Title

All installation files originally downloaded to the Tanium Server must be configured to download to a location other than the Tanium Server directory. (Cat II impact)

Discussion

Typically, the Tanium Server stores the Package Source Files that it downloads from the Internet and server shares or files uploaded through the Tanium Console in a subdirectory of the server's installation directory called Downloads. To ensure package files are not accessible to non-authorized functions, the files must be re-located to outside of the server's installation directory.

Check Content

Access the Tanium Server interactively. Log on to the server with an account that has administrative privileges. Run regedit as Administrator. Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server. Validate the "DownloadPath REG_SZ" value does not point to a location within the Tanium Server directory. If the "DownloadPath REG_SZ" value points to a location within the Tanium Server directory, this is a finding.

Fix Text

Access the Tanium Server interactively. Log on to the server with an account that has administrative privileges. Configure a directory elsewhere on the server to relocate the installation package files. Run regedit as Administrator. Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server. Change the "DownloadPath REG_SZ" value to point to the location of the relocated installation package files. Move the files from the original directory to the location created for the installation package files.

Additional Identifiers

Rule ID: SV-234088r612749_rule

Vulnerability ID: V-234088

Group Title: SRG-APP-000133

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.