STIGQter STIGQter: STIG Summary: Tanium 7.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The Tanium application service must be protected from being stopped by a non-privileged user.

DISA Rule

SV-234128r612749_rule

Vulnerability Number

V-234128

Group Title

SRG-APP-000435

Rule Version

TANS-SV-000068

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Log on interactively to the Tanium Server.

Open the CMD prompt as admin.

Run "sc sdset "Tanium Server" D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCLCSWLOCRRC;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)".

Run the above on all other Tanium Servers, to include Tanium Servers in an Active-Active pair.

Check Contents

Verify that to prevent a non-privileged user from affecting the Tanium Server's ability to operate, the control of the service is restricted to the Local Administrators.

Log on interactively to the Tanium Server.

Open the CMD prompt as admin.

Run "sc sdshow "Tanium Server"".

If the string does not match "D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCLCSWLOCRRC;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)", this is a finding.

Run the above on all other Tanium Servers, to include Tanium Servers in an Active-Active pair.

Vulnerability Number

V-234128

Documentable

False

Rule Version

TANS-SV-000068

Severity Override Guidance

Verify that to prevent a non-privileged user from affecting the Tanium Server's ability to operate, the control of the service is restricted to the Local Administrators.

Log on interactively to the Tanium Server.

Open the CMD prompt as admin.

Run "sc sdshow "Tanium Server"".

If the string does not match "D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCLCSWLOCRRC;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)", this is a finding.

Run the above on all other Tanium Servers, to include Tanium Servers in an Active-Active pair.

Check Content Reference

M

Target Key

5259

Comments