Effective December 3, NetApp adopts Microsoft’s Business-to-Customer (B2C) identity management to simplify and provide secure access to NetApp resources.
For accounts that did not pre-register (prior to Dec 3), access to your NetApp data may take up to 1 hour as your legacy NSS ID is synchronized to the new B2C identity.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

ONTAP Discussions

ONTAP 9.4P3 running on unsupported FreeBSD version!?

thomasb82

Hi there,

 

our security department does regular vulnerability/security scans of the environment and they recently approach me with this:

"FreeBSD 10.3 support ended on 2018-04-30.

Upgrade to FreeBSD 10.4 / 11.2.

For more information, see : https://www.freebsd.org/security/"

 

This was the result of scanning a FAS2750 running ONTAP 9.4P3.

 

I know ONTAP goes through intesive hardening process and FreeBSD is not accessible (that easy), 

but still, @netapp can you please comment?

 

Thanks!

 

 

Thanks!

1 ACCEPTED SOLUTION

kryan

Configure the vulnerability scanner to perform a credentialed scan on the storage system so that it is able to detect ONTAP properly.

 

KB 1074217

View solution in original post

3 REPLIES 3

kryan

Configure the vulnerability scanner to perform a credentialed scan on the storage system so that it is able to detect ONTAP properly.

 

KB 1074217

View solution in original post

davesnafiler

We are having this same result from an internal Tenable system scan against our OnTap 9.6 version.  We have opened a NetApp support ticket which returns us to the KB noted as well as the security advisory (https://security.netapp.com/advisory/ntap-20190910-0002/).  We have initiated our internal security office to create a credentialed scan and run it but the results are the same (vulnerability found).  NetApp support has stated the credentialed scan should work properly and show there is no vulnerability. 

Has anyone encountered this same result and found a resolution?

Perhaps the credentialed scan is not configured properly and Tenable support is required?

Thanks in advance for any assistance or guidance.

kryan

Please disregard the reference to an advisory - this is not a vulnerability in ONTAP.

 

Configure the Nessus scanner to use SSH credentials to allow it to run a command to discover the target is ONTAP and not FreeBSD. As far as my testing has shown, if Nessus is unable to login via SSH it interprets the target OS from "ssh -vvv" output.

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public