Deploying the Tanium Client to Linux endpoints

Linux links

The Taniumâ„¢ Client is installed as a system service. The Tanium Client files are installed by default in the /opt/Tanium/TaniumClient directory.

Linux firewall rules

The installation process does not modify any host-based firewall that might be in use. Your network security team must ensure host and network firewalls are configured to allow inbound and outbound TCP traffic on port 17472. The following commands for managing Linux firewalls are samples based on default distributions of Linux.

Table 1:   Commands for Linux firewall rules
Linux Distributions Tasks Commands
Amazon Linux AMI (2016.09, 2017.09, 2018.3)

Amazon Linux 2 LTS (2017.12)

Get port 17472 status

Add or allow port 17472

Remove or deny port 17472

By default, the iptables utility (used to manage the firewall) is not configured. Check your Amazon Web Services (AWS) security group instead.
Debian 6.x, 7.x, 8.x, 9.x Get port 17472 status

Add or allow port 17472

Remove or deny port 17472

By default, the iptables utility (used to manage the firewall) is not configured. Typically, regular iptables commands will apply, such as those for Red Hat Linux 5.x. Check with your system administrator.
CentOS 5.x, 6.x

Oracle Enterprise Linux 5.x, 6.x

Red Hat Linux 5.x, 6.x

Check the firewall status iptables -L -n --line-numbers | egrep -i "^Chain|REJECT *all"

The firewall is enabled when a REJECT *all rule is present.

Get port 17472 status sudo iptables -L -n | grep 17472
Add or allow port 17472 The iptables command is for IPv4. For IPv6, use the ip6tables command.
  1. Check the firewall status.

    iptables -L -n --line-numbers | egrep -i "^Chain|REJECT *all"

  2. For each <chain_name> with a REJECT all rule, run the following command, where <line> is the line number of the rule.

    sudo iptables -I <chain_name><line> -p tcp -m state --state NEW --dport 17472 -j ACCEPT

    For example, if the chain is RH-Firewall-1-INPUT and the REJECT all rule is on line 10, run:

    iptables -I RH-Firewall-1-INPUT 10 -p tcp -m state --state NEW --dport 17472 -j ACCEPT

  3. Save your changes and restart the iptables service.

    sudo service iptables save

    sudo service iptables restart

Remove or deny port 17472 The iptables command is for IPv4. For IPv6, use the ip6tables command.
  1. List the chains.

    sudo iptables -L -n | egrep -i "^Chain|17472"

  2. For each <chain_name>, run:

    sudo iptables -D <chain_name> -p tcp -m state --state NEW --dport 17472 -j ACCEPT

  3. Save your changes and restart the iptables service.

    sudo service iptables save

    sudo service iptables restart

CentOS 7.x

Oracle Enterprise Linux 7.x

Red Hat Linux 7.x

Get port 17472 status sudo firewall-cmd --list-all-zones | grep 17472
Add or allow port 17472
  1. List the zones.

    sudo firewall-cmd --list-all-zones

  2. For each relevant <zone_name> (such as default and where ssh is present), run:

    sudo firewall-cmd --permanent --zone=<zone_name> --add-port=17472/tcp

  3. Restart the firewall.

    sudo systemctl restart firewalld

Remove or deny port 17472
  1. List the zones.

    sudo firewall-cmd --list-all-zones

  2. For each relevant <zone_name> where port 17472 is present, run:

    sudo firewall-cmd --permanent --zone=<zone_name< --remove-port=17472/tcp

  3. Restart the firewall.

    sudo systemctl restart firewalld

OpenSUSE 11.x, 12.x

SUSE Linux Enterprise Server (SLES) 11.x, 12.x

Get port 17472 status sudo grep "FW_SERVICES_EXT_TCP=" /etc/sysconfig/SuSEfirewall2 | egrep "[ \"]17472[ \"]"
Add or allow port 17472
  1. Open the /etc/sysconfig/SuSEfirewall2 file for editing, add port 17472 to the line FW_SERVICES_EXT_TCP=, and save your changes.
  2. Restart the firewall.

    sudo SuSEfirewall2 start

Remove or deny port 17472
  1. Open the /etc/sysconfig/SuSEfirewall2 file for editing, remove port 17472 from the line FW_SERVICES_EXT_TCP=, and save your changes.
  2. Restart the firewall.

    sudo SuSEfirewall2 start

Ubuntu 10.04/14.04/16.04/18.04 LTS Get port 17472 status sudo ufw status | grep 17472

or

sudo iptables -L -n | grep 17472

Allow port 17472 sudo ufw allow 17472/tcp
Remove port 17472 sudo ufw delete allow 17472/tcp
Deny port 17472 sudo ufw deny 17472/tcp
OS X 10.8 Mountain Lion
OS X 10.9 Mavericks
OS X 10.10 Yosemite
OS X 10.11 El Capitan

macOS 10.12 Sierra
macOS 10.13 High Sierra
macOS 10.14 Mojave

Get port 17472 status sudo /usr/libexec/ApplicationFirewall/socketfilterfw --listapps | awk '/TaniumClient/ {getline; print $0}'
Add Tanium Client to firewall sudo /usr/libexec/ApplicationFirewall/socketfilterfw --add /Library/Tanium/TaniumClient/TaniumClient
Unblock Tanium Clientin firewall sudo /usr/libexec/
ApplicationFirewall/socketfilterfw --unblockapp /Library/Tanium/TaniumClient/TaniumClient
Remove Tanium Client from firewall sudo /usr/libexec/ApplicationFirewall/socketfilterfw --remove /Library/Tanium/TaniumClient/TaniumClient
Block Tanium Client in firewall sudo /usr/libexec/ApplicationFirewall/socketfilterfw --blockapp /Library/Tanium/TaniumClient/TaniumClient

Tanium Client package files for Linux

You can use the Tanium CDT to download the latest client package files.

Table 2:   Tanium Client package files for Linux
Linux Distribution Latest Installation Package Files
Amazon Linux AMI 2016.09 TaniumClient-7.2.314.3211-1.amzn2016.09.x86_64.rpm
TaniumClient-7.2.314.2962-1.amzn2016.09.x86_64.rpm
TaniumClient-6.0.314.1579-1.amzn2016.09.x86_64.rpm
Amazon Linux AMI 2017.09 TaniumClient-7.2.314.3211-1.amzn2017.09.x86_64.rpm
Amazon Linux AMI 2018.3 TaniumClient-7.2.314.3476-1.amzn2018.03.x86_64.rpm
Amazon Linux 2 LTS (2017.12) TaniumClient-7.2.314.3476-1.amzn2.x86_64.rpm
TaniumClient-7.2.314.3211-1.amzn2017.12.x86_64.rpm
Debian 9.x taniumclient_7.2.314.3476-debian9_i386.deb
taniumclient_7.2.314.3211-debian9_i386.deb

taniumclient_7.2.314.3476-debian9_amd64.deb
taniumclient_7.2.314.3211-debian9_amd64.deb

Debian 8.x

taniumclient_7.2.314.3476-debian8_i386.deb
taniumclient_7.2.314.3211-debian8_i386.deb

taniumclient_7.2.314.3476-debian8_amd64.deb
taniumclient_7.2.314.3211-debian8_amd64.deb

Debian 7.x, 6.x taniumclient_7.2.314.3476-debian6_i386.deb
taniumclient_7.2.314.3211-debian6_i386.deb
taniumclient_7.2.314.2962-debian6_i386.deb
taniumclient_6.0.314.1579-debian6_i386.deb
taniumclient_6.0.314.1442-debian6_i386.deb

taniumclient_7.2.314.3476-debian6_amd64.deb
taniumclient_7.2.314.3211-debian6_amd64.deb
taniumclient_7.2.314.2962-debian6_amd64.deb
taniumclient_6.0.314.1579-debian6_amd64.deb
taniumclient_6.0.314.1442-debian6_amd64.deb

Oracle Enterprise Linux 7.x TaniumClient-7.2.314.3476-1.oel7.x86_64.rpm
TaniumClient-7.2.314.3211-1.oel7.x86_64.rpm
TaniumClient-7.2.314.2962-1.oel7.x86_64.rpm
TaniumClient-6.0.314.1579-1.oel7.x86_64.rpm
Oracle Enterprise Linux 6.x TaniumClient-7.2.314.3476-1.oel6.i686.rpm
TaniumClient-7.2.314.3211-1.oel6.i686.rpm
TaniumClient-7.2.314.2962-1.oel6.i686.rpm
TaniumClient-6.0.314.1579-1.oel6.i686.rpm

TaniumClient-7.2.314.3476-1.oel6.x86_64.rpm
TaniumClient-7.2.314.3211-1.oel6.x86_64.rpm
TaniumClient-7.2.314.2962-1.oel6.x86_64.rpm
TaniumClient-6.0.314.1579-1.oel6.x86_64.rpm

Oracle Enterprise Linux 5.x TaniumClient-7.2.314.3476-1.oel5.i386.rpm
TaniumClient-7.2.314.3236-1.oel5.i386.rpm
TaniumClient-7.2.314.2962-1.oel5.i386.rpm

TaniumClient-7.2.314.3476-1.oel5.x86_64.rpm
TaniumClient-7.2.314.3236-1.oel5.x86_64.rpm
TaniumClient-7.2.314.2962-1.oel5.x86_64.rpm

Red Hat / CentOS 7.x TaniumClient-7.2.314.3476-1.rhe7.x86_64.rpm
TaniumClient-7.2.314.3211-1.rhe7.x86_64.rpm
TaniumClient-7.2.314.2962-1.rhe7.x86_64.rpm
TaniumClient-6.0.314.1579-1.rhe7.x86_64.rpm
TaniumClient-6.0.314.1442-1.rhe7.x86_64.rpm
Red Hat / CentOS 6.x TaniumClient-7.2.314.3476-1.rhe6.i686.rpm
TaniumClient-7.2.314.3211-1.rhe6.i686.rpm
TaniumClient-7.2.314.2962-1.rhe6.i686.rpm
TaniumClient-6.0.314.1579-1.rhe6.i686.rpm
TaniumClient-6.0.314.1442-1.i686.rpm

TaniumClient-7.2.314.3476-1.rhe6.x86_64.rpm
TaniumClient-7.2.314.3211-1.rhe6.x86_64.rpm
TaniumClient-7.2.314.2962-1.rhe6.x86_64.rpm
TaniumClient-6.0.314.1579-1.rhe6.x86_64.rpm
TaniumClient-6.0.314.1442-1.x86_64.rpm

Red Hat / CentOS 5.x TaniumClient-7.2.314.3476-1.rhe5.i386.rpm
TaniumClient-7.2.314.3236-1.rhe5.i386.rpm
TaniumClient-7.2.314.2962-1.rhe5.i386.rpm
TaniumClient-6.0.314.1579-1.rhe5.i386.rpm

TaniumClient-7.2.314.3476-1.rhe5.x86_64.rpm
TaniumClient-7.2.314.3236-1.rhe5.x86_64.rpm
TaniumClient-7.2.314.2962-1.rhe5.x86_64.rpm
TaniumClient-6.0.314.1579-1.rhe5.x86_64.rpm

SUSE Linux Enterprise Server (SLES) / OpenSUSE 12.x TaniumClient-7.2.314.3476-1.sle12.i586.rpm
TaniumClient-7.2.314.3211-1.sle12.i586.rpm
TaniumClient-7.2.314.2962-1.sle12.i586.rpm
TaniumClient-6.0.314.1579-1.sle12.i586.rpm

TaniumClient-7.2.314.3476-1.sle12.x86_64.rpm
TaniumClient-7.2.314.3211-1.sle12.x86_64.rpm
TaniumClient-7.2.314.2962-1.sle12.x86_64.rpm
TaniumClient-6.0.314.1579-1.sle12.x86_64.rpm

SUSE LInux Enterprise Server (SLES) / OpenSUSE 11.x TaniumClient-7.2.314.3476-1.sle11.i586.rpm
TaniumClient-7.2.314.3211-1.sle11.i586.rpm
TaniumClient-7.2.314.2962-1.sle11.i586.rpm
TaniumClient-6.0.314.1579-1.sle11.i586.rpm
TaniumClient-6.0.314.1442-1.sle11.i586.rpm

TaniumClient-7.2.314.3476-1.sle11.x86_64.rpm
TaniumClient-7.2.314.3211-1.sle11.x86_64.rpm
TaniumClient-7.2.314.2962-1.sle11.x86_64.rpm
TaniumClient-6.0.314.1579-1.sle11.x86_64.rpm
TaniumClient-6.0.314.1442-1.sle11.x86_64.rpm

Ubuntu 18.04 LTS taniumclient_7.2.314.3476-ubuntu18_amd64.deb
taniumclient_7.2.314.3211-ubuntu18_amd64.deb
Ubuntu 16.04 LTS taniumclient_7.2.314.3476-ubuntu16_amd64.deb
taniumclient_7.2.314.3211-ubuntu16_amd64.deb
taniumclient_7.2.314.2962-ubuntu16_amd64.deb
taniumclient_6.0.314.1579-ubuntu16_amd64.deb
Ubuntu 14.04 LTS taniumclient_7.2.314.3476-ubuntu14_amd64.deb
taniumclient_7.2.314.3211-ubuntu14_amd64.deb
taniumclient_7.2.314.2962-ubuntu14_amd64.deb
taniumclient_6.0.314.1579-ubuntu14_amd64.deb
Ubuntu 10.04 LTS taniumclient_6.0.314.3476-ubuntu10_i386.deb
taniumclient_6.0.314.3211-ubuntu10_i386.deb
taniumclient_6.0.314.1579-ubuntu10_i386.deb
taniumclient_6.0.314.1442-ubuntu10_i386.deb

taniumclient_7.2.314.3476-ubuntu10_amd64.deb
taniumclient_7.2.314.3211-ubuntu10_amd64.deb
taniumclient_6.0.314.1579-ubuntu10_amd64.deb
taniumclient_6.0.314.1442-ubuntu10_amd64.deb

There are specific Tanium Client installation package files for each supported platform distribution. For example, the package file for Amazon Linux 2016.09 is named TaniumClient-7.2.314.3211-1.amzn2016.09.x86_64.rpm and the package file for Debian 6.x (64-bit) is named taniumclient_7.2.314.3211-debian6_amd64.deb.

Install the Tanium Client

  1. Open the Tanium CDT and select Client > Check for Updates to download the latest set of installers.
  2. Go to the <install>\Tanium Client Deployment Tool\clients folder and copy the client installation package file to a temporary location.
  3. Log into the target computer.
  4. Copy the package to a temporary location on the target computer. Be sure to use the Tanium Client installation package file that was developed for the particular Linux distribution.
  5. Execute the appropriate installation command to install the package and generate a default configuration file.

    The rpm installers for Redhat and SUSE have command syntax similar to the following example:

    sudo rpm -i TaniumClient-7.2.314.3211-1.oel6.x86_64.rpm

    The debian installers for Debian and Ubuntu for have command syntax similar to the following example:

    sudo dpkg -i taniumclient_7.2.314.3211-debian6_amd64.deb

  6. Configure basic Tanium Client settings for your version of the client. See Tanium Client settings for details about common settings.
    • Tanium Client 6.0: Go to /opt/Tanium/TaniumClient/, open the TaniumClient.ini file for editing, and configure the following fields.
    • ServerName Tanium Server FQDN or IP address.
      LogVerbosityLevel

      The following decimal values are best practices for specific use cases:

      • 0: Disable logging. This is the best practice value for clients installed on sensitive endpoints or virtual desktop infrastructure (VDI) endpoints.
      • 1: This is the best practice value during normal operation.
      • 41: This is the best practice value during troubleshooting.
      • 91 or higher: Enable the most detailed log levels for short periods of time only.

      The following is an example TaniumClient.ini file:

      Version=6.0.314.1579
      ServerName=ts1.example.com ServerNameList=ts1.example.com,ts2.example.com
      ServerPort=17472 LogVerbosityLevel=1
    • Tanium Client 7.2: Issue the following CLI commands. See Non-Windows for information about using the CLI. (Version 7.2 does not require TaniumClient.ini.)
    • cmd-prompt>./TaniumClient config set ServerNameList ts1.example.com,ts2.example.com
      cmd-prompt>./TaniumClient config set LogVerbosityLevel 1
      
  7. Copy the tanium.pub file from the Tanium Server installation directory to /opt/Tanium/TaniumClient.
  8. Start the Tanium Client service. See Manage the Tanium Client Linux service.

If you encounter issues when deploying the Tanium Client, examine the CDT debug logs (see Client Deployment Tool logs) and Tanium Client installation log (see Tanium Client installation log).

Manage the Tanium Client Linux service

Linux service commands vary according to Linux distribution. This documentation provides examples but is not a reference for each Linux distribution. If you are not already familiar with installing and managing services on your target Linux distribution, please review the documentation for the particular Linux operating system before you begin.

Linux Distribution Example Commands
Amazon Linux service TaniumClient start

service TaniumClient stop

Debian service taniumclient start

service taniumclient stop

Oracle Enterprise Linux systemctl start taniumclient (Version 7)

systemctl stop taniumclient (Version 7)

service TaniumClient start (Version 5, 6)

service TaniumClient stop (Version 5, 6)

Red Hat / CentOS systemctl start taniumclient (Version 7)

systemctl stop taniumclient (Version 7)

service TaniumClient start (Version 5, 6)

service TaniumClient stop (Version 5, 6)

SUSE / OpenSUSE service taniumclient start

service taniumclient stop

Ubuntu systemctl start taniumclient (Version 16)

systemctl stop taniumclient (Version 16)

service taniumclient start (Versions 14, 10)

service taniumclient stop (Version 14, 10)

Example: Add Custom Tags to the client installation directory

You can add a Custom Tags file to the client installation directory so that you can use the tags in Tanium workflows. For example, you can create Computer Groups derived from the tags.

Figure  1:  Using Custom Tags to select a Computer Group

To add tags to a client installation directory:

  1. Go to the /opt/Tanium/TaniumClient/Tools directory.
  2. Create a file named CustomTags.txt.
  3. Edit the file (using vi, for example) and add tags. Tags are strings. One string per line. No spaces.
  4. Save the file.

    The following shows a client installation directory that has been set up with a Custom Tag named Lab.

    A restart is not required.

  5. In the Tanium Console, ask a question that uses the Custom Tags sensor or create a Computer Group that selects computers based on the tag, as shown in Figure  1.

You can use the Tanium packages named Custom Tagging - Add Tags and Custom Tagging - Add Tags (Non-Windows) to deploy tags at scale. The results are exactly the same as the manual procedure shown here. For more information, see the Tanium Support Knowledge Base article on Custom Tags (login required).

Uninstall

Run the following CLI command to uninstall the Tanium Client from RPM-based Linux distributions such as Red Hat or SUSE:

rpm -e $(rpm -qa --queryformat "%{NAME}\n"| grep -e '[Tt]anium[Cc]lient')

From Debian-based Linux distributions:

dpkg -P taniumclient

Last updated: 12/18/2018 10:56 AM | Feedback