From Tanium 6.5 Security Technical Implementation Guide
Part of SRG-APP-000002
Associated with: CCI-000060
The Tanium Console, by default, can cache console users' credentials for convenience so that operators are not required to re-enter their passwords when logging back into the console. When this feature is enabled, there is a risk of access by individuals other than the original console user. Depending upon the original console user's privileges, such access could result in irreversible or malicious manipulation of the Tanium configuration.
Using a web browser on a system which has connectivity to the Tanium Server, access the Tanium Server web user interface (UI) and logon with CAC. Click on "Administration". Select the "Global Settings" tab. In the search box beside "Show Settings Containing:" type "console_prohibitSavedLogin". Enter. If no results are returned, this is a finding. If results are returned for "console_prohibitSavedLogin", but the value is not "1", this is a finding.
Using a web browser on a system which has connectivity to the Tanium Server, access the Tanium Server web user interface (UI) and logon with CAC. Click on "Administration". Select the "Global Settings" tab. Click on "+ Add New Setting". In "Create New Setting" dialog box enter "console_prohibitSavedLogin" for "Setting Name:". Enter "1" for "Setting Value:". Select "Numeric" from "Value Type" drop-down list. Select "Server" from "Affects drop-down list. Click Save.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer