STIGQter: STIG Summary: Tanium 7.0 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 July 2018:

All installation files originally downloaded to the Tanium Server must be configured to download to a location other than the Tanium Server directory.

DISA Rule

SV-93385r2_rule

Vulnerability Number

V-78679

Group Title

SRG-APP-000133

Rule Version

TANS-SV-000016

Severity

CAT II

CCI(s)

CCI-001499 - The organization limits privileges to change software resident within software libraries.

Weight

Fix Recommendation

Access the Tanium Server interactively.
Log on with an account with administrative privileges to the server.

Configure a directory off of the Tanium server to relocate the installation package files.

Run regedit as Administrator.

Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server.

Change the "DownloadPath" REG_SZ value to point to the location of the relocated installation package files.

Move the files from the original directory to the location created for the installation package files.

Check Contents

Access the Tanium Server interactively.

Log on with an account with administrative privileges to the server.

Run regedit as Administrator.

Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server.

Validate the "DownloadPath" REG_SZ value points to a location off of the Tanium Server directory.

If the "DownloadPath" REG_SZ value does not point to a location off of the Tanium Server directory, this is a finding.

All installation files originally downloaded to the Tanium Server must be configured to download to a location other than the Tanium Server directory.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments