STIGQter: STIG Summary: Tanium 7.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The Tanium Server directory must be restricted with appropriate permissions.

DISA Rule

SV-234095r612749_rule

Vulnerability Number

V-234095

Group Title

SRG-APP-000328

Rule Version

TANS-SV-000024

Severity

CAT II

CCI(s)

• CCI-002165 - The information system enforces organization-defined discretionary access control policies over defined subjects and objects.

Weight

10

Fix Recommendation

Access the Tanium Server interactively.

Log on to the server with an account that has administrative privileges.

Open an Explorer window.

Navigate to Program Files >> Tanium.

Right-click on the "Tanium Server" folder.

Select "Properties".

Select the "Security" tab.

Click on the "Advanced" button.

Disable folder inheritance.

Change the owner of the directory to the service account [Tanium service account].

Remove User permissions.

Give [Tanium service account] full permissions.

Give [Tanium Admins] group full permissions.

Check Contents

Access the Tanium Server interactively.

Log on to the server with an account that has administrative privileges.

Open an Explorer window.

Navigate to Program Files >> Tanium.

Right-click on the "Tanium Server" folder.

Select "Properties".

Select the "Security" tab.

Click on the "Advanced" button.

Validate the owner of the "Tanium Server" folder is the service account [Tanium service account].

Validate the [Tanium service account] has full permissions to the "Tanium Server" folder.

Validate the [Tanium Admins] group has full permissions to the "Tanium Server" folder.

Validate Users have no permissions to the "Tanium Server" folder.

If any accounts other than the [Tanium service account] and the [Tanium Admins] group have any permission to the "Tanium Server" folder, this is a finding.

If the [Tanium service account] is not the owner of the "Tanium Server" folder, this is a finding.

Vulnerability Number

V-234095

Documentable

False

Rule Version

TANS-SV-000024

Severity Override Guidance

Access the Tanium Server interactively.

Log on to the server with an account that has administrative privileges.

Open an Explorer window.

Navigate to Program Files >> Tanium.

Right-click on the "Tanium Server" folder.

Select "Properties".

Select the "Security" tab.

Click on the "Advanced" button.

Validate the owner of the "Tanium Server" folder is the service account [Tanium service account].

Validate the [Tanium service account] has full permissions to the "Tanium Server" folder.

Validate the [Tanium Admins] group has full permissions to the "Tanium Server" folder.

Validate Users have no permissions to the "Tanium Server" folder.

If any accounts other than the [Tanium service account] and the [Tanium Admins] group have any permission to the "Tanium Server" folder, this is a finding.

If the [Tanium service account] is not the owner of the "Tanium Server" folder, this is a finding.

Check Content Reference

M

Target Key

5259

Comments