Check: TANS-DB-000003
Tanium 7.3 STIG:
TANS-DB-000003
(in versions v2 r2 through v1 r1)
Title
The access to the Tanium SQL database must be restricted. Only the designated database administrator(s) can have elevated privileges to the Tanium SQL database. (Cat II impact)
Discussion
After the Tanium Server has been installed and the Tanium databases created, only the Tanium Receiver, Tanium Module, and Tanium connection manager (ad sync) service needs to access the SQL Server database.
Check Content
Access the Tanium SQL server interactively. Log on to the server with an account that has administrative privileges. Open SQL Server Management Studio. Connect to a Tanium instance of SQL Server. In the left pane, click "Databases". Select the Tanium database. Click "Security". Click "Users". In the "Users" pane, review the roles assigned to the user accounts. (Note: This does not apply to service accounts.) If any user account has an elevated privilege role other than the assigned database administrators, this is a finding.
Fix Text
Access the Tanium SQL server interactively. Log on to the server with an account that has administrative privileges. Open SQL Server Management Studio. Connect to a Tanium instance of SQL Server. In the left pane, click "Databases". Select the Tanium database. Click "Security". Click "Users". In the "Users" pane, review the roles assigned to the user accounts. For any user accounts with elevated privileges, reduce the role assigned to a least privileged role.
Additional Identifiers
Rule ID: SV-234073r612749_rule
Vulnerability ID: V-234073
Group Title: SRG-APP-000381
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001814 |
The Information system supports auditing of the enforcement actions. |
Controls
Number | Title |
---|---|
CM-5 (1) |
Automated Access Enforcement / Auditing |