An error occurred:

Check: TANS-SV-000016

Tanium 7.x STIG: TANS-SV-000016 (in versions v2 r2 through v1 r1)

Title

All installation files originally downloaded to the Tanium Server must be configured to download to a location other than the Tanium Server directory. (Cat II impact)

Discussion

Typically, the Tanium Server stores the Package Source Files that it downloads from the internet and server shares or files uploaded through the Tanium Console in a subdirectory of the server's installation directory called "Downloads". To ensure package files are not accessible to nonauthorized functions, the files must be relocated to outside of the server's installation directory.

Check Content

1. Access the Tanium Server. 2. Log on to the server with an account that has administrative privileges. 3. Run regedit as Administrator. 4. Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> WOW6432Node >> Tanium >> Tanium Server. 5. Validate the value name "DownloadPath" with value type "REG_SZ" does not point to a location within the Tanium Server directory. If the value name "DownloadPath" with value type "REG_SZ" does not exist or points to a location within the Tanium Server directory, this is a finding. If the "DownloadPath REG_SZ" value points to a location within the Tanium Server directory, this is a finding.

Fix Text

1. Access the Tanium Server. 2. Log on to the server with an account that has administrative privileges. 3. Create a new folder outside of the Tanium Server directory (e.g., E:\Stage\Downloads). 4. Run regedit as Administrator. 5. Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> WOW6432Node >> Tanium >> Tanium Server. 6. Add or change the value name "DownloadPath" with value type "REG_SZ" to point to the location of the relocated installation package files (e.g., E:\Stage\Downloads). 7. Move the files from the original directory (E:\Program Files\Tanium\Tanium Server\Downloads) to the location created for the installation package files. 8. Move the files from the original directory (E:\Program Files\Tanium\Tanium Server\Downloads) to the location created for the installation package files.

Additional Identifiers

Rule ID: SV-253847r997269_rule

Vulnerability ID: V-253847

Group Title: SRG-APP-000133

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001499

Limit privileges to change software resident within software libraries.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-5(6)

Limit Library Privileges