Title

All installation files originally downloaded to the Tanium Server must be configured to download to a location other than the Tanium Server directory. (Cat II impact)

Discussion

Typically, the Tanium Server stores the Package Source Files that it downloads from the Internet and server shares or files uploaded through the Tanium Console in a subdirectory of the server's installation directory called Downloads. To ensure package files are not accessible to non-authorized functions, the files must be re-located to outside of the server's installation directory.

Check Content

Access the Tanium Server interactively. Log on with an account with administrative privileges to the server. Run regedit as Administrator. Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server. Validate the "DownloadPath" REG_SZ value does not point to a location off of the Tanium Server directory. If the "DownloadPath" REG_SZ value points to a location off of the Tanium Server directory, this is a finding.

Fix Text

Access the Tanium Server interactively. Log on with an account with administrative privileges to the server. Configure a directory elsewhere on the server to relocate the installation package files. Run regedit as Administrator. Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server. Change the "DownloadPath" REG_SZ value to point to the location of the relocated installation package files. Move the files from the original directory to the location created for the installation package files.

Additional Identifiers

Rule ID: SV-93385r2_rule

Vulnerability ID: V-78679

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.