Documentation Home > Tanium Core Platform Deployment Reference Guide

Command-line interface

Tanium core platform release 7.1.314.2924 and later support the configuration of component server settings with a command-line interface (CLI).

Tanium Appliance

For Tanium Appliance deployments, you can use the TanOS menu to read and write the configuration. In rare cases, you might be granted shell access to troubleshoot an issue. The CLI programs are installed in the following locations.

Component	CLI program location
Tanium Server	/opt/Tanium/TaniumServer/TaniumServer
Module Server	/opt/Tanium/TaniumModuleServer/TaniumModuleServer
Zone Server	/opt/Tanium/TaniumZoneServer/ZoneServer
TDownloader	/opt/Tanium/TaniumServer/TaniumTDownloader
TDownloader	/opt/Tanium/TaniumModuleServer/TaniumTDownloader

Windows

For Windows deployments, the Windows Registry is still the canonical source of configuration. You can use the CLI if you need to get or set the configuration programatically.

Component	CLI program location
Tanium Server	Program Files\Tanium\TaniumReceiver.exe
Module Server	Program Files\Tanium\TaniumModuleServer.exe
Zone Server	Program Files (x86)\Tanium\Tanium Zone Server\TaniumZoneServer.exe
TDownloader	Program Files\Tanium\Tanium Server\TDownloader.exe
TDownloader	Program Files\Tanium\Tanium Module Server\TDownloader.exe

If necessary, elevate permissions to open the command prompt as administrator.

Examples

The following examples show how to use the CLI.

Display help

cmd-prompt>TaniumReceiver --help
Usage: TaniumReceiver [options] <command> [<args>]

General Options:
  -h [ --help ]         Print this help message
  -v [ --version ]      Print the version
  --verbose             Verbose output

Service Options:
  -i                    Install the service
  -u                    Uninstall the service
  -s                    Start the service
  -e                    Stop the service

Internal Tanium Options - DO NOT USE:
  -d                    Run without daemonizing

Commands:
  config                Manage configuration
  database              Manages a database
  global-settings	 Manages global settings
  python-auth-plugin	 Run a python authentication plugin - DO NOT USE
  trust-module-certs    Add trusted Module Server certificates

For help on a specific command run `TaniumReceiver COMMAND -h`

Display config help

cmd-prompt>TaniumReceiver config --help
Usage: TaniumReceiver config <action> [<key>] [<value>]

Actions:
  config list                         List all keys and non-protected values
  config list-protected               List all keys and values
  config get <key>                    Print non-protected config value
  config get-protected <key>          Print config value
  config set <key> <value>            Set config value and try to guess type
  config set-string <key> <value>     Set string value
  config set-protected <key> <value>  Set protected string value
  config set-number <key> <value>     Set numeric value (in decimal or hex notation)
  config remove <key>                 Remove config value

Example: List configuration settings

cmd-prompt>TaniumReceiver config list
Keys:
  - AddressMask: 16777215
  - ConsoleSettingsJSON: C:\Program Files\Tanium\Tanium Server\http\config\console.json
  - DBUserDomain: tam.local
  - DBUserName: taniumsvc
  - LogPath: C:\Program Files\Tanium\Tanium Server\Logs
  - LogVerbosityLevel: 1
  - Logs:
    - Logs.MiniDumpMessages:
      - Logs.MiniDumpMessages.FilterRegex: .*Begin MiniDumper.*
      - Logs.MiniDumpMessages.LogVerbosityLevel: 1
  - ModuleServer: tms1.tam.local,TMS1.tam.local:17477
  - ModuleServerPort: 17477
  - PGDLLPath: C:\Program Files\Tanium\Tanium Server\postgres\bin
  - PGRoot: C:\Program Files\Tanium\Tanium Server\postgres
  - Path: C:\Program Files\Tanium\Tanium Server
  - ProxyPassword: 
  - ProxyPort: 
  - ProxyServer: 
  - ProxyType: NONE
  - ProxyUserid: 
  - SQLConnectionString: postgres:[email protected]=postgres port=5432
  - ServerName: 0.0.0.0
  - ServerPort: 17472
  - ServerSOAPPort: 443
  - TrustedCertPath: C:\Program Files\Tanium\Tanium Server\Certs\installedcacert.crt
  - TrustedHostList: ts1.tam.local
  - TrustedModuleServerCertsPath: C:\Program Files\Tanium\Tanium Server\trusted-module-servers.crt
  - Version: 7.3.314.3424

Example: Set configuration values

cmd-prompt>TaniumReceiver config set BypassProxyHostList ts1.example.com,ts2.example.com,localhost,127.0.0.1,10.10.10.11,10.10.10
.15
cmd-prompt>TaniumReceiver config get BypassProxyHostList
ts1.example.com,ts2.example.com,localhost,127.0.0.1,10.10.10.11,10.10.10.15

Example: Set configuration values

cmd-prompt>TDownloader config set ProxyServer 10.10.10.10
cmd-prompt>TDownloader config get ProxyServer
10.10.10.10

Example: Register with Tanium Server

On the Module Server host computer, use the CLI to register with a Tanium Server. Specify a Tanium Console admin username and password.

cmd-prompt>TaniumModuleServer register -h
Usage: TaniumModuleServer register <server> [opts]

  --server arg                    Tanium Server hostname (optionally including
                                  port)
  --address arg (=TMS1.tam.local) DNS name or IP that the Tanium Server should
                                  use to connect to this Module Server
  --timeout arg (=120)            Registration timeout in seconds
  --user arg                      Administrator username
  --pass arg                      Administrator password (leave blank for
                                  interactive prompt)
  --pass-file arg                 Administrator password protected file
  --trusted-fingerprint arg       Trust the given server certificate
                                  fingerprint
  --json-out arg                  JSON file to output results to

cmd-prompt>TaniumModuleServer register ts2.tam.local
Enter administrator username: TaniumAdmin

Enter password for user 'TaniumAdmin':
Successfully completed registration.

If the Tanium Console has been configured to use a non-standard port, you must specify the port number, as shown in the following example.

cmd-prompt>TaniumModuleServer register ts2.tam.local:8443
Enter administrator username: TaniumAdmin

Enter password for user 'TaniumAdmin':
Successfully completed registration.

cmd-prompt>

If the Tanium Console is not listening on 443 and you do not specify the port in the registration command, the registration results in failure with the message:

Failed to register module server. Failed to authenticate for registration. SSLClientConnection has failed to complete request.

Registration involves copying files between the Module Server and the Tanium Server. Run the registration command from the Module Server. Both servers must be reachable when you issue the registration command or the command fails.

Example: Configure global settings

cmd-prompt>TaniumReceiver global-settings -h
Usage: TaniumReceiver global-settings list|list-all|get|set|set-string|set-numbe
r|set-flags|unset-flags|remove

  -c [ --command ] arg  Command to run:
                            list
                            list-all
                            get <setting>
                            set <setting> <value>
                            set-string <setting> <value>
                            set-number <setting> <value>
                            set-flags <setting> [public|hidden|read-only|server...]
                            unset-flags <setting> [public|hidden|read-only|server ...]
                            remove <setting>

cmd-prompt>TaniumReceiver global-settings set ReportingTLSMode 0

Example: Add an admin user

cmd-prompt>TaniumReceiver database -h
Usage: TaniumReceiver database create|upgrade|create-admin-user

  -c [ --command ] arg  Command to run:
                            create
                            upgrade
                            create-admin-user [username] [domain]


cmd-prompt>TaniumReceiver database create-admin-user admin-recover tam.local

Last updated: 12/4/2019 4:10 PM | Feedback