All installation files originally downloaded to the Tanium Server must be configured to download to a location other than the Tanium Server directory.

From Tanium 7.0 Security Technical Implementation Guide

Part of SRG-APP-000133

Associated with: CCI-001499

SV-93385r2_rule All installation files originally downloaded to the Tanium Server must be configured to download to a location other than the Tanium Server directory.

Vulnerability discussion

Typically, the Tanium Server stores the Package Source Files that it downloads from the Internet and server shares or files uploaded through the Tanium Console in a subdirectory of the server's installation directory called Downloads. To ensure package files are not accessible to non-authorized functions, the files must be re-located to outside of the server's installation directory.

Check content

Access the Tanium Server interactively. Log on with an account with administrative privileges to the server. Run regedit as Administrator. Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server. Validate the "DownloadPath" REG_SZ value points to a location off of the Tanium Server directory. If the "DownloadPath" REG_SZ value does not point to a location off of the Tanium Server directory, this is a finding.

Fix text

Access the Tanium Server interactively. Log on with an account with administrative privileges to the server. Configure a directory off of the Tanium server to relocate the installation package files. Run regedit as Administrator. Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server. Change the "DownloadPath" REG_SZ value to point to the location of the relocated installation package files. Move the files from the original directory to the location created for the installation package files.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer