Deploying the Tanium Client to Linux endpoints

Linux links

The Taniumâ„¢ Client is installed as a system service. The Tanium Client files are installed by default in the /opt/Tanium/TaniumClient directory.

You can use the Tanium Client Deployment Tool (CDT) to download the latest Tanium Client package file.

Linux firewall rules

The installation process does not modify any host-based firewall that might be in use. Your network security team must ensure host and network firewalls are configured to allow inbound and outbound TCP traffic on port 17472. The following commands for managing Linux firewalls are samples based on default distributions of Linux.

Table 1:   Commands for Linux firewall rules
Linux Distributions Tasks Commands
Amazon Linux AMI (2016.09, 2017.09, 2018.3)

Amazon Linux 2 LTS (2017.12)

Get port 17472 status

Add or allow port 17472

Remove or deny port 17472

By default, the iptables utility (used to manage the firewall) is not configured. Check your Amazon Web Services (AWS) security group instead.
Debian 6.x, 7.x, 8.x, 9.x Get port 17472 status

Add or allow port 17472

Remove or deny port 17472

By default, the iptables utility (used to manage the firewall) is not configured. Typically, regular iptables commands will apply, such as those for Red Hat Linux 5.x. Check with your system administrator.
CentOS 5.x, 6.x

Oracle Enterprise Linux 5.x, 6.x

Red Hat Linux 5.x, 6.x

Check the firewall status iptables -L -n --line-numbers | egrep -i "^Chain|REJECT *all"

The firewall is enabled when a REJECT *all rule is present.

Get port 17472 status sudo iptables -L -n | grep 17472
Add or allow port 17472 The iptables command is for IPv4. For IPv6, use the ip6tables command.
  1. Check the firewall status.

    iptables -L -n --line-numbers | egrep -i "^Chain|REJECT *all"

  2. For each <chain_name> with a REJECT all rule, run the following command, where <line> is the line number of the rule.

    sudo iptables -I <chain_name><line> -p tcp -m state --state NEW --dport 17472 -j ACCEPT

    For example, if the chain is RH-Firewall-1-INPUT and the REJECT all rule is on line 10, run:

    iptables -I RH-Firewall-1-INPUT 10 -p tcp -m state --state NEW --dport 17472 -j ACCEPT

  3. Save your changes and restart the iptables service.

    sudo service iptables save

    sudo service iptables restart

Remove or deny port 17472 The iptables command is for IPv4. For IPv6, use the ip6tables command.
  1. List the chains.

    sudo iptables -L -n | egrep -i "^Chain|17472"

  2. For each <chain_name>, run:

    sudo iptables -D <chain_name> -p tcp -m state --state NEW --dport 17472 -j ACCEPT

  3. Save your changes and restart the iptables service.

    sudo service iptables save

    sudo service iptables restart

CentOS 7.x

Oracle Enterprise Linux 7.x

Red Hat Linux 7.x

Get port 17472 status sudo firewall-cmd --list-all-zones | grep 17472
Add or allow port 17472
  1. List the zones.

    sudo firewall-cmd --list-all-zones

  2. For each relevant <zone_name> (such as default and where ssh is present), run:

    sudo firewall-cmd --permanent --zone=<zone_name> --add-port=17472/tcp

  3. Restart the firewall.

    sudo systemctl restart firewalld

Remove or deny port 17472
  1. List the zones.

    sudo firewall-cmd --list-all-zones

  2. For each relevant <zone_name> where port 17472 is present, run:

    sudo firewall-cmd --permanent --zone=<zone_name> --remove-port=17472/tcp

  3. Restart the firewall.

    sudo systemctl restart firewalld

OpenSUSE 11.x, 12.x

SUSE Linux Enterprise Server (SLES) 11.x, 12.x

Get port 17472 status sudo grep "FW_SERVICES_EXT_TCP=" /etc/sysconfig/SuSEfirewall2 | egrep "[ \"]17472[ \"]"
Add or allow port 17472
  1. Open the /etc/sysconfig/SuSEfirewall2 file for editing, add port 17472 to the line FW_SERVICES_EXT_TCP=, and save your changes.
  2. Restart the firewall.

    sudo SuSEfirewall2 start

Remove or deny port 17472
  1. Open the /etc/sysconfig/SuSEfirewall2 file for editing, remove port 17472 from the line FW_SERVICES_EXT_TCP=, and save your changes.
  2. Restart the firewall.

    sudo SuSEfirewall2 start

Ubuntu 10.04/14.04/16.04/18.04 LTS Get port 17472 status sudo ufw status | grep 17472

or

sudo iptables -L -n | grep 17472

Allow port 17472 sudo ufw allow 17472/tcp
Remove port 17472 sudo ufw delete allow 17472/tcp
Deny port 17472 sudo ufw deny 17472/tcp
OS X 10.8 Mountain Lion
OS X 10.9 Mavericks
OS X 10.10 Yosemite
OS X 10.11 El Capitan

macOS 10.12 Sierra
macOS 10.13 High Sierra
macOS 10.14 Mojave

Get port 17472 status sudo /usr/libexec/ApplicationFirewall/socketfilterfw --listapps | awk '/TaniumClient/ {getline; print $0}'
Add Tanium Client to firewall sudo /usr/libexec/ApplicationFirewall/socketfilterfw --add /Library/Tanium/TaniumClient/TaniumClient
Unblock Tanium Clientin firewall sudo /usr/libexec/
ApplicationFirewall/socketfilterfw --unblockapp /Library/Tanium/TaniumClient/TaniumClient
Remove Tanium Client from firewall sudo /usr/libexec/ApplicationFirewall/socketfilterfw --remove /Library/Tanium/TaniumClient/TaniumClient
Block Tanium Client in firewall sudo /usr/libexec/ApplicationFirewall/socketfilterfw --blockapp /Library/Tanium/TaniumClient/TaniumClient

Tanium Client package files for Linux

You can use the Tanium CDT to download the latest Tanium Client package files.

Table 2:   Tanium Client package files for Linux
Linux Distribution Latest Installation Package Files
Amazon Linux 2 LTS (2017.12) TaniumClient-7.2.314.3518-1.amzn2.x86_64.rpm
TaniumClient-7.2.314.3211-1.amzn2017.12.x86_64.rpm
Amazon Linux AMI 2018.3 TaniumClient-7.2.314.3518-1.amzn2018.03.x86_64.rpm
Amazon Linux AMI 2017.09 TaniumClient-7.2.314.3211-1.amzn2017.09.x86_64.rpm
Amazon Linux AMI 2016.09 TaniumClient-7.2.314.3211-1.amzn2016.09.x86_64.rpm
TaniumClient-7.2.314.2962-1.amzn2016.09.x86_64.rpm
TaniumClient-6.0.314.1579-1.amzn2016.09.x86_64.rpm
Debian 9.x taniumclient_7.2.314.3518-debian9_i386.deb
taniumclient_7.2.314.3211-debian9_i386.deb

taniumclient_7.2.314.3518-debian9_amd64.deb
taniumclient_7.2.314.3211-debian9_amd64.deb

Debian 8.x

taniumclient_7.2.314.3518-debian8_i386.deb
taniumclient_7.2.314.3211-debian8_i386.deb

taniumclient_7.2.314.3518-debian8_amd64.deb
taniumclient_7.2.314.3211-debian8_amd64.deb

Debian 7.x, 6.x taniumclient_7.2.314.3518-debian6_i386.deb
taniumclient_7.2.314.3211-debian6_i386.deb
taniumclient_7.2.314.2962-debian6_i386.deb
taniumclient_6.0.314.1579-debian6_i386.deb
taniumclient_6.0.314.1442-debian6_i386.deb

taniumclient_7.2.314.3518-debian6_amd64.deb
taniumclient_7.2.314.3211-debian6_amd64.deb
taniumclient_7.2.314.2962-debian6_amd64.deb
taniumclient_6.0.314.1579-debian6_amd64.deb
taniumclient_6.0.314.1442-debian6_amd64.deb

Oracle Enterprise Linux 7.x TaniumClient-7.2.314.3518-1.oel7.x86_64.rpm
TaniumClient-7.2.314.3211-1.oel7.x86_64.rpm
TaniumClient-7.2.314.2962-1.oel7.x86_64.rpm
TaniumClient-6.0.314.1579-1.oel7.x86_64.rpm
Oracle Enterprise Linux 6.x TaniumClient-7.2.314.3518-1.oel6.i686.rpm
TaniumClient-7.2.314.3211-1.oel6.i686.rpm
TaniumClient-7.2.314.2962-1.oel6.i686.rpm
TaniumClient-6.0.314.1579-1.oel6.i686.rpm

TaniumClient-7.2.314.3518-1.oel6.x86_64.rpm
TaniumClient-7.2.314.3211-1.oel6.x86_64.rpm
TaniumClient-7.2.314.2962-1.oel6.x86_64.rpm
TaniumClient-6.0.314.1579-1.oel6.x86_64.rpm

Oracle Enterprise Linux 5.x TaniumClient-7.2.314.3518-1.oel5.i386.rpm
TaniumClient-7.2.314.3236-1.oel5.i386.rpm
TaniumClient-7.2.314.2962-1.oel5.i386.rpm

TaniumClient-7.2.314.3518-1.oel5.x86_64.rpm
TaniumClient-7.2.314.3236-1.oel5.x86_64.rpm
TaniumClient-7.2.314.2962-1.oel5.x86_64.rpm

Red Hat / CentOS 7.x TaniumClient-7.2.314.3518-1.rhe7.x86_64.rpm
TaniumClient-7.2.314.3211-1.rhe7.x86_64.rpm
TaniumClient-7.2.314.2962-1.rhe7.x86_64.rpm
TaniumClient-6.0.314.1579-1.rhe7.x86_64.rpm
TaniumClient-6.0.314.1442-1.rhe7.x86_64.rpm
Red Hat / CentOS 6.x TaniumClient-7.2.314.3518-1.rhe6.i686.rpm
TaniumClient-7.2.314.3211-1.rhe6.i686.rpm
TaniumClient-7.2.314.2962-1.rhe6.i686.rpm
TaniumClient-6.0.314.1579-1.rhe6.i686.rpm
TaniumClient-6.0.314.1442-1.i686.rpm

TaniumClient-7.2.314.3518-1.rhe6.x86_64.rpm
TaniumClient-7.2.314.3211-1.rhe6.x86_64.rpm
TaniumClient-7.2.314.2962-1.rhe6.x86_64.rpm
TaniumClient-6.0.314.1579-1.rhe6.x86_64.rpm
TaniumClient-6.0.314.1442-1.x86_64.rpm

Red Hat / CentOS 5.x TaniumClient-7.2.314.3518-1.rhe5.i386.rpm
TaniumClient-7.2.314.3236-1.rhe5.i386.rpm
TaniumClient-7.2.314.2962-1.rhe5.i386.rpm
TaniumClient-6.0.314.1579-1.rhe5.i386.rpm

TaniumClient-7.2.314.3518-1.rhe5.x86_64.rpm
TaniumClient-7.2.314.3236-1.rhe5.x86_64.rpm
TaniumClient-7.2.314.2962-1.rhe5.x86_64.rpm
TaniumClient-6.0.314.1579-1.rhe5.x86_64.rpm

SUSE Linux Enterprise Server (SLES) / OpenSUSE 12.x TaniumClient-7.2.314.3518-1.sle12.i586.rpm
TaniumClient-7.2.314.3211-1.sle12.i586.rpm
TaniumClient-7.2.314.2962-1.sle12.i586.rpm
TaniumClient-6.0.314.1579-1.sle12.i586.rpm

TaniumClient-7.2.314.3518-1.sle12.x86_64.rpm
TaniumClient-7.2.314.3211-1.sle12.x86_64.rpm
TaniumClient-7.2.314.2962-1.sle12.x86_64.rpm
TaniumClient-6.0.314.1579-1.sle12.x86_64.rpm

SUSE Linux Enterprise Server (SLES) / OpenSUSE 11.x TaniumClient-7.2.314.3518-1.sle11.i586.rpm
TaniumClient-7.2.314.3211-1.sle11.i586.rpm
TaniumClient-7.2.314.2962-1.sle11.i586.rpm
TaniumClient-6.0.314.1579-1.sle11.i586.rpm
TaniumClient-6.0.314.1442-1.sle11.i586.rpm

TaniumClient-7.2.314.3518-1.sle11.x86_64.rpm
TaniumClient-7.2.314.3211-1.sle11.x86_64.rpm
TaniumClient-7.2.314.2962-1.sle11.x86_64.rpm
TaniumClient-6.0.314.1579-1.sle11.x86_64.rpm
TaniumClient-6.0.314.1442-1.sle11.x86_64.rpm

Ubuntu 18.04 LTS taniumclient_7.2.314.3518-ubuntu18_amd64.deb
taniumclient_7.2.314.3211-ubuntu18_amd64.deb
Ubuntu 16.04 LTS taniumclient_7.2.314.3518-ubuntu16_amd64.deb
taniumclient_7.2.314.3211-ubuntu16_amd64.deb
taniumclient_7.2.314.2962-ubuntu16_amd64.deb
taniumclient_6.0.314.1579-ubuntu16_amd64.deb
Ubuntu 14.04 LTS taniumclient_7.2.314.3518-ubuntu14_amd64.deb
taniumclient_7.2.314.3211-ubuntu14_amd64.deb
taniumclient_7.2.314.2962-ubuntu14_amd64.deb
taniumclient_6.0.314.1579-ubuntu14_amd64.deb
Ubuntu 10.04 LTS taniumclient_6.0.314.3476-ubuntu10_i386.deb
taniumclient_6.0.314.3211-ubuntu10_i386.deb
taniumclient_6.0.314.1579-ubuntu10_i386.deb
taniumclient_6.0.314.1442-ubuntu10_i386.deb

taniumclient_6.0.314.1579-ubuntu10_amd64.deb
taniumclient_6.0.314.1442-ubuntu10_amd64.deb

Each supported platform distribution requires a specific Tanium Client installation package file. For example, the package file for Amazon Linux 2016.09 is named TaniumClient-7.2.314.3211-1.amzn2016.09.x86_64.rpm and the package file for Debian 6.x (64-bit) is named taniumclient_7.2.314.3211-debian6_amd64.deb.

Install the Tanium Client on Linux

  1. Open the Tanium CDT and select Client > Check for Updates to download the latest set of installers.
  2. Go to the <install>\Tanium Client Deployment Tool\clients folder and copy the Tanium Client installation package file to a temporary location.
  3. Log into the target computer.
  4. Copy the package to a temporary location on the target computer. Be sure to use the Tanium Client installation package file that was developed for the particular Linux distribution.
  5. Execute the appropriate installation command to install the package and generate a default configuration file.

    The rpm installers for Redhat and SUSE have command syntax similar to the following example:

    sudo rpm -i TaniumClient-7.2.314.3211-1.oel6.x86_64.rpm

    The debian installers for Debian and Ubuntu for have command syntax similar to the following example:

    sudo dpkg -i taniumclient_7.2.314.3211-debian6_amd64.deb

  6. Configure basic Tanium Client settings (for details, see Tanium Client settings).
    ServerName Tanium Server FQDN or IP address.
    LogVerbosityLevel

    The following decimal values are best practices for specific use cases:

    • 0: Disable logging. This is the best practice value for clients installed on sensitive endpoints or virtual desktop infrastructure (VDI) endpoints.
    • 1: This is the best practice value during normal operation.
    • 41: This is the best practice value during troubleshooting.
    • 91 or higher: Enable the most detailed log levels for short periods of time only.

    The steps to configure the settings depend on the Tanium Client version:

    • Tanium Client 6.0: Edit the /opt/Tanium/TaniumClient/TaniumClient.ini file. The following is an example of the file contents:
    • Version=6.0.314.1579
      ServerName=ts1.example.com ServerNameList=ts1.example.com,ts2.example.com
      ServerPort=17472 LogVerbosityLevel=1
    • Tanium Client 7.2: Issue the following CLI commands (for details, see Non-Windows). Version 7.2 does not require TaniumClient.ini.
    • cmd-prompt>./TaniumClient config set ServerNameList ts1.example.com,ts2.example.com
      cmd-prompt>./TaniumClient config set LogVerbosityLevel 1			
  7. Copy the tanium.pub file from the Tanium Server installation directory to /opt/Tanium/TaniumClient.
  8. Start the Tanium Client service. See Manage the Tanium Client service on Linux.

If you encounter issues when deploying the Tanium Client, examine the CDT debug logs (see Client Deployment Tool logs) and Tanium Client installation log (see Tanium Client installation log).

Manage the Tanium Client service on Linux

Linux service commands vary according to Linux distribution. This documentation provides examples but is not a reference for each Linux distribution. If you are not already familiar with installing and managing services on your target Linux distribution, please review the documentation for the particular Linux operating system before you begin.

Linux Distribution Example Commands
Amazon Linux service TaniumClient start

service TaniumClient stop

Debian service taniumclient start

service taniumclient stop

Oracle Enterprise Linux systemctl start taniumclient (Version 7)

systemctl stop taniumclient (Version 7)

service TaniumClient start (Version 5, 6)

service TaniumClient stop (Version 5, 6)

Red Hat / CentOS systemctl start taniumclient (Version 7)

systemctl stop taniumclient (Version 7)

service TaniumClient start (Version 5, 6)

service TaniumClient stop (Version 5, 6)

SUSE / OpenSUSE service taniumclient start

service taniumclient stop

Ubuntu systemctl start taniumclient (Version 16)

systemctl stop taniumclient (Version 16)

service taniumclient start (Versions 14, 10)

service taniumclient stop (Version 14, 10)

Example: Add custom tags to the Tanium Client installation directory

You can add a custom tags file to the Tanium Client installation directory to enable using the tags in Tanium workflows. For example, you can create computer groups derived from the tags.

Figure  1:  Using custom tags to select a computer group

To add tags to a Tanium Client installation directory:

  1. Create a file named CustomTags.txt in the /opt/Tanium/TaniumClient/Tools directory.
  2. Open the file in a text editor (such as vi) and add tags. Tags are strings. Use one string per line and no spaces.
  3. Save the file. A restart is not required.

    The following example shows a Tanium Client installation directory that is set up with a custom tag named Lab.

  4. In the Tanium Console, ask a question that uses the Custom Tags sensor or create a computer group that selects computers based on the tag, as shown in Figure  1.

You can use the Tanium packages named Custom Tagging - Add Tags and Custom Tagging - Add Tags (Non-Windows) to deploy tags at scale. The results are exactly the same as the manual procedure shown here. For more information, see the Tanium Support Knowledge Base article on custom tags (login required).

Uninstall the Tanium Client on Linux

Run the following CLI command to uninstall the Tanium Client from RPM-based Linux distributions such as Red Hat or SUSE:

rpm -e $(rpm -qa --queryformat "%{NAME}\n"| grep -e '[Tt]anium[Cc]lient')

From Debian-based Linux distributions:

dpkg -P taniumclient

Last updated: 4/18/2019 8:15 AM | Feedback