Deploying the Tanium Client using an installer or package file

Download installation packages for the Tanium Client from Client Management and install the client on endpoints.

If you are deploying the Tanium Client to endpoints that cannot be reached directly from the Tanium Module Server, such as those connected to a Zone Server, or if your organization has a preferred standard software package deployment tool, you can use the following methods to deploy the Tanium Client. For Windows, macOS, and Linux endpoints, you can use Client Management to create a client configuration and then download an installation bundle for use in alternative deployment. For the procedure, see Create a client configuration.

You can also deploy the Tanium Client using the Client Management service. For more information, see Deploying the Tanium Client using Client Management.

If you are deploying the Tanium Client to virtual desktop infrastructure (VDI) instances or other endpoints with limited resources, you might need to adjust certain client settings to help to reduce resource usage. For more information, see Tuning Tanium Client settings for VDI endpoints and other endpoints with limited resources.

If you use an operating system (OS) image to deploy an OS to new endpoints, you can install the Tanium Client on the template image (as described in this section) and perform additional steps to prepare the Tanium Client for deployment through the image. For the procedures to prepare OS images that include the Tanium Client, see Preparing the Tanium Client on OS images.

Download installation packages for the Tanium Client

Download Tanium Client installation packages for each operating system from the Tanium Client Management Home page:

  1. From the Main menu, go to Administration > Shared Services > Client Management.

  2. Click Download Windows Package, Download macOS Package, or Download Linux Package.

To obtain the installers for Solaris or AIX, contact Tanium Support.

Deploy the Tanium Client to Windows endpoints using the installer

You can use the installation wizard, client command-line interface (CLI), or third-party software distribution tools, such as System Center Configuration Manager (SCCM), to deploy the Tanium Client to Windows endpoints. For details on using a third-party tool with Tanium installers, refer to the documentation for that tool.

If you encounter issues when deploying the Tanium Client, examine the Tanium Client installation log.

All these deployment methods use the Tanium Client installer SetupClient.exe, which makes the following changes to the target endpoints:

  • Creates the Tanium Client installation directories for the client application files and related content files.
  • Creates the Tanium Client Windows registry key along with an initial set of registry values.
  • Adds the Tanium Client program to the Windows Add/Remove Programs list.
  • Creates the Tanium Client service with a Startup Type set to Automatic.

For information about managing the Tanium Client service or uninstalling the Tanium Client after deployment, see Manage the Tanium Client on Windows.

Prepare for installation

  1. Ensure that the Windows endpoint meets the basic requirements for the Tanium Client.
  2. Sign in to the Windows endpoint with a local user or domain account that has administrative permissions.
  3. Use the Tanium Client Management service to download the client installer bundle (windows-client-bundle.zip) to the Windows endpoint. The download link is available on the Client Management Home page.For the procedure, see Download the installation bundle for alternative deployment.

    The bundle contains the following files:

    • install.bat
    • SetupClient.exe
    • tanium‑init.dat (Tanium Client 7.4 or later)
    • tanium.pub (Tanium Client 7.2)

    You can also download tanium‑init.dat or tanium.pub through the Tanium Console (see Tanium Console User Guide: Download infrastructure configuration files (keys)) and request SetupClient.exe from Tanium Support (see Contact Tanium Support). However, the installation process for Tanium Client 7.4 or later requires fewer manual configuration steps if you download tanium‑init.dat through Client Management.

    Be careful not to allow the tanium-init.dat or tanium.pub file to be distributed or stored outside of your organization, such as in a publicly accessible source code repository or any other location accessible from the public internet. Limit the distribution to specific use in the deployment of Tanium Clients.

    Though these files do not contain private keys and cannot be used to provide control over a Tanium environment, a user with malicious intent could use them to connect an unapproved client and use this unauthorized access to learn how your organization is using Tanium.

  4. Copy the installer bundle to a temporary directory on the Windows endpoint and unzip the bundle.

Installation wizard

  1. Sign in to the Windows endpoint with a local user or domain account that has administrative permissions.
  2. Right-click SetupClient.exe and select Run as administrator to start the wizard.
  3. Respond to the wizard prompts. The values that you enter depend on the client version and the source of the installation files:

    • Tanium Client 7.4: If you used Client Management to download tanium‑init.dat and the file is in the same directory as SetupClient.exe, the wizard prompts you to accept the license agreement and select an installation directory, and then automatically configures the remaining settings with default values. Otherwise, you must manually specify the Initialization File (tanium‑init.dat) and other settings.

      To configure custom values instead of default values, move tanium‑init.dat to a different directory than SetupClient.exe before starting the wizard. The wizard then prompts you to specify the settings.

    • Tanium Client 7.2: Specify the Public Key File (tanium.pub), TLS Mode, and other settings.


    Respond to the wizard prompts. If you used Client Management to download tanium‑init.dat and the file is in the same directory as SetupClient.exe, the wizard prompts you to accept the license agreement and select an installation directory, and then automatically configures the remaining settings with default values. Otherwise, you must manually specify the Initialization File (tanium‑init.dat) and other settings.

    To configure custom values instead of default values, move tanium‑init.dat to a different directory than SetupClient.exe before starting the wizard. The wizard then prompts you to specify the settings.

  4. (Optional) Use the CLI on Windows endpoints to configure additional Tanium Client settings that you did not set through the installation wizard.
  5. Wait a few minutes for the Tanium Client to register with TaaS the Tanium Server or Zone Server, and then verify that the client installed correctly and is communicating properly. (See Verify the Tanium Client installation.)

Command-line interface (CLI)

You can use the endpoint CLI to install the Tanium Client. For details on using the CLI, see CLI on Windows endpoints.

  1. Sign in to the Windows endpoint with a local user or domain account that has administrative permissions.
  2. Access the endpoint CLI.
  3. Navigate to the directory where the Tanium Client installer resides.
  4. Use the following command to run the Tanium Client installer.

    SetupClient.exe /ServerAddress={<FQDN|IPaddress>}[,{<FQDN|IPaddress>},...] [/ServerPort=<PortNumber>] [/LogVerbosityLevel=<LogLevel>] [/KeyPath=<FullPath>\[tanium‑init.dat|tanium.pub] [/ReportingTLSMode=[0|1|2]] [/ProxyAutoConfigAddress=<URL/filename.pac>] [/ProxyServers=<FQDN|IPaddress:PortNumber>] [/S] [/D=<DirectoryPath>]

    Table 1 describes the arguments for the SetupClient.exe command.

    Before running the installer, determine which installation type to use based on whether the Tanium Client requires default or custom settings:

    • Express: The installer uses default values for all settings except ServerNameList and requires only the following arguments:
      • /ServerAddress sets the ServerNameList and is required for Tanium Client 7.2. It is required for Tanum Client 7.4 only if tanium‑init.dat does not specify ServerNameList. By default, the tanium‑init.dat that you download through Client Management specifies ServerNameList, while the tanium‑init.dat that you download through the Tanium Console does not.
      • /KeyPath specifies the full path of the tanium‑init.dat file (Tanium Client 7.4 or later) or tanium.pub file (Tanium Client 7.2) and is required only if the file is not in the same directory as SetupClient.exe.
      • /S specifies silent installation and is required for express installation of any Tanium Client version.
    • Custom: Specify the arguments for settings that require custom values instead of default values. If you omit the /S argument, the Tanium Client installation wizard opens and prompts you to configure the settings.

    Table 2 shows examples of how to use the CLI for express and custom installations.

    To configure settings beyond those that Table 1 describes, see Tanium Client settings.

  5. Wait a few minutes for the Tanium Client to register with TaaS the Tanium Server or Zone Server, and then verify that the client installed correctly and is communicating properly. (See Verify the Tanium Client installation.)
 Table 1: Tanium Client installation command syntax
Argument Guidance
/ServerAddress Fully qualified domain names (FQDNs) or IP addresses of the TaaS instances with which the client can connect Tanium Servers. In a deployment with Zone Servers, add their FQDNs or IP addresses. Using internally defined FQDNs or aliases is strongly recommended. Use a comma to separate the entry for each instanceserver.

If you specify one value for this option, it populates the ServerName registry entry. If you specify multiple values, they populate the ServerNameList registry entry.

For Tanium Client 7.4 or later, omitOmit /ServerAddress during the initial installation if the tanium‑init.dat file specifies the ServerNameList (see the client installation types). If tanium‑init.dat does not specify the ServerNameList, or you are installing Tanium Client 7.2, you must include /ServerAddress during installation. You can omit this argument when reinstalling or upgrading any version of the client.

In Tanium Core Platform 7.2.314.3263 and later, youYou can optionally set the port that the Tanium Client uses to communicate with TaaS the Tanium Server by appending :<port_number> to the server address (for example, taas-example1-zs.cloud.tanium.com:12345ts1.local.com:12345). The /ServerAddress port overrides the /ServerPort value.

/ServerPort The port that the Tanium Client uses for communication with TaaS the Tanium Server and with peers. Do not change the default of 17472. If you omit this argument, the Tanium Client uses the default port, 17472. For details, see ServerPort.
/LogVerbosityLevel The level of logging on the endpoint. The following values are best practices for specific use cases:
  • 0: Use this value to disable logging; use for clients installed on sensitive endpoints or virtual desktop infrastructure (VDI) endpoints.
  • 1: Use this value during normal operation.
  • 41: Use this value during troubleshooting.
  • 91 or higher: Use this value for full logging, for short periods of time only.
/KeyPath The full path and file name that the Tanium Client installer program uses to locate the tanium‑init.dat file (Tanium Client 7.4 or later) or tanium.pub file (Tanium Client 7.2) and copy it to the Tanium Client installation directory.

No quotation marks are necessary to enclose path or file names with spaces. The KeyPath argument requires a fully qualified path name when the installer runs directly from a command prompt. However, in a batch file, you can use the batch file command variable %~dp0 to expand a relative path before passing the KeyPath value to SetupClient.exe. For example: /KeyPath=%~dp0<My\Relative\Path>\tanium‑init.dat

If you omit the KeyPath argument for silent installations (/S argument), the tanium‑init.dat or tanium.pub file must be in the same directory as SetupClient.exe.

/S Run the installation command silently, which means the Tanium Client installation wizard does not open and prompt you to configure settings.

If you include this argument without specifying the /KeyPath argument, tanium‑init.dat (Tanium Client 7.4 or later) or tanium.pub (Tanium Client 7.2) must be in the same directory as SetupClient.exe.

For examples of how to run silent installations, see Table 2.

/D Sets the destination path for the Tanium Client installation directory. No quotation marks are necessary to enclose path names with spaces. Because environment variables are expanded, the argument value can include path variables, such as %programfiles%.

If you use this argument, it must be the last argument value-pair listed on the command line. If you omit this argument, the installer uses a default directory based on whether the endpoint is running a 64-bit or 32-bit version of Windows:

  • 64-bit versions of Windows\Program Files (x86)\Tanium\Tanium Client
  • 32-bit versions of Windows\Program Files\Tanium\Tanium Client
/ReportingTLSMode Do not specify this argument. TaaS automatically manages all TLS settings for the Tanium Client. This setting applies only to Tanium Client 7.2. The possible values are:
  • 0 (TLS not used)
  • 1 (TLS required)
  • 2 (TLS optional)

If you plan to use TLS, initially set this option to 2 (optional). When TLS is optional, the Tanium Client tries to connect over TLS. If the TLS connection fails, the client tries a non-TLS connection.

/ProxyAutoConfigAddress Include this setting if the Tanium Client connects to TaaS the Tanium Server or Zone Server through a Hypertext Transfer Protocol Secure (HTTPS) proxy server. The setting specifies the URL and file name of a proxy auto configuration (PAC) file that the client can access. Specify the value in the format http[s]://<URL>/<file name>.pac. The client downloads the file from the URL that you specify and runs a script that the file contains to select the correct proxy for connecting to a particular TaaS instanceserver. If no proxy is available, the client ignores the setting and connects directly to TaaS the Tanium Server or Zone Server. For details, see Configure proxy connections with a PAC file.
/ProxyServers Include this setting if the Tanium Client connects to TaaS the Tanium Server or Zone Server through an HTTPS proxy server but cannot access a PAC file. The setting specifies the IP address or FQDN, and port number, of the HTTPS proxy server. You can specify multiple proxies as a comma-separated list in the format "<proxy1>:<port>,...,<proxyN>:<port>". The client tries to connect to the proxies in the order that you list them. After any single connection succeeds, the client stops trying to connect with more proxies. If no proxy is available, the client ignores the setting and connects directly to TaaS the Tanium Server or Zone Server. For details, see Configure proxy connections without a PAC file.

The following are examples of using the CLI command to install the Tanium Client.

For Tanium Client 7.4 or later, omit Omit the /ServerAddress argument if the tanium‑init.dat file specifies the ServerNameList. For details, see the client installation types.

 Table 2: Tanium Client installation command examples
Example Description
Silent express installation In an express installation, SetupClient.exe installs and configures the Tanium Client with default values for all the arguments except /ServerAddress. Before starting, ensure that the Tanium initialization file tanium‑init.dat or public key file tanium.pub is in the same directory as SetupClient.exe.

SetupClient.exe /ServerAddress=taas-example1-zs.cloud.tanium.comts1.example.com /S

SetupClient.exe /ServerAddress=192.168.1.10 /S

In a deployment with Zone Servers or multiple TaaS instances Tanium Servers, specify each instanceserver in /ServerAddress:

SetupClient.exe /ServerAddress=^
taas-example1-zs.cloud.tanium.com,taas-example2-zs.cloud.tanium.com
ts1.example.com,ts2.example.com,zs1.example.com /S

Silent custom installation The following example specifies non-default values in a silent installation:

SetupClient.exe /ServerAddress=taas-example1-zs.cloud.tanium.comts1.example.com ^
/ServerPort=63422 /LogVerbosityLevel=1 /S

Silent installation TLS option The following example specifies non-default values for a silent installation of Tanium Client 7.2:

SetupClient.exe /ServerAddress=ts1.example.com /ServerPort=63422 ^
/LogVerbosityLevel=0 /ReportingTLSMode=1 /S

Batch file format When you run a batch file, the Windows command interpreter expands the variable %~dp0 to the full drive and path name of the batch file working directory. The following example of a batch file instruction performs a silent installation:

"%~dp0SetupClient.exe" /ServerAddress=taas-example1-zs.cloud.tanium.comts1.example.com ^
/ServerPort=28583 /S

Deploy the Tanium Client to macOS endpoints using the installer

On macOS endpoints, the Tanium Client is installed as a system service. The client files are installed in the /Library/Tanium/TaniumClient directory.

Endpoints that are running macOS 10.14 (Mojave) or later require a mobile device management (MDM) profile that provides the necessary permissions for Tanium applications. For more information, see the Tanium Knowledge Base article Tanium and Apple macOS TCC (Transparency, Consent and Control) and Privacy Preferences Policy Control (PPPC) (account required).

You can use the installation wizard or CLI to deploy the Tanium Client to macOS endpoints. You must perform the installation as a user with an administrator account.

For information about managing the Tanium Client service, managing firewall rules or pop-ups, or uninstalling the Tanium Client after deployment, see Manage the Tanium Client on macOS.

Prepare for installation

  1. Ensure that the macOS endpoint meets the basic requirements for the Tanium Client.
  2. Ensure that host and network firewalls are configured to allow inbound and outbound TCP traffic on the port 17472, which that the client uses for Tanium traffic (default 17472). See Manage macOS firewall rules.
  3. Sign in to the macOS endpoint.
  4. Use the Tanium Client Management service to download the client installer bundle (mac-client-bundle.zip) to the macOS endpoint. The download link is available on the Client Management Home page.For the procedure, see Download the installation bundle for alternative deployment.

    The bundle contains the following files:

    • TaniumClient‑<version>.pkg
    • tanium‑init.dat (Tanium Client 7.4 or later)
    • tanium.pub (Tanium Client 7.2)
    • install.sh

    You can also download tanium‑init.dat or tanium.pub through the Tanium Console (see Tanium Console User Guide: Download infrastructure configuration files (keys)) and request TaniumClient‑<version>.pkg from Tanium Support (see Contact Tanium Support). However, the installation process for Tanium Client 7.4 or later requires fewer manual configuration steps if you download tanium‑init.dat through Client Management.

    Be careful not to allow the tanium-init.dat or tanium.pub file to be distributed or stored outside of your organization, such as in a publicly accessible source code repository or any other location accessible from the public internet. Limit the distribution to specific use in the deployment of Tanium Clients.

    Though these files do not contain private keys and cannot be used to provide control over a Tanium environment, a user with malicious intent could use them to connect an unapproved client and use this unauthorized access to learn how your organization is using Tanium.

  5. Copy the installer bundle to a temporary directory on the macOS endpoint and unzip the bundle.

Installation wizard

  1. Sign in locally to the macOS endpoint as a user with an administrator account.
  2. Double-click TaniumClient‑<version>.pkg to start the installation wizard.
  3. Respond to the wizard prompts. Specify the User Name and Password of a local administrator when the wizard prompts you for credentials.
  4. Use the CLI (see CLI on non-Windows endpoints) to configure the following basic Tanium Client settings:

    ServerName or ServerNameList In a deployment with a standalone Tanium Server, set Set the ServerName to the TaaSserver FQDN or IP address. In a deployment with Tanium Zone Servers or multiple TaaS instancesTanium Servers, configure ServerNameList with the FQDN or IP address of each instanceserver, separated with a comma.

    If the tanium‑init.dat file for Tanium Client 7.4 specifies ServerNameList, you do not need to configure ServerName or ServerNameList; any setting that you specify here is added to the ServerNameList specified in tanium-init.dat. By default, the tanium‑init.dat that you download through the Tanium Client Management service specifies ServerNameList, while the tanium‑init.dat that you download through the Tanium Console does not. You can use the TaniumClient pki show <path_to_tanium-init.dat> command on an endpoint where Tanium Client 7.4.5 or later is already installed to view the ServerNameList that the tanium-init.dat file specifies. For Tanium Client 7.2, you must specify ServerName or ServerNameList.

    LogVerbosityLevel

    The level of logging on the endpoint. The following values are best practices for specific use cases:

    • 0: Use this value to disable logging; use for clients installed on sensitive endpoints or virtual desktop infrastructure (VDI) endpoints.
    • 1: Use this value during normal operation.
    • 41: Use this value during troubleshooting.
    • 91 or higher: Use this value for full logging, for short periods of time only.

    For details on additional settings that you can configure, see Tanium Client settings.

    The following example commands are for a deployment with multiple TaaS instancesTanium Servers and Zone Servers:

    cd <Tanium Client installation directory>
    sudo ./TaniumClient config set ServerNameList \
    taas-example1-zs.cloud.tanium.com,taas-example2-zs.cloud.tanium.comts1.example.com,ts2.example.com,zs1.example.com,zs2.example.com
    sudo ./TaniumClient config set LogVerbosityLevel 1

  5. (Tanium Client 7.4 or later) Copy tanium‑init.dat from the temporary directory to the Tanium Client installation directory.
  6. Wait a few minutes for the Tanium Client to register with TaaS the Tanium Server or Zone Server, and then verify that the client installed correctly and is communicating properly. (See Verify the Tanium Client installation.)

Command-line interface (CLI)

To install the Tanium Client, you must have root or sudo permissions to run the installer command. For details on using the CLI, see CLI on non-Windows endpoints.

  1. Sign in locally to the macOS endpoint as a user with an administrator account.
  2. Open Terminal.
  3. Run the following command in the directory into which you copied TaniumClient‑<version>.pkg to install the client :

    sudo installer -pkg TaniumClient-<version>.pkg -target /
    installer: Package name is TaniumClient
    installer: Installing at base path /
    installer: The install was successful.

  4. Use the CLI (see CLI on non-Windows endpoints) to configure the following basic Tanium Client settings:

    ServerName or ServerNameList In a deployment with a standalone Tanium Server, set Set the ServerName to the TaaSserver FQDN or IP address. In a deployment with Tanium Zone Servers or multiple TaaS instancesTanium Servers, configure ServerNameList with the FQDN or IP address of each instanceserver, separated with a comma.

    If the tanium‑init.dat file for Tanium Client 7.4 specifies ServerNameList, you do not need to configure ServerName or ServerNameList; any setting that you specify here is added to the ServerNameList specified in tanium-init.dat. By default, the tanium‑init.dat that you download through the Tanium Client Management service specifies ServerNameList, while the tanium‑init.dat that you download through the Tanium Console does not. You can use the TaniumClient pki show <path_to_tanium-init.dat> command on an endpoint where Tanium Client 7.4.5 or later is already installed to view the ServerNameList that the tanium-init.dat file specifies. For Tanium Client 7.2, you must specify ServerName or ServerNameList.

    LogVerbosityLevel

    The level of logging on the endpoint. The following values are best practices for specific use cases:

    • 0: Use this value to disable logging; use for clients installed on sensitive endpoints or virtual desktop infrastructure (VDI) endpoints.
    • 1: Use this value during normal operation.
    • 41: Use this value during troubleshooting.
    • 91 or higher: Use this value for full logging, for short periods of time only.

    For details on additional settings that you can configure, see Tanium Client settings.

    The following example commands are for a deployment with multiple TaaS instancesTanium Servers and Zone Servers:

    cd <Tanium Client installation directory>
    sudo ./TaniumClient config set ServerNameList \
    taas-example1-zs.cloud.tanium.com,taas-example2-zs.cloud.tanium.comts1.example.com,ts2.example.com,zs1.example.com,zs2.example.com
    sudo ./TaniumClient config set LogVerbosityLevel 1

  5. (Tanium Client 7.4 or later) Copy tanium‑init.dat to the Tanium Client installation directory.
  6. Wait a few minutes for the Tanium Client to register with TaaS the Tanium Server or Zone Server, and then verify that the client installed correctly and is communicating properly. (See Verify the Tanium Client installation.)

Deploy the Tanium Client to Linux endpoints using package files

On Linux endpoints, the Tanium Client is installed as a system service. The default installation directory for Tanium Client files is /opt/Tanium/TaniumClient.

If your environment requires a different installation location for applications, you can create a symbolic link during installation.

For information about managing the Tanium Client service, managing firewall rules, or uninstalling the Tanium Client after deployment, see Manage the Tanium Client on Linux.

Tanium Client package files for Linux

The Linux installer bundle (linux‑client-bundle.zip) that you download through Tanium Client Management contains package installer files for every Linux distribution. Contact Tanium Support for other means to obtain the package file for your Linux distribution.

To verify the digital signature on RPM package files, use the public key at Tanium public key for Linux RPM files.

 Table 3: Tanium Client package files for Linux
Linux Distribution Latest Installation Package Files
Amazon Linux 2 LTS TaniumClient-7.4.5.1225-1.amzn2.x86_64.rpm
TaniumClient-7.4.5.1220-1.amzn2.x86_64.rpm
TaniumClient-7.4.5.1219-1.amzn2.x86_64.rpm
TaniumClient-7.4.5.1204-1.amzn2.x86_64.rpm
TaniumClient-7.4.4.1362-1.amzn2.x86_64.rpm
TaniumClient-7.4.4.1250-1.amzn2.x86_64.rpm
TaniumClient-7.4.2.2073-1.amzn2.x86_64.rpm
TaniumClient-7.4.2.2063-1.amzn2.x86_64.rpm
TaniumClient-7.4.2.2033-1.amzn2.x86_64.rpm
TaniumClient-7.4.1.1955-1.amzn2.x86_64.rpm
TaniumClient-7.2.314.3632-1.amzn2.x86_64.rpm
TaniumClient-7.2.314.3584-1.amzn2.x86_64.rpm
Amazon Linux AMI 2018.3 TaniumClient-7.4.5.1225-1.amzn2018.03.x86_64.rpm
TaniumClient-7.4.5.1220-1.amzn2018.03.x86_64.rpm
TaniumClient-7.4.5.1219-1.amzn2018.03.x86_64.rpm
TaniumClient-7.4.5.1204-1.amzn2018.03.x86_64.rpm
TaniumClient-7.4.4.1362-1.amzn2018.03.x86_64.rpm
TaniumClient-7.4.4.1250-1.amzn2018.03.x86_64.rpm
TaniumClient-7.4.2.2073-1.amzn2018.03.x86_64.rpm
TaniumClient-7.4.2.2063-1.amzn2018.03.x86_64.rpm
TaniumClient-7.4.2.2033-1.amzn2018.03.x86_64.rpm
TaniumClient-7.4.1.1955-1.amzn2018.03.x86_64.rpm
TaniumClient-7.2.314.3632-1.amzn2018.03.x86_64.rpm
TaniumClient-7.2.314.3584-1.amzn2018.03.x86_64.rpm
Amazon Linux AMI 2016.09 TaniumClient-7.2.314.2962-1.amzn2016.09.x86_64.rpm
Debian 10.x taniumclient-7.4.5.1225-debian10_i386.deb
taniumclient-7.4.5.1220-debian10_i386.deb
taniumclient-7.4.5.1219-debian10_i386.deb
taniumclient-7.4.5.1204-debian10_i386.deb
taniumclient-7.4.4.1362-debian10_i386.deb
taniumclient-7.4.4.1250-debian10_i386.deb
taniumclient-7.4.2.2073-debian10_i386.deb
taniumclient-7.4.2.2063-debian10_i386.deb


taniumclient-7.4.5.1225-debian10_amd64.deb
taniumclient-7.4.5.1220-debian10_amd64.deb
taniumclient-7.4.5.1219-debian10_amd64.deb
taniumclient-7.4.5.1204-debian10_amd64.deb
taniumclient-7.4.4.1362-debian10_amd64.deb
taniumclient-7.4.4.1250-debian10_amd64.deb
taniumclient-7.4.2.2073-debian10_amd64.deb
taniumclient-7.4.2.2063-debian10_amd64.deb
Debian 9.x taniumclient-7.4.5.1225-debian9_i386.deb
taniumclient-7.4.5.1220-debian9_i386.deb
taniumclient-7.4.5.1219-debian9_i386.deb
taniumclient-7.4.5.1204-debian9_i386.deb
taniumclient-7.4.4.1362-debian9_i386.deb
taniumclient-7.4.4.1250-debian9_i386.deb
taniumclient-7.4.2.2073-debian9_i386.deb
taniumclient-7.4.2.2063-debian9_i386.deb
taniumclient-7.4.2.2033-debian9_i386.deb
taniumclient-7.4.1.1955-debian9_i386.deb
taniumclient-7.2.314.3632-debian9_i386.deb
taniumclient-7.2.314.3584-debian9_i386.deb


taniumclient-7.4.5.1225-debian9_amd64.deb
taniumclient-7.4.5.1220-debian9_amd64.deb
taniumclient-7.4.5.1219-debian9_amd64.deb
taniumclient-7.4.5.1204-debian9_amd64.deb
taniumclient-7.4.4.1362-debian9_amd64.deb
taniumclient-7.4.4.1250-debian9_amd64.deb
taniumclient-7.4.2.2073-debian9_amd64.deb
taniumclient-7.4.2.2063-debian9_amd64.deb
taniumclient-7.4.2.2033-debian9_amd64.deb
taniumclient-7.4.1.1955-debian9_amd64.deb
taniumclient-7.2.314.3632-debian9_amd64.deb
taniumclient-7.2.314.3584-debian9_amd64.deb
Debian 8.x taniumclient-7.4.5.1225-debian8_i386.deb
taniumclient-7.4.5.1220-debian8_i386.deb
taniumclient-7.4.5.1219-debian8_i386.deb
taniumclient-7.4.5.1204-debian8_i386.deb
taniumclient-7.4.4.1362-debian8_i386.deb
taniumclient-7.4.4.1250-debian8_i386.deb
taniumclient-7.4.2.2073-debian8_i386.deb
taniumclient-7.4.2.2063-debian8_i386.deb
taniumclient-7.4.2.2033-debian8_i386.deb
taniumclient-7.4.1.1955-debian8_i386.deb
taniumclient-7.2.314.3632-debian8_i386.deb
taniumclient-7.2.314.3584-debian8_i386.deb


taniumclient-7.4.5.1225-debian8_amd64.deb
taniumclient-7.4.5.1220-debian8_amd64.deb
taniumclient-7.4.5.1219-debian8_amd64.deb
taniumclient-7.4.5.1204-debian8_amd64.deb
taniumclient-7.4.4.1362-debian8_amd64.deb
taniumclient-7.4.4.1250-debian8_amd64.deb
taniumclient-7.4.2.2073-debian8_amd64.deb
taniumclient-7.4.2.2063-debian8_amd64.deb
taniumclient-7.4.2.2033-debian8_amd64.deb
taniumclient-7.4.1.1955-debian8_amd64.deb
taniumclient-7.2.314.3632-debian8_amd64.deb
taniumclient-7.2.314.3584-debian8_amd64.deb
Debian 7.x, 6.x taniumclient-7.2.314.3632-debian6_i386.deb
taniumclient-7.2.314.3584-debian6_i386.deb
taniumclient_7.2.314.2962-debian6_i386.deb


taniumclient-7.2.314.3632-debian6_amd64.deb
taniumclient-7.2.314.3584-debian6_amd64.deb
taniumclient_7.2.314.2962-debian6_amd64.deb
Oracle Linux 8.x TaniumClient-7.4.5.1225-1.oel8.x86_64.rpm
TaniumClient-7.4.5.1220-1.oel8.x86_64.rpm
TaniumClient-7.4.5.1219-1.oel8.x86_64.rpm
TaniumClient-7.4.5.1204-1.oel8.x86_64.rpm
TaniumClient-7.4.4.1362-1.oel8.x86_64.rpm
TaniumClient-7.4.4.1250-1.oel8.x86_64.rpm
TaniumClient-7.4.2.2073-1.oel8.x86_64.rpm
TaniumClient-7.4.2.2063-1.oel8.x86_64.rpm
TaniumClient-7.2.314.3632-1.oel8.x86_64.rpm

Oracle Linux 7.x TaniumClient-7.4.5.1225-1.oel7.x86_64.rpm
TaniumClient-7.4.5.1220-1.oel7.x86_64.rpm
TaniumClient-7.4.5.1219-1.oel7.x86_64.rpm
TaniumClient-7.4.5.1204-1.oel7.x86_64.rpm
TaniumClient-7.4.4.1362-1.oel7.x86_64.rpm
TaniumClient-7.4.4.1250-1.oel7.x86_64.rpm
TaniumClient-7.4.2.2073-1.oel7.x86_64.rpm
TaniumClient-7.4.2.2063-1.oel7.x86_64.rpm
TaniumClient-7.4.2.2033-1.oel7.x86_64.rpm
TaniumClient-7.4.1.1955-1.oel7.x86_64.rpm
TaniumClient-7.2.314.3584-1.oel7.x86_64.rpm
TaniumClient-7.2.314.2962-1.oel7.x86_64.rpm
Oracle Linux 6.x TaniumClient-7.4.5.1225-1.oel6.i686.rpm
TaniumClient-7.4.5.1220-1.oel6.i686.rpm
TaniumClient-7.4.5.1219-1.oel6.i686.rpm
TaniumClient-7.4.5.1204-1.oel6.i686.rpm
TaniumClient-7.4.4.1362-1.oel6.i686.rpm
TaniumClient-7.4.4.1250-1.oel6.i686.rpm
TaniumClient-7.4.2.2073-1.oel6.i686.rpm
TaniumClient-7.4.2.2063-1.oel6.i686.rpm
TaniumClient-7.4.2.2033-1.oel6.i686.rpm
TaniumClient-7.4.1.1955-1.oel6.i686.rpm
TaniumClient-7.2.314.3584-1.oel6.i686.rpm
TaniumClient-7.2.314.2962-1.oel6.i686.rpm


TaniumClient-7.4.5.1225-1.oel6.x86_64.rpm
TaniumClient-7.4.5.1220-1.oel6.x86_64.rpm
TaniumClient-7.4.5.1219-1.oel6.x86_64.rpm
TaniumClient-7.4.5.1204-1.oel6.x86_64.rpm
TaniumClient-7.4.4.1362-1.oel6.x86_64.rpm
TaniumClient-7.4.4.1250-1.oel6.x86_64.rpm
TaniumClient-7.4.2.2073-1.oel6.x86_64.rpm
TaniumClient-7.4.2.2063-1.oel6.x86_64.rpm
TaniumClient-7.4.2.2033-1.oel6.x86_64.rpm
TaniumClient-7.4.1.1955-1.oel6.x86_64.rpm
TaniumClient-7.2.314.3584-1.oel6.x86_64.rpm
TaniumClient-7.2.314.2962-1.oel6.x86_64.rpm

Oracle Linux 5.x TaniumClient-7.4.5.1225-1.oel5.i386.rpm
TaniumClient-7.4.5.1220-1.oel5.i386.rpm
TaniumClient-7.4.5.1219-1.oel5.i386.rpm
TaniumClient-7.4.5.1204-1.oel5.i386.rpm
TaniumClient-7.4.4.1362-1.oel5.i386.rpm
TaniumClient-7.4.4.1250-1.oel5.i386.rpm
TaniumClient-7.4.2.2073-1.oel5.i386.rpm
TaniumClient-7.4.2.2063-1.oel5.i386.rpm
TaniumClient-7.4.2.2033-1.oel5.i386.rpm
TaniumClient-7.4.1.1955-1.oel5.i386.rpm
TaniumClient-7.2.314.3584-1.oel5.i386.rpm
TaniumClient-7.2.314.3236-1.oel5.i386.rpm
TaniumClient-7.2.314.2962-1.oel5.i386.rpm


TaniumClient-7.4.5.1225-1.oel5.x86_64.rpm
TaniumClient-7.4.5.1220-1.oel5.x86_64.rpm
TaniumClient-7.4.5.1219-1.oel5.x86_64.rpm
TaniumClient-7.4.5.1204-1.oel5.x86_64.rpm
TaniumClient-7.4.4.1362-1.oel5.x86_64.rpm
TaniumClient-7.4.4.1250-1.oel5.x86_64.rpm
TaniumClient-7.4.2.2073-1.oel5.x86_64.rpm
TaniumClient-7.4.2.2063-1.oel5.x86_64.rpm
TaniumClient-7.4.2.2033-1.oel5.x86_64.rpm
TaniumClient-7.4.1.1955-1.oel5.x86_64.rpm
TaniumClient-7.2.314.3584-1.oel5.x86_64.rpm
TaniumClient-7.2.314.3236-1.oel5.x86_64.rpm
TaniumClient-7.2.314.2962-1.oel5.x86_64.rpm
Red Hat / CentOS 8.x TaniumClient-7.4.5.1225-1.rhe8.x86_64.rpm
TaniumClient-7.4.5.1220-1.rhe8.x86_64.rpm
TaniumClient-7.4.5.1219-1.rhe8.x86_64.rpm
TaniumClient-7.4.5.1204-1.rhe8.x86_64.rpm
TaniumClient-7.4.4.1362-1.rhe8.x86_64.rpm
TaniumClient-7.4.4.1250-1.rhe8.x86_64.rpm
TaniumClient-7.4.2.2073-1.rhe8.x86_64.rpm
TaniumClient-7.4.2.2063-1.rhe8.x86_64.rpm
TaniumClient-7.4.2.2033-1.rhe8.x86_64.rpm
TaniumClient-7.4.1.1955-1.rhe8.x86_64.rpm
TaniumClient-7.2.314.3632-1.rhe8.x86_64.rpm
TaniumClient-7.2.314.3584-1.rhe8.x86_64.rpm
Red Hat / CentOS 7.x TaniumClient-7.4.5.1225-1.rhe7.x86_64.rpm
TaniumClient-7.4.5.1220-1.rhe7.x86_64.rpm
TaniumClient-7.4.5.1219-1.rhe7.x86_64.rpm
TaniumClient-7.4.5.1204-1.rhe7.x86_64.rpm
TaniumClient-7.4.4.1362-1.rhe7.x86_64.rpm
TaniumClient-7.4.4.1250-1.rhe7.x86_64.rpm
TaniumClient-7.4.2.2073-1.rhe7.x86_64.rpm
TaniumClient-7.4.2.2063-1.rhe7.x86_64.rpm
TaniumClient-7.4.2.2033-1.rhe7.x86_64.rpm
TaniumClient-7.4.1.1955-1.rhe7.x86_64.rpm
TaniumClient-7.2.314.3584-1.rhe7.x86_64.rpm
TaniumClient-7.2.314.2962-1.rhe7.x86_64.rpm

Red Hat / CentOS 6.x TaniumClient-7.4.5.1225-1.rhe6.i686.rpm
TaniumClient-7.4.5.1220-1.rhe6.i686.rpm
TaniumClient-7.4.5.1219-1.rhe6.i686.rpm
TaniumClient-7.4.5.1204-1.rhe6.i686.rpm
TaniumClient-7.4.4.1362-1.rhe6.i686.rpm
TaniumClient-7.4.4.1250-1.rhe6.i686.rpm
TaniumClient-7.4.2.2073-1.rhe6.i686.rpm
TaniumClient-7.4.2.2063-1.rhe6.i686.rpm
TaniumClient-7.4.2.2033-1.rhe6.i686.rpm
TaniumClient-7.4.1.1955-1.rhe6.i686.rpm
TaniumClient-7.2.314.3584-1.rhe6.i686.rpm
TaniumClient-7.2.314.2962-1.rhe6.i686.rpm


TaniumClient-7.4.5.1225-1.rhe6.x86_64.rpm
TaniumClient-7.4.5.1220-1.rhe6.x86_64.rpm
TaniumClient-7.4.5.1219-1.rhe6.x86_64.rpm
TaniumClient-7.4.5.1204-1.rhe6.x86_64.rpm
TaniumClient-7.4.4.1362-1.rhe6.x86_64.rpm
TaniumClient-7.4.4.1250-1.rhe6.x86_64.rpm
TaniumClient-7.4.2.2073-1.rhe6.x86_64.rpm
TaniumClient-7.4.2.2063-1.rhe6.x86_64.rpm
TaniumClient-7.4.2.2033-1.rhe6.x86_64.rpm
TaniumClient-7.4.1.1955-1.rhe6.x86_64.rpm
TaniumClient-7.2.314.3584-1.rhe6.x86_64.rpm
TaniumClient-7.2.314.2962-1.rhe6.x86_64.rpm

Red Hat / CentOS 5.x TaniumClient-7.4.5.1225-1.rhe5.i386.rpm
TaniumClient-7.4.5.1220-1.rhe5.i386.rpm
TaniumClient-7.4.5.1219-1.rhe5.i386.rpm
TaniumClient-7.4.5.1204-1.rhe5.i386.rpm
TaniumClient-7.4.4.1362-1.rhe5.i386.rpm
TaniumClient-7.4.4.1250-1.rhe5.i386.rpm
TaniumClient-7.4.2.2073-1.rhe5.i386.rpm
TaniumClient-7.4.2.2063-1.rhe5.i386.rpm
TaniumClient-7.4.2.2033-1.rhe5.i386.rpm
TaniumClient-7.4.1.1955-1.rhe5.i386.rpm
TaniumClient-7.2.314.3584-1.rhe5.i386.rpm
TaniumClient-7.2.314.2962-1.rhe5.i386.rpm


TaniumClient-7.4.5.1225-1.rhe5.x86_64.rpm
TaniumClient-7.4.5.1220-1.rhe5.x86_64.rpm
TaniumClient-7.4.5.1219-1.rhe5.x86_64.rpm
TaniumClient-7.4.5.1204-1.rhe5.x86_64.rpm
TaniumClient-7.4.4.1362-1.rhe5.x86_64.rpm
TaniumClient-7.4.4.1250-1.rhe5.x86_64.rpm
TaniumClient-7.4.2.2073-1.rhe5.x86_64.rpm
TaniumClient-7.4.2.2063-1.rhe5.x86_64.rpm
TaniumClient-7.4.2.2033-1.rhe5.x86_64.rpm
TaniumClient-7.4.1.1955-1.rhe5.x86_64.rpm
TaniumClient-7.2.314.3584-1.rhe5.x86_64.rpm
TaniumClient-7.2.314.3236-1.rhe5.x86_64.rpm
TaniumClient-7.2.314.2962-1.rhe5.x86_64.rpm

SUSE Linux Enterprise Server (SLES) / OpenSUSE 15.x TaniumClient-7.4.5.1225-1.sle15.i586.rpm
TaniumClient-7.4.5.1220-1.sle15.i586.rpm
TaniumClient-7.4.5.1219-1.sle15.i586.rpm
TaniumClient-7.4.5.1204-1.sle15.i586.rpm
TaniumClient-7.4.4.1362-1.sle15.i586.rpm
TaniumClient-7.4.4.1250-1.sle15.i586.rpm
TaniumClient-7.4.2.2073-1.sle15.i586.rpm
TaniumClient-7.4.2.2063-1.sle15.i586.rpm
TaniumClient-7.4.2.2033-1.sle15.i586.rpm
TaniumClient-7.4.1.1955-1.sle15.i586.rpm
TaniumClient-7.2.314.3632-1.sle15.i586.rpm


TaniumClient-7.4.5.1225-1.sle15.x86_64.rpm
TaniumClient-7.4.5.1220-1.sle15.x86_64.rpm
TaniumClient-7.4.5.1219-1.sle15.x86_64.rpm
TaniumClient-7.4.5.1204-1.sle15.x86_64.rpm
TaniumClient-7.4.4.1362-1.sle15.x86_64.rpm
TaniumClient-7.4.4.1250-1.sle15.x86_64.rpm
TaniumClient-7.4.2.2073-1.sle15.x86_64.rpm
TaniumClient-7.4.2.2063-1.sle15.x86_64.rpm
TaniumClient-7.4.2.2033-1.sle15.x86_64.rpm
TaniumClient-7.4.1.1955-1.sle15.x86_64.rpm
TaniumClient-7.2.314.3632-1.sle15.x86_64.rpm

SUSE Linux Enterprise Server (SLES) / OpenSUSE 12.x TaniumClient-7.4.5.1225-1.sle12.i586.rpm
TaniumClient-7.4.5.1220-1.sle12.i586.rpm
TaniumClient-7.4.5.1219-1.sle12.i586.rpm
TaniumClient-7.4.5.1204-1.sle12.i586.rpm
TaniumClient-7.4.4.1362-1.sle12.i586.rpm
TaniumClient-7.4.4.1250-1.sle12.i586.rpm
TaniumClient-7.4.2.2073-1.sle12.i586.rpm
TaniumClient-7.4.2.2063-1.sle12.i586.rpm
TaniumClient-7.4.2.2033-1.sle12.i586.rpm
TaniumClient-7.4.1.1955-1.sle12.i586.rpm
TaniumClient-7.2.314.3584-1.sle12.i586.rpm
TaniumClient-7.2.314.2962-1.sle12.i586.rpm


TaniumClient-7.4.5.1225-1.sle12.x86_64.rpm
TaniumClient-7.4.5.1220-1.sle12.x86_64.rpm
TaniumClient-7.4.5.1219-1.sle12.x86_64.rpm
TaniumClient-7.4.5.1204-1.sle12.x86_64.rpm
TaniumClient-7.4.4.1362-1.sle12.x86_64.rpm
TaniumClient-7.4.4.1250-1.sle12.x86_64.rpm
TaniumClient-7.4.2.2073-1.sle12.x86_64.rpm
TaniumClient-7.4.2.2063-1.sle12.x86_64.rpm
TaniumClient-7.4.2.2033-1.sle12.x86_64.rpm
TaniumClient-7.4.1.1955-1.sle12.x86_64.rpm
TaniumClient-7.2.314.3584-1.sle12.x86_64.rpm
TaniumClient-7.2.314.2962-1.sle12.x86_64.rpm

SUSE Linux Enterprise Server (SLES) / OpenSUSE 11.x TaniumClient-7.2.314.3584-1.sle11.i586.rpm
TaniumClient-7.2.314.2962-1.sle11.i586.rpm


TaniumClient-7.2.314.3584-1.sle11.x86_64.rpm
TaniumClient-7.2.314.2962-1.sle11.x86_64.rpm

Ubuntu 20.04 LTS taniumclient_7.4.5.1225-ubuntu20_amd64.deb
taniumclient_7.4.5.1220-ubuntu20_amd64.deb
taniumclient_7.4.5.1219-ubuntu20_amd64.deb
taniumclient_7.4.5.1204-ubuntu20_amd64.deb
taniumclient_7.4.4.1362-ubuntu20_amd64.deb
taniumclient_7.4.4.1250-ubuntu20_amd64.deb
taniumclient_7.4.2.2073-ubuntu20_amd64.deb
taniumclient_7.4.2.2063-ubuntu20_amd64.deb
Ubuntu 18.04 LTS taniumclient_7.4.5.1225-ubuntu18_amd64.deb
taniumclient_7.4.5.1220-ubuntu18_amd64.deb
taniumclient_7.4.5.1219-ubuntu18_amd64.deb
taniumclient_7.4.5.1204-ubuntu18_amd64.deb
taniumclient_7.4.4.1362-ubuntu18_amd64.deb
taniumclient_7.4.4.1250-ubuntu18_amd64.deb
taniumclient_7.4.2.2073-ubuntu18_amd64.deb
taniumclient_7.4.2.2063-ubuntu18_amd64.deb
taniumclient_7.4.2.2033-ubuntu18_amd64.deb
taniumclient_7.4.1.1955-ubuntu18_amd64.deb
taniumclient_7.2.314.3632-ubuntu18_amd64.deb
taniumclient_7.2.314.3584-ubuntu18_amd64.deb
Ubuntu 16.04 LTS taniumclient_7.4.5.1225-ubuntu16_amd64.deb
taniumclient_7.4.5.1220-ubuntu16_amd64.deb
taniumclient_7.4.5.1219-ubuntu16_amd64.deb
taniumclient_7.4.5.1204-ubuntu16_amd64.deb
taniumclient_7.4.4.1362-ubuntu16_amd64.deb
taniumclient_7.4.4.1250-ubuntu16_amd64.deb
taniumclient_7.4.2.2073-ubuntu16_amd64.deb
taniumclient_7.4.2.2063-ubuntu16_amd64.deb
taniumclient_7.4.2.2033-ubuntu16_amd64.deb
taniumclient_7.4.1.1955-ubuntu16_amd64.deb
taniumclient_7.2.314.3632-ubuntu16_amd64.deb
taniumclient_7.2.314.3584-ubuntu16_amd64.deb
taniumclient_7.2.314.2962-ubuntu16_amd64.deb
Ubuntu 14.04 LTS taniumclient_7.4.5.1225-ubuntu14_amd64.deb
taniumclient_7.4.5.1220-ubuntu14_amd64.deb
taniumclient_7.4.5.1219-ubuntu14_amd64.deb
taniumclient_7.4.5.1204-ubuntu14_amd64.deb
taniumclient_7.4.4.1362-ubuntu14_amd64.deb
taniumclient_7.4.4.1250-ubuntu14_amd64.deb
taniumclient_7.4.2.2073-ubuntu14_amd64.deb
taniumclient_7.4.2.2063-ubuntu14_amd64.deb
taniumclient_7.4.2.2033-ubuntu14_amd64.deb
taniumclient_7.4.1.1955-ubuntu14_amd64.deb
taniumclient_7.2.314.3632-ubuntu14_amd64.deb
taniumclient_7.2.314.3584-ubuntu14_amd64.deb
taniumclient_7.2.314.2962-ubuntu14_amd64.deb

Install the Tanium Client on Linux using the package file

Use the endpoint CLI to install the Tanium Client. For details on using the CLI, see CLI on non-Windows endpoints.

  1. Ensure that the Linux endpoint meets the basic requirements for the Tanium Client.
  2. Ensure that host and network firewalls are configured to allow inbound and outbound TCP traffic on the ports that the Tanium Client uses. See Manage Linux firewall rules.
  3. Sign in to the endpoint using an account that has administrative privileges, or that is listed in the sudoers file to allow the account you are using to use sudo.
  4. Use the Tanium Client Management service to download the client installer bundle (linux-client-bundle.zip) to the Linux endpoint. The download link is available on the Client Management Home page.For the procedure, see Download the installation bundle for alternative deployment.

    The bundle contains the following files:

    • Installer package file for each Linux distribution (such as TaniumClient-7.4.4.1250-1.oel8.x86_64.rpm)
    • install.sh
    • tanium-init.dat (Tanium Client 7.4 or later)
    • tanium.pub (Tanium Client 7.2)

    You can also download tanium‑init.dat or tanium.pub through the Tanium Console (see Tanium Console User Guide: Download infrastructure configuration files (keys)) and request the installer package from Tanium Support (see Contact Tanium Support). However, the installation process for Tanium Client 7.4 or later requires fewer manual configuration steps if you download tanium‑init.dat through Client Management.

    Be careful not to allow the tanium-init.dat or tanium.pub file to be distributed or stored outside of your organization, such as in a publicly accessible source code repository or any other location accessible from the public internet. Limit the distribution to specific use in the deployment of Tanium Clients.

    Though these files do not contain private keys and cannot be used to provide control over a Tanium environment, a user with malicious intent could use them to connect an unapproved client and use this unauthorized access to learn how your organization is using Tanium.

  5. Copy the installer bundle to a temporary directory on the Linux endpoint and unzip the bundle:

    unzip linux-client-bundle.zip

  6. (Optional) To use a directory other than the default for the client installation, create a symbolic link. For example, to use the directory /appbin/Tanium, run the following command:

    ln -s /appbin/Tanium /opt/Tanium

  7. Run the appropriate installation command to install the package and generate a default configuration file.

    The RPM installers for Redhat and SUSE have command syntax similar to the following example:

    sudo rpm -Uvh TaniumClient-7.4.4.1362-1.oel6.x86_64.rpm

    The Debian installers for Debian and Ubuntu have command syntax similar to the following example:

    sudo dpkg -i taniumclient_7.4.4.1362-debian6_amd64.deb

  8. Copy tanium-init.dat(Tanium Client 7.4 or later) or tanium.pub (Tanium Client 7.2) to the installation directory. For example:

    cp tanium-init.dat /opt/Tanium/TaniumClient

  9. Use the CLI (see CLI on non-Windows endpoints) to configure the following basic Tanium Client settings:

    ServerName or ServerNameList In a deployment with a standalone Tanium Server, set Set the ServerName to the TaaSserver FQDN or IP address. In a deployment with Tanium Zone Servers or multiple TaaS instancesTanium Servers, configure ServerNameList with the FQDN or IP address of each instanceserver, separated with a comma.

    If the tanium‑init.dat file for Tanium Client 7.4 specifies ServerNameList, you do not need to configure ServerName or ServerNameList; any setting that you specify here is added to the ServerNameList specified in tanium-init.dat. By default, the tanium‑init.dat that you download through the Tanium Client Management service specifies ServerNameList, while the tanium‑init.dat that you download through the Tanium Console does not. You can use the TaniumClient pki show <path_to_tanium-init.dat> command on an endpoint where Tanium Client 7.4.5 or later is already installed to view the ServerNameList that the tanium-init.dat file specifies. For Tanium Client 7.2, you must specify ServerName or ServerNameList.

    LogVerbosityLevel

    The level of logging on the endpoint. The following values are best practices for specific use cases:

    • 0: Use this value to disable logging; use for clients installed on sensitive endpoints or virtual desktop infrastructure (VDI) endpoints.
    • 1: Use this value during normal operation.
    • 41: Use this value during troubleshooting.
    • 91 or higher: Use this value for full logging, for short periods of time only.

    For details on additional settings that you can configure, see Tanium Client settings.

    The following example commands are for a deployment with multiple TaaS instancesTanium Servers and Zone Servers:

    cd <Tanium Client installation directory>
    sudo ./TaniumClient config set ServerNameList \
    taas-example1-zs.cloud.tanium.com,taas-example2-zs.cloud.tanium.comts1.example.com,ts2.example.com,zs1.example.com,zs2.example.com
    sudo ./TaniumClient config set LogVerbosityLevel 1

  10. Start the Tanium Client service. (See Manage the Tanium Client service on Linux.)
  11. Wait a few minutes for the Tanium Client to register with TaaS the Tanium Server or Zone Server, and then verify that the client installed correctly and is communicating properly. (See Verify the Tanium Client installation.)

Deploy the Tanium Client to Solaris endpoints using a package file

On Solaris endpoints, the Tanium Client is installed as a system service. The Tanium Client files are installed by default in the /opt/Tanium/TaniumClient directory.

If your environment requires a different installation location for applications, you can create a symbolic link during installation.

The following procedures describe how to use the endpoint CLI to install the Tanium Client. For details on using the CLI, see CLI on non-Windows endpoints.

For information about managing the Tanium Client service or uninstalling the Tanium Client after deployment, see Manage the Tanium Client on Solaris.

Prepare for installation

  1. Ensure that the Solaris endpoint meets the basic requirements for the Tanium Client.
  2. Contact Tanium Support for the Tanium Client installer file: TaniumClient‑<client_version>‑SunOS‑5.10‑<platform>.pkg.
  3. Work with your network security team to ensure that host and network firewalls are configured to allow inbound and outbound TCP traffic on the port that the client uses for Tanium traffic (default 17472). See Network connectivity, ports, and firewalls.

    The installation process does not modify any host-based firewall that might be in use.

  4. (Solaris 11.4 only) Install the legacy pkgadd utilities:

    1. Access the endpoint CLI.
    2. Find the pkgadd IPS package name:

      pkg search pkgadd

      INDEX     ACTION VALUE     PACKAGE
      basename  file            usr/sbin/pkgadd pkg:/package/[email protected]

    3. Install the pkgadd utilities:

      pkg install pkg:/package/[email protected]

  5. (Solaris 10 or 11.0–11.3 only) Install the SUNWgccruntime package if it is not yet installed.

    Although this package is part of a default Solaris installation, some organizations omit it in their standard image.

    1. Determine whether the package is installed:

      pkginfo -l SUNWgccruntime

      The following example output indicates the package is installed:

      PKGINST: SUNWgccruntime
      NAME: GCC Runtime libraries
      CATEGORY: system
      ARCH: sparc
      VERSION: 11.11.0,REV=2010.05.25.01.00
      BASEDIR: /
      VENDOR: Oracle Corporation
      DESC: GCC Runtime - Shared libraries used by gcc and other gnu components
      INSTDATE: Dec 01 2015 11:43
      HOTLINE: Please contact your local service provider
      STATUS: completely installed

    2. If the SUNWgccruntime package is not yet installed, run one of the following commands:

      • Solaris 10 or 11.0–11.3 (without using Image Packing System [IPS]):

        # pkgadd -d /path/to/SUNWGccruntime.pkg SUNWgccruntime

      • Solaris 11.0–11.3 using IPS:

        # pkg install SUNWgccruntime

Install the Tanium Client on Solaris using a package file

  1. Sign in to the Solaris endpoint.
  2. Copy the installer file TaniumClient‑<client_version>‑SunOS‑5.10‑<platform>.pkg to a temporary location on the Solaris endpoint.
  3. Use the Tanium Client Management service to download a client installer bundle that contains the tanium‑init.dat (Tanium Client 7.4 or later) or tanium.pub (Tanium Client 7.2) file.

    Client Management does not provide an installer bundle for Solaris endpoints, but you can use the DAT or PUB file from the bundle that is provided for any other OS (Windows, macOS, or Linux). Download links are available on the Client Management Home page.For the procedure, see Download the installation bundle for alternative deployment.

    You can also download tanium‑init.dat or tanium.pub through the Tanium Console (see Tanium Console User Guide: Download infrastructure configuration files (keys)).

    Be careful not to allow the tanium-init.dat or tanium.pub file to be distributed or stored outside of your organization, such as in a publicly accessible source code repository or any other location accessible from the public internet. Limit the distribution to specific use in the deployment of Tanium Clients.

    Though these files do not contain private keys and cannot be used to provide control over a Tanium environment, a user with malicious intent could use them to connect an unapproved client and use this unauthorized access to learn how your organization is using Tanium.

  4. Copy the installer bundle to the same temporary directory as the installer file and unzip the bundle.

    The DAT or PUB file is the only file that you need from the bundle, so you can delete the other files in the bundle.

  5. (Optional) To use a directory other than the default for the client installation, create a symbolic link, and set the PKG_NONABI_SYMLINKS environment variable to true. For example, to use the directory /appbin/Tanium, run the following commands:

    ln -s /appbin/Tanium /opt/Tanium
    PKG_NONABI_SYMLINKS=true
    export PKG_NONABI_SYMLINKS

  6. Run the following command from the temporary directory to install the package and generate a default configuration file:

    sudo pkgadd -d ./TaniumClient‑<client_version>‑SunOS‑5.10‑<platform>.pkg TaniumClient

    Note: If you are signed into the Global Zone and want to install only in the current zone, specify the ‑G flag. If you have questions, consult your system administrator for proper zone behavior.

  7. Use the CLI (see CLI on non-Windows endpoints) to configure the following basic Tanium Client settings:

    ServerName or ServerNameList In a deployment with a standalone Tanium Server, set Set the ServerName to the TaaSserver FQDN or IP address. In a deployment with Tanium Zone Servers or multiple TaaS instancesTanium Servers, configure ServerNameList with the FQDN or IP address of each instanceserver, separated with a comma.

    If the tanium‑init.dat file for Tanium Client 7.4 specifies ServerNameList, you do not need to configure ServerName or ServerNameList; any setting that you specify here is added to the ServerNameList specified in tanium-init.dat. By default, the tanium‑init.dat that you download through the Tanium Client Management service specifies ServerNameList, while the tanium‑init.dat that you download through the Tanium Console does not. You can use the TaniumClient pki show <path_to_tanium-init.dat> command on an endpoint where Tanium Client 7.4.5 or later is already installed to view the ServerNameList that the tanium-init.dat file specifies. For Tanium Client 7.2, you must specify ServerName or ServerNameList.

    LogVerbosityLevel

    The level of logging on the endpoint. The following values are best practices for specific use cases:

    • 0: Use this value to disable logging; use for clients installed on sensitive endpoints or virtual desktop infrastructure (VDI) endpoints.
    • 1: Use this value during normal operation.
    • 41: Use this value during troubleshooting.
    • 91 or higher: Use this value for full logging, for short periods of time only.
    Resolver Add the Resolver=nslookup setting to enable host name resolution.

    For details on additional settings that you can configure, see Tanium Client settings.

    The following example commands are for a deployment with multiple TaaS instancesTanium Servers and Zone Servers:

    cd <Tanium Client installation directory>
    sudo ./TaniumClient config set ServerNameList \
    taas-example1-zs.cloud.tanium.com,taas-example2-zs.cloud.tanium.comts1.example.com,ts2.example.com,zs1.example.com,zs2.example.com
    sudo ./TaniumClient config set LogVerbosityLevel 1
    sudo ./TaniumClient config set Resolver nslookup

  8. Copy the tanium‑init.dat file or tanium.pub file from the Tanium Server to the Tanium Client installation directory on the Solaris endpoint.
  9. Run the following command to start the Tanium Client service:

    svcadm enable taniumclient

  10. Wait a few minutes for the Tanium Client to register with TaaS the Tanium Server or Zone Server, and then verify that the client installed correctly and is communicating properly. (See Verify the Tanium Client installation.)

Perform unattended Tanium Client installation

By default, the pkgadd utility performs a manual installation. The utility prompts for user intervention when it encounters operations that might be a security issue or conflict, such as running scripts with SUID, creating directories, or changing permissions. The utility provides a method to bypass these interventions and perform or abandon the installation. You accomplish this with a tanium.admin file, which contains operator identifiers and specifies what to do when the utility encounters security issues or conflicts.

  1. Create the tanium.admin file with the following contents:

    mail=
    instance=overwrite
    partial=nocheck
    runlevel=nocheck
    idepend=nocheck
    rdepend=nocheck
    space=nocheck
    setuid=nocheck
    conflict=nocheck
    action=nocheck
    networktimeout=60
    networkretries=3
    authentication=quit
    keystore=/var/sadm/security
    proxy=
    basedir=default

  2. Run pkgadd with the ‑a option:

    pkgadd ‑a tanium.admin ‑d ./TaniumClient‑<client_version>‑SunOS‑5.10‑<platform>.pkg TaniumClient

Configure the Tanium Client on Solaris

The Tanium Client binary has statically linked libraries. All the libraries are in the standard default location (/lib) except libstdc++ and gcc. These two libraries are assumed to be in /usr/sfw/lib. If they are not, the client does not start. If libstdc++ and gcc are not in /usr/sfw/lib, you must add the library search path to the Service Management Facility (SMF) taniumclient service:

  1. Find the directory location of libgcc.* and libstdc++.*.
  2. Run the following command to add the search path to the SMF service:

    svccfg -s application/taniumclient setenv LD_LIBRARY_PATH /lib:/usr/lib:/usr/local/lib:/usr/sfw/lib

Deploy the Tanium Client to AIX endpoints using a package file

On AIX endpoints, the Tanium Client is installed as a system service. The default installation directory for Tanium Client files is /opt/Tanium/TaniumClient.

If your environment requires a different installation location for applications, you can create a symbolic link during installation.

The following procedures describe how to use the endpoint CLI to install the Tanium Client. For details on using the CLI, see CLI on non-Windows endpoints.

For information about managing the Tanium Client service or uninstalling the Tanium Client after deployment, see Manage the Tanium Client on AIX.

Prepare for installation

  1. Ensure that the AIX endpoint meets the basic requirements for the Tanium Client.
  2. Contact Tanium Support for the Tanium Client installer file: TaniumClient‑<client_version>‑powerpc.pkg.
  3. Work with your network security team to ensure that host and network firewalls are configured to allow inbound and outbound TCP traffic on the port that the client uses for Tanium traffic (default 17472). See Network connectivity, ports, and firewalls.

    The installation process does not modify any host-based firewall that might be in use.

  4. If they are not yet installed, install the IBM XL C++ runtime libraries file set (xlC.rte), version 16.1.0.0 or later, and, if indicated in the following table, the IBM LLVM runtime libraries file set (libc++.rte). The required xlC.rte version and the requirement for libc++.rte depend on the AIX and Tanium Client version:

    AIX version Tanium Client version xlC.rte version libc++.rte required?
    7.1.3 or earlier 7.2 13.1.3.1 or later When xlC.rte version 16.1.0.0 or later is installed, or when required by an installed module or shared service. See Module- and service-specific requirements for the Tanium Client and endpoints for links to specific requirements.
    7.1.4 or later All versions 16.1.0.0 or later Yes
    All versions 7.4 16.1.0.0 or later Yes

    Install the file sets as follows:

    1. Access the operating system CLI on the endpoint.
    2. Run the following commands to determine the versions of the currently installed xlC.rte bundle and, if required, the libc++.rte bundle:

      lslpp -l xlC\.*
      lslpp -l libc++\.*

      If the appropriate version of each bundle is already installed where required, skip to Install the Tanium Client on AIX using a package file. Otherwise, complete the remaining steps for each bundle that needs to be installed or updated.

    3. Obtain the appropriate xlC.rte and libc++.rte bundles for your system from IBM Fix Central.
    4. Download each bundle to your endpoint.
    5. Extract, unzip, or untar each bundle to the /usr/sys/inst.images directory.
    6. Install the bundles:

      sudo installp -aXYgd /usr/sys/inst.images -e /tmp/install.log all

    7. Review the installation log /tmp/install.log for any errors.

Install the Tanium Client on AIX using a package file

  1. Sign in to the target endpoint.
  2. Copy the Tanium Client installer file  TaniumClient‑<client_version>‑powerpc.pkg to a temporary location on the target endpoint.
  3. Use the Tanium Client Management service to download a client installer bundle that contains the tanium‑init.dat (Tanium Client 7.4 or later) or tanium.pub (Tanium Client 7.2) file.

    Client Management does not provide an installer bundle for AIX endpoints, but you can use the DAT or PUB file from the bundle that is provided for any other OS (Windows, macOS, or Linux). Download links are available on the Client Management Home page.For the procedure, see Download the installation bundle for alternative deployment.

    You can also download tanium‑init.dat or tanium.pub through the Tanium Console (see Tanium Console User Guide: Download infrastructure configuration files (keys)).

    Be careful not to allow the tanium-init.dat or tanium.pub file to be distributed or stored outside of your organization, such as in a publicly accessible source code repository or any other location accessible from the public internet. Limit the distribution to specific use in the deployment of Tanium Clients.

    Though these files do not contain private keys and cannot be used to provide control over a Tanium environment, a user with malicious intent could use them to connect an unapproved client and use this unauthorized access to learn how your organization is using Tanium.

  4. Copy the installer bundle to the same temporary directory as the installer file and unzip the bundle.

    You must first install the unzip utility if it is not already installed on the AIX endpoint.

    The DAT or PUB file is the only file that you need from the bundle, so you can delete the other files in the bundle.

    The following example command uncompresses the Linux bundle for the Tanium Client:

    unzip linux-client-bundle.zip

  5. (Optional) To use a directory other than the default for the client installation, create a symbolic link. For example, to use the directory /appbin/Tanium, run the following command:

    ln -s /appbin/Tanium /opt/Tanium

  6. Run the following command from the temporary directory to install the package and generate a default configuration file:

    sudo installp -agqXYd ./TaniumClient‑<client_version>‑powerpc.pkg TaniumClient

  7. Use the CLI (see CLI on non-Windows endpoints) to configure the following basic Tanium Client settings:

    ServerName or ServerNameList In a deployment with a standalone Tanium Server, set Set the ServerName to the TaaSserver FQDN or IP address. In a deployment with Tanium Zone Servers or multiple TaaS instancesTanium Servers, configure ServerNameList with the FQDN or IP address of each instanceserver, separated with a comma.

    If the tanium‑init.dat file for Tanium Client 7.4 specifies ServerNameList, you do not need to configure ServerName or ServerNameList; any setting that you specify here is added to the ServerNameList specified in tanium-init.dat. By default, the tanium‑init.dat that you download through the Tanium Client Management service specifies ServerNameList, while the tanium‑init.dat that you download through the Tanium Console does not. You can use the TaniumClient pki show <path_to_tanium-init.dat> command on an endpoint where Tanium Client 7.4.5 or later is already installed to view the ServerNameList that the tanium-init.dat file specifies. For Tanium Client 7.2, you must specify ServerName or ServerNameList.

    LogVerbosityLevel

    The level of logging on the endpoint. The following values are best practices for specific use cases:

    • 0: Use this value to disable logging; use for clients installed on sensitive endpoints or virtual desktop infrastructure (VDI) endpoints.
    • 1: Use this value during normal operation.
    • 41: Use this value during troubleshooting.
    • 91 or higher: Use this value for full logging, for short periods of time only.
    Resolver The default hostname resolver for Tanium is getent. Because AIX generally does not have the getent command, add the Resolver=nslookup setting.

    For details on additional settings that you can configure, see Tanium Client settings.

    The following example commands are for a deployment with multiple TaaS instancesTanium Servers and Zone Servers:

    cd <Tanium Client installation directory>
    sudo ./TaniumClient config set ServerNameList \
    taas-example1-zs.cloud.tanium.com,taas-example2-zs.cloud.tanium.comts1.example.com,ts2.example.com,zs1.example.com,zs2.example.com
    sudo ./TaniumClient config set LogVerbosityLevel 1
    sudo ./TaniumClient config set Resolver nslookup

  8. Copy the tanium‑init.dat file or tanium.pub file to the Tanium Client installation directory on the AIX endpoint.
  9. Use the following command to start the Tanium Client service:

    startsrc -s taniumclient

  10. Wait a few minutes for the Tanium Client to register with TaaS the Tanium Server or Zone Server, and then verify that the client installed correctly and is communicating properly. (See Verify the Tanium Client installation.)

Verify the Tanium Client installation

Wait a few minutes after installation for the Tanium Client to register with TaaS the Tanium Server or Zone Server.

After you deploy the Tanium Client, perform the following steps to verify that the client installed correctly and can communicate with TaaS the Tanium Server or Zone Server.

  1. From Interact, ask a question to verify that the endpoints respond to the following query: Get Computer Name and Operating System and Tanium Client Version and Tanium Server Name from all machines
  2. Review the Question Results grid to verify that all endpoints where you deployed Tanium Client software are reporting.
  3. (Optional) From the main menu, go to Administration > Configuration > Client Status , and review recent client registration details.

    To find a specific Tanium Client, enter a text string in the Filter items field above the grid to filter it by Host Name or Network Location (IP address).