Solaris links

Deploying the Tanium Client to Solaris endpoints

The Tanium Client is installed as a system service. The Tanium Client files are installed by default in the /opt/Tanium/TaniumClient directory. The following procedures describe how to use the endpoint CLI to install the Tanium Client. For details on using the CLI, see CLI on Non-Windows endpoints.

Before you begin

The installation process does not modify any host-based firewall that might be in use. Your network security team must ensure host and network firewalls are configured to allow inbound/outbound TCP traffic on port 17472.

The Tanium Client on Solaris 11.4 requires legacy pkgadd utilities. To find the pkgadd IPS package name, run:

pkg search pkgadd

INDEX     ACTION VALUE     PACKAGE
basename  file            usr/sbin/pkgadd pkg:/package/[email protected]

To install pkgadd utilities, run:

pkg install pkg:/package/[email protected]

The Tanium Client on Solaris 10 or 11 also requires the SUNWgccruntime package. Although this package is part of a default Solaris installation, some organizations omit it in their standard image. To determine whether the package is installed, run:

pkginfo -l SUNWgccruntime

PKGINST: SUNWgccruntime
NAME: GCC Runtime libraries
CATEGORY: system
ARCH: sparc
VERSION: 11.11.0,REV=2010.05.25.01.00
BASEDIR: /
VENDOR: Oracle Corporation
DESC: GCC Runtime - Shared libraries used by gcc and other gnu components
INSTDATE: Dec 01 2015 11:43
HOTLINE: Please contact your local service provider
STATUS: completely installed

If you need to install the SUNWgccruntime package, run one of the following commands based on the Solaris version:

  • Solaris 10 or 11 (without using Image Packing System [IPS]): # pkgadd -d /path/to/SUNWGccruntime.pkg SUNWgccruntime
  • Solaris 11 using IPS: # pkg install SUNWgccruntime

Install the Tanium Client on Solaris

  1. Get the Tanium Client installer file (TaniumClient-<client_version>-<Solaris_version>.pkg) from your Technical Account Manager (TAM).
  2. Log into the Solaris endpoint.
  3. Copy the installer file to a temporary location on the Solaris endpoint.
  4. Install the package and generate a default configuration file:

    sudo pkgadd -d ./TaniumClient-<client_version>-<Solaris_version>.pkg TaniumClient

    Note: If you are logged into the Global Zone and want to install only in the current zone, specify the -G flag. If you have any doubts, consult your system administrator for proper zone behavior.

  5. Configure basic Tanium Client settings (for details, see Tanium Client settings).
    ServerName or ServerNameList In a deployment with a standalone Tanium Server, set the ServerName to the server FQDN or IP address. In a high availability (HA) deployment, set the ServerNameList to the FQDN or IP address of each Tanium Server, separated with a comma. In a deployment with Tanium Zone Servers, add the Zone Server FQDNs or IP addresses to the ServerNameList.
    LogVerbosityLevel

    The following decimal values are best practices for specific use cases:

    • 0: Disable logging. This is the best practice value for clients installed on sensitive endpoints or virtual desktop infrastructure (VDI) endpoints.
    • 1 (default): This is the best practice value during normal operation.
    • 41: This is the best practice value during troubleshooting.
    • 91 or higher: Enable the most detailed log levels for short periods of time only.
    ResolverAdd the Resolver=nslookup setting to enable hostname resolution.
    Version(Tanium Client 6.0 only) The Tanium Client version number.

    The steps to configure the settings depend on the Tanium Client version:

    • Tanium Client 6.0: Edit the /opt/Tanium/TaniumClient/TaniumClient.ini file. The following is an example of the file contents:

      Resolver=nslookup
      Version=6.0.314.1321
      ServerName=ts1.example.com
      ServerPort=17472
      LogVerbosityLevel=1

    • Tanium Client 7.2 or later: Use the CLI to configure the settings. Version 7.2 or later does not require TaniumClient.ini. The following example commands are for a deployment with HA Tanium Servers and Zone Servers.
      cd <Tanium Client>
      sudo ./TaniumClient config set ServerNameList ts1.example.com,ts2.example.com,zs1.example.com,zs2.example.com
      sudo ./TaniumClient config set LogVerbosityLevel 1
      sudo ./TaniumClient config set resolver nslookup
  6. Copy the tanium-init.dat file (Tanium Client 7.4 or later) or tanium.pub file (Tanium Client 7.2 or earlier) from the Tanium Server to the Tanium Client installation folder on the Solaris endpoint:  see Tanium Console User Guide: Download infrastructure configuration files (keys).
  7. Start the Tanium Client service:

    svcadm enable taniumclient

    Before proceeding, wait a few minutes for the Tanium Client to register.

  8. From the Main menu, select Console > Administration > System Status to verify that the client installed correctly and can communicate with the Tanium Server. If the installation and registration succeeded, the client appears in the grid.

    To find a specific Tanium Client, enter a text string in the Show Rows Containing field above the grid to filter it by Host Name or IP address.


Perform unattended Tanium Client installation

By default, the pkgadd utility performs a manual installation. The utility prompts for user intervention when it encounters operations that might be a security issue or conflict, such as running scripts with SUID, creating directories, or changing permissions. The utility provides a method to bypass these interventions and perform or abandon the installation. You accomplish this with a tanium.admin file, which contains operator identifiers and specifies what to do when the utility encounters security issues or conflicts.

  1. Create the tanium.admin file with the following contents:

    mail=
    instance=overwrite
    partial=nocheck
    runlevel=nocheck
    idepend=nocheck
    rdepend=nocheck
    space=nocheck
    setuid=nocheck
    conflict=nocheck
    action=nocheck
    networktimeout=60
    networkretries=3
    authentication=quit
    keystore=/var/sadm/security
    proxy=
    basedir=default

  2. Run pkgadd with the -a option:

    pkgadd -a tanium.admin -d ./TaniumClient-<client_version>-<Solaris_version>.pkg TaniumClient

Configure the Tanium Client on Solaris

The Tanium Client binary has statically linked libraries. All the libraries are in the standard default location (/lib) except libstdc++ and gcc. These two libraries are assumed to be in /usr/sfw/lib. If they are not, the client will not start. If libstdc++ and gcc are not in /usr/sfw/lib, you must add the library search path to the Service Management Facility (SMF) taniumclient service. Find the directory location of libgcc.* and libstdc++.*. Use the following command to add the search path to the SMF service:

svccfg -s application/taniumclient setenv LD_LIBRARY_PATH /lib:/usr/lib:/usr/local/lib:/usr/sfw/lib

Manage the Tanium Client service on Solaris

To run svcadm commands, you must log into the endpoint as the root user or as a user who can use the sudo utility to run commands with root permissions.

To start the Tanium Client service, enter: svcadm enable taniumclient

To stop the Tanium Client service, enter: svcadm disable taniumclient

To restart the Tanium Client service, enter: svcadm restart taniumclient

To re-read the TaniumClient.ini file, enter: svcadm refresh taniumclient

To display the status of the Tanium Client service, enter: svcs -a | grep -i taniumclient

Uninstall the Tanium Client on Solaris

To uninstall the Tanium Client on Solaris, run the following command, where the -A flag directs pkgrm to uninstall in the current zone only:

pkgrm -A TaniumClient