Managing Tanium Clients

The following sections provide information on the following activities to manage the Tanium Client:

  • General management of Tanium Clients, such as using built-in content and monitoring client health

  • Managing the Tanium Client service on each operating system, and managing certain operating system features related to the Tanium Client

For information about uninstalling the Tanium Client, see Uninstalling Tanium Clients.

Use built-in saved questions, sensors, and packages

The Tanium Server imports the Tanium™ Default Content pack when you initially sign in to the Tanium Console. This content pack contains a key set of saved questions, sensors, and packages that you can use to collect information from endpoints and take actions. The content pack also includes saved questions and scheduled actions that relate to the deployment of the Tanium Client. To access Tanium Client-related content, access the following Tanium Console pages from the Main menu:

  • Go to Administration > Actions > Scheduled Actions, select Default for the Action Group, and review the actions that are scheduled to run.
  • Go to Administration > Content > Sensors and search for client-related sensors.
  • Go to Administration > Content > Packages and search for client-related packages.
  • Go to Administration > Content > Saved Questions and search for client-related questions.


Monitor the client health overview in Client Management

Review a summary of health information about deployed Tanium Clients in Client Management.

  1. From the Main menu, go to Administration > Shared Services > Client Management.
  2. From the Client Management menu, go to Client Health.

  3. Click the tab that contains the information that you want to view.

    • Click the Deployment tab to view a summary of client deployment information, such as client versions, health check failures, operating systems, installed client extensions, and Python runtime versions.

    • Click the Settings tab to view a summary of client settings, such as log verbosity level, server name, server port, and various component information. This overview can help identify settings that have been changed from defaults.

  4. (Optional) Select a Computer Group to filter the summary information.

  5. (Optional) To further investigate a data set using the associated question results, click View question results in Interact . For more information about working with question results, see Tanium Interact User Guide: Managing question results.

Access detailed client health and troubleshooting information on an endpoint

You can directly connect to a Windows, Linux, or macOS endpoint from Client Management to view detailed client health information and to access and collect information that can be useful for troubleshooting.

For additional information about troubleshooting the Tanium Client, see Troubleshooting Tanium Clients and Client Management.

You can directly connect only to an endpoint that has an IPv4 address.

  1. From the Main menu, go to Administration > Shared Services > Client Management.
  2. From the Client Management menu, go to Client Health.
  3. In the Direct Connect search box, enter all or part of an IP address or a computer name.

    Matching results are displayed after the search completes.

  4. From the search results, click the computer name to connect to the endpoint. 
  5. Click a tab to view the detailed client health information for the endpoint.

    • Status: View status information about the connected endpoint, such as the computer ID, the first and last client installation time stamps, the installed client version, client and peer address information, and client extension information, including any health check failures.

    • Configuration: View information about client settings for the connected endpoint, such as log verbosity level, server name, server port, and various settings for client extensions.

    • Logs: View and download logs from the connected client. Select a log to view or download. For more information about reviewing logs for troubleshooting, see Review the Tanium Client installation log to troubleshoot installation on Windows and Review Tanium Client logs to troubleshoot connections and other client issues.

    • Actions: View and download action logs from the connected client. Select a previously run action for which you want to view or download the log. For more information about reviewing action logs for troubleshooting, see Review action logs and associated files to troubleshoot actions and packages.

    • Gather: Collect a bundle of logs and other artifacts from a connected endpoint to help resolve issues.

      1. To filter the available logs and artifacts, click a button in the Domain section. Click Gather from Endpoint.

        The selected logs and artifacts are gathered from the endpoint. The package appears in the Must Gathers section, named with its time stamp.

      2. When Finished appears in the Run State column, select the package and click Download to download a ZIP file that contains the troubleshooting information.

  6. When you finish reviewing client health information for the endpoint, click Disconnect to disconnect from the endpoint and return to the client health summary.

If the connection to the endpoint times out, click Reconnect to reestablish the connection.

Auditing and remediating disconnected Tanium Clients

In some cases, users with local administrative rights might be able to uninstall the Tanium Client, stop the Tanium Client service, or tamper with Tanium Client files. Use Tanium Discover to regularly audit endpoints to which you have deployed the Tanium Client, and automatically redeploy the Tanium Client to previously managed endpoints that have become unmanaged.

  1. Configure a profile in Discover that scans endpoints to which you have deployed the Tanium Client. For more information, see Tanium Discover User Guide: Scan types.

  2. Configure an automatic label in Discover (such as Disconnected) with conditions that identify endpoints on which you expect the Tanium Client to be installed. For more information, see Tanium Discover User Guide: Automatically label interfaces.

    Discover labels must have the following settings to be used with Client Management:

    • Type: Automatic
    • Activity: Retain
    • Retain Activity: Label
  3. Configure a deployment in Client Management that targets the Discover label you created. For more information, see Deploying the Tanium Client using Client Management.
  4. Regularly review the label you created in Discover. Optionally, configure a Connect destination to alert you of newly unmanaged endpoints that the label identifies. For more information, see Tanium Discover User Guide: Export interface data to a Connect destination.
  5. When the label identifies newly unmanaged endpoints, redeploy the Tanium Client to those endpoints using the Client Management deployment. For more information, see Deploying the Tanium Client using Client Management

If redeploying the Tanium Client is unsuccessful or does not successfully reconnect the endpoint, other issues might be preventing the Tanium Client from connecting or registering. For troubleshooting information, see Troubleshoot issues with connection and registration.

To reduce the likelihood of casual tampering by users with local administrator rights on Windows, you can take measures to harden the Tanium Client on Windows. For more information, see (Optional) Harden the Tanium Client on Windows. Performing regular audits of unmanaged assets is a best practice regardless of whether you have hardened the Tanium Client on Windows.

Manage the Tanium Client on Windows

The Tanium Client is installed as a service with a Startup Type set to Automatic on Windows endpoints. The default installation directory is C:\Program Files (x86)\ for 64-bit versions of Windows, or C:\Program Files\ for 32-bit versions of Windows.

Manage the Tanium Client service on Windows

Use the Windows Services application to stop, start, or restart the Tanium Client service on Windows endpoints:

  1. Click Start > Run. Type services.msc and click OK.

  2. Select the Tanium Client service and then select an action in the Action > All Tasks menu.

Figure  1:  Tanium Client service

(Optional) Harden the Tanium Client on Windows

The protocols that the client uses to communicate with Tanium Cloud the Tanium Server and peer clients are designed to be secure and prevent rogue sensors or actions, and digital signing prevents an attacker from causing the client to run sensors or packages that Tanium Cloudthe Tanium Server did not issue. However, the Tanium Client is a traditional Win32 application on Windows. By default, it appears in the Add/Remove Programs list, and users with local administrator rights can manage the service and access the Tanium Client installation directory. You can take additional measures to protect the Tanium Client itself from casual tampering by end users with local administrator rights.

Optional client hardening features are provided by the Client Service Hardening content pack and the StateProtectedFlag client setting. Use the saved question dashboards in the Client Service Hardening content pack to review restrictions on user access to the Tanium Client on Windows endpoints. Deploy actions with the packages that are associated with the saved questions to adjust those restrictions. For more information about deploying packages, see Tanium Console User Guide: Deploying actions.

Contact Tanium Support to import the Client Service Hardening content pack into Tanium Cloud.

Perform regular audits of unmanaged assets to look for systems with missing or non-functioning clients, regardless of whether you have hardened the Tanium Client on Windows. Regularly auditing and remediating disconnected clients reduces the need to take extra steps to harden the Tanium Client. For more information, see Auditing and remediating disconnected Tanium Clients

Install the Client Service Hardening content pack

  1. Sign in to the Tanium Console as a user who is assigned the Administrator reserved role.
  2. From the Main menu, go to Administration > Content > Solutions.
  3. In the Content section, select the Client Service Hardening row and click Import Solution.
  4. Review the list of packages and sensors and click Begin Import.

Access the Client Service Hardening dashboards

The Client Service Hardening dashboards in Interact provide easy access to review and manage access restrictions for the Tanium Client.

  1. From the Main menu, go to Modules > Interact.
  2. In the Categories section, select Client Service Hardening.

Limit permission to start and stop Tanium Client services to the SYSTEM account

  1. In the Dashboards section in Interact, click Control Service State Permissions to issue the dashboard question.

  2. Select the Service Control is set to default permissions row and click Deploy Action.
  3. For Deployment Package, select Client Service Hardening - Allow Only Local SYSTEM to Control Service.

  4. Click Show Preview To Continue, review the list of targeted endpoints, and then click Deploy Action.

Limit permission to view or modify files in the Tanium Client directory to the SYSTEM account

  1. In the Dashboards section in Interact, click Set Client Directory Permissions to issue the dashboard question..

  2. Select the Not Restricted row and click Deploy Action.
  3. For Deployment Package, select Client Service Hardening - Set SYSTEM only permissions on Tanium Client directory.

  4. Click Show Preview To Continue, review the list of targeted endpoints, and then click Deploy Action.

Hide the Tanium Client from the Windows Add/Remove Programs list

Hiding the Tanium Client from the Windows Add/Remove Programs list or the Programs menu does not affect the security of the client. A user with permissions to uninstall an application can still launch the uninstallation manually. Hiding the Tanium Client from the Add/Remove Programs list helps to reduce accidental uninstallations and casual tampering by end users.

  1. In the Dashboards section in Interact, click Hide From Add-Remove Programs to issue the dashboard question..

  2. In the section for the Tanium Client Visible in Add-Remove Programs saved question, select the No row and click Deploy Action.
  3. For Deployment Package, leave Client Service Hardening - Hide Client from Add-Remove Programs selected.

  4. Click Show Preview To Continue, review the list of targeted endpoints, and then click Deploy Action.

Encrypt the client state and sensor queries stored on the client

Use the StateProtectedFlag client setting to enable encryption of the client state and sensor queries stored on the client. This encryption is not required for the security of the Tanium Client, but it might be required for compliance with certain regulations. This setting does not require the Client Service Hardening content pack.

  1. In Interact, ask a question to target the Windows endpoints on which you want to enable encryption:
    Get Tanium Client Explicit Setting[StateProtectedFlag] from all machines with Is Windows contains true

  2. Select the endpoints from the results and click Deploy Action.
  3. For Deployment Package, select Modify Tanium Client Setting and configure the following settings:

    • For RegType, select REG_DWORD.
    • For ValueName, enter StateProtectedFlag.
    • For ValueData, enter 1.
  4. Click Show Preview To Continue, review the list of targeted endpoints, and then click Deploy Action.

Manage the Tanium Client on macOS

This section provides information about the following activities to manage the Tanium Client on macOS:

The Tanium Client is installed as a system service on macOS endpoints. The client files are located in the /Library/Tanium/TaniumClient directory.

Manage macOS firewall rules

The Tanium Client service is signed to automatically allow communication through the default macOS firewall. The client installation process does not modify any host-based firewall that might be in use. A network security administrator must ensure that host and network firewalls are configured to allow inbound and outbound TCP traffic on the port that the client uses for Tanium traffic (default 17472).

For details about port and firewall requirements for the Tanium Client, see Network connectivity, ports, and firewalls.

 Table 1: Firewall commands for macOS
Tasks Commands
View port 17472 status

sudo /usr/libexec/ApplicationFirewall/socketfilterfw --listapps | awk \
'/TaniumClient/ {getline; print $0}'

Add Tanium Client to firewall sudo /usr/libexec/ApplicationFirewall/socketfilterfw --add \
/Library/Tanium/TaniumClient/TaniumClient
Unblock Tanium Client in firewall sudo /usr/libexec/ApplicationFirewall/socketfilterfw --unblockapp \
/Library/Tanium/TaniumClient/TaniumClient
Remove Tanium Client from firewall sudo /usr/libexec/ApplicationFirewall/socketfilterfw --remove \
/Library/Tanium/TaniumClient/TaniumClient
Block Tanium Client in firewall sudo /usr/libexec/ApplicationFirewall/socketfilterfw --blockapp \
/Library/Tanium/TaniumClient/TaniumClient

Manage pop-ups for Tanium Client upgrades

When you upgrade the Tanium Client on endpoints that have a firewall enabled on macOS 10.14 (Mojave) or later, end users might see a pop-up prompting them to allow connections for the Tanium Client. To prevent the pop-up, either configure a firewall rule (best practice) or configure the System Preferences on the endpoints. You can perform this task for multiple endpoints by configuring a policy or profile through a User Approved Mobile Device Management (UAMDM) tool. Contact Tanium Support if you need help ensuring that an environment is ready before the Tanium Client upgrade.

For increased security, configuring a firewall rule to prevent the connections pop-up is preferable to configuring the System Preferences. However, only endpoints running macOS 10.14.4 or later support this method.

Configure an MDM policy or profile for multiple endpoints

When you configure a firewall rule or System Preferences through a policy or profile, the specific steps depend on your UAMDM. Contact Tanium Support for the procedure. The general steps are as follows:

  1. Create the policy or profile.
  2. Add a firewall or security setting to the policy or profile.
  3. Add com.tanium.taniumclient.plist to the allowed connections.

Users cannot see that the Tanium Client is allowed in the firewall unless you provide those users access to the Tanium Client installation directory.

Configure a firewall rule on a single endpoint

You require read-only access to the /Library/Tanium/TaniumClient directory to perform this task.

  1. Go to System Preferences > Security & Privacy.
  2. Click Unlock Unlock, enter administrator credentials, and click Unlock.
  3. Add a firewall rule: Click Firewall Options, click Add +, navigate to the /Library/Tanium/TaniumClient/ directory, select taniumclient, and click Add.
  4. Click OK to apply the rule.
Configure the System Preferences on a single endpoint

All endpoints that run macOS 10.14.x or later support configuring System Preferences to prevent the connections pop-up.

  1. Go to System Preferences > Security & Privacy.
  2. Click Unlock Unlock, enter administrator credentials, and click Unlock.
  3. Click Firewall Options, select Automatically allow downloaded signed software to receive incoming connections, and click OK.

Manage the Tanium Client service on macOS

On the macOS endpoint, open Terminal and use the listed launchctl commands to complete the following actions:

  • Start the Tanium Client service:

    sudo launchctl load /Library/LaunchDaemons/com.tanium.taniumclient.plist

  • Stop the Tanium Client service:

    sudo launchctl unload /Library/LaunchDaemons/com.tanium.taniumclient.plist

  • Remove the Tanium Client from the launch list:

    sudo launchctl remove com.tanium.taniumclient

Manage custom tags in the CustomTags.txt file

You can add a file that contains custom tags to the Tanium Client installation directory to enable using the tags to identify the endpoint in Tanium workflows. For example, you could use the tag Lab to identify endpoints used in a testing lab. You could then ask a question that uses the Custom Tags sensor and specifies the Lab tag, or you could create a computer group that selects computers based on the tag.

Add tags to the CustomTags.txt file

  1. Create a file named CustomTags.txt in the /Library/Tanium/TaniumClient/Tools directory.

  2. Open the file in a text editor and add tags as strings. Enter one string per line, and do not use spaces.
  3. Save the file. A restart of the endpoint or Tanium Client service is not required.

    The following example shows a Tanium Client installation directory that includes a custom tag named Lab:

Example: Use custom tags to create a computer group

After you add custom tags, you can use them to create a computer group as follows.

  1. From the Main menu, go to Administration > Permissions > Computer Groups and click New Group.
  2. Enter a Name to identify the group.

    In the Filter Bar, use the Custom Tags sensor to define group membership, as shown in Figure  2.

    Figure  2:  Using custom tags to select a computer group
  3. Save your changes.

You can use the Tanium packages named Custom Tagging - Add Tags and Custom Tagging - Add Tags (Non-Windows) to deploy tags at scale. For more information, see Tanium Console User Guide: Manage custom tags for computer groups.

Manage the Tanium Client on Linux

This section provides information about the following activities to manage the Tanium Client on Linux:

The Tanium Client is installed as a system service on Linux endpoints. The default installation directory for Tanium Client files is /opt/Tanium/TaniumClient.

Manage Linux firewall rules

The installation process does not modify any host-based firewall that might be in use. A network security administrator must ensure that host and network firewalls are configured to allow inbound and outbound TCP traffic on the port that the client uses for Tanium traffic (default 17472).

For details about port and firewall requirements for the Tanium Client, see Network connectivity, ports, and firewalls.

The following subsections list example commands for managing Linux firewalls based on default distributions of Linux.

Amazon Linux

By default, the iptables utility for managing the firewall is not configured on Amazon Linux AMI (2016.09, 2017.09, 2018.3) or Amazon Linux 2 LTS. To add, remove, deny, or view the status of ports that the Tanium Client uses, check your Amazon Web Services (AWS) security group instead.

Debian

By default, the iptables utility for managing the firewall is not configured on Debian 6.x, 7.x, 8.x, or 9.x. To add, remove, deny, or view the status of ports that the Tanium Client uses, check your Amazon Web Services (AWS) security group instead.

CentOS, AlmaLinux, Rocky Linux, Oracle Linux, Red Hat Linux

Versions 5.x and 6.x

The following table lists the commands for managing firewall rules for versions 5.x and 6.x of CentOS, Oracle Linux, and Red Hat Linux.

The iptables command is for IPv4. For IPv6, use the ip6tables command. Tanium Cloud does not support IPv6.

 Table 2: Firewall commands for CentOS, Oracle Linux, Red Hat Linux 5.x and 6.x
Tasks Commands
Check the firewall status

iptables -L -n --line-numbers | egrep -i "^Chain|REJECT *all"

The firewall is enabled when a REJECT *all rule is present.

View rules for port 17472 sudo iptables -L -n | grep 17472
Add or allow port 17472
  1. Check the firewall status.

    sudo iptables -L -n --line-numbers | egrep -i "^Chain|REJECT *all"

  2. For each <chain_name> with a REJECT all rule, run the following command, where <line> is the line number of the rule.

    sudo iptables -I <chain_name> <line> -p tcp -m state --state NEW \
    --dport 17472 -j ACCEPT

    For example, if the chain is RH-Firewall-1-INPUT and the REJECT all rule is on line 10, run:

    sudo iptables -I RH-Firewall-1-INPUT 10 -p tcp -m state --state NEW \
    --dport 17472 -j ACCEPT

  3. Save your changes and restart the iptables service.

    sudo service iptables save

    sudo service iptables restart

Remove or deny port 17472
  1. List the chains.

    sudo iptables -L -n | egrep -i "^Chain|17472"

  2. For each <chain_name>, run:

    sudo iptables -D <chain_name> -p tcp -m state --state NEW --dport 17472 -j ACCEPT

  3. Save your changes and restart the iptables service.

    sudo service iptables save

    sudo service iptables restart

Version 7.x and 8.x

The following table lists the commands for managing firewall rules for versions 7.x and 8.x of CentOS, Oracle Linux, or Red Hat Linux, or version 8.x of AlmaLinux or Rocky Linux:

 Table 3: Firewall commands for CentOS, Oracle Linux, or Red Hat Linux 7.x or 8.x; AlmaLinux or Rocky Linux 8.x
Tasks Commands
View rules for port 17472 sudo firewall-cmd --list-all-zones | grep 17472
Add or allow port 17472
  1. List the zones.

    sudo firewall-cmd --list-all-zones

  2. For each relevant <zone_name> (such as default and where ssh is present), run:

    sudo firewall-cmd --permanent --zone=<zone_name> --add-port=17472/tcp

  3. Restart the firewall.

    sudo systemctl restart firewalld

Remove or deny port 17472
  1. List the zones.

    sudo firewall-cmd --list-all-zones

  2. For each relevant <zone_name> where port 17472 is present, run:

    sudo firewall-cmd --permanent --zone=<zone_name> --remove-port=17472/tcp

  3. Restart the firewall.

    sudo systemctl restart firewalld

OpenSUSE and SLES

Version 15.x

The following table lists the commands for managing firewall rules for versions 15.x of OpenSUSE and SUSE Linux Enterprise Server (SLES):

 Table 4: Firewall commands for OpenSUSE and SLES 15.x
Tasks Commands
View rules for port 17472 sudo firewall-cmd --list-all-zones | grep 17472
Add or allow port 17472
  1. List the zones.

    sudo firewall-cmd --list-all-zones

  2. For each relevant <zone_name> (such as default and where ssh is present), run:

    sudo firewall-cmd --permanent --zone=<zone_name> --add-port=17472/tcp

  3. Restart the firewall.

    sudo systemctl restart firewalld

Remove or deny port 17472
  1. List the zones.

    sudo firewall-cmd --list-all-zones

  2. For each relevant <zone_name> where port 17472 is present, run:

    sudo firewall-cmd --permanent --zone=<zone_name> --remove-port=17472/tcp

  3. Restart the firewall.

    sudo systemctl restart firewalld

Version 11.x and 12.X

The following table lists the commands for managing firewall rules for versions 11.x and 12.x of OpenSUSE and SUSE Linux Enterprise Server (SLES):

 Table 5: Firewall commands for OpenSUSE and SLES 11.x and 12.x
Tasks Commands
View rules for port 17472 sudo grep "FW_SERVICES_EXT_TCP=" /etc/sysconfig/SuSEfirewall2 | egrep "[ \"]17472[ \"]"
Add or allow port 17472
  1. Open the /etc/sysconfig/SuSEfirewall2 file for editing, add port 17472 to the line FW_SERVICES_EXT_TCP=, and save your changes.
  2. Restart the firewall.

    sudo SuSEfirewall2 start

Remove or deny port 17472
  1. Open the /etc/sysconfig/SuSEfirewall2 file for editing, remove port 17472 from the line FW_SERVICES_EXT_TCP=, and save your changes.
  2. Restart the firewall.

    sudo SuSEfirewall2 start

Ubuntu

The following table lists the commands for managing firewall rules for Ubuntu 10.04, 14.04, 16.04, and 18.04 LTS:

 Table 6: Firewall commands for Ubuntu
Tasks Commands
View port 17472 status sudo ufw status | grep 17472

or

sudo iptables -L -n | grep 17472

Allow port 17472 sudo ufw allow 17472/tcp
Remove port 17472 sudo ufw delete allow 17472/tcp
Deny port 17472 sudo ufw deny 17472/tcp

Manage the Tanium Client service on Linux

Linux service commands vary according to Linux distribution. This documentation provides examples but is not a reference for each Linux distribution. If you are not already familiar with installing and managing services on your target Linux distribution, review the documentation for the particular Linux operating system before you begin.

Linux distributions and versions Typical commands

Versions that use the systemd daemon (all distributions)

  • Amazon Linux (all supported versions)

  • Debian (all supported versions)

  • Oracle Linux (version 7 and later)

  • Red Hat / CentOS (version 7 and later)

  • AlmaLinux / Rocky Linux (all supported versions)

  • SUSE / OpenSUSE (version 12 and later)

  • Ubuntu (version 16 and later)

systemctl start taniumclient
systemctl stop taniumclient
systemctl status taniumclient

Versions that use the init daemon (Debian-based distributions)

  • Ubuntu (version 14)

service taniumclient start
service taniumclient stop
service taniumclient status

Versions that use the init daemon (RPM-based distributions)

  • Oracle Linux (versions 5, 6)

  • Red Hat / CentOS (versions 5, 6)

  • SUSE / OpenSUSE (versions 11.3, 11.4)

service TaniumClient start
service TaniumClient stop
service TaniumClient status

Move an existing installation of the Tanium Client on Linux

The Tanium Client must store data in the default installation directory. For this reason, in some environments, the size of the /opt/Tanium directory might exceed the space allowed within the /opt directory. If there is not enough space in the default directory, use a symbolic link to move the client and data to another directory.

  1. Sign in to the endpoint using an account that has administrative privileges, or that is listed in the sudoers file to allow the account you are using to use sudo.
  2. Stop the Tanium Client service. For more information, see Manage the Tanium Client service on Linux.

  3. Move the Tanium Client to a new directory. For example, to move the Tanium Client from the default installation directory to the /appbin/Tanium directory, run the following command:

    mv /opt/Tanium /appbin

    The new directory must be located on a local fixed drive.

  4. Create a symbolic link. For example, if you want to use the directory /appbin/Tanium, run the following command:

    ln -s /appbin/Tanium /opt/Tanium

  5. Start the Tanium Client service. For more information, see Manage the Tanium Client service on Linux.

Manage custom tags in the CustomTags.txt file

You can add a file that contains custom tags to the Tanium Client installation directory to enable using the tags to identify the endpoint in Tanium workflows. For example, you could use the tag Lab to identify endpoints used in a testing lab. You could then ask a question that uses the Custom Tags sensor and specifies the Lab tag, or you could create a computer group that selects computers based on the tag.

Add tags to the CustomTags.txt file

  1. Create a file named CustomTags.txt in the Tools subdirectory of the installation directory.

    When using the default installation directory, the path is /opt/Tanium/TaniumClient/Tools/CustomTags.txt.

  2. Open the file in a text editor and add tags as strings. Enter one string per line, and do not use spaces.
  3. Save the file. A restart of the endpoint or Tanium Client service is not required.

    The following example shows a Tanium Client installation directory that includes a custom tag named Lab:

Example: Use custom tags to create a computer group

After you add custom tags, you can use them to create a computer group as follows.

  1. From the Main menu, go to Administration > Permissions > Computer Groups and click New Group.
  2. Enter a Name to identify the group.

    In the Filter Bar, use the Custom Tags sensor to define group membership, as shown in Figure  2.

    Figure  3:  Using custom tags to select a computer group
  3. Save your changes.

You can use the Tanium packages named Custom Tagging - Add Tags and Custom Tagging - Add Tags (Non-Windows) to deploy tags at scale. For more information, see Tanium Console User Guide: Manage custom tags for computer groups.

Manage the Tanium Client on Solaris

The Tanium Client is installed as a system service on Solaris endpoints. The Tanium Client files are installed by default in the /opt/Tanium/TaniumClient directory.

Manage the Tanium Client service on Solaris

To run svcadm commands, you must sign in to the endpoint as the root user or as a user who can use the sudo utility to run commands with root permissions.

Run the listed commands to complete the following actions:

  • Start the Tanium Client service: svcadm enable taniumclient
  • Stop the Tanium Client service: svcadm disable taniumclient
  • Restart the Tanium Client service: svcadm restart taniumclient
  • Display the status of the Tanium Client service: svcs taniumclient

Move an existing installation of the Tanium Client on Solaris

The Tanium Client must store data in the default installation directory. For this reason, in some environments, the size of the /opt/Tanium directory might exceed the space allowed within the /opt directory. If there is not enough space in the default directory, use a symbolic link to move the client and data to another directory.

  1. Sign in to the endpoint using an account that has administrative privileges, or that is listed in the sudoers file to allow the account you are using to use sudo.
  2. Use the following command to stop the Tanium Client service:

    svcadm disable taniumclient

  3. Move the Tanium Client to a new directory. For example, to move the Tanium Client from the default installation directory to the /appbin/Tanium directory, run the following command:

    mv /opt/Tanium /appbin

    The new directory must be located on a local fixed drive.

  4. Create a symbolic link, and set the PKG_NONABI_SYMLINKS environment variable to true. For example, if you want to use the directory /appbin/Tanium, run the following command:

    ln -s /appbin/Tanium /opt/Tanium
    PKG_NONABI_SYMLINKS=true
    export PKG_NONABI_SYMLINKS

  5. Use the following command to start the Tanium Client service:

    svcadm enable taniumclient

Manage the Tanium Client on AIX

The Tanium Client is installed as a system service on AIX endpoints. The default installation directory for Tanium Client files is /opt/Tanium/TaniumClient.

Manage the Tanium Client service on AIX

The Tanium Client on AIX uses the IBM AIX System Resource Controller (SRC) to manage the client service:

  • Start the Tanium Client service: startsrc -s taniumclient
  • Stop the Tanium Client service: stopsrc -s taniumclient
  • Verify that the Tanium Client service is available: lssrc -s taniumclient

Move an existing installation of the Tanium Client on AIX

The Tanium Client must store data in the default installation directory. For this reason, in some environments, the size of the /opt/Tanium directory might exceed the space allowed within the /opt directory. If there is not enough space in the default directory, use a symbolic link to move the client and data to another directory.

  1. Sign in to the endpoint using an account that has administrative privileges, or that is listed in the sudoers file to allow the account you are using to use sudo.
  2. Use the following command to stop the Tanium Client service:

    stopsrc -s taniumclient

  3. Move the Tanium Client to a new directory. For example, to move the Tanium Client from the default installation directory to the /appbin/Tanium directory, run the following command:

    mv /opt/Tanium /appbin

    The new directory must be located on a local fixed drive.

  4. Create a symbolic link. For example, if you want to use the directory /appbin/Tanium, run the following command:

    ln -s /appbin/Tanium /opt/Tanium

  5. Use the following command to start the Tanium Client service:

    startsrc -s taniumclient