Check: TANS-SV-000031
Tanium 7.0 STIG:
TANS-SV-000031
(in versions v1 r2 through v1 r1)
Title
Firewall rules must be configured on the Tanium module server to allow Server-to-Module Server communications from the Tanium Server. (Cat II impact)
Discussion
The Tanium Module Server is used to extend the functionality of Tanium through the use of various workbenches. The Tanium Module Server requires communication with the Tanium Server on port 17477. Without a proper connection from the Tanium Server to the Tanium Module Server, access to the system capabilities could be denied. https://docs.tanium.com/platform_install/platform_install/reference_network_ports.html.
Check Content
Consult with the Tanium System Administrator to verify which firewall is being used as a host-based firewall on the Tanium Module Server. Access the host-based firewall configuration on the Tanium Module Server. Validate a rule exists for the following: Port Needed: Tanium Server to Tanium Module Server over TCP port 17477. If a host-based firewall rule does not exist to allow TCP port 17477, from the Tanium Server to the Tanium Module Server, this is a finding. Consult with the network firewall administrator and validate rules exist for the following: Allow TCP traffic on port 17477 from the Tanium Server to the Tanium Module Server. If a network firewall rule does not exist to allow TCP traffic on port 17477 from the Tanium Server to the Tanium Module Server, this is a finding.
Fix Text
Configure host-based firewall rules on the Tanium Module Server to include the following required traffic: Allow TCP traffic on port 17477 from the Tanium Server to the Tanium Module Server. Configure the network firewall to allow the above traffic.
Additional Identifiers
Rule ID: SV-93413r1_rule
Vulnerability ID: V-78707
Group Title: SRG-APP-000383
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001762 |
The organization disables organization-defined functions, ports, protocols, and services within the information system deemed to be unnecessary and/or nonsecure. |
Controls
Number | Title |
---|---|
CM-7 (1) |
Periodic Review |