Solaris links

Deploying the Tanium Client to Solaris endpoints

The Tanium Client is installed as a system service. The Tanium Client files are installed by default in the /opt/Tanium/TaniumClient directory.

Before you begin

The installation process does not modify any host-based firewall that might be in use. Your network security team must ensure host and network firewalls are configured to allow inbound/outbound TCP traffic on port 17472.

The Tanium Client on Solaris 11.4 requires legacy pkgadd utilities. To find the pkgadd IPS package name, run:

# pkg search pkgadd

INDEX     ACTION VALUE     PACKAGE
basename  file            usr/sbin/pkgadd pkg:/package/[email protected]

To install pkgadd utilities, run:

# pkg install pkg:/package/[email protected]

The Tanium Client on Solaris 10 or 11 also requires the SUNWgccruntime package. Although this package is part of a default Solaris installation, some organizations omit it in their standard image. To determine whether the package is installed, run:

# pkginfo -l SUNWgccruntime

PKGINST: SUNWgccruntime
NAME: GCC Runtime libraries
CATEGORY: system
ARCH: sparc
VERSION: 11.11.0,REV=2010.05.25.01.00
BASEDIR: /
VENDOR: Oracle Corporation
DESC: GCC Runtime - Shared libraries used by gcc and other gnu components
INSTDATE: Dec 01 2015 11:43
HOTLINE: Please contact your local service provider
STATUS: completely installed

If you need to install the SUNWgccruntime package, run one of the following commands based on the Solaris version:

  • Solaris 10 or 11 (without using Image Packing System [IPS]): # pkgadd -d /path/to/SUNWGccruntime.pkg SUNWgccruntime
  • Solaris 11 using IPS: # pkg install SUNWgccruntime

Install the Tanium Client on Solaris

  1. Get the Tanium Client installer file from your TAM.
  2. Log into the target endpoint.
  3. Copy the .pkg file to a temporary location on the target endpoint.
  4. Install the package and generate a default configuration file. For example:

    sudo pkgadd -d ./TaniumClient-<client_version>-SunOS-5.10-sparc.pkg TaniumClient

    Note: If you are logged into the Global Zone and want to install only in the current zone, specify the -G flag, which tells pkgadd to install the package in the current zone only. If in doubt, please check with your system administrator for proper zone behavior.

  5. Configure basic Tanium Client settings (for details, see Tanium Client settings).
    ServerName Tanium Server FQDN or IP address.
    LogVerbosityLevel

    The following decimal values are best practices for specific use cases:

    • 0: Disable logging. This is the best practice value for clients installed on sensitive endpoints or virtual desktop infrastructure (VDI) endpoints.
    • 1: This is the best practice value during normal operation.
    • 41: This is the best practice value during troubleshooting.
    • 91 or higher: Enable the most detailed log levels for short periods of time only.
    ResolverAdd the Resolver=nslookup setting to enable hostname resolution.

    The steps to configure the settings depend on the Tanium Client version:

    • Tanium Client 6.0: Edit the /opt/Tanium/TaniumClient/TaniumClient.ini file. The following is an example of the file contents:

      Resolver=nslookup
      Version=6.0.314.1321
      ServerName=ts1.example.com
      ServerPort=17472
      LogVerbosityLevel=1

    • Tanium Client 7.2 or later: Issue the following CLI commands (for details, see Non-Windows). Version 7.2 or later does not require TaniumClient.ini. 
      cmd-prompt>cd <Tanium Client>
cmd-prompt>sudo ./TaniumClient config set ServerNameList ts1.example.com,ts2.example.com
cmd-prompt>sudo ./TaniumClient config set LogVerbosityLevel 1
cmd-prompt>sudo ./TaniumClient config set resolver nslookup
  6. Copy the tanium.pub file to the Tanium Client installation folder on the target endpoint:  see Tanium Console User Guide: Download infrastructure configuration files (keys).
  7. Start the Tanium Client service:

    svcadm enable taniumclient

If you encounter issues when deploying the Tanium Client, examine the Tanium Client installation log (see Tanium Client installation log).

Perform unattended Tanium Client installation

By default, the pkgadd utility performs a manual installation. When pkgadd encounters operations that might be a security issue or conflict, such as running scripts with SUID, creating directories, and changing permissions, it prompts for user intervention. The Solaris pkgadd utility provides a method to bypass these interventions and perform or abandon the installation. This is accomplished with a .admin file. The .admin file contains operator identifiers and what to do when encountered.

  1. Create the tanium.admin file with the following contents:

    mail=
    instance=overwrite
    partial=nocheck
    runlevel=nocheck
    idepend=nocheck
    rdepend=nocheck
    space=nocheck
    setuid=nocheck
    conflict=nocheck
    action=nocheck
    networktimeout=60
    networkretries=3
    authentication=quit
    keystore=/var/sadm/security
    proxy=
    basedir=default

  2. Run pkgadd with the -a option:

    pkgadd -a tanium.admin -d ./TaniumClient-<client_version>-SunOS-5.10-sparc.pkg TaniumClient

Configure the Tanium Client on Solaris

The Tanium Client binary has statically linked libraries. All the libraries are in the standard default location (/lib) except libstdc++ and gcc. These two libraries are assumed to be in /usr/sfw/lib. If they are not, the client will not start. If libstdc++ and gcc are not in /usr/sfw/lib, you must add the library search path to the Service Management Facility (SMF) taniumclient service. Find the directory location of libgcc.* and libstdc++.*. Use the following command to add the search path to the SMF service:

svccfg -s application/taniumclient setenv LD_LIBRARY_PATH /lib:/usr/lib:/usr/local/lib:/usr/sfw/lib

Manage the Tanium Client service on Solaris

To run svcadm commands, you must log into the endpoint as the root user or as a user who can use the sudo utility to run commands with root permissions.

To start the Tanium Client service, enter: svcadm enable taniumclient

To stop the Tanium Client service, enter: svcadm disable taniumclient

To restart the Tanium Client service, enter: svcadm restart taniumclient

To re-read the TaniumClient.ini file, enter: svcadm refresh taniumclient

To display the status of the Tanium Client service, enter: svcs -a | grep -i taniumclient

Uninstall the Tanium Client on Solaris

To uninstall the Tanium Client on Solaris:

pkgrm -A TaniumClient

The -A flag directs pkgrm to uninstall in the current zone only.