STIGQter: STIG Summary: Tanium 7.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: Tanium 7.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:SV-234093r612749_rule
V-234093
SRG-APP-000176
TANS-SV-000021
CAT I
10
Access the Tanium Server interactively.
Log on with an account with administrative privileges to the server.
Open an Explorer window.
Navigate to >> Program Files >> Tanium >> Tanium Server.
Right-click on "Certs" folder.
Choose "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Change the owner of the directory to the [Tanium service account].
Reduce System and the [Tanium service account] to "Read-Only" permissions.
Provide the [Tanium Admin group] with Full permissions.
Navigate to >> Program Files >> Tanium >> Tanium Server >> Certs.
Right-click on each of the following files:
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
For the following files, reduce System and the [Tanium service account] to "Read-Only":
Installedcacert.crt
Installed-server.crt
Installed-server.key
SOAPServer.crt
SOAPServer.key
Ensure the [Tanium Admin group] has Full permissions for those same files.
Navigate to >> Program Files >> Tanium >> Tanium Server >> content_public_keys.
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Reduce System to "Read-Only" permissions. – apply to child objects.
Reduce [Tanium service account] to "Read-Only" permissions. – apply to child objects.
Provide [Tanium Admin group] with Full permissions - apply to child objects.
Access the Tanium Server interactively.
Log on to the server with an account that has administrative privileges.
Open an Explorer window.
Navigate to >> Program Files >> Tanium >> Tanium Server.
Right-click on the "Certs" folder.
Choose "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Validate the owner of the directory is the [Tanium service account].
Validate System has "Read Only" permissions.
Validate the [Tanium service account] has "Read Only" permissions.
Validate [Tanium Admins group] has Full permissions.
If the owner of the directory is not the [Tanium service account] and/or System and the [Tanium service account] has more privileges than "Read Only" and/or the [Tanium Admins group] has less than Full permissions, this is a finding.
Navigate to Program Files >> Tanium >> Tanium Server >> Certs.
Right-click on each of the following files:
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Installedcacert.crt
Installed-server.crt
Installed-server.key
SOAPServer.crt
SOAPServer.key
Validate System and the [Tanium service account] have "Read-Only" permissions to each of the individual files, and the [Tanium Admin group] has Full permissions to each of the individual files.
If System and the [Tanium service account] have more than "Read-Only" permissions to any of the individual files and/or the [Tanium Admin group] has less than Full permissions to any of the individual files, this is a finding.
Navigate to Program Files >> Tanium >> Tanium Server >> content_public_keys.
Right-click on each of the following files:
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Validate System has "Read-Only" permissions and is applied to child objects.
Validate [Tanium service account] has "Read-Only" permissions and is applied to child objects.
Validate [Tanium Admin Group] has Full permissions and is applied to child objects.
If the [Tanium service account] and system permissions to the \content_public_keys folder is greater than "Read-Only" and/or the "Read-Only" permissions have not been applied to child objects and/or the [Tanium Admin Group] has less than Full permissions, this is a finding.
V-234093
False
TANS-SV-000021
Access the Tanium Server interactively.
Log on to the server with an account that has administrative privileges.
Open an Explorer window.
Navigate to >> Program Files >> Tanium >> Tanium Server.
Right-click on the "Certs" folder.
Choose "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Validate the owner of the directory is the [Tanium service account].
Validate System has "Read Only" permissions.
Validate the [Tanium service account] has "Read Only" permissions.
Validate [Tanium Admins group] has Full permissions.
If the owner of the directory is not the [Tanium service account] and/or System and the [Tanium service account] has more privileges than "Read Only" and/or the [Tanium Admins group] has less than Full permissions, this is a finding.
Navigate to Program Files >> Tanium >> Tanium Server >> Certs.
Right-click on each of the following files:
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Installedcacert.crt
Installed-server.crt
Installed-server.key
SOAPServer.crt
SOAPServer.key
Validate System and the [Tanium service account] have "Read-Only" permissions to each of the individual files, and the [Tanium Admin group] has Full permissions to each of the individual files.
If System and the [Tanium service account] have more than "Read-Only" permissions to any of the individual files and/or the [Tanium Admin group] has less than Full permissions to any of the individual files, this is a finding.
Navigate to Program Files >> Tanium >> Tanium Server >> content_public_keys.
Right-click on each of the following files:
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Validate System has "Read-Only" permissions and is applied to child objects.
Validate [Tanium service account] has "Read-Only" permissions and is applied to child objects.
Validate [Tanium Admin Group] has Full permissions and is applied to child objects.
If the [Tanium service account] and system permissions to the \content_public_keys folder is greater than "Read-Only" and/or the "Read-Only" permissions have not been applied to child objects and/or the [Tanium Admin Group] has less than Full permissions, this is a finding.
M
5259