Reference: TanOS command line interface
Tanium Appliances contain a command line interface (CLI) that you can access from SSH.
Requirements
- The CLI is available to users with the tanadmin role.
Syntax
ssh -qt <user>@<ip> <command> <options...>
Tanium platform commands
| Command | Description |
|---|---|
| add hub | Install the Tanium Zone Server Hub add-on to an existing Tanium Server role. |
| configure module service |
Configure the Tanium Server appliance to use a Tanium Module Server. Specify the IP address of the Tanium Module Server, such as: ssh -qt [email protected] configure module server 10.10.10.15 |
| help | Show a list of available commands. Add help to any command to show help for the particular command. |
| install aio | Install the Tanium All-in-One role. Specify the version of Tanium to install, such as:ssh -qt [email protected] install aio 7.4.4.1250 If you run the command without a version, the server returns the available versions found on the server; this includes the versions that ship with TanOS and any other versions (of the RPM upgrade files) that are found in the /incoming directory. |
| install tms | Install the Tanium Module Server role. Specify the version of Tanium to install, such as:ssh -qt [email protected] install tms 7.4.4.1250 If you run the command without a version, the server returns the available versions found on the server; this includes the versions that ship with TanOS and any other versions (of the RPM upgrade files) that are found in the /incoming directory. |
| install ts | Install the Tanium Server role. Specify the version of Tanium to install, such as:ssh -qt [email protected] install ts 7.4.4.1250 If you run the command without a version, the server returns the available versions found on the server; this includes the versions that ship with TanOS and any other versions (of the RPM upgrade files) that are found in the /incoming directory. |
| install tzs | Install the Tanium Zone Server role. Specify the version of Tanium to install, such as:ssh -qt [email protected] install tzs 7.4.4.1250 If you run the command without a version, the server returns the available versions found on the server; this includes the versions that ship with TanOS and any other versions (of the RPM upgrade files) that are found in the /incoming directory. Make sure to import the public key to the Zone Server appliance before you run this command (TanOS menu 2-I). For Tanium Core Platform 7.3 and earlier, copy the tanium.pub file from the Tanium Server appliance. In Tanium Core Platform 7.4 and later, the public keys are stored in the tanium-init.dat file. For detailed steps, see Import the Tanium Server public key file to the Zone Server. |
| register module service | Run this command from a Tanium Module Server appliance to register the Tanium Module Server with a Tanium Server appliance. Specify the fingerprint of the Tanium Module server, in addition to the IP address and/or FQDN of the Tanium Server, such as:ssh -qt [email protected] register module service <fingerprint> 10.0.0.10 ts.example.com |
| remove hub | Remove the Tanium Zone Server Hub add-on. |
| upgrade tanium | Upgrade the Tanium software on the appliance. Specify the version of Tanium to install, such as: ssh -qt [email protected] upgrade tanium 7.4.4.1250 If you run the command without a version, the server returns the available versions found on the server; this includes the versions that ship with TanOS and any other versions (of the RPM upgrade files) that are found in the /incoming directory. |
Appliance Array commands
| Command | Description |
|---|---|
| add array member | Add another appliance to the Appliance Array that is defined on the current appliance. Example:ssh -qt [email protected] add array member 10.0.0.5 |
| create array | Create an Appliance Array and add the current appliance as a member. Specify the IP address of the appliance and the name of the array (can include spaces). Example:ssh -qt [email protected] create array 10.0.0.4 My TanOS Array |
| reset array | Remove the current appliance from an Appliance Array. Example:ssh -qt [email protected] reset array |
TanOS management commands
| Command | Description |
|---|---|
| add pubkeys | Add entries to the authorized_keys file for the user. |
| copy pubkeys tancopy | Copy the SSH keys for the user to the tancopy user account. |
| report info | Report basic information for the appliance, including the serial number, server name, TanOS version, role, and Tanium version. |
| reset software | Removes all Tanium Core Platform software from the appliance, but preserves network and system user configuration. Requires a confirmation to proceed. |
| set backup key |
Set the public key to encrypt backup files. The public key must be in PEM format. |
| set password | Change a user's own password to a specified value. You can run the command interactively or non-interactively, such as through an external system. Requires a confirmation to proceed when run interactively. When run non-interactively, requires only the new password on the standard input stream. |
| show pubkeys | Show the SSH public keys for the user |
| upgrade appliance | Upgrade TanOS on the appliance. Specify the version of TanOS to upgrade to, such as:
ssh -qt [email protected] upgrade appliance 1.6.6 If you run the command without a version, the server returns the available versions (of the RPM upgrade files) that are found in the /incoming directory. |
Examples
Show a list of commands
Command:
ssh -qt [email protected] help
Example response:
The following commands are available in the TanOS CLI. Tanium Platform install aio: Install the All-in-One role install ts: Install the Tanium Server role install tms: Install the Tanium Module Server role install tzs: Install the Tanium Zone Server role add hub: Add a Zone Server Hub to a TS or AiO remove hub: Remove the Tanium Zone Server Hub upgrade tanium: Upgrade Tanium software configure module service: Configure the Tanium Server to use a module server register module service: Register the Tanium Module Server TanOS Appliance Array create array: Create a new Appliance Array reset array: Reset this appliance's Array configuration add array member: Add a Member to the Array TanOS Management report info: Report information about the appliance reset software: Reset the software on the appliance upgrade appliance: Upgrade the appliance set backup key: Set the Backup Encryption Key copy pubkeys tancopy: Copy the user's SSH keys to tancopy To see more information about each command, run it with the option "help". E.g. ssh -qt [email protected] install ts help
Show help for the install aio command
Command:
ssh -qt [email protected] install aio help
Example response:
Install the All-in-One role Installs the All-in-One role (TaniumServer and TaniumModuleServer) onto the appliance. This option requires the password to be used for the 'tanium' console user. Usage: install aio <version> Example: ssh -qt [email protected] install aio 7.4.2.2036 Menu: 1-1
Install the Tanium Zone Server Hub add-on
Command:
ssh -qt [email protected] add hub
Example response:
staging /opt/utils/installers/TaniumZoneServer-7.4.2.2036-1.rhe7.x86_64.rpm Checking RPM signatures Signature verification succeeded. Installing Tanium Zone Server Preparing packages... TaniumZoneServer-7.4.2.2036-1.rhe7.x86_64 TaniumZoneServer service installed. Complete installation by: 1. Set ServerName with '/opt/Tanium/TaniumZoneServer/TaniumZoneServer config set ServerName <name>' 2. Set any desired optional settings (ServerPort, LogVerbosityLevel, etc) by running '/opt/Tanium/TaniumZoneServer/TaniumZoneServer config set <key> <value>' 3. Copy tanium-init.dat file into /opt/Tanium/TaniumZoneServer/TaniumZoneServer 4. Enable the TaniumZoneServer with 'systemctl enable taniumzoneserver' 5. Start the TaniumZoneServer with 'systemctl start taniumzoneserver' If you are configuring this to be a TaniumZoneServer Hub do the following: 1. '/opt/Tanium/TaniumZoneServer/TaniumZoneServer config set ZoneHubFlag 1' 2. Create a file named ZoneServerList.txt in the /opt/Tanium/TaniumZoneServer/ directory with the ip addresses/FQDNs of the ZoneServers Tanium Zone Server Installation completed Configuring Zone Server Hub Add-On Zone Server Hub install - copied public key Tanium Zone Server Installation completed
Retrieve appliance information
Command:
ssh -qt [email protected] report info
Example response:
Serial Number: 5c7a65fd-2b96-4732-b2a1-fd9f56b8801e Name: ts1 TanOS Version: 1.6.0.0134 Role: Tanium Server TaniumServer: 7.4.2.2036
Last updated: 5/6/2021 3:23 PM | Feedback