STIGQter STIGQter: STIG Summary: Tanium 7.0 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 July 2018:

The Tanium Server http directory and sub-directories must be restricted with appropriate permissions.

DISA Rule

SV-93401r1_rule

Vulnerability Number

V-78695

Group Title

SRG-APP-000328

Rule Version

TANS-SV-000025

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Access the Tanium Server interactively.

Log on with an account with administrative privileges to the server.

Open an Explorer window.

Navigate to Program Files >> Tanium >> Tanium Server.

Right-click on the "http" folder.
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Disable folder inheritance.
Change/verify the owner of the directory to the [Tanium service account].
Change/verify the [Tanium Admins] group has full permissions.
Reduce System to Read-Only permissions.

Right-click on the "legacy" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Disable folder inheritance.
Change/verify the owner of the directory to the [Tanium service account].
Reduce System to Read-Only permissions.
Reduce [Tanium service account] to Read-Only permissions.
Change/verify the [Tanium Admins] group has full permissions.

Navigate into the "legacy" folder.

Delete index.html.bak.

Right-click on the "libraries" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Disable folder inheritance.
Change/verify the owner of the directory to the [Tanium service account].
Reduce System to Read-Only permissions.
Reduce [Tanium service account] to Read-Only permissions.
Change/verify the [Tanium Admins] group has full permissions.

Right-click on the "taniumjs" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Disable folder inheritance.
Change/verify the owner of the directory to the [Tanium service account].
Reduce System to Read-Only permissions.
Reduce [Tanium service account] to Read-Only permissions.
Change/verify the [Tanium Admins] group has full permissions.

Right-click on the "tux" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Disable folder inheritance.
Change/verify the owner of the directory to the [Tanium service account].
Reduce System to Read-Only permissions.
Reduce [Tanium service account] to Read-Only permissions.
Change/verify the [Tanium Admins] group has full permissions.

Right-click on the "tux-console" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Disable folder inheritance.
Change/verify the owner of the directory to the [Tanium service account].
Reduce System to Read-Only permissions.
Reduce [Tanium service account] to Read-Only permissions.
Change/verify the [Tanium Admins] group has full permissions.

Check Contents

Access the Tanium Server interactively.

Log on with an account with administrative privileges to the server.

Open an Explorer window.

Navigate to Program Files >> Tanium >> Tanium Server.

Right-click on the "http" folder.
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Validate the owner of the directory is the [Tanium service account].
Validate the [Tanium Admins] group has full permissions.
Validate System has Read-Only permissions.

Right-click on the "legacy" folder.
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Validate the owner of the directory is the [Tanium service account].
Validate the System has Read-Only permissions.
Validate the [Tanium service account] has Read-Only permissions.
Validate the [Tanium Admins] group has full permissions.

Navigate into the "legacy" folder.

Validate the "index.html.bak" file does not exist.

Right-click on the "libraries" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Validate the owner of the directory is the [Tanium service account].
Validate System has Read-Only permissions.
Validate the [Tanium service account] has Read-Only permissions.
Validate the [Tanium Admins] group has full permissions.

Right-click on the "taniumjs" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Validate the owner of the directory is the [Tanium service account].
Validate System has Read-Only permissions.
Validate the [Tanium service account] has Read-Only permissions.
Validate the [Tanium Admins] group has full permissions.

Right-click on the "tux" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Validate the owner of the directory is the [Tanium service account].
Validate System has Read-Only permissions.
Validate the [Tanium service account] has Read Only permissions.
Validate the [Tanium Admins] group has full permissions.

Right-click on the "tux-console" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Validate the owner of the directory is the [Tanium service account].
Validate System has Read-Only permissions.
Validate the [Tanium service account] has Read-Only permissions.
Validate the [Tanium Admins] group has full permissions.

If any of the above permissions are not configured correctly, this is a finding.

Vulnerability Number

V-78695

Documentable

False

Rule Version

TANS-SV-000025

Severity Override Guidance

Access the Tanium Server interactively.

Log on with an account with administrative privileges to the server.

Open an Explorer window.

Navigate to Program Files >> Tanium >> Tanium Server.

Right-click on the "http" folder.
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Validate the owner of the directory is the [Tanium service account].
Validate the [Tanium Admins] group has full permissions.
Validate System has Read-Only permissions.

Right-click on the "legacy" folder.
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Validate the owner of the directory is the [Tanium service account].
Validate the System has Read-Only permissions.
Validate the [Tanium service account] has Read-Only permissions.
Validate the [Tanium Admins] group has full permissions.

Navigate into the "legacy" folder.

Validate the "index.html.bak" file does not exist.

Right-click on the "libraries" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Validate the owner of the directory is the [Tanium service account].
Validate System has Read-Only permissions.
Validate the [Tanium service account] has Read-Only permissions.
Validate the [Tanium Admins] group has full permissions.

Right-click on the "taniumjs" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Validate the owner of the directory is the [Tanium service account].
Validate System has Read-Only permissions.
Validate the [Tanium service account] has Read-Only permissions.
Validate the [Tanium Admins] group has full permissions.

Right-click on the "tux" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Validate the owner of the directory is the [Tanium service account].
Validate System has Read-Only permissions.
Validate the [Tanium service account] has Read Only permissions.
Validate the [Tanium Admins] group has full permissions.

Right-click on the "tux-console" folder.
Select the "Security" tab.
Click on the "Advanced" button.
Validate the owner of the directory is the [Tanium service account].
Validate System has Read-Only permissions.
Validate the [Tanium service account] has Read-Only permissions.
Validate the [Tanium Admins] group has full permissions.

If any of the above permissions are not configured correctly, this is a finding.

Check Content Reference

M

Target Key

3215

Comments