AIX links

Deploying the Tanium Client to AIX endpoints

On AIX endpoints, the Tanium Client is installed as a system service. The default installation directory for Tanium Client files is /opt/Tanium/TaniumClient.

If your environment requires a different installation location for applications, see the Tanium Knowledge Base article How to: Using a symlink to a custom location (account required).

The following procedures describe how to use the endpoint CLI to install the Tanium Client. For details on using the CLI, see CLI on Non-Windows endpoints.

Prepare for installation

  1. Ensure that the AIX endpoint meet the basic requirements for the Tanium Client.
  2. Contact Tanium Support for the Tanium Client installer file: TaniumClient‑<client_version>‑powerpc.pkg.
  3. Work with your network security team to ensure that host and network firewalls are configured to allow inbound and outbound TCP traffic on the port that the client uses for Tanium traffic (default 17472). See Network connectivity, ports, and firewalls.

    The installation process does not modify any host-based firewall that might be in use.

  4. If they are not yet installed, install the IBM XL C++ runtime libraries file set (xlC.rte), version 16.1.0.0 or later, and, if indicated in the following table, the IBM LLVM runtime libraries file set (libc++.rte). The required xlC.rte version and the requirement for libc++.rte depend on the AIX and Tanium Client version:
    AIX versionTanium Client versionxlC.rte versionlibc++.rte required?
    7.1.3 or earlier7.213.1.3.1 or laterWhen xlC.rte version 16.1.0.0 or later is installed, or when required by an installed module or shared service. See Module- and service-specific requirements for the Tanium Client and endpoints for links to specific requirements.
    7.1.4 or laterAll versions16.1.0.0 or laterYes
    All versions7.416.1.0.0 or laterYes

    Install the file sets as follows:

    1. Access the operating system CLI on the endpoint.

    2. Determine the versions of the currently installed xlC.rte bundle and, if required, the libc++.rte bundle using the following commands:

      lslpp -l xlC\.*
      lslpp -l libc++\.*

      If the appropriate version of each bundle is already installed where required, skip to Install the Tanium Client on AIX. Otherwise, complete the remaining steps for each bundle that needs to be installed or updated.

    3. Obtain the appropriate xlC.rte and libc++.rte bundles for your system from IBM Fix Central.
    4. Download each bundle to your endpoint.
    5. Extract, unzip, or untar each bundle to the /usr/sys/inst.images directory.
    6. Install the bundles:

      sudo installp -aXYgd /usr/sys/inst.images -e /tmp/install.log all

    7. Review the installation log /tmp/install.log for any errors.

Install the Tanium Client on AIX

  1. Sign in to the target endpoint.
  2. Copy the Tanium Client installer file  TaniumClient‑<client_version>‑powerpc.pkg to a temporary location on the target endpoint.

  3. Use the Tanium Client Management service to download a client installer bundle that contains the tanium‑init.dat (Tanium Client 7.4 or later) or tanium.pub (Tanium Client 7.2) file.

    Client Management does not provide an installer bundle for AIX endpoints, but you can use the DAT or PUB file from the bundle that is provided for any other OS (Windows, macOS, or Linux). Download links are available on the Client Management Overview page.For the procedure, see Tanium Client Management Guide: Download and deploy the installer bundle.

    You can also download tanium‑init.dat or tanium.pub through the Tanium Console (see Tanium Console User Guide: Download infrastructure configuration files (keys)).

  4. Copy the installer bundle to the same temporary directory as the installer file and unzip the bundle.

    You must first install the unzip utility if it is not already installed on the AIX endpoint.

    The DAT or PUB file is the only file that you need from the bundle, so you can delete the other files in the bundle.

    The following example command uncompresses the Linux bundle for the Tanium Client.

    unzip linux-client-bundle.zip

  5. Run the following command from the temporary directory to install the package and generate a default configuration file:

    sudo installp -agqXYd ./TaniumClient‑<client_version>‑powerpc.pkg TaniumClient

  6. Use the CLI to configure the following basic Tanium Client settings:
    ServerName or ServerNameListIn a deployment with a standalone Tanium Server, sSet the ServerName to the TaaSserver FQDN or IP address. In a deployment with Tanium Zone Servers or multiple TaaS instancesTanium Servers, configure ServerNameList with the FQDN or IP address of each instanceserver, separated with a comma.
    LogVerbosityLevel

    The level of logging on the endpoint. The following values are best practices for specific use cases:

    • 0: Disable logging. This is the best practice value for clients installed on sensitive endpoints or virtual desktop infrastructure (VDI) endpoints.
    • 1 (default): This is the best practice value during normal operation.
    • 41: This is the best practice value during troubleshooting.
    • 91 or higher: Enable the most detailed log levels for short periods of time only.
    ResolverThe default hostname resolver for Tanium is getent. Because AIX generally does not have the getent command, add the Resolver=nslookup setting.

    For details on additional settings that you can configure, see Tanium Client settings.

    The following example commands are for a deployment with multiple TaaS instancesTanium Servers and Zone Servers.

    cd <Tanium Client installation directory>
    sudo ./TaniumClient config set ServerNameList taas-example1-zs.cloud.tanium.com,taas-example2-zs.cloud.tanium.comts1.example.com,ts2.example.com,zs1.example.com,zs2.example.com
    sudo ./TaniumClient config set LogVerbosityLevel 1
    sudo ./TaniumClient config set resolver nslookup

  7. Copy the tanium‑init.dat file or tanium.pub file to the Tanium Client installation directory on the AIX endpoint.
  8. Use the following command to start the Tanium Client service:

    startsrc -s taniumclient

    Before proceeding, wait a few minutes for the Tanium Client to register with TaaS the Tanium Server or Zone Server.

  9. Verify that the client installed correctly and can communicate with TaaS the server. From the Main menu, go to Administration > Management > Client Status. If the installation and registration succeeded, the client appears in the grid.

    To find a specific Tanium Client, enter a text string in the Filter items field above the grid to filter it by Host Name or Network Location (IP address).


Manage the Tanium Client service on AIX

The Tanium Client on AIX uses the IBM AIX System Resource Controller (SRC) to manage the client service. Run the listed commands to complete the following actions:

  • Start the Tanium Client service: startsrc -s taniumclient
  • Stop the Tanium Client service: stopsrc -s taniumclient
  • Verify that the Tanium Client service is available: lssrc -s taniumclient

Uninstall the Tanium Client on AIX

To uninstall the Tanium Client on AIX, run the following command: installp -u TaniumClient