Solaris links

Deploying the Tanium Client to Solaris endpoints

The Tanium Client is installed as a system service. The Tanium Client files are installed by default in the /opt/Tanium/TaniumClient directory.

If your environment requires a different installation location for applications, see the Tanium Knowledge Base article How to: Using a symlink to a custom location (account required).

The following procedures describe how to use the endpoint CLI to install the Tanium Client. For details on using the CLI, see CLI on Non-Windows endpoints.

Prepare for installation

  1. Ensure that the Solaris endpoint meets the basic requirements for the Tanium Client.
  2. Contact Tanium Support for the Tanium Client installer file: TaniumClient‑<client_version><Solaris_version>.pkg.
  3. Work with your network security team to ensure that host and network firewalls are configured to allow inbound and outbound TCP traffic on the port that the client uses for Tanium traffic (default 17472). See Network connectivity, ports, and firewalls.

    The installation process does not modify any host-based firewall that might be in use.

  4. (Solaris 11.4 only) Install the legacy pkgadd utilities:
    1. Access the endpoint CLI.
    2. Find the pkgadd IPS package name:

      pkg search pkgadd

      INDEX     ACTION VALUE     PACKAGE
      basename  file            usr/sbin/pkgadd pkg:/package/[email protected]

    3. Install the pkgadd utilities:

      pkg install pkg:/package/[email protected]

  5. (Solaris 10 or 11 only) Install the SUNWgccruntime package if it is not yet installed.

    Although this package is part of a default Solaris installation, some organizations omit it in their standard image.

    1. Determine whether the package is installed:

      pkginfo -l SUNWgccruntime

      The following example output indicates the package is installed.

      PKGINST: SUNWgccruntime
      NAME: GCC Runtime libraries
      CATEGORY: system
      ARCH: sparc
      VERSION: 11.11.0,REV=2010.05.25.01.00
      BASEDIR: /
      VENDOR: Oracle Corporation
      DESC: GCC Runtime - Shared libraries used by gcc and other gnu components
      INSTDATE: Dec 01 2015 11:43
      HOTLINE: Please contact your local service provider
      STATUS: completely installed

    2. If the SUNWgccruntime package is not yet installed, run one of the following commands:
      • Solaris 10 or 11 (without using Image Packing System [IPS]):

        # pkgadd -d /path/to/SUNWGccruntime.pkg SUNWgccruntime

      • Solaris 11 using IPS:

        # pkg install SUNWgccruntime

Install the Tanium Client on Solaris

  1. Sign in to the Solaris endpoint.
  2. Copy the installer file TaniumClient‑<client_version><Solaris_version>.pkg to a temporary location on the Solaris endpoint.

  3. Use the Tanium Client Management service to download a client installer bundle that contains the tanium‑init.dat (Tanium Client 7.4 or later) or tanium.pub (Tanium Client 7.2) file.

    Client Management does not provide an installer bundle for Solaris endpoints, but you can use the DAT or PUB file from the bundle that is provided for any other OS (Windows, macOS, or Linux). Download links are available on the Client Management Overview page.For the procedure, see Tanium Client Management Guide: Download and deploy the installer bundle.

    You can also download tanium‑init.dat or tanium.pub through the Tanium Console (see Tanium Console User Guide: Download infrastructure configuration files (keys)).

  4. Copy the installer bundle to the same temporary directory as the installer file and unzip the bundle.

    The DAT or PUB file is the only file that you need from the bundle, so you can delete the other files in the bundle.

  5. Run the following command from the temporary directory to install the package and generate a default configuration file:

    sudo pkgadd -d ./TaniumClient‑<client_version><Solaris_version>.pkg TaniumClient

    Note: If you are signed into the Global Zone and want to install only in the current zone, specify the ‑G flag. If you have any doubts, consult your system administrator for proper zone behavior.

  6. Use the CLI to configure the following basic Tanium Client settings:
    ServerName or ServerNameList In a deployment with a standalone Tanium Server, sSet the ServerName to the TaaSserver FQDN or IP address. In a deployment with Tanium Zone Servers or multiple TaaS instancesTanium Servers, configure ServerNameList with the FQDN or IP address of each instanceserver, separated with a comma.
    LogVerbosityLevel

    The level of logging on the endpoint. The following values are best practices for specific use cases:

    • 0: Disable logging. This is the best practice value for clients installed on sensitive endpoints or virtual desktop infrastructure (VDI) endpoints.
    • 1 (default): This is the best practice value during normal operation.
    • 41: This is the best practice value during troubleshooting.
    • 91 or higher: Enable the most detailed log levels for short periods of time only.
    ResolverAdd the Resolver=nslookup setting to enable host name resolution.

    For details on additional settings that you can configure, see Tanium Client settings.

    The following example commands are for a deployment with multiple TaaS instancesTanium Servers and Zone Servers.

    cd <Tanium Client installation directory>
sudo ./TaniumClient config set ServerNameList taas-example1-zs.cloud.tanium.com,taas-example2-zs.cloud.tanium.comts1.example.com,ts2.example.com,zs1.example.com,zs2.example.com
sudo ./TaniumClient config set LogVerbosityLevel 1
sudo ./TaniumClient config set resolver nslookup
  7. Copy the tanium‑init.dat file or tanium.pub file from the Tanium Server to the Tanium Client installation directory on the Solaris endpoint.
  8. Use the following command to start the Tanium Client service:

    svcadm enable taniumclient

    Before proceeding, wait a few minutes for the Tanium Client to register with TaaS the Tanium Server or Zone Server.

  9. Verify that the client installed correctly and can communicate with TaaS the server. From the Main menu, go to Administration > Management > Client Status. If the installation and registration succeeded, the client appears in the grid.

    To find a specific Tanium Client, enter a text string in the Filter items field above the grid to filter it by Host Name or Network Location (IP address).


Perform unattended Tanium Client installation

By default, the pkgadd utility performs a manual installation. The utility prompts for user intervention when it encounters operations that might be a security issue or conflict, such as running scripts with SUID, creating directories, or changing permissions. The utility provides a method to bypass these interventions and perform or abandon the installation. You accomplish this with a tanium.admin file, which contains operator identifiers and specifies what to do when the utility encounters security issues or conflicts.

  1. Create the tanium.admin file with the following contents:

    mail=
    instance=overwrite
    partial=nocheck
    runlevel=nocheck
    idepend=nocheck
    rdepend=nocheck
    space=nocheck
    setuid=nocheck
    conflict=nocheck
    action=nocheck
    networktimeout=60
    networkretries=3
    authentication=quit
    keystore=/var/sadm/security
    proxy=
    basedir=default

  2. Run pkgadd with the ‑a option:

    pkgadd ‑a tanium.admin ‑d ./TaniumClient‑<client_version><Solaris_version>.pkg TaniumClient

Configure the Tanium Client on Solaris

The Tanium Client binary has statically linked libraries. All the libraries are in the standard default location (/lib) except libstdc++ and gcc. These two libraries are assumed to be in /usr/sfw/lib. If they are not, the client does not start. If libstdc++ and gcc are not in /usr/sfw/lib, you must add the library search path to the Service Management Facility (SMF) taniumclient service:

  1. Find the directory location of libgcc.* and libstdc++.*.
  2. Run the following command to add the search path to the SMF service:

    svccfg -s application/taniumclient setenv LD_LIBRARY_PATH /lib:/usr/lib:/usr/local/lib:/usr/sfw/lib

Manage the Tanium Client service on Solaris

To run svcadm commands, you must sign into the endpoint as the root user or as a user who can use the sudo utility to run commands with root permissions.

Run the listed commands to complete the following actions:

  • Start the Tanium Client service: svcadm enable taniumclient
  • Stop the Tanium Client service: svcadm disable taniumclient
  • Restart the Tanium Client service: svcadm restart taniumclient
  • Display the status of the Tanium Client service: svcs taniumclient

Uninstall the Tanium Client on Solaris

To uninstall the Tanium Client on Solaris, run the following command, where the -A flag directs pkgrm to uninstall in the current zone only: pkgrm -A TaniumClient