Deploying the Tanium Client to Solaris endpoints

Solaris links

The Tanium™ Client is installed as a system service. The Tanium Client files are installed by default in the /opt/Tanium/TaniumClient directory.

The installation process does not modify any host-based firewall that might be in use. Your network security team must ensure host and network firewalls are configured to allow inbound/outbound TCP traffic on port 17472.

You can use the Tanium CDT to download the latest client package files:

  • Solaris 10 and 11 (Sparc) — TaniumClient-6.0.314.1321-SunOS-5.10-sparc.pkg.tar.gz
  • Solaris 10 and 11 (x86) — TaniumClient-6.0.314.1321-SunOS-5.10-i386.pkg.tar.gz

Before you begin

The Tanium Solaris Client requires the SUNWgccruntime package. Although this package is part of a default Solaris installation, some organizations omit it in their standard image.

Run the following command to determine if the package is installed:

pkginfo -l SUNWgccruntime

PKGINST: SUNWgccruntime
NAME: GCC Runtime libraries
CATEGORY: system
ARCH: sparc
VERSION: 11.11.0,REV=2010.05.25.01.00
BASEDIR: /
VENDOR: Oracle Corporation
DESC: GCC Runtime - Shared libraries used by gcc and other gnu components
INSTDATE: Dec 01 2015 11:43
HOTLINE: Please contact your local service provider
STATUS: completely installed

If necessary, use the following command to install it:

pkgadd -d /path/to/SUNWGccruntime.pkg SUNWgccruntime

Or for Solaris 11 using IPS:

pkg install SUNWgccruntime

Install the Tanium Client

  1. Open the Tanium CDT and select Client > Check for Updates to download the latest set of installers.
  2. Go to the <install>\Tanium Client Deployment Tool\clients folder and copy the client installation package file to a temporary location.
  3. Uncompress and untar the package.
  4. Log into the target computer.
  5. Copy the .pkg file to a temporary location on the target computer.
  6. Install the package and generate a default configuration file. For example:

    sudo pkgadd -d ./TaniumClient-6.0.314.1321-SunOS-5.10-sparc.pkg TaniumClient

    Note: If you are logged into the Global Zone and want to install only in the current zone, specify the -G flag, which tells pkgadd to install the package in the current zone only. If in doubt, please check with your system administrator for proper zone behavior.

  7. Go to /opt/Tanium/TaniumClient/ and edit the TaniumClient.ini file. Make the following changes.

  8. ServerName Tanium Server FQDN or IP address.
    LogVerbosityLevel
    • 0: Disable logging. Recommended for clients installed to sensitive endpoints or VDI endpoints.
    • 1: Recommended logging level during normal operation.
    • 41: Recommended logging during troubleshooting.
    • >= 91: Enable the most detailed log levels for short periods of time only.
    Resolver Add the Resolver=nslookup setting to enable hostname resolution.

    The following is an example TaniumClient.ini file:

    Resolver=nslookup
    Version=6.0.314.1321
    ServerName=ts1.example.com
    ServerPort=17472
    LogVerbosityLevel=1

    See Troubleshooting for a description of common settings.

  9. Copy the tanium.pub file from the Tanium Server installation directory to /opt/Tanium/TaniumClient.
  10. Start the TaniumClient daemon:

    svcadm enable taniumclient

Unattended Tanium Client installation

By default, the pkgadd utility performs a manual installation. When pkgadd encounters operations that may be a security issue or conflict, such as running scripts with SUID, creating directories, and changing permissions, it prompts for user intervention. The Solaris pkgadd utility provides a method to bypass these interventions and perform or abandon the installation. This is accomplished with a .admin file. The .admin file contains operator identifiers and what to do when encountered.

To perform an unattended install:

  1. Create the .admin file (tanium.admin) with the following contents:

    mail=
    instance=overwrite
    partial=nocheck
    runlevel=nocheck
    idepend=nocheck
    rdepend=nocheck
    space=nocheck
    setuid=nocheck
    conflict=nocheck
    action=nocheck
    networktimeout=60
    networkretries=3
    authentication=quit
    keystore=/var/sadm/security
    proxy=
    basedir=default

  2. Run pkgadd with the -a option:

    pkgadd -a tanium.admin -d ./TaniumClient-6.0.314.1321-SunOS-5.10-sparc.pkg TaniumClient

Configure the Tanium Client

The Tanium Client binary has statically linked libraries. All of the libraries are located in the standard default location (/lib) except the following:

  • libstdc++
  • gcc

These two libraries are assumed to be in /usr/sfw/lib. If they are not, the client will not start. If your libstdc++ or gcc are not located in /usr/sfw/lib, you must add the library search path to the SMF taniumclient service. Find the directory location of libgcc.* and libstdc++.*. Use the following command to add the search path to the SMF service:

svccfg -s application/taniumclient setenv LD_LIBRARY_PATH /lib:/usr/lib:/usr/local/lib:/usr/sfw/lib

Manage the Tanium Client Solaris service

To start:

svcadm enable taniumclient

To stop:

svcadm disable taniumclient

To restart:

svcadm restart taniumclient

To re-read the TaniumClient.ini file:

svcadm refresh taniumclient

To display status:

svcs -a | grep -i taniumclient

Creating a package for IPS

The Solaris 11 Image Packaging System (IPS) feature supports software package distribution through a repository. For complete details, refer to the Oracle documentation.

To create a Tanium Client Solaris IPS package:

  1. Copy the latest Tanium Client for Solaris to your local workstation.

    Use scp to copy the package from a new installation on Solaris in your lab.

    scp …/TaniumClient-6.0.314.1321-SunOS-5.10-i386.pkg .

    Or use wget to fetch the package from the Tanium downloads site:

    wget https://downloads.tanium.com/files/clients/TaniumClient-6.0.314.1321-SunOS-5.10-i386.pkg.tar.gz

  2. Stage a working area for this procedure. The following is an example of the commands you use to create the necessary directories and copy the necessary files.

    mkdir -p ~/TaniumIPS/TaniumClient

    mkdir tmp echo “” | pkgtrans TaniumClient-6.0.314.xxxx-SunOS-5.10-i386.pkg tmp

    cp -R tmp/TaniumClient/reloc/opt ~/TaniumIPS/TaniumClient

    rm –rf tmp

    cd ~/TaniumIPS

    mkdir -p TaniumClient/lib/svc/manifest/application

    mv TaniumClient/opt/Tanium/TaniumClient/taniumclient.xml TaniumClient/lib/svc/manifest/application

  3. Optional step. Copy the TaniumClilent.ini and public key (.pub) file to the installation directory.

    cp …/TaniumClient.ini ~/TaniumIPS/opt/Tanium/TaniumClient
    cp …/Tanium.pub ~/TaniumIPS/opt/Tanium/TaniumClient

  4. Create the manifest.

    pkgsend generate TaniumClient | pkgfmt > TaniumClient.p5m.1

  5. Set the TSversion variable.

    TSversion=$(grep Version= TaniumClient/opt/Tanium/TaniumCient/TaniumClient.ini | awk –F ‘{ print $2 }’)

  6. Create the mog for the appropriate architecture. The following example uses the $(ARCH) macro.

    cat > TaniumClient.mog << EOF
    set name=pkg.fmri [email protected]${TSversion}
    set name=pkg.summary value="Tanium Client ${TSversion}"
    set name=pkg.description value="Tanium Client"
    set name=variant.arch value=\$(ARCH)
    set name=info.classification \\ value="org.opensolaris.category.2008:System/Enterprise Management"
    <transform dir path=opt\$->drop>
    <transform dir path=lib/*->drop>
    <transform file path=lib/svc/manifest/application/taniumclient.xml\$->default restart_fmri svc:/system/manifest-import:default>
    EOF

  7. Run pkgmogrify on the TaniumClient.p5m.1 manifest with the TaniumClient.mog changes.

    pkgmogrify -DARCH=`uname -p` TaniumClient.p5m.1 TaniumClient.mog | pkgfmt > TaniumClient.p5m.2

  8. Generate and resolve dependencies.

    pkgdepend generate -md TaniumClient TaniumClient.p5m.2 | pkgfmt > TaniumClient.p5m.3 pkgdepend resolve -m TaniumClient.p5m.3

  9. Verify the package using pkglint, some editing may be required if any ERRORs are returned.

    pkglint TaniumClient.p5m.3.res

    For example:

    In the above output, the ERROR is regarding a duplicate gcc-3-runtime dependency.

    Edit the TaniumClient.p5m.3.res file (with vi, for example) and remove the second reference. It might be grouped with another dependency which might need to remain.

  10. If any ERRORs were corrected, verify the package again. Warnings are okay and expected.

    pkglint TaniumClient.p5m.3.res

  11. Verify the package against the appropriate repository. Note this command downloads data from the repository.

    pkglint -c ./solaris-reference -r http://pkg.oracle.com/solaris/release TaniumClient.p5m.3.res

  12. Create and publish to a local repository.

    pkgrepo create Tanium-repository
    pkgrepo -s Tanium-repository set publisher/prefix=Tanium
    pkgsend -s Tanium-repository publish -d TaniumClient TaniumClient.p5m.3.res

  13. Render the package as a p5p file for installation. Keep the architecture naming consistent.

    pkgrecv -s Tanium-repository -a -d TaniumClient-${TSversion}-`uname -p`.p5p TaniumClient

  14. Remove the old Tanium Client package.

    pkgrm TaniumClient

  15. Test the new p5p package.

    pkg set-publisher -p ./TaniumClient-${TSversion}-i386.p5p Tanium pkg install TaniumClient

  16. Add the tanium.pub file and edit or replace the TaniumClient.ini file and enable the service.

    svcadm enable taniumclient

The following is an example of a TaniumClient.p5m.3.res file:

set name=pkg.fmri [email protected]
set name=pkg.summary value="Tanium Client 6.0.314.1321"
set name=pkg.description value="Tanium Client"
set name=info.classification \
    value="org.opensolaris.category.2008:System/Enterprise Management"
set name=org.opensolaris.smf.fmri value=svc:/application/taniumclient \
    value=svc:/application/taniumclient:default
set name=variant.arch value=i386
file lib/svc/manifest/application/taniumclient.xml \
    path=lib/svc/manifest/application/taniumclient.xml owner=root group=bin \
    mode=0444 restart_fmri=svc:/system/manifest-import:default
dir  path=opt/Tanium owner=root group=bin mode=0755
dir  path=opt/Tanium/TaniumClient owner=root group=bin mode=0755
file opt/Tanium/TaniumClient/TaniumClient \
    path=opt/Tanium/TaniumClient/TaniumClient owner=root group=bin mode=0555
file opt/Tanium/TaniumClient/TaniumClient.ini \
    path=opt/Tanium/TaniumClient/TaniumClient.ini owner=root group=bin \
    mode=0644
depend fmri=pkg:/system/[email protected] type=require
depend fmri=pkg:/system/library/[email protected] type=require
depend fmri=pkg:/system/[email protected] type=require
depend fmri=pkg:/system/[email protected] type=require
depend fmri=pkg:/system/library/[email protected] fmri=pkg:/system/library/gcc/[email protected] type=require-any
depend fmri=pkg:/system/library/gcc/[email protected] type=require-any

Uninstall

To uninstall:

pkgrm -A TaniumClient

The -A flag directs pkgrm to uninstall in the current zone only.

Last updated: 2/9/2018 1:42 PM | Feedback