An error occurred:

Check: TANS-CL-000006

Tanium 6.5 STIG: TANS-CL-000006 (in versions v1 r3 through v1 r2)

Title

The ability to uninstall the Tanium Client service must be disabled on all managed clients. (Cat II impact)

Discussion

By default, end users have the ability to uninstall software on their clients. In the event the Tanium Client software is uninstalled, the Tanium Server is unable to manage the client and must re-deploy to the client. Preventing the software from being displayed in the client's Add/Remove Programs will lessen the risk of the software being uninstalled by non-Tanium System Administrators.

Check Content

Using a web browser on a system that has connectivity to the Tanium Server, access the Tanium Server web user interface (UI) and log on with CAC. From the Dashboard, under "Client Service Hardening", click on "Hide From Add-Remove Programs". The results will show a "Count" of clients matching the "Tanium Client Visible in Add-Remove Programs" query. If the "Count" shows any quantity other than zero, this is a finding.

Fix Text

Using a web browser on a system that has connectivity to the Tanium Server, access the Tanium Server web user interface (UI) and log on with CAC. From the Dashboard, under "Client Service Hardening", click on "Hide From Add-Remove Programs". The results will show a "Count" of clients matching the "Tanium Client Visible in Add-Remove Programs" query. Select the result line. Right-click on the number under "Count". Choose "Deploy Action...". The "Deploy Action" dialog box will display "Client Service Hardening - Hide Client from Add-Remove Programs" as the package. The computer names comprising the "Count" of non-compliant systems will be displayed in the bottom. Click on "Target & Schedule". Configure the schedule for the requested action depending upon internal organizational procedures and policies for maintenance. Click on "Finish". Verify settings are correct. Click on the "Confirm..." button at the bottom of the screen which will respond with a dialog box "Your action has been scheduled. It can be viewed on the actions tab."

Additional Identifiers

Rule ID: SV-81471r1_rule

Vulnerability ID: V-66981

Group Title: SRG-APP-000328

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-002165

Enforce organization-defined discretionary access control policies over defined subjects and objects.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-3(4)

Discretionary Access Control