Title

The access to the Tanium SQL database must be restricted. Only the designated database administrator(s) can have elevated privileges to the Tanium SQL database. (Cat II impact)

Discussion

After the Tanium Server has been installed and the Tanium databases created, only the Tanium Receiver, Tanium Module, and Tanium connection manager (ad sync) service needs to access the SQL Server database.

Check Content

Access the Tanium SQL server interactively. Log on with an account with administrative privileges to the server. Open SQL Server Management Studio and connect to a Tanium instance of SQL Server. In the left pane, click “Databases”, select the Tanium database, click “Security”, and then click “Users”. In the “Users” pane, review the roles assigned to the user accounts. If any user account has an elevated privilege role other than the assigned database administrator, this is a finding.

Fix Text

Access the Tanium SQL server interactively. Log on with an account with administrative privileges to the server. Open SQL Server Management Studio and connect to a Tanium instance of SQL Server. In the left pane, click “Databases”, select the Tanium database, click “Security”, and then click “Users”. In the “Users” pane, review the roles assigned to the user accounts. For any user accounts with elevated privileges, reduce the role assigned to a least privileged role.

Additional Identifiers

Rule ID: SV-81517r1_rule

Vulnerability ID: V-67027

Group Title: SRG-APP-000381

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.