Reference: TanOS command line interface
Tanium Appliances contain a command line interface (CLI) that you can access from SSH.
Requirements
- The CLI is available to users with the tanadmin role.
Syntax
ssh -qt <user>@<ip> <command> <options...>
Tanium platform commands
| Command | Description |
|---|---|
| add hub | Install the Tanium Zone Server Hub add-on to an existing Tanium Server role. |
| help | Show a list of available commands. Add help to any command to show help for the particular command. |
| install aio | Install the Tanium All-in-One role. Specify the version of Tanium to install, such as:ssh -qt [email protected] install aio 7.4.4.1250 If you run the command without a version, the server returns the available versions found on the server; this includes the versions that ship with TanOS and any other versions (of the RPM upgrade files) that are found in the /incoming directory. |
| install tms | Install the Tanium Module Server role. Specify the version of Tanium to install, such as:ssh -qt [email protected] install tms 7.4.4.1250 If you run the command without a version, the server returns the available versions found on the server; this includes the versions that ship with TanOS and any other versions (of the RPM upgrade files) that are found in the /incoming directory. |
| install ts | Install the Tanium Server role. Specify the version of Tanium to install, such as:ssh -qt [email protected] install ts 7.4.4.1250 If you run the command without a version, the server returns the available versions found on the server; this includes the versions that ship with TanOS and any other versions (of the RPM upgrade files) that are found in the /incoming directory. |
| install tzs | Install the Tanium Zone Server role. Specify the version of Tanium to install, such as:ssh -qt [email protected] install tzs 7.4.4.1250 If you run the command without a version, the server returns the available versions found on the server; this includes the versions that ship with TanOS and any other versions (of the RPM upgrade files) that are found in the /incoming directory. Make sure to import the public key to the Zone Server appliance before you run this command (TanOS menu 2-I). For Tanium Core Platform 7.3 and earlier, copy the tanium.pub file from the Tanium Server appliance. In Tanium Core Platform 7.4 and later, the public keys are stored in the tanium-init.dat file. For detailed steps, see Import the Tanium Server public key file to the Zone Server. |
| remove hub | Remove the Tanium Zone Server Hub add-on. |
| show fingerprint |
Show the Tanium fingerprint for the Tanium Server (ts), Tanium Zone Server (tzs), or Tanium Zone Server hub (hub). Specify the type of server, such as: ssh -qt [email protected] show fingerprint ts |
| upgrade tanium | Upgrade the Tanium software on the appliance. Specify the version of Tanium to install, such as: ssh -qt [email protected] upgrade tanium 7.4.4.1250 If you run the command without a version, the server returns the available versions found on the server; this includes the versions that ship with TanOS and any other versions (of the RPM upgrade files) that are found in the /incoming directory. |
Appliance Array commands
| Command | Description |
|---|---|
| add array member | Add another appliance to the Appliance Array that is defined on the current appliance. Example:ssh -qt [email protected] add array member 10.0.0.5 |
| array assign roles |
Use a JSON document to assign the desired roles to array members and perform necessary setup steps. Command actions are:
|
| array sync partitions |
Create backups of the active partitions by copying their contents to the inactive partitions for each affected appliance in the array. This may take a while to complete. Tanium services are stopped during the backup. Appliances that do not have alternate partitions are not affected. |
| array upgrade appliance |
Upgrade the operating system for all appliances in the array. Run this command only on the primary Tanium Server in the array. Specify the upgrade version or use the --interactive flag to select from a list of options. Example: ssh -qt [email protected] array upgrade appliance 1.6.7 |
| array upgrade tanium |
Upgrade the Tanium software on all appliances in the array. Load all RPMs to the incoming directory on the primary Tanium Server before running this command. Specify the upgrade version or use the --interactive flag to select from a list of options. Example: ssh -qt [email protected] array upgrade tanium 7.4.3.1242 |
| create array | Create an Appliance Array and add the current appliance as a member. Specify the IP address of the appliance and the name of the array (can include spaces). Example:ssh -qt [email protected] create array 10.0.0.4 My TanOS Array |
| reset array | Remove the current appliance from an Appliance Array. Example:ssh -qt [email protected] reset array |
TanOS management commands
| Command | Description |
|---|---|
| create tsg | Create a Tanium Support Gatherer (TSG). |
| reboot appliance | Reboots the appliance. Requires confirmation. |
| report info | Report basic information for the appliance, including the serial number, server name, TanOS version, role, and Tanium version. |
| reset software | Removes all Tanium Core Platform software from the appliance, but preserves network and system user configuration. Requires a confirmation to proceed. |
| set backup key |
Set the public key to encrypt backup files. The public key must be in PEM format. |
| show ssh-host-fingerprints | Show the SSH host fingerprints. |
| sync partitions | Create a backup of the active partition by copying its contents to the inactive partition. This may take a while to complete. Tanium services are stopped during the backup/ |
| upgrade appliance | Upgrade TanOS on the appliance. Specify the version of TanOS to upgrade to, such as:
ssh -qt [email protected] upgrade appliance 1.6.6 If you run the command without a version, the server returns the available versions (of the RPM upgrade files) that are found in the /incoming directory. |
TanOS user management commands
| Command | Description |
|---|---|
| add pubkeys | Add entries to the authorized_keys file for the user. |
| copy pubkeys tancopy | Copy the SSH keys for the user to the tancopy user account. |
| register ssh-host | Add entries to a user's SSH known_hosts file. |
| show pubkeys | Show the user's SSH public keys. |
| set password | Change a user's own password to a specified value. You can run the command interactively or non-interactively, such as through an external system. Requires a confirmation to proceed when run interactively. When run non-interactively, requires only the new password on the standard input stream. |
Examples
Show a list of commands
Command:
ssh -qt [email protected] help
Example response:
The following commands are available in the TanOS CLI. Tanium Platform install aio: Install the All-in-One role install ts: Install the Tanium Server role install tms: Install the Tanium Module Server role install tzs: Install the Tanium Zone Server role add hub: Add a Zone Server Hub to a TS or AiO remove hub: Remove the Tanium Zone Server Hub upgrade tanium: Upgrade Tanium software configure module service: Configure the Tanium Server to use a module server register module service: Register the Tanium Module Server TanOS Appliance Array create array: Create a new Appliance Array reset array: Reset this appliance's Array configuration add array member: Add a Member to the Array TanOS Management report info: Report information about the appliance reset software: Reset the software on the appliance upgrade appliance: Upgrade the appliance set backup key: Set the Backup Encryption Key copy pubkeys tancopy: Copy the user's SSH keys to tancopy To see more information about each command, run it with the option "help". E.g. ssh -qt [email protected] install ts help
Show help for the install aio command
Command:
ssh -qt [email protected] install aio help
Example response:
Install the All-in-One role Installs the All-in-One role (TaniumServer and TaniumModuleServer) onto the appliance. This option requires the password to be used for the 'tanium' console user. Usage: install aio <version> Example: ssh -qt [email protected] install aio 7.4.2.2036 Menu: 1-1
Install the Tanium Zone Server Hub add-on
Command:
ssh -qt [email protected] add hub
Example response:
staging /opt/utils/installers/TaniumZoneServer-7.4.2.2036-1.rhe7.x86_64.rpm Checking RPM signatures Signature verification succeeded. Installing Tanium Zone Server Preparing packages... TaniumZoneServer-7.4.2.2036-1.rhe7.x86_64 TaniumZoneServer service installed. Complete installation by: 1. Set ServerName with '/opt/Tanium/TaniumZoneServer/TaniumZoneServer config set ServerName <name>' 2. Set any desired optional settings (ServerPort, LogVerbosityLevel, etc) by running '/opt/Tanium/TaniumZoneServer/TaniumZoneServer config set <key> <value>' 3. Copy tanium-init.dat file into /opt/Tanium/TaniumZoneServer/TaniumZoneServer 4. Enable the TaniumZoneServer with 'systemctl enable taniumzoneserver' 5. Start the TaniumZoneServer with 'systemctl start taniumzoneserver' If you are configuring this to be a TaniumZoneServer Hub do the following: 1. '/opt/Tanium/TaniumZoneServer/TaniumZoneServer config set ZoneHubFlag 1' 2. Create a file named ZoneServerList.txt in the /opt/Tanium/TaniumZoneServer/ directory with the ip addresses/FQDNs of the ZoneServers Tanium Zone Server Installation completed Configuring Zone Server Hub Add-On Zone Server Hub install - copied public key Tanium Zone Server Installation completed
Retrieve appliance information
Command:
ssh -qt [email protected] report info
Example response:
Serial Number: 5c7a65fd-2b96-4732-b2a1-fd9f56b8801e Name: ts1 TanOS Version: 1.6.0.0134 Role: Tanium Server TaniumServer: 7.4.2.2036
Last updated: 7/20/2021 6:08 PM | Feedback