Taniumâ„¢ Appliance 1.4 Deployment Guide

PDF 1.4
PDF 1.3
  • All Files
Documentation Home > Tanium Appliance Deployment Guide

Reference: User Administration menu

The TanOS special users tanadmin, tancopy, tanfactory, and tanuser are not Taniumâ„¢ Console users. TanOS access requirements are enforced.

Apart from special users, TanOS hosts a local authentication service that can be used for Tanium Console user authentication. You can create and delete users and manage their passwords.

In addition, you can configure Tanium Console authentication against your enterprise LDAP server. For details on using LDAP, see the Tanium Core Platform User Guide.

Change TanOS user passwords

The TanOS special users tanadmin, tanuser, and tanfactory can make password-authenticated SSH connections to the TanOS console.

The passwords for TanOS special users must be changed every 45 days. You can also change the passwords whenever it is necessary.

The password string must be at least 10 characters long and have at least 1 uppercase character, 1 lowercase character, 1 numeric character, and 1 nonalphanumeric character.

Change the tanadmin password

  1. Log into the TanOS console as the user tanadmin.

    The TanOS console displays the tanadmin menu.

  2. Enter P and then follow the prompts to change the password.

After the password has been changed, you are logged out.

Reset the tanuser password

  1. Log into the TanOS console as the user tanadmin.
  2. Enter C to go to the User Administration menu.
  3. Enter 1 and then follow the prompts to reset the password.

Reset the tanfactory password

  1. Log into the TanOS console as the user tanadmin.
  2. Enter C to go to the User Administration menu.
  3. Enter 2 and then follow the prompts to reset the password.

Manage SSH keys

The installation process generates a public/private SSH key pair for the tanadmin user. You can use the SSH Key menu to regenerate this pair, generate keys for the other TanOS special users, add authorized keys to support inbound user connections, and display the public key so you can copy and paste it into other appliance configurations as described in some of the installation procedures in this guide.

Before you begin

  • You must have an SSH client to log into the TanOS console and an SFTP client such as WinSCP to copy files to and from the appliance.
  • You must have an SSH key generator such as PuTTYgen to generate keys for the tancopy user.

Generate keys

  1. Log into the TanOS console as the user tanadmin.
  2. Enter C to go to the User Administration menu.
  3. Enter 3 to go to the SSH Key Management menu.
  4. Enter the line number for tancopy to display the key management menu for this user.
  5. Enter 1 to generate a public/private key pair.

Add authorized keys

  1. Use an SSH key generator such as PuTTYgen to generate a public/private key pair.
  2. In PuTTYgen, select all of the text in the Public key for pasting into OpenSSH authorized_keys file box and copy it to the clipboard.
  3. Log into the TanOS console as the user tanadmin.
  4. Enter C to go to the User Administration menu.
  5. Enter 2 to go to the SSH Key Management menu.
  6. Enter the line number for the tancopy user to display the key management menu for this user.
  7. Enter 3 to go to the Authorized Keys menu.
  8. Enter 2 and then follow the prompts to add the contents of the public key generated in Step 1.

Display public keys

  1. Log into the TanOS console as the user tanadmin.
  2. Enter C to go to the User Administration menu.
  3. Enter 3 to go to the SSH Key Management menu.
  4. Enter the line number for the tancopy user to display the key management menu for this user.
  5. Enter 2 to display the public key.

Configure TanOS system users

You can create TanOS users that have permissions equivalent to tanadmin or tanuser system users.

Add a system user

  1. Log into the TanOS console as the user tanadmin.
  2. Enter C to go to the User Administration menu.
  3. Enter A to go to the System Users menu.
  4. Enter 1 and follow the prompts to add a system user.

Manage system users

  1. Log into the TanOS console as the user tanadmin.
  2. Enter C to go to the User Administration menu.
  3. Enter A to go to the System Users menu.
  4. Enter 2 to display the Manage System Users menu.
  5. Enter the line item of the user you want to manage to display the Manage Selected User menu.
  6. Use the menu to delete the user, reset the password, or manage the SSH keys.

View history of logins

  1. Log into the TanOS console as the user tanadmin.
  2. Enter C to go to the User Administration menu.
  3. Enter A to go to the System Users menu.
  4. Use the menus A, B, and C to view the logins history.

Configure the local authentication service

You can use the local authentication service to set up Tanium Console user accounts for demo or testing purposes.

Tanium recommends you configure the Tanium Console to use an external LDAP server to authenticate Tanium users. For details, see the Tanium Core Platform User Guide. Additionally, if you plan to use the local authentication service with the Tanium LDAP Sync connector, you must use the following user filter in the LDAP Sync Connector configuration:

(&(objectClass=person)(uidNumber>=20000))

The Local Authentication Service menu is available only after you install the Tanium Server role. It is not available when other roles are installed.

Add a local user

  1. Log into the TanOS console as the user tanadmin.
  2. Enter C to go to the User Administration menu.
  3. Enter B to go to the Local Authentication Service menu.
  4. Enter 1 and then follow the prompts to add a local user.

Set a user password

  1. Log into the TanOS console as the user tanadmin.
  2. Enter C to go to the User Administration menu.
  3. Enter B to go to the Local Authentication Service menu.
  4. Enter 2 to display the Manage Local Users menu.
  5. Enter the user line number to display the user menu.
  6. Enter 2 and then follow the prompts to set the user password.

Delete a user

  1. Log into the TanOS console as the user tanadmin.
  2. Enter C to go to the User Administration menu.
  3. Enter B to go to the Local Authentication Service menu.
  4. Enter 2 and to display the Manage Local Users menu.
  5. Enter the user line number to display the user menu.
  6. Enter 1 and then follow the prompts to delete the user.

Disable the local authentication service

  1. Log into the TanOS console as the user tanadmin.
  2. Enter C to go to the User Administration menu.
  3. Enter B to go to the Local Authentication Service menu.
  4. Enter A and then follow the prompts to enable or disable the local authentication service.

Enable tanremote user

The tanremote user can log into the iDRAC virtual console to diagnose hardware and network interface issues in the event the TanOS system becomes unavailable. The tanremote user is not a TanOS user or a Tanium Console user.

Before you begin

You must use a cable to connect the iDRAC interface to your network and use TanOS to configure the iDRAC interface IP address before you enable the tanremote user. See Configure the iDRAC interface.

Enable the tanremote user

  1. Log into the TanOS console as the user tanadmin.
  2. Enter C to go to the User Administration menu.
  3. Enter X to go to the iDrac User menu.
  4. Enter 1 and change the password of the tanremote user. Do this first, eventhough the user is disabled.
  5. Enter 2 a to enable the tanremote user.

Access the iDRAC virtual console

You can access the iDRAC virtual console at http://<iDRAC interface IP address>. Login in with username tanremote and the password that was set with this procedure.

Last updated: 4/19/2019 11:23 AM | Feedback