Command-line interface
Tanium Cloud does not support a command-line interface.
You can use the command-line interface (CLI) on the Tanium Appliance or on Windows to configure platform settings.
You can also change many platform settings through the Tanium Console. For more information, see Tanium Console User Guide: Managing Tanium Core Platform settings.
Contact Tanium Support for guidance before you create, edit, or delete platform settings.
Appliance: CLI
For Tanium Appliance deployments, you can use the TanOS menu to read and write the configuration, as described under Manage server settings. In rare cases, you might be granted shell access to troubleshoot an issue through the TanOS CLI. The following table lists the locations where the CLI programs reside. Click the links in the table to see descriptions of the settings that you can edit.
For details about the TanOS CLI, see Tanium Appliance Deployment Guide: TanOS command line interface.
| Component | CLI program location |
|---|---|
| Tanium Server | /opt/Tanium/TaniumServer/TaniumServer |
| Tanium Module Server | /opt/Tanium/TaniumModuleServer/TaniumModuleServer |
| Tanium Zone Server | /opt/Tanium/TaniumZoneServer/ZoneServer |
| TDownloader: Tanium Server | /opt/Tanium/TaniumServer/TaniumTDownloader |
| TDownloader: Module Server | /opt/Tanium/TaniumModuleServer/TaniumTDownloader |
Windows: CLI
To access the CLI for a Tanium Core Platform component, open the Command Prompt and navigate to the directory where the component CLI program reside. The following table lists the directories. Click the links in the table to see descriptions of the settings that you can edit.
To use the Command Prompt for commands that require administrator permissions, select the Run as administrator option to elevate permissions.
| Component | CLI program location |
|---|---|
| Tanium Server | Program Files\Tanium\TaniumReceiver.exe |
| Tanium Module Server | Program Files\Tanium\TaniumModuleServer.exe |
| Tanium Zone Server or Tanium Zone Server Hub | Program Files (x86)\Tanium\Tanium Zone Server\TaniumZoneServer.exe |
| TDownloader | Program Files\Tanium\Tanium Server\TDownloader.exe |
| Program Files\Tanium\Tanium Module Server\TDownloader.exe |
CLI examples
The following examples show how to use the CLI.
Display help
TaniumReceiver --help
Usage: TaniumReceiver [options] <command> [<args>]
General Options:
-h [ --help ] Print this help message
-v [ --version ] Print the version
--verbose Verbose output
Service Options:
-i Install the service
-u Uninstall the service
-s Start the service
-e Stop the service
Internal Tanium Options - DO NOT USE:
-d Run without daemonizing
Commands:
config Manage configuration
clean-downloads Clean the downloads catalog
database Manages a database
global-settings Manages global settings
license Manages Deployment License
pki Manages PKI
python-auth-plugin Run a python authentication plugin - DO NOT USE
server-registrations Manages server registration requests
test-hsm Test an HSM configuration
trust-module-certs Add trusted Module Server certificates
For help on a specific command run `TaniumReceiver COMMAND -h`
Display config help
cmd-prompt>TaniumReceiver config --help
Usage: TaniumReceiver config <action> [<key>] [<value>]
Actions:
config list List all keys and non-protected values
config list-protected List all keys and values
config get <key> Print non-protected config value
config get-protected <key> Print config value
config set <key> <value> Set config value and try to guess type
config set-string <key> <value> Set string value
config set-protected <key> <value> Set protected string value
config set-number <key> <value> Set numeric value (in decimal or hex notation)
config remove <key> Remove config value
Example: List configuration settings
When displaying the current settings, note that the CLI output displays (protected) instead of the actual value for settings that are designated as protected, which means they are sensitive in the security sense.
cmd-prompt>TaniumReceiver config list Keys: - AddressMask: 16777215 - ConsoleSettingsJSON: C:\Program Files\Tanium\Tanium Server\http\config\console.json - DBUserDomain: tam.local - DBUserName: taniumsvc - LogPath: C:\Program Files\Tanium\Tanium Server\Logs - LogVerbosityLevel: 1 - Logs: - Logs.MiniDumpMessages: - Logs.MiniDumpMessages.FilterRegex: .*Begin MiniDumper.* - Logs.MiniDumpMessages.LogVerbosityLevel: 1 - ModuleServer: tms1.tam.local,TMS1.tam.local:17477 - ModuleServerPort: 17477 - PGDLLPath: C:\Program Files\Tanium\Tanium Server\postgres\bin - PKIDatabasePassword: (protected) - PGRoot: C:\Program Files\Tanium\Tanium Server\postgres - Path: C:\Program Files\Tanium\Tanium Server - ProxyPassword: (protected) - ProxyPort: - ProxyServer: - ProxyType: NONE - ProxyUserid: - SQLConnectionString: postgres:[email protected]=postgres port=5432 - ServerName: 0.0.0.0 - ServerPort: 17472 - ServerSOAPPort: 443 - TrustedCertPath: C:\Program Files\Tanium\Tanium Server\Certs\installedcacert.crt - TrustedModuleServerCertsPath: C:\Program Files\Tanium\Tanium Server\trusted-module-servers.crt - Version: 7.5.6.1095
Example: Set configuration values
cmd-prompt>TaniumReceiver config set BypassProxyHostList host1.example.com,192.168.0.1 cmd-prompt>TaniumReceiver config get BypassProxyHostList host1.example.com,192.168.0.1
Example: Set configuration values
cmd-prompt>TDownloader config set ProxyServer 192.168.0.2 cmd-prompt>TDownloader config get ProxyServer 192.168.0.2
Example: Register the Module Server with the Tanium Server
On the Module Server host computer, use the CLI to register with a Tanium Server. Specify a Tanium Console administrator user name and password.
After registering the Module Server, you must restart the services for the Tanium Module Server and all Tanium modules and shared services. On the Module Server, open the Windows Services application and, for each service, right-click the service name and select Restart.
cmd-prompt>TaniumModuleServer register -h Usage: TaniumModuleServer register <server> [opts] --server arg Tanium Server hostname (optionally including port) --address arg (=TMS1.tam.local) DNS name or IP that the Tanium Server should use to connect to this Module Server --timeout arg (=120) Registration timeout in seconds --user arg Administrator username --pass arg Administrator password (leave blank for interactive prompt) --pass-file arg Administrator password protected file --trusted-fingerprint arg Trust the given server certificate fingerprint --json-out arg JSON file to output results to cmd-prompt>TaniumModuleServer register ts2.tam.local Enter administrator username: TaniumAdmin Enter password for user 'TaniumAdmin': Successfully completed registration.
If the Tanium Console has been configured to use a non-standard port, you must specify the port number, as shown in the following example.
cmd-prompt>TaniumModuleServer register ts2.tam.local:8443 Enter administrator username: TaniumAdmin Enter password for user 'TaniumAdmin': Successfully completed registration. cmd-prompt>
If the Tanium Console is not listening on 443 and you do not specify the port in the registration command, the registration results in failure with the message:
Failed to register module server. Failed to authenticate for registration. SSLClientConnection has failed to complete request.
Example: Configure global settings
cmd-prompt>TaniumReceiver global-settings -h Usage: TaniumReceiver global-settings list|list-all|get|set|set-string|set-numbe r|set-flags|unset-flags|remove -c [ --command ] arg Command to run: list list-all get <setting> set <setting> <value> set-string <setting> <value> set-number <setting> <value> set-flags <setting> [public|hidden|read-only|server...] unset-flags <setting> [public|hidden|read-only|server ...] remove <setting> cmd-prompt>TaniumReceiver global-settings set ReportingTLSMode 0
Example: Add an administrator user
cmd-prompt>TaniumReceiver database -h Usage: TaniumReceiver database create|upgrade|create-admin-user -c [ --command ] arg Command to run: create upgrade create-admin-user [username] [domain] sqlserver2postgre outputfile cmd-prompt>TaniumReceiver database create-admin-user admin-recover tam.local
Last updated: 5/31/2023 4:44 PM | Feedback