Tanium™ Client Deployment Guide

PDF
  • All Files
Documentation Home > Tanium Client Deployment Guide

Deploying the Tanium Client to Solaris endpoints

Solaris links

The Tanium Client is installed as a system service. The Tanium Client files are installed by default in the /opt/Tanium/TaniumClient directory.

The installation process does not modify any host-based firewall that might be in use. Your network security team must ensure host and network firewalls are configured to allow inbound/outbound TCP traffic on port 17472.

You can use the Tanium Client Deployment Tool (CDT) to download the Tanium Client package files:

  • Solaris 10 and 11 (Sparc) — TaniumClient-<client_version>-SunOS-5.10-sparc.pkg.tar.gz
  • Solaris 10 and 11 (x86) — TaniumClient-<client_version>-SunOS-5.10-i386.pkg.tar.gz

Before you begin

The Tanium Client on Solaris requires the SUNWgccruntime package. Although this package is part of a default Solaris installation, some organizations omit it in their standard image. Run the following command to determine if the package is installed.

pkginfo -l SUNWgccruntime

PKGINST: SUNWgccruntime
NAME: GCC Runtime libraries
CATEGORY: system
ARCH: sparc
VERSION: 11.11.0,REV=2010.05.25.01.00
BASEDIR: /
VENDOR: Oracle Corporation
DESC: GCC Runtime - Shared libraries used by gcc and other gnu components
INSTDATE: Dec 01 2015 11:43
HOTLINE: Please contact your local service provider
STATUS: completely installed

If necessary, use the following command to install the SUNWgccruntime package:

pkgadd -d /path/to/SUNWGccruntime.pkg SUNWgccruntime

Or for Solaris 11 using IPS:

pkg install SUNWgccruntime

Install the Tanium Client on Solaris

  1. Open the Tanium CDT and select Client > Check for Updates to download the latest set of installers.
  2. Go to the <CDT_installation_directory>\Tanium Client Deployment Tool\clients folder and copy the Tanium Client installation package file to a temporary location.
  3. Uncompress and untar the package.
  4. Log into the target computer.
  5. Copy the .pkg file to a temporary location on the target computer.
  6. Install the package and generate a default configuration file. For example:

    sudo pkgadd -d ./TaniumClient-<client_version>-SunOS-5.10-sparc.pkg TaniumClient

    Note: If you are logged into the Global Zone and want to install only in the current zone, specify the -G flag, which tells pkgadd to install the package in the current zone only. If in doubt, please check with your system administrator for proper zone behavior.

  7. Configure basic Tanium Client settings (for details, see Tanium Client settings).
    ServerName Tanium Server FQDN or IP address.
    LogVerbosityLevel

    The following decimal values are best practices for specific use cases:

    • 0: Disable logging. This is the best practice value for clients installed on sensitive endpoints or virtual desktop infrastructure (VDI) endpoints.
    • 1: This is the best practice value during normal operation.
    • 41: This is the best practice value during troubleshooting.
    • 91 or higher: Enable the most detailed log levels for short periods of time only.
    ResolverAdd the Resolver=nslookup setting to enable hostname resolution.

    The steps to configure the settings depend on the Tanium Client version:

    • Tanium Client 6.0: Edit the /opt/Tanium/TaniumClient/TaniumClient.ini file. The following is an example of the file contents:

      Resolver=nslookup
      Version=6.0.314.1321
      ServerName=ts1.example.com
      ServerPort=17472
      LogVerbosityLevel=1

    • Tanium Client 7.2: Issue the following CLI commands (for details, see Non-Windows). Version 7.2 does not require TaniumClient.ini.
      cmd-prompt>sudo ./TaniumClient config set ServerNameList ts1.example.com,ts2.example.com
cmd-prompt>sudo ./TaniumClient config set LogVerbosityLevel 1
cmd-prompt>sudo ./TaniumClient config set resolver nslookup
  8. Copy the tanium.pub file from the Tanium Server installation directory to the /opt/Tanium/TaniumClient folder on the target computer.
  9. Start the TaniumClient daemon:

    svcadm enable taniumclient

If you encounter issues when deploying the Tanium Client, examine the CDT debug logs (see Client Deployment Tool logs) and Tanium Client installation log (see Tanium Client installation log).

Perform unattended Tanium Client installation

By default, the pkgadd utility performs a manual installation. When pkgadd encounters operations that may be a security issue or conflict, such as running scripts with SUID, creating directories, and changing permissions, it prompts for user intervention. The Solaris pkgadd utility provides a method to bypass these interventions and perform or abandon the installation. This is accomplished with a .admin file. The .admin file contains operator identifiers and what to do when encountered.

  1. Create the tanium.admin file with the following contents:

    mail=
    instance=overwrite
    partial=nocheck
    runlevel=nocheck
    idepend=nocheck
    rdepend=nocheck
    space=nocheck
    setuid=nocheck
    conflict=nocheck
    action=nocheck
    networktimeout=60
    networkretries=3
    authentication=quit
    keystore=/var/sadm/security
    proxy=
    basedir=default

  2. Run pkgadd with the -a option:

    pkgadd -a tanium.admin -d ./TaniumClient-<client_version>-SunOS-5.10-sparc.pkg TaniumClient

Configure the Tanium Client on Solaris

The Tanium Client binary has statically linked libraries. All the libraries are in the standard default location (/lib) except libstdc++ and gcc. These two libraries are assumed to be in /usr/sfw/lib. If they are not, the client will not start. If libstdc++ and gcc are not in /usr/sfw/lib, you must add the library search path to the SMF taniumclient service. Find the directory location of libgcc.* and libstdc++.*. Use the following command to add the search path to the SMF service:

svccfg -s application/taniumclient setenv LD_LIBRARY_PATH /lib:/usr/lib:/usr/local/lib:/usr/sfw/lib

Manage the Tanium Client service on Solaris

To start the Tanium Client service:

svcadm enable taniumclient

To stop the Tanium Client service:

svcadm disable taniumclient

To restart the Tanium Client service:

svcadm restart taniumclient

To re-read the TaniumClient.ini file:

svcadm refresh taniumclient

To display the status of the Tanium Client service:

svcs -a | grep -i taniumclient

Uninstall the Tanium Client on Solaris

To uninstall the Tanium Client on Solaris:

pkgrm -A TaniumClient

The -A flag directs pkgrm to uninstall in the current zone only.

Last updated: 2/6/2019 8:53 AM | Feedback