Reference: Advanced Security Settings menu

The Advanced Security Settings menu includes options to enable FIPS 140-2 mode, AIDE reporting, and SELinux, as well as an option for managing the SSH cipher list.

Enable FIPS 140-2 mode

TanOS FIPS 140-2 mode hardens the appliance so that the TanOS SSH service uses only the SSH ciphers approved in Federal Information Processing Standard Publication 140-2.

  1. Log into the TanOS console as a user with the tanadmin role.
  2. From the tanadmin menu, enter A to display the Appliance Configuration menu.
  3. Enter A to display the Security menu.
  4. Enter X to go to the Advanced Security menu.
  5. Enter 1 and follow the prompts to enable FIPS 140-2 mode.

    Note in the settings summary that FIPS 140-2 mode is disabled in the current state until you reboot the appliance.

  6. Go to Appliance Maintenance (B) > Reboot / Shutdown (B) and reboot the appliance.
  7. Return to the Advanced Security Settings menu and note that FIPS 140-2 is now enabled.

Enable AIDE reporting

Advanced Intrusion Detection Environment (AIDE) is a host-based intrusion detection system (HIDS) for checking the integrity of files. The AIDE solution runs an initialization scan over a set of files and directories in the system and generates a reference snapshot of the environment state. Subsequent scans can be run, and the differences between initial and current scans are reported as differences to be investigated.

The set of files and directories over which the scans are run can be customized in a configuration file. If needed, contact your TAM for assistance.

AIDE reports will be very noisy following TanOS upgrades, Tanium role installations, and Tanium solution module or content pack imports or reimports. To mitigate the noise and allow you to track real intrusions, the following workflow is recommended:
  1. Before you perform an upgrade or installation, run an AIDE check report.
  2. Then perform the upgrade or installation.
  3. After the upgrade or installation, run AIDE initialization to reset the AIDE reference. A fresh AIDE report is run automatically at the end of the initialization process.

Enable AIDE

  1. Log into the TanOS console as a user with the tanadmin role.
  2. From the tanadmin menu, enter A to display the Appliance Configuration menu.
  3. Enter A to display the Security menu.
  4. Enter X to go to the Advanced Security menu.
  5. Enter 2 to go to the AIDE menu.
  6. Enter 1 to initialize AIDE, enable a weekly check report, and run a test check report.

    Note that after initialization, the menu displays status, schedule, and recent report information.

Run an AIDE check report

  1. Log into the TanOS console as a user with the tanadmin role.
  2. From the tanadmin menu, enter A to display the Appliance Configuration menu.
  3. Enter A to display the Security menu.
  4. Enter X to go to the Advanced Security menu.
  5. Enter 2 to go to the AIDE menu.
  6. Enter 2 to run an AIDE check report.

    Note that after the report has been run, the report status is updated.

Disable the weekly AIDE check report

  1. Log into the TanOS console as a user with the tanadmin role.
  2. From the tanadmin menu, enter A to display the Appliance Configuration menu.
  3. Enter A to display the Security menu.
  4. Enter X to go to the Advanced Security menu.
  5. Enter 2 to go to the AIDE menu.
  6. Enter 3 to disable the weekly AIDE check report.

    Note that after the disable report operation has been run, the scheduled report status is updated.

Enable the weekly AIDE check report

  1. Log into the TanOS console as a user with the tanadmin role.
  2. From the tanadmin menu, enter A to display the Appliance Configuration menu.
  3. Enter A to display the Security menu.
  4. Enter X to go to the Advanced Security menu.
  5. Enter 2 to go to the AIDE menu.
  6. Enter 4 to enable the weekly AIDE check report.

    Note that after the enable report operation has been run, the scheduled report status is updated.

Export the weekly AIDE check report

  1. Log into the TanOS console as a user with the tanadmin role.
  2. From the tanadmin menu, enter A to display the Appliance Configuration menu.
  3. Enter A to display the Security menu.
  4. Enter X to go to the Advanced Security menu.
  5. Enter 2 to go to the AIDE menu.
  6. Enter 5 to export the weekly AIDE check report to the /outgoing directory.
  7. Use SFTP to copy the report from /outgoing to your management computer.

Manage the SSH cipher list

You can select the SSH ciphers included in the list presented to SSH clients.

Before you save changes to the SSH cipher list, make sure the SSH client you use to make SSH connections to TanOS supports at least one of the remaining ciphers.

  1. Log into the TanOS console as a user with the tanadmin role.
  2. From the tanadmin menu, enter A to display the Appliance Configuration menu.
  3. Enter A to display the Security menu.
  4. Enter X to go to the Advanced Security menu.
  5. Enter 3 to go to the SSH Ciphers menu.
  6. Select numbered menu items to toggle whether the cipher is included or excluded from the cipher list.
  7. When you are done modifying the list, enter S to save it.

When FIPS 140-2 mode is enabled, only ciphers that are allowed by FIPS 140-2 are displayed in the SSH cipher list menu.

Toggle SELinux mode

Security-Enhanced Linux (SELinux) is a set of kernel modifications and user-space tools that make a Linux-based OS more secure.

By default, the SELinux setting is set to permissive. For greater security, change it to enforcing.

  1. Log into the TanOS console as a user with the tanadmin role.
  2. From the tanadmin menu, enter A to display the Appliance Configuration menu.
  3. Enter A to display the Security menu.
  4. Enter X to go to the Advanced Security menu.
  5. Enter 4 to toggle the SELinux setting—permissive or enforcing. A reboot is not required.

Last updated: 11/26/2019 9:27 AM | Feedback