Reference: Advanced Security Settings menu

The Advanced Security Settings menu includes options to enable FIPS 140-2 mode, AIDE reporting, and SELinux, as well as an option for managing the SSH cipher list.

Enable FIPS 140-2 mode

TanOS FIPS 140-2 mode hardens the appliance so that the TanOS SSH service uses only the SSH ciphers approved in Federal Information Processing Standard Publication 140-2.

  1. Log into the TanOS console as a user with the tanadmin role.
  2. From the tanadmin menu, enter A to display the Appliance Configuration menu. ClosedView screen
  3. Enter A to display the Security menu. ClosedView screen
  4. Enter X to go to the Advanced Security menu. ClosedView screen
  5. Enter 1 and follow the prompts to enable FIPS 140-2 mode. ClosedView screen

    Note in the settings summary that FIPS 140-2 mode is disabled in the current state until you reboot the appliance. ClosedView screen

  6. Go to Appliance Maintenance (B) > Reboot / Shutdown (B) and reboot the appliance. ClosedView screen
  7. Return to the Advanced Security menu (A-A-X) and note that FIPS 140-2 is now enabled. ClosedView screen

Enable AIDE reporting

Advanced Intrusion Detection Environment (AIDE) is a host-based intrusion detection system (HIDS) for checking the integrity of files. The AIDE solution runs an initialization scan over a set of files and directories in the system and generates a reference snapshot of the environment state. Subsequent scans can be run, and the differences between initial and current scans are reported as differences to be investigated.

The set of files and directories over which the scans are run can be customized in a configuration file. If needed, contact your TAM for assistance.

AIDE reports will be very noisy following TanOS upgrades, Tanium role installations, and Tanium solution module or content pack imports or reimports. To mitigate the noise and allow you to track real intrusions, the following workflow is recommended:
  1. Before you perform an upgrade or installation, run an AIDE check report.
  2. Then perform the upgrade or installation.
  3. After the upgrade or installation, run AIDE initialization to reset the AIDE reference. A fresh AIDE report is run automatically at the end of the initialization process.

Enable AIDE

  1. Log into the TanOS console as a user with the tanadmin role.
  2. From the tanadmin menu, enter A to display the Appliance Configuration menu.
  3. Enter A to display the Security menu. ClosedView screen
  4. Enter X to go to the Advanced Security menu. ClosedView screen
  5. Enter 2 to go to the AIDE menu. ClosedView screen
  6. Enter 1 to initialize AIDE, enable a weekly check report, and run a test check report.

    Note that after initialization, the AIDE menu displays status, schedule, and recent report information. ClosedView screen

Run an AIDE check report

  1. Log into the TanOS console as a user with the tanadmin role.
  2. From the tanadmin menu, enter A to display the Appliance Configuration menu.
  3. Enter A to display the Security menu. ClosedView screen
  4. Enter X to go to the Advanced Security menu. ClosedView screen
  5. Enter 2 to go to the AIDE menu. ClosedView screen
  6. Enter 2 to run an AIDE check report.

    Note that after the report has been run, the report status is updated. ClosedView screen

Disable the weekly AIDE check report

  1. Log into the TanOS console as a user with the tanadmin role.
  2. From the tanadmin menu, enter A to display the Appliance Configuration menu.
  3. Enter A to display the Security menu. ClosedView screen
  4. Enter X to go to the Advanced Security menu. ClosedView screen
  5. Enter 2 to go to the AIDE menu. ClosedView screen
  6. Enter 3 to disable the weekly AIDE check report.

    Note that after the disable report operation has been run, the scheduled report status is updated. ClosedView screen

Enable the weekly AIDE check report

  1. Log into the TanOS console as a user with the tanadmin role.
  2. From the tanadmin menu, enter A to display the Appliance Configuration menu.
  3. Enter A to display the Security menu. ClosedView screen
  4. Enter X to go to the Advanced Security menu. ClosedView screen
  5. Enter 2 to go to the AIDE menu. ClosedView screen
  6. Enter 4 to enable the weekly AIDE check report.

    Note that after the enable report operation has been run, the scheduled report status is updated.

Export the weekly AIDE check report

  1. Log into the TanOS console as a user with the tanadmin role.
  2. From the tanadmin menu, enter A to display the Appliance Configuration menu.
  3. Enter A to display the Security menu. ClosedView screen
  4. Enter X to go to the Advanced Security menu. ClosedView screen
  5. Enter 2 to go to the AIDE menu. ClosedView screen
  6. Enter 5 to export the weekly AIDE check report to the /outgoing directory. ClosedView screen
  7. Use SFTP to copy the report from /outgoing to your management computer.

Manage the SSH cipher list

You can select the SSH ciphers included in the list presented to SSH clients.

Before you save changes to the SSH cipher list, make sure the SSH client you use to make SSH connections to TanOS supports at least one of the remaining ciphers.

  1. Log into the TanOS console as a user with the tanadmin role.
  2. From the tanadmin menu, enter A to display the Appliance Configuration menu.
  3. Enter A to display the Security menu. ClosedView screen
  4. Enter X to go to the Advanced Security menu. ClosedView screen
  5. Enter 3 to go to the SSH Ciphers menu. ClosedView screen
  6. Select numbered menu items to toggle whether the cipher is included or excluded from the cipher list.
  7. When you are done modifying the list, enter S to save it.

When FIPS 140-2 mode is enabled, only ciphers that are allowed by FIPS 140-2 are displayed in the SSH cipher list menu.

Toggle SELinux mode

Security-Enhanced Linux (SELinux) is a set of kernel modifications and user-space tools that make a Linux-based OS more secure.

By default, the SELinux setting is set to permissive. For greater security, change it to enforcing.

  1. Log into the TanOS console as a user with the tanadmin role.
  2. From the tanadmin menu, enter A to display the Appliance Configuration menu.
  3. Enter A to display the Security menu. ClosedView screen
  4. Enter X to go to the Advanced Security menu. ClosedView screen
  5. Enter 4 to toggle the SELinux setting—permissive or enforcing. A reboot is not required.