UCF STIG Viewer Logo

All installation files originally downloaded to the Tanium Server must be configured to download to a location other than the Tanium Server directory.


Overview

Finding ID Version Rule ID IA Controls Severity
V-78679 TANS-SV-000016 SV-93385r2_rule Medium
Description
Typically, the Tanium Server stores the Package Source Files that it downloads from the Internet and server shares or files uploaded through the Tanium Console in a subdirectory of the server's installation directory called Downloads. To ensure package files are not accessible to non-authorized functions, the files must be re-located to outside of the server's installation directory.
STIG Date
Tanium 7.0 Security Technical Implementation Guide 2018-07-09

Details

Check Text ( C-78249r2_chk )
Access the Tanium Server interactively.

Log on with an account with administrative privileges to the server.

Run regedit as Administrator.

Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server.

Validate the "DownloadPath" REG_SZ value points to a location off of the Tanium Server directory.

If the "DownloadPath" REG_SZ value does not point to a location off of the Tanium Server directory, this is a finding.
Fix Text (F-85415r2_fix)
Access the Tanium Server interactively.
Log on with an account with administrative privileges to the server.

Configure a directory off of the Tanium server to relocate the installation package files.

Run regedit as Administrator.

Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server.

Change the "DownloadPath" REG_SZ value to point to the location of the relocated installation package files.

Move the files from the original directory to the location created for the installation package files.