STIGQter: STIG Summary: Tanium 7.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: Tanium 7.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:SV-234096r612749_rule
V-234096
SRG-APP-000328
TANS-SV-000025
CAT II
10
Access the Tanium Server interactively.
Log on to the server with an account that has administrative privileges.
Open an Explorer window.
Navigate to Program Files >> Tanium >> Tanium Server.
Right-click on the "Tanium Server\http folder.
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Verify/Disable folder inheritance.
Change/verify the owner of the directory to the [Tanium service account].
Change/verify the [Tanium Admins] group has full permissions.
Reduce System to "Read-Only" permissions.
Right-click on the "Tanium Server\http\libraries" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Verify/Disable folder inheritance.
Change/verify the owner of the directory to the [Tanium service account].
Reduce System to "Read-Only" permissions.
Reduce [Tanium service account] to "Read-Only" permissions.
Change/verify the [Tanium Admins] group has full permissions.
Right-click on the "Tanium Server\http\taniumjs" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Verify/Disable folder inheritance.
Change/verify the owner of the directory to the [Tanium service account].
Reduce System to "Read-Only" permissions.
Reduce [Tanium service account] to "Read-Only" permissions.
Change/verify the [Tanium Admins] group has full permissions.
Right-click on the "Tanium Server\http\tux" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Verify/Disable folder inheritance.
Change/verify the owner of the directory to the [Tanium service account].
Reduce System to "Read-Only" permissions.
Reduce [Tanium service account] to "Read-Only" permissions.
Change/verify the [Tanium Admins] group has full permissions.
Right-click on the "Tanium Server\http\tux-console" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Verify/Disable folder inheritance.
Change/verify the owner of the directory to the [Tanium service account].
Reduce System to "Read-Only" permissions.
Reduce [Tanium service account] to "Read-Only" permissions.
Change/verify the [Tanium Admins] group has full permissions.
Right-click on the "Tanium Server\Logs" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Verify/Disable folder inheritance.
Change/verify the owner of the directory to the [Tanium service account].
Reduce [Tanium service account] to "Modify" permissions.
Change/verify the [Tanium Admins] group has full permissions.
Right-click on the "Tanium Server\http\TDL_Logs" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Verify/Disable folder inheritance.
Change/verify the owner of the directory to the [Tanium service account].
Reduce [Tanium service account] to "Modify" permissions.
Change/verify the [Tanium Admins] group has full permissions.
Right-click on the "Tanium Server\Certs" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Verify/Disable folder inheritance.
Change/verify the owner of the directory to the [Tanium service account].
Reduce System to "Read-Only" permissions.
Change/verify the [Tanium Admins] group has full permissions.
Navigate to Tanium Server >> Certs.
For the following files verify/reduce System and [Tanium Service Account] to "Read-Only" permissions:
installedcacert.crt
installed-server.crt
installed-server.key
SOAPServer.crt
SOAPServer.key
Right-click on the "Tanium Server\content_public_keys" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Verify/Disable folder inheritance.
Change/verify the owner of the directory to the [Tanium service account].
Reduce System to "Read-Only" permissions - apply to child objects.
Reduce [Tanium service account] to "Read-Only" permissions - apply to child objects.
Change/verify the [Tanium Admins] group has full permissions.
Access the Tanium Server interactively.
Log on to the server with an account that has administrative privileges.
Open an Explorer window.
Navigate to Program Files >> Tanium >> Tanium Server.
Right-click on the "Tanium Server\http" folder.
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Validate Folder Inheritance is disabled.
Validate the owner of the directory is the [Tanium service account].
Validate the [Tanium Admins] group has full permissions.
Validate System has Read-Only permissions.
Right-click on the "Tanium Server\http\libraries" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Validate Folder Inheritance is disabled.
Validate the owner of the directory is the [Tanium service account].
Validate System has Read-Only permissions.
Validate the [Tanium service account] has Read-Only permissions.
Validate the [Tanium Admins] group has full permissions.
Right-click on the "Tanium Server\http\taniumjs" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Validate Folder Inheritance is disabled.
Validate the owner of the directory is the [Tanium service account].
Validate System has "Read-Only" permissions.
Validate the [Tanium service account] has "Read-Only" permissions.
Validate the [Tanium Admins] group has full permissions.
Right-click on the "Tanium Server\http\tux" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Validate Folder Inheritance is disabled.
Validate the owner of the directory is the [Tanium service account].
Validate System has "Read-Only" permissions.
Validate the [Tanium service account] has "Read Only" permissions.
Validate the [Tanium Admins] group has full permissions.
Right-click on the "Tanium Server\http\tux-console" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Validate Folder Inheritance is disabled.
Validate the owner of the directory is the [Tanium service account].
Validate System has "Read-Only" permissions.
Validate the [Tanium service account] has "Read-Only" permissions.
Validate the [Tanium Admins] group has full permissions.
Right-click on the "Tanium Server\Logs" folder.
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Validate Folder Inheritance is disabled.
Validate the owner of the directory is the [Tanium service account].
Validate the [Tanium Service Account] has only "Modify" permissions.
Validate the [Tanium Admins] group has full permissions.
Right-click on the "Tanium Server\TDL_Logs" folder.
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Validate Folder Inheritance is disabled.
Validate the owner of the directory is the [Tanium service account].
Validate the [Tanium Service Account] has only "Modify" permissions.
Validate the [Tanium Admins] group has full permissions.
Right-click on the "Tanium Server\Certs" folder.
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Validate Folder Inheritance is disabled.
Validate the owner of the directory is the [Tanium service account].
Validate System has "Read-Only" permissions.
Validate the [Tanium Admins] group has full permissions.
Navigate to Tanium Server >> Certs.
For the following files verify System and [Tanium Service Account] have "Read-Only" permissions:
installedcacert.crt
installed-server.crt
installed-server.key
SOAPServer.crt
SOAPServer.key
Right-click on the "Tanium Server\content_public_keys" folder.
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Validate Folder Inheritance is disabled.
Validate the owner of the directory is the [Tanium service account].
Validate System has "Read-Only" permissions.
Validate the [Tanium Service Account] has "Read-Only" permissions.
Validate the [Tanium Admins] group has full permissions.
If any of the above permissions are not configured correctly, this is a finding.
V-234096
False
TANS-SV-000025
Access the Tanium Server interactively.
Log on to the server with an account that has administrative privileges.
Open an Explorer window.
Navigate to Program Files >> Tanium >> Tanium Server.
Right-click on the "Tanium Server\http" folder.
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Validate Folder Inheritance is disabled.
Validate the owner of the directory is the [Tanium service account].
Validate the [Tanium Admins] group has full permissions.
Validate System has Read-Only permissions.
Right-click on the "Tanium Server\http\libraries" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Validate Folder Inheritance is disabled.
Validate the owner of the directory is the [Tanium service account].
Validate System has Read-Only permissions.
Validate the [Tanium service account] has Read-Only permissions.
Validate the [Tanium Admins] group has full permissions.
Right-click on the "Tanium Server\http\taniumjs" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Validate Folder Inheritance is disabled.
Validate the owner of the directory is the [Tanium service account].
Validate System has "Read-Only" permissions.
Validate the [Tanium service account] has "Read-Only" permissions.
Validate the [Tanium Admins] group has full permissions.
Right-click on the "Tanium Server\http\tux" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Validate Folder Inheritance is disabled.
Validate the owner of the directory is the [Tanium service account].
Validate System has "Read-Only" permissions.
Validate the [Tanium service account] has "Read Only" permissions.
Validate the [Tanium Admins] group has full permissions.
Right-click on the "Tanium Server\http\tux-console" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Validate Folder Inheritance is disabled.
Validate the owner of the directory is the [Tanium service account].
Validate System has "Read-Only" permissions.
Validate the [Tanium service account] has "Read-Only" permissions.
Validate the [Tanium Admins] group has full permissions.
Right-click on the "Tanium Server\Logs" folder.
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Validate Folder Inheritance is disabled.
Validate the owner of the directory is the [Tanium service account].
Validate the [Tanium Service Account] has only "Modify" permissions.
Validate the [Tanium Admins] group has full permissions.
Right-click on the "Tanium Server\TDL_Logs" folder.
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Validate Folder Inheritance is disabled.
Validate the owner of the directory is the [Tanium service account].
Validate the [Tanium Service Account] has only "Modify" permissions.
Validate the [Tanium Admins] group has full permissions.
Right-click on the "Tanium Server\Certs" folder.
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Validate Folder Inheritance is disabled.
Validate the owner of the directory is the [Tanium service account].
Validate System has "Read-Only" permissions.
Validate the [Tanium Admins] group has full permissions.
Navigate to Tanium Server >> Certs.
For the following files verify System and [Tanium Service Account] have "Read-Only" permissions:
installedcacert.crt
installed-server.crt
installed-server.key
SOAPServer.crt
SOAPServer.key
Right-click on the "Tanium Server\content_public_keys" folder.
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Validate Folder Inheritance is disabled.
Validate the owner of the directory is the [Tanium service account].
Validate System has "Read-Only" permissions.
Validate the [Tanium Service Account] has "Read-Only" permissions.
Validate the [Tanium Admins] group has full permissions.
If any of the above permissions are not configured correctly, this is a finding.
M
5259