Reference: Airgap support
You can use the Airgap Operations menu to configure your Taniumâ„¢ deployment to access Tanium content in an airgap environment.
Install an airgap module
TanOS has menus to support installation of airgap modules and content packages provided by Tanium.
Before you begin
Use SFTP to copy the airgap installer files to the /incoming directory on the appliance. The file names provided by Tanium must be preserved.
This installer supports both RPM and Zip airgap content files. RPM content files are very large, so they take several minutes to install.
Install the airgap module
- Log into the TanOS console as a user with the tanadmin role.
- From the tanadmin menu, enter 2 to go to the Tanium Operations menu.
View screen------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
3: Change Tanium Port
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
6: Download Public Key
7: Download SOAP Certificate
A: Configure Remote Module Server
B: Configure Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter C to go to the Manage Content menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Manage Content <<<
Manifest: Default
https://content.tanium.com/files/initialcontent/73/manifest.xml
Labs Manifest: Default
https://content.tanium.com/files/initialcontent/73/labs_manifest.xml
1: Install Airgap Content
2: Airgap Usage Report
3: Prune Airgap Content
4: Manage Web Server Content
A: Edit Airgap Options
B: Set Manifest
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 1 to display the AirGap Installer menu. View screen
------------------------------------------------------
>>> Tanium Operations -> AirGap Installer <<<
This function is used to install a Tanium Airgap content package.
Airgap files should be placed in the incoming directory using
sftp tancopy. File names as provided by Tanium must be preserved.
This installer supports both RPM and Zip Airgap content files.
RPM content files are very large and will take several minutes to install.
# File name
1: Airgapped-Connect-Installer.zip
Please select file by line number (enter to exit):
- Follow the prompts to install the module or content package.
View airgap usage report
- Log into the TanOS console as a user with the tanadmin role.
- From the tanadmin menu, enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
3: Change Tanium Port
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
6: Download Public Key
7: Download SOAP Certificate
A: Configure Remote Module Server
B: Configure Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter C to go to the Manage Content menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Manage Content <<<
Manifest: Default
https://content.tanium.com/files/initialcontent/73/manifest.xml
Labs Manifest: Default
https://content.tanium.com/files/initialcontent/73/labs_manifest.xml
1: Install Airgap Content
2: Airgap Usage Report
3: Prune Airgap Content
4: Manage Web Server Content
A: Edit Airgap Options
B: Set Manifest
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 2 to display the AirGap Content Usage report. View screen
------------------------------------------------------
>>> Tanium Operations -> AirGap Content Usage <<<
UsedKB Solution Solution_ID Sol_Vers Action
====== ======== =========== ======== ======
149068K Connect 99-200-0008 4.11.1.0008 Delete
Delete will prune 150M bytes from 1 solutions
Delete will preserve 0 bytes from 0 solutions
Press enter to continue
Prune airgap content
- Log into the TanOS console as a user with the tanadmin role.
- From the tanadmin menu, enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
3: Change Tanium Port
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
6: Download Public Key
7: Download SOAP Certificate
A: Configure Remote Module Server
B: Configure Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter C to go to the Manage Content menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Manage Content <<<
Manifest: Default
https://content.tanium.com/files/initialcontent/73/manifest.xml
Labs Manifest: Default
https://content.tanium.com/files/initialcontent/73/labs_manifest.xml
1: Install Airgap Content
2: Airgap Usage Report
3: Prune Airgap Content
4: Manage Web Server Content
A: Edit Airgap Options
B: Set Manifest
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 3 to display the Prune AirGap Content menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Prune AirGap Content <<<
Pruning Airgap content will delete all of the unused content.
Unused content is content that has not been imported and
solutions that were upgraded to later versions.
Would you like to continue with purging Airgap content ? [Yes|No]:
- Follow the prompts to prune the airgap content.
Manage web server content
TanOS has menus to support installation and management of airgap web server content.
Before you begin
Use SFTP to copy the airgap content files to the /incoming directory on the appliance. The file names must be in the content-*.zip format. The web content installs to the <Tanium Server>/http/content/files directory.
Install content
- Log into the TanOS console as a user with the tanadmin role.
- From the tanadmin menu, enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
3: Change Tanium Port
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
6: Download Public Key
7: Download SOAP Certificate
A: Configure Remote Module Server
B: Configure Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter C to go to the Manage Content menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Manage Content <<<
Manifest: Default
https://content.tanium.com/files/initialcontent/73/manifest.xml
Labs Manifest: Default
https://content.tanium.com/files/initialcontent/73/labs_manifest.xml
1: Install Airgap Content
2: Airgap Usage Report
3: Prune Airgap Content
4: Manage Web Server Content
A: Edit Airgap Options
B: Set Manifest
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 4 to display the Manage Web Server Content menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Manage Web Server Content <<<
1: Install Content
2: Delete Content by Name (File/Directory)
3: List/Delete Content
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 1 to display the Tanium Web Server Content Installer menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Tanium Web Server Content Installer <<<
This function is used to install Tanium Web Server content.
Content files should be placed in the incoming directory using
sftp tancopy. Content files must be zipped and prefixed with
content-*.zip.
# File name
1: content-IC_AD-Installer.zip
[ Please select file by line number (enter to exit): 1
[ Continue with installation of content-IC_AD_Installer.zip ? [Yes|No]: yes
Installing content
Extracting content to /opt/Tanium/TaniumServer/http/content/files
Content file installation completed.
Press enter to continue
- Follow the prompts to install the content.
Delete content by name
- Log into the TanOS console as a user with the tanadmin role.
- From the tanadmin menu, enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
3: Change Tanium Port
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
6: Download Public Key
7: Download SOAP Certificate
A: Configure Remote Module Server
B: Configure Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter C to go to the Manage Content menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Manage Content <<<
Manifest: Default
https://content.tanium.com/files/initialcontent/73/manifest.xml
Labs Manifest: Default
https://content.tanium.com/files/initialcontent/73/labs_manifest.xml
1: Install Airgap Content
2: Airgap Usage Report
3: Prune Airgap Content
4: Manage Web Server Content
A: Edit Airgap Options
B: Set Manifest
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 4 to display the Manage Web Server Content menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Manage Web Server Content <<<
1: Install Content
2: Delete Content by Name (File/Directory)
3: List/Delete Content
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 2 and follow the prompts to delete the content.
Delete content by list
- Log into the TanOS console as a user with the tanadmin role.
- From the tanadmin menu, enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
3: Change Tanium Port
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
6: Download Public Key
7: Download SOAP Certificate
A: Configure Remote Module Server
B: Configure Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter C to go to the Manage Content menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Manage Content <<<
Manifest: Default
https://content.tanium.com/files/initialcontent/73/manifest.xml
Labs Manifest: Default
https://content.tanium.com/files/initialcontent/73/labs_manifest.xml
1: Install Airgap Content
2: Airgap Usage Report
3: Prune Airgap Content
4: Manage Web Server Content
A: Edit Airgap Options
B: Set Manifest
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 4 to display the Manage Web Server Content menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Manage Web Server Content <<<
1: Install Content
2: Delete Content by Name (File/Directory)
3: List/Delete Content
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 3 and follow the prompts to delete the content.
Edit airgap options
- Log into the TanOS console as a user with the tanadmin role.
- From the tanadmin menu, enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
3: Change Tanium Port
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
6: Download Public Key
7: Download SOAP Certificate
A: Configure Remote Module Server
B: Configure Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter C to go to the Manage Content menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Manage Content <<<
Manifest: Default
https://content.tanium.com/files/initialcontent/73/manifest.xml
Labs Manifest: Default
https://content.tanium.com/files/initialcontent/73/labs_manifest.xml
1: Install Airgap Content
2: Airgap Usage Report
3: Prune Airgap Content
4: Manage Web Server Content
A: Edit Airgap Options
B: Set Manifest
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter A to go to the Edit Airgap Options menu. View screen
>>> Tanium TanOS -> Tools -> Edit Files -> airgap.ini <<<
#: Line Content
1: [General]
2: root_uri = https://appliance-156.tam.local/content
3: destination_path = /opt/Tanium/TaniumServer/http/content
4: license_path = /opt/Tanium/TaniumServer/tanium.license
5: key_util_path = /opt/Tanium/TaniumServer/TaniumKeyUtility
6: key_path = /opt/Tanium/TaniumServer/contentsigning.pvk
7: manifest_file = manifest.xml
8: lab_manifest_file = labs.xml
9: [hsm]
A: Add a line
R: Return to previous menu
-------------------------------------------------------
- Use the menu to edit the configuration.
Change the airgap manifest URLs
The manifest and lab manifest refer to the URL the Tanium Console uses to locate solution modules and content packs available for download and use. The default locations point to content.tanium.com. In an airgap deployment, the manifest URLs are different. Use the TanOS menu to change them to the airgap content location.
- Log into the TanOS console as a user with the tanadmin role.
- From the tanadmin menu, enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
3: Change Tanium Port
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
6: Download Public Key
7: Download SOAP Certificate
A: Configure Remote Module Server
B: Configure Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter C to go to the Manage Content menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Manage Content <<<
Manifest: Default
https://content.tanium.com/files/initialcontent/73/manifest.xml
Labs Manifest: Default
https://content.tanium.com/files/initialcontent/73/labs_manifest.xml
1: Install Airgap Content
2: Airgap Usage Report
3: Prune Airgap Content
4: Manage Web Server Content
A: Edit Airgap Options
B: Set Manifest
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter B to display the Manifest URL Change menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Manifest URL Change <<<
Manifest change should be performed with the prior agreement of your TAM.
Only modify the manifest if you intend to test non general releases of
versions of Tanium Modules or content, or if you are using the airgap
installer.
Manifest: Default
https://content.tanium.com/files/initialcontent/73/manifest.xml
Labs Manifest: Default
https://content.tanium.com/files/initialcontent/73/labs_manifest.xml
1: Set Manifest To Default
2: Set Labs Manifest To Default
3: Set Manifest To Custom
4: Set Labs Manifest To Custom
H: Help
R: Return to previous menu
------------------------------------------------------
- Use the menu to change the manifest URL.
