Reference: Appliance configuration

You are prompted to configure basic host and network settings when you complete the initial configuration. You can use the TanOS Appliance Configuration menu to modify the configuration.

Changes to the network configuration do not go into effect until you restart network services. If you are connected over a remote SSH connection and change the configuration for the interface with which you are connected, your SSH connection will be terminated.

Modify the hostname and DNS configuration

  1. Log into the TanOS console as the user tanadmin.

    The TanOS console displays the tanadmin menu.

  2. Enter A to display the Appliance Configuration menu.
  3. Enter 1 and then follow the prompts to change the hostname or DNS service configuration.

Modify the IPv4 address configuration

Contact your TAM before changing the IP address for the interface used by the Tanium Server. The Tanium Server IP address is used in multiple configurations.

  1. Log into the TanOS console as the user tanadmin.
  2. Enter A to display the Appliance Configuration menu.
  3. Enter 2 to display the IP Configuration menu.
  4. Enter 1 and follow the prompts to change the IP address for a selected interface.

Modify the NTP configuration

  1. Log into the TanOS console as the user tanadmin.
  2. Enter A to display the Appliance Configuration menu.
  3. Enter 3 and then follow the prompts to change the NTP configuration.

Modify the time zone configuration

  1. Log into the TanOS console as the user tanadmin.
  2. Enter A to display the Appliance Configuration menu.
  3. Enter 4 and then follow the prompts to change the time zone configuration.

Configuring syslog

You can forward appliance logs to a remote syslog server.

Figure  1:  A syslog reader

To configure syslog forwarding:

  1. Log into the TanOS console as the user tanadmin.
  2. Enter A to display the Appliance Configuration menu.
  3. Enter 5 to display the Syslog Configuration menu.
  4. Enter 2 and then specify the IP address, port, and protocol for the remote syslog server.

Configuring SNMP

SNMP is disabled by default. You can configure SNMPv3 credentials for the user tanuser. This user can make a remote SNMP connection to the appliance to walk the MIB from a remote host or SNMP manager.

Figure  2:  SNMP walk

To configure SNMPv3 access:

  1. Log into the TanOS console as the user tanadmin.
  2. Enter A to display the Appliance Configuration menu.
  3. Enter 6 and then follow the prompts to change the SNMPv3 credentials for tanuser.

Configure solution module file share mounts

Tanium™ Connect, Tanium™ Detect, and Tanium™ Trends write consumable files to disk. You can configure the Tanium™ Server to copy these files to a Common Internet File System (CIFS) or Network File System (NFS) share.

Add a file share mount

  1. Log into the TanOS console as the user tanadmin.
  2. Enter A to display the Appliance Configuration menu.
  3. Enter 7 to display the Share Configuration menu.
  4. Enter 1 and complete the configuration to add a file share mount.

List a file share mount

  1. Log into the TanOS console as the user tanadmin.
  2. Enter A to display the Appliance Configuration menu.
  3. Enter 7 to display the Share Configuration menu.
  4. Enter A to list file share mounts.

Test a file share mount

  1. Log into the TanOS console as the user tanadmin.
  2. Enter A to display the Appliance Configuration menu.
  3. Enter 7 to display the Share Configuration menu.
  4. Enter B to test file share mounts.

Change from a static IP address to DHCP (VM-only)

  1. Log into the TanOS console as the user tanadmin.
  2. Enter A to display the Appliance Configuration menu.
  3. Enter 8 and then follow the prompts to use DHCP.

Configure additional security

You can use the Security menu to enable/disable factory reset and SSH trusted host list configurations.

Enable/disable factory reset

  1. Log into the TanOS console as the user tanadmin.
  2. Enter A to display the Appliance Configuration menu.
  3. Enter A to display the Security menu.
  4. Enter 1 and then follow the prompts to disable the tanfactory account that is used to perform a factory reset.

Manage inbound SSH access rules

  1. Log into the TanOS console as the user tanadmin.
  2. Enter A to display the Appliance Configuration menu.
  3. Enter A to display the Security menu.
  4. Enter 2 and then follow the prompts to edit the rules that restrict SSH access to hosts from specified subnets only.

Configure SSH banner text

Before you begin:

  • Use SFTP to copy a file named banner_ssh.txt to the /incoming folder.

To add the banner:

  1. Log into the TanOS console as the user tanadmin.
  2. Enter A to display the Appliance Configuration menu.
  3. Enter A to display the Security menu.
  4. Enter 3 to add the banner.

Display SSH fingerprints

  1. Log into the TanOS console as the user tanadmin.
  2. Enter A to display the Appliance Configuration menu.
  3. Enter A to display the Security menu.
  4. Enter 4 to display the SSH fingerprints.

Last updated: 3/13/2018 8:56 PM | Feedback