatically rotated when the audit log file (/var/log/audit/audit.log) reaches the maximum file size limit (8 MB). Up to seven log files will be kept. Afterwards, when a new log file is created, the oldest one will be automatically deleted. If you want to save the logs for a longer period of time, independently back them up.

  • The kernel for both TOS Aurora and TOS Classic has been updated to version 3.10.0-1160.45.1.el7

  • Apache HTTPD RPMs for TOS Classic have been updated to version 2.4.6-97.el7.centos.2

  • PHP RPMs for TOS Classic have been updated to version 7.4.25-1.el7

  • PostgreSQL 11 for TOS Classic has been updated to version 11-11.13-1PGDG.rhel7

  • The Wireguard Tools RPM for TOS Aurora has been updated to version 1.0.20210914-1.el7

  • The updated RPMs are based on the latest version of CentOS 7.9

Additional Information

  • The service command has been replaced with the systemctl command, for example:

    systemctl restart httpd

  • For security reasons, connecting to the server via SSH as the root user has been disabled. You must connect and log in as another user, and use the su or sudo to run commands as the root user for installing, upgrading and configuring TufinOS.

  • The new default admin user: is tufin-admin

  • The network and DNS settings have changed. For the current settings, see Configuring Network and DNS Settings.

  • Network interfaces are assigned according to PCI ID order. See Discovering The First Network Interface for instructions on how to discover the name of the first network interface.

  • ntpd has been replaced with chrony (AUT-37892)

  • The partition structure has changed. The biggest partition is now under /opt, and all databases have moved under this partition as follows:

    • /opt/tufin/data/volumes/postgres

    • /opt/tufin/data/volumes/mongo

    • /opt/tufin/data/volumes/lucene

RPMs and CVEs

For a full listing of RPMs that have been added or updated in this release, see the TufinOS Hardening Guide. The TufinOS Hardening Guide also lists all CVEs that are fixed by updates to this version.