Command-line interface
Tanium Core Platform 7.1.314.2924 or later supports the configuration of platform server settings through a command-line interface (CLI).
Tanium Appliance
For Tanium Appliance deployments, you can use the TanOS menu to read and write the configuration. In rare cases, you might be granted shell access to troubleshoot an issue. The CLI programs are installed in the following locations.
| Component | CLI program location |
|---|---|
| Tanium Server | /opt/Tanium/TaniumServer/TaniumServer |
| Module Server | /opt/Tanium/TaniumModuleServer/TaniumModuleServer |
| Zone Server | /opt/Tanium/TaniumZoneServer/ZoneServer |
| TDownloader | /opt/Tanium/TaniumServer/TaniumTDownloader |
| /opt/Tanium/TaniumModuleServer/TaniumTDownloader |
Windows
For Windows deployments, the Windows Registry is still the canonical source of configuration. You can use the CLI if you need to get or set the configuration using a program.
| Component | CLI program location |
|---|---|
| Tanium Server | Program Files\Tanium\TaniumReceiver.exe |
| Module Server | Program Files\Tanium\TaniumModuleServer.exe |
| Zone Server | Program Files (x86)\Tanium\Tanium Zone Server\TaniumZoneServer.exe |
| TDownloader | Program Files\Tanium\Tanium Server\TDownloader.exe |
| Program Files\Tanium\Tanium Module Server\TDownloader.exe |
If necessary, elevate permissions to open the command prompt as administrator.
Examples
The following examples show how to use the CLI.
Display help
cmd-prompt>TaniumReceiver --help
Usage: TaniumReceiver [options] <command> [<args>]
General Options:
-h [ --help ] Print this help message
-v [ --version ] Print the version
--verbose Verbose output
Service Options:
-i Install the service
-u Uninstall the service
-s Start the service
-e Stop the service
Internal Tanium Options - DO NOT USE:
-d Run without daemonizing
Commands:
config Manage configuration
database Manages a database
global-settings Manages global settings
license Manages Deployment License
pki Manages PKI
python-auth-plugin Run a python authentication plugin - DO NOT USE
server-registrations Manages server registration requests
trust-module-certs Add trusted Module Server certificates
For help on a specific command run `TaniumReceiver COMMAND -h`
Display config help
cmd-prompt>TaniumReceiver config --help
Usage: TaniumReceiver config <action> [<key>] [<value>]
Actions:
config list List all keys and non-protected values
config list-protected List all keys and values
config get <key> Print non-protected config value
config get-protected <key> Print config value
config set <key> <value> Set config value and try to guess type
config set-string <key> <value> Set string value
config set-protected <key> <value> Set protected string value
config set-number <key> <value> Set numeric value (in decimal or hex notation)
config remove <key> Remove config value
Example: List configuration settings
When displaying the current settings, note that the CLI output displays (protected) instead of the actual value for settings that are designated as protected, which means they are sensitive in the security sense.
cmd-prompt>TaniumReceiver config list Keys: - AddressMask: 16777215 - ConsoleSettingsJSON: C:\Program Files\Tanium\Tanium Server\http\config\console.json - DBUserDomain: tam.local - DBUserName: taniumsvc - LogPath: C:\Program Files\Tanium\Tanium Server\Logs - LogVerbosityLevel: 1 - Logs: - Logs.MiniDumpMessages: - Logs.MiniDumpMessages.FilterRegex: .*Begin MiniDumper.* - Logs.MiniDumpMessages.LogVerbosityLevel: 1 - ModuleServer: tms1.tam.local,TMS1.tam.local:17477 - ModuleServerPort: 17477 - PGDLLPath: C:\Program Files\Tanium\Tanium Server\postgres\bin - PKIDatabasePassword: (protected) - PGRoot: C:\Program Files\Tanium\Tanium Server\postgres - Path: C:\Program Files\Tanium\Tanium Server - ProxyPassword: (protected) - ProxyPort: - ProxyServer: - ProxyType: NONE - ProxyUserid: - SQLConnectionString: postgres:[email protected]=postgres port=5432 - ServerName: 0.0.0.0 - ServerPort: 17472 - ServerSOAPPort: 443 - TrustedCertPath: C:\Program Files\Tanium\Tanium Server\Certs\installedcacert.crt - TrustedHostList: ts1.tam.local - TrustedModuleServerCertsPath: C:\Program Files\Tanium\Tanium Server\trusted-module-servers.crt - Version: 7.3.314.4283
Example: Set configuration values
cmd-prompt>TaniumReceiver config set BypassProxyHostList ts1.example.com,ts2.example.com,localhost,127.0.0.1,10.10.10.11,10.10.10 .15 cmd-prompt>TaniumReceiver config get BypassProxyHostList ts1.example.com,ts2.example.com,localhost,127.0.0.1,10.10.10.11,10.10.10.15
Example: Set configuration values
cmd-prompt>TDownloader config set ProxyServer 10.10.10.10 cmd-prompt>TDownloader config get ProxyServer 10.10.10.10
Example: Register the Module Server with the Tanium Server
On the Module Server host computer, use the CLI to register with a Tanium Server. Specify a Tanium Console admin username and password.
cmd-prompt>TaniumModuleServer register -h Usage: TaniumModuleServer register <server> [opts] --server arg Tanium Server hostname (optionally including port) --address arg (=TMS1.tam.local) DNS name or IP that the Tanium Server should use to connect to this Module Server --timeout arg (=120) Registration timeout in seconds --user arg Administrator username --pass arg Administrator password (leave blank for interactive prompt) --pass-file arg Administrator password protected file --trusted-fingerprint arg Trust the given server certificate fingerprint --json-out arg JSON file to output results to cmd-prompt>TaniumModuleServer register ts2.tam.local Enter administrator username: TaniumAdmin Enter password for user 'TaniumAdmin': Successfully completed registration.
If the Tanium Console has been configured to use a non-standard port, you must specify the port number, as shown in the following example.
cmd-prompt>TaniumModuleServer register ts2.tam.local:8443 Enter administrator username: TaniumAdmin Enter password for user 'TaniumAdmin': Successfully completed registration. cmd-prompt>
If the Tanium Console is not listening on 443 and you do not specify the port in the registration command, the registration results in failure with the message:
Failed to register module server. Failed to authenticate for registration. SSLClientConnection has failed to complete request.
Registration involves copying files between the Module Server and the Tanium Server. Run the registration command from the Module Server. Both servers must be reachable when you issue the registration command or the command fails.
Example: Configure global settings
cmd-prompt>TaniumReceiver global-settings -h Usage: TaniumReceiver global-settings list|list-all|get|set|set-string|set-numbe r|set-flags|unset-flags|remove -c [ --command ] arg Command to run: list list-all get <setting> set <setting> <value> set-string <setting> <value> set-number <setting> <value> set-flags <setting> [public|hidden|read-only|server...] unset-flags <setting> [public|hidden|read-only|server ...] remove <setting> cmd-prompt>TaniumReceiver global-settings set ReportingTLSMode 0
Example: Add an admin user
cmd-prompt>TaniumReceiver database -h Usage: TaniumReceiver database create|upgrade|create-admin-user -c [ --command ] arg Command to run: create upgrade create-admin-user [username] [domain] sqlserver2postgre outputfile cmd-prompt>TaniumReceiver database create-admin-user admin-recover tam.local
Last updated: 5/14/2020 3:14 PM | Feedback