Deploying the Tanium Client to macOS endpoints

Mac links

The Taniumâ„¢ Client is installed as a system service. The Tanium Client files are installed by default in the /Library/Tanium/TaniumClient directory.

On macOS, the service is signed to allow communication through the default macOS firewall automatically.

You can use the Tanium CDT to generate an ISO file that contains the Tanium public key file and client configuration settings to support manual installation.

Step 1: Create a TaniumClient.ini file

The installer can use a TaniumClient.ini file to generate the equivalent configuration in the Tanium Client 7.2 configuration database.

Create a TaniumClient.ini file that has at least the Tanium Server name or ServerNameList values. You can also include LogVerbosityLevel or ReportingTLSMode. For example:

LogVerbosityLevel=1
ReportingTLSMode=2
ServerNameList=ts1.example.com,ts2.example.com

If you are using the CDT to generate an ISO for a Tanium Client 6.0, include the Version setting. For example, Version=6.0.314.1579. Tanium Client 7.2 does not require this to be set explicitly.

Step 2: Create the ISO package

  1. From the CDT menu bar, select Clients > Generate Archive.
  2. From the Platform list, select osx.
  3. Click Add and select the TaniumClient.ini file. The tanium.pub file is included automatically.
  4. Click OK and then save the ISO file.

Step 3: Execute the installer

To install the Tanium Client, you install the package file as an Administrator. The .pkg, .pub, and .ini files must be in the same directory (as they are in the .iso file).

If you encounter issues when deploying the Tanium Client, examine the Tanium Client installation log (see Tanium Client installation log).

Wizard installation

  1. Copy the .iso file to a location on the target computer.
  2. Double-click the .iso file to display its contents.
  3. Double-click the .pkg file to open it with the default application for its type (Installer).
  4. The installation wizard is displayed.

  5. Complete the wizard. When prompted, you must provide a local administrator username and password.



Command-line installation

  1. Copy the .iso file to a location on the target computer.
  2. Mount the .iso file so you can execute the contents therein.
  3. Use the installer command to install the package (root or sudo privileges required).

    The following example shows the command-line sequence:

    test-docs$ hdiutil mount Tanium_OSX.iso
    /dev/disk1 /Volumes/Tanium_OSX

    test-docs$ cd /Volumes/Tanium_OSX/

    test-docs$ ls
    TaniumClient-7.2.324.2962.pkg
    tanium.pub
    TaniumClient.ini

    test-docs$ sudo installer -pkg TaniumClient-7.2.314.3476.pkg -target /
    installer: Package name is TaniumClient-7.2.314.3476
    installer: Installing at base path /
    installer: The install was successful.

    test-docs$

  4. Configure basic Tanium Client settings for your version of the client. See Tanium Client settings for details about common settings.
    • Tanium Client 6.0: Go to /Library/Tanium/TaniumClient/, open the TaniumClient.ini file for editing, and modify the file so that it has only the following settings:
    • ServerName or ServerNameListTanium Server FQDN or IP address.
      LogVerbosityLevel

      The following decimal values are best practices for specific use cases:

      • 0: Disable logging. This is the best practice value for clients installed on sensitive endpoints or virtual desktop infrastructure (VDI) endpoints.
      • 1: This is the best practice value during normal operation.
      • 41: This is the best practice value during troubleshooting.
      • 91 or higher: Enable the most detailed log levels for short periods of time only.
      VersionTanium Client Version number

      The following is an example TaniumClient.ini file:

      Version=6.0.314.1579
      ServerNameList=ts1.example.com,ts2.example.com LogVerbosityLevel=1

    • Tanium Client 7.2: Issue the following CLI commands. See Non-Windows for information about using the CLI. For 7.2, you do not have to configure the version.
    • cmd-prompt>sudo ./TaniumClient config set ServerNameList ts1.example.com,ts2.example.com
      cmd-prompt>sudo ./TaniumClient config set LogVerbosityLevel 1
      

Manage the Tanium Client macOS service

Use the launchctl command to manage the Tanium Client service.

To start:

sudo launchctl load /Library/LaunchDaemons/com.tanium.taniumclient.plist

To stop:

sudo launchctl unload /Library/LaunchDaemons/com.tanium.taniumclient.plist

To remove the daemon from the launch list:

sudo launchctl remove com.tanium.taniumclient

Uninstall

The following launchctl remove command stops the Tanium Client and removes it from the launch list:

sudo launchctl remove com.tanium.taniumclient

To complete the uninstallation of the client, remove the following two file resources.

.plist file /Library/LaunchDaemons/com.tanium.taniumclient.plist
Tanium Client folder /Library/Tanium/TaniumClient/

To uninstall the macOS client silently from a command line, you can use a simple shell script. The following is an example of a script you can use to uninstall the Tanium Client:

#!/bin/bash
 
if [[ $(/usr/bin/id -u) -ne 0 ]]; then
     echo "Not running as root or using sudo"
     exit
fi
 
launchctl unload /Library/LaunchDaemons/com.tanium.taniumclient.plist
launchctl remove com.tanium.taniumclient > /dev/null 2>&1
rm /Library/LaunchDaemons/com.tanium.taniumclient.plist
rm -rf /Library/Tanium/
rm /var/db/receipts/com.tanium.taniumclient.TaniumClient.pkg.bom
rm /var/db/receipts/com.tanium.taniumclient.TaniumClient.pkg.plist 

Last updated: 12/6/2018 1:07 PM | Feedback