STIGQter STIGQter: STIG Summary: Tanium 7.0 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 July 2018:

Tanium service must be protected from being stopped by a non-privileged user.

DISA Rule

SV-93465r1_rule

Vulnerability Number

V-78759

Group Title

SRG-APP-000435

Rule Version

TANS-SV-000068

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Log on interactively to the Tanium Server.

Open the CMD prompt as admin.

Run "sc sdset "Tanium Server" D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCLCSWLOCRRC;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

Run the above on all other Tanium Servers, to include Tanium Servers in an Active-Active pair.

Check Contents

Verify that to prevent a non-privileged user from impacting the Tanium Server's ability to operate, the control of the service is restricted to the Local Administrators.

Log on interactively to the Tanium Server.

Open the CMD prompt as admin.

Run "sc sdshow "Tanium Server""

If the string does not match "D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCLCSWLOCRRC;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)", this is a finding.

Run the above on all other Tanium Servers, to include Tanium Servers in an Active-Active pair.

Vulnerability Number

V-78759

Documentable

False

Rule Version

TANS-SV-000068

Severity Override Guidance

Verify that to prevent a non-privileged user from impacting the Tanium Server's ability to operate, the control of the service is restricted to the Local Administrators.

Log on interactively to the Tanium Server.

Open the CMD prompt as admin.

Run "sc sdshow "Tanium Server""

If the string does not match "D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCLCSWLOCRRC;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)", this is a finding.

Run the above on all other Tanium Servers, to include Tanium Servers in an Active-Active pair.

Check Content Reference

M

Target Key

3215

Comments