STIGQter: STIG Summary: Tanium 7.0 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 July 2018: STIGQter: STIG Summary: Tanium 7.0 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 July 2018:SV-93395r1_rule
V-78689
SRG-APP-000176
TANS-SV-000021
CAT I
10
Access the Tanium Server interactively.
Log on with an account with administrative privileges to the server.
Open an Explorer window.
Navigate to Program Files >> Tanium >> Tanium Server.
Right-click on "Certs" folder.
Choose "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Change the owner of the directory to the [Tanium service account].
Reduce System and the [Tanium service account] to Read-Only permissions.
Provide the [Tanium Admin group] with Full permissions.
Navigate to >> Program Files >> Tanium >> Tanium Server >> Certs.
Right-click on each of the following files:
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
For the following files, reduce System and the [Tanium service account] to Read-Only:
Installedcacert.crt
Installed-server.crt
Installed-server.key
SOAPServer.crt
SOAPServer.key
Ensure the [Tanium Admin group] has Full permissions for those same files.
Navigate to >> Program Files >> Tanium >> Tanium Server >> content_public_keys.
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Reduce System to Read-Only permissions. - apply to child objects.
Reduce [Tanium service account] to Read-Only permissions. - apply to child objects.
Provide [Tanium Admin group] with Full permissions - apply to child objects.
Access the Tanium Server interactively.
Log on with an account with administrative privileges to the server.
Open an Explorer window.
Navigate to Program Files >> Tanium >> Tanium Server.
Right-click on the "Certs" folder.
Choose "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Validate the owner of the directory is the [Tanium service account].
Validate System has Read Only permissions.
Validate the [Tanium service account] has Read Only permissions.
Validate [Tanium Admins group] has Full permissions.
If the owner of the directory is not the [Tanium service account] and/or System and the [Tanium service account] has more privileges than Read Only and/or the [Tanium Admins group] has less than Full permissions, this is a finding.
Navigate to Program Files >> Tanium >> Tanium Server >> Certs.
Right-click on each of the following files:
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Installedcacert.crt
Installed-server.crt
Installed-server.key
SOAPServer.crt
SOAPServer.key
Validate System and the [Tanium service account] have Read-Only permissions to each of the individual files, and the [Tanium Admin group] has Full permissions to each of the individual files.
If System and the [Tanium service account] have more than Read-Only permissions to any of the individual files and/or the [Tanium Admin group] has less than Full permissions to any of the individual files, this is a finding.
Navigate to Program Files >> Tanium >> Tanium Server >> content_public_keys.
Right-click on each of the following files:
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Validate System has Read-Only permissions and is applied to child objects.
Validate [Tanium service account] has Read-Only permissions and is applied to child objects.
Validate [Tanium Admin Group] has Full permissions and is applied to child objects.
If the [Tanium service account] and system permissions to the \content_public_keys folder is greater than Read-Only and/or the Read-Only permissions have not been applied to child objects and/or the [Tanium Admin Group] has less than Full permissions, this is a finding.
V-78689
False
TANS-SV-000021
Access the Tanium Server interactively.
Log on with an account with administrative privileges to the server.
Open an Explorer window.
Navigate to Program Files >> Tanium >> Tanium Server.
Right-click on the "Certs" folder.
Choose "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Validate the owner of the directory is the [Tanium service account].
Validate System has Read Only permissions.
Validate the [Tanium service account] has Read Only permissions.
Validate [Tanium Admins group] has Full permissions.
If the owner of the directory is not the [Tanium service account] and/or System and the [Tanium service account] has more privileges than Read Only and/or the [Tanium Admins group] has less than Full permissions, this is a finding.
Navigate to Program Files >> Tanium >> Tanium Server >> Certs.
Right-click on each of the following files:
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Installedcacert.crt
Installed-server.crt
Installed-server.key
SOAPServer.crt
SOAPServer.key
Validate System and the [Tanium service account] have Read-Only permissions to each of the individual files, and the [Tanium Admin group] has Full permissions to each of the individual files.
If System and the [Tanium service account] have more than Read-Only permissions to any of the individual files and/or the [Tanium Admin group] has less than Full permissions to any of the individual files, this is a finding.
Navigate to Program Files >> Tanium >> Tanium Server >> content_public_keys.
Right-click on each of the following files:
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.
Validate System has Read-Only permissions and is applied to child objects.
Validate [Tanium service account] has Read-Only permissions and is applied to child objects.
Validate [Tanium Admin Group] has Full permissions and is applied to child objects.
If the [Tanium service account] and system permissions to the \content_public_keys folder is greater than Read-Only and/or the Read-Only permissions have not been applied to child objects and/or the [Tanium Admin Group] has less than Full permissions, this is a finding.
M
3215