An error occurred:

Check: TANS-CL-000005

Tanium 6.5 STIG: TANS-CL-000005 (in versions v1 r3 through v1 r2)

Title

Control of the Tanium Client service must be restricted to SYSTEM access only for all managed clients. (Cat II impact)

Discussion

The reliability of the Tanium client's ability to operate depends upon controlling access to the Tanium client service. By restricting access to SYSTEM access only, the non-Tanium system administrator will not have the ability to impact operability of the service.

Check Content

Using a web browser on a system that has connectivity to the Tanium Server, access the Tanium Server web user interface (UI) and log on with CAC. From the Dashboard, under "Client Service Hardening", click on "Control Service State Permissions". The results will show a "Count" of clients matching the "Service Control is set to default permissions" query. If the "Count" shows any quantity other than zero, this is a finding.

Fix Text

Using a web browser on a system that has connectivity to the Tanium Server, access the Tanium Server web user interface (UI) and log on with CAC. From the Dashboard, under "Client Service Hardening", click on "Control Service State Permissions". The results will show a "Count" of clients matching the "Service Control is set to default permissions" query. Select the result line for "Service Control is set to default permissions". Right-click on the number under "Count". Choose "Deploy Action...". The "Deploy Action" dialog box will display "Client Service Hardening - Set Service Permissions to Defaults" as the package. -> Client Service Hardening - Set SYSTEM only permissions on Tanium Client directory. The computer names comprising the "Count" of non-compliant systems will be displayed in the bottom. Click on "Target & Schedule". Configure the schedule for the requested action depending upon internal organizational procedures and policies for maintenance. Click on "Finish". Verify settings are correct. Click on the "Confirm..." button at the bottom of the screen which will respond with a dialog box "Your action has been scheduled. It can be viewed on the actions tab."

Additional Identifiers

Rule ID: SV-81469r1_rule

Vulnerability ID: V-66979

Group Title: SRG-APP-000328

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-002165

The information system enforces organization-defined discretionary access control policies over defined subjects and objects.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-3 (4)

Discretionary Access Control