STIGQter STIGQter: STIG Summary: Tanium 6.5 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Oct 2016: Control of the Tanium Client service must be restricted to SYSTEM access only for all managed clients.

DISA Rule

SV-81469r1_rule

Vulnerability Number

V-66979

Group Title

SRG-APP-000328

Rule Version

TANS-CL-000005

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Using a web browser on a system that has connectivity to the Tanium Server, access the Tanium Server web user interface (UI) and log on with CAC.

From the Dashboard, under "Client Service Hardening", click on "Control Service State Permissions".

The results will show a "Count" of clients matching the "Service Control is set to default permissions" query.

Select the result line for "Service Control is set to default permissions".

Right-click on the number under "Count".

Choose "Deploy Action...".

The "Deploy Action" dialog box will display "Client Service Hardening - Set Service Permissions to Defaults" as the package. -> Client Service Hardening - Set SYSTEM only permissions on Tanium Client directory.

The computer names comprising the "Count" of non-compliant systems will be displayed in the bottom.

Click on "Target & Schedule".

Configure the schedule for the requested action depending upon internal organizational procedures and policies for maintenance.

Click on "Finish".

Verify settings are correct.

Click on the "Confirm..." button at the bottom of the screen which will respond with a dialog box "Your action has been scheduled. It can be viewed on the actions tab."

Check Contents

Using a web browser on a system that has connectivity to the Tanium Server, access the Tanium Server web user interface (UI) and log on with CAC.

From the Dashboard, under "Client Service Hardening", click on "Control Service State Permissions".

The results will show a "Count" of clients matching the "Service Control is set to default permissions" query.

If the "Count" shows any quantity other than zero, this is a finding.

Vulnerability Number

V-66979

Documentable

False

Rule Version

TANS-CL-000005

Severity Override Guidance

Using a web browser on a system that has connectivity to the Tanium Server, access the Tanium Server web user interface (UI) and log on with CAC.

From the Dashboard, under "Client Service Hardening", click on "Control Service State Permissions".

The results will show a "Count" of clients matching the "Service Control is set to default permissions" query.

If the "Count" shows any quantity other than zero, this is a finding.

Check Content Reference

M

Target Key

2965

Comments