TufinOS 3.90 Release Notes

What is TufinOS?

TufinOS 3 is a hardened Linux operating system that is based on CentOS 7. As a hardened OS, TufinOS includes only the RPMs and services necessary for the operation of Tufin Orchestration Suite. By removing unnecessary RPMs and services, TufinOS helps minimize the attack surface of the operating system. To maintain the integrity and security of TufinOS, we do not support installing third party RPMs.

TufinOS is updated at regular intervals, using the latest version of CentOS 7 available. CentOS is a community-supported distribution of Linux based on Redhat’s RHEL operating system.

Build Information

Build	341384
Release Date	June 2022
Upgrade image	TufinOS-3.90-341384-x86_64-2009-Final-Update.run.tgz
ISO for VMware	TufinOS-3.90-341384-x86_64-2009-Final.iso.tgz
USB image for Tufin appliances	TufinOS-3.90-341384-x86_64-2009-Final.usb.img.tgz

Important! After upgradingTufinOS, you may need to upgrade Tufin Orchestration Suite Classic to a supported version, and TOS classic will be unavailable until it is upgraded. For more information, see TOS Classic compatibility requirements.

What's New

TufinOS 3.90 includes the following new features:

TufinOS for virtual machines: Now distributed as an ISO image compatible with both TOS Aurora and TOS Classic. Only the KVM installation method is supported.
TufinOS for appliances: The following commands have changed when installing TOS Classic:
- kvm is now kvm-classic
- serial is now kvm-serial
The TufinOS installation menu for appliances and virtual machines now shares the same design
The following security enhancements recommended by CIS CentOS Linux 7 Benchmark v2.20 can be manually implemented with TufinOS 3.90:
- 3.2.4 Ensure suspicious packets are logged. See Ensuring Suspicious Packets are Logged
- 5.5 Ensure root login is restricted to system console. See Ensuring Root Login is restricted to system console
Updated kernel to version 3.10.0-1160.62.1.el7.x86_64 for TOS Aurora and TOS Classic.
Updated httpd (Apache) RPMs to version 2.4.6-97.el7.centos.5 for TOS Classic.
Updated PHP RPMs to version 7.4.29-1.el7 for TOS Classic.
Updated PostgreSQL 11 to version 11-11.15-1PGDG.rhel7 for TOS Classic.
Updated Wireguard driver to version 1.0.20211208 for TOS Aurora.

Additional Information

The service command has been replaced with the systemctl command, for example:

systemctl restart httpd
For security reasons, connecting to the server via SSH as the root user has been disabled. You must connect and log in as another user, and use the su or sudo to run commands as the root user for installing, upgrading and configuring TufinOS.
The new default admin user: is tufin-admin
The network and DNS settings have changed. For the current settings, see Configuring Network and DNS Settings.
Network interfaces are assigned according to PCI ID order. See Discovering The First Network Interface for instructions on how to discover the name of the first network interface.
ntpd has been replaced with chrony (AUT-37892)
The partition structure has changed. The biggest partition is now under /opt, and all databases have moved under this partition as follows:
- /opt/tufin/data/volumes/postgres
- /opt/tufin/data/volumes/mongo
- /opt/tufin/data/volumes/lucene

RPMs and CVEs

For a full listing of RPMs that have been added or updated in this release, see the TufinOS Hardening Guide. The TufinOS Hardening Guide also lists all CVEs that are fixed by updates to this version.