STIGQter: STIG Summary: Tanium 7.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

All installation files originally downloaded to the Tanium Server must be configured to download to a location other than the Tanium Server directory.

DISA Rule

SV-234088r612749_rule

Vulnerability Number

V-234088

Group Title

SRG-APP-000133

Rule Version

TANS-SV-000016

Severity

CAT II

CCI(s)

CCI-001499 - The organization limits privileges to change software resident within software libraries.

Weight

Fix Recommendation

Access the Tanium Server interactively.

Log on to the server with an account that has administrative privileges.

Configure a directory elsewhere on the server to relocate the installation package files.

Run regedit as Administrator.

Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server.

Change the "DownloadPath REG_SZ" value to point to the location of the relocated installation package files.

Move the files from the original directory to the location created for the installation package files.

Check Contents

Access the Tanium Server interactively.

Log on to the server with an account that has administrative privileges.

Run regedit as Administrator.

Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server.

Validate the "DownloadPath REG_SZ" value does not point to a location within the Tanium Server directory.

If the "DownloadPath REG_SZ" value points to a location within the Tanium Server directory, this is a finding.

All installation files originally downloaded to the Tanium Server must be configured to download to a location other than the Tanium Server directory.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments