STIGQter: STIG Summary: Tanium 7.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The Tanium Server Logs and TDL_Logs directories must be restricted with appropriate permissions.

DISA Rule

SV-234098r612749_rule

Vulnerability Number

V-234098

Group Title

SRG-APP-000328

Rule Version

TANS-SV-000027

Severity

CAT II

CCI(s)

• CCI-002165 - The information system enforces organization-defined discretionary access control policies over defined subjects and objects.

Weight

10

Fix Recommendation

Access the Tanium Server interactively.

Log on to their server with an account that has administrative privileges.

Open an Explorer window.

Navigate to Program Files >> Tanium >> Tanium Server.

Right-click on the "Logs" folder.

Select "Properties".

Click on the "Security" tab.

Click on the "Advanced" button.

Disable folder inheritance.

Change/verify the owner of the directory to the [Tanium service account].

Reduce [Tanium service account] privileges to modify permissions on the directory.

Ensure [Tanium Admins] group has full permissions on the directory.

Right-click on the "TDL_Logs" folder.

Select "Properties".

Click on the "Security" tab.

Click on the "Advanced" button.

Disable folder inheritance.

Change/verify the owner of the directory to the [Tanium service account].

Reduce [Tanium service account] privileges to modify permissions on the directory.

Ensure [Tanium Admins] group has full permissions on the directory.

Check Contents

Access the Tanium Server interactively.

Log on to the server with an account that has administrative privileges.

Open an Explorer window.

Navigate to Program Files >> Tanium >> Tanium Server.

Right-click on the "Logs" folder.

Select "Properties".

Click on the "Security" tab.

Click on the "Advanced" button.

Validate the owner of the directory is the [Tanium service account].

Validate the [Tanium service account] privileges is only account with modify permissions on the directory.

Validate the [Tanium Administrators] group has full permissions on the directory.

Right-click on the "TDL_Logs" folder.

Select "Properties".

Click on the "Security" tab.

Click on the "Advanced" button.

Validate the owner of the directory is the [Tanium service account].

Validate the [Tanium service account] privileges is the only account with modify permissions on the directory.

Validate the [Tanium Administrators] group has full permissions on the directory.

If any of the specified permissions are not set as required, this is a finding.

Vulnerability Number

V-234098

Documentable

False

Rule Version

TANS-SV-000027

Severity Override Guidance

Access the Tanium Server interactively.

Log on to the server with an account that has administrative privileges.

Open an Explorer window.

Navigate to Program Files >> Tanium >> Tanium Server.

Right-click on the "Logs" folder.

Select "Properties".

Click on the "Security" tab.

Click on the "Advanced" button.

Validate the owner of the directory is the [Tanium service account].

Validate the [Tanium service account] privileges is only account with modify permissions on the directory.

Validate the [Tanium Administrators] group has full permissions on the directory.

Right-click on the "TDL_Logs" folder.

Select "Properties".

Click on the "Security" tab.

Click on the "Advanced" button.

Validate the owner of the directory is the [Tanium service account].

Validate the [Tanium service account] privileges is the only account with modify permissions on the directory.

Validate the [Tanium Administrators] group has full permissions on the directory.

If any of the specified permissions are not set as required, this is a finding.

Check Content Reference

M

Target Key

5259

Comments