Control of the Tanium Client service must be restricted to SYSTEM access only for all managed clients.

An XCCDF Rule

Description

<VulnDiscussion>The reliability of the Tanium client's ability to operate depends upon controlling access to the Tanium client service. By restricting access to SYSTEM access only, the non-Tanium system administrator will not have the ability to impact operability of the service.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-254930r961317_rule
Severity: Medium
References: CCI-002165
Updated: 17 days ago

1. Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI) and log on with multi-factor authentication. 

2. Click "Modules" on the top navigation banner. 

3. Click "Interact". 
4. In "Categories" section, select "Client Service Hardening".

5. In "Dashboards" section, select "Control Service State Permissions".

6. The results will show a "Count" of clients matching the "Service Control is set to default permissions" query.

7. Select the result line for "Service Control is set to default permissions".

8. Choose "Deploy Action".

9. Deployment Package drop-down select "Client Service Hardening - Allow Only Local SYSTEM to Control Service".

10. Configure the schedule to repeat at least every hour for the requested action.

11. Under "Targeting Criteria" in the Action Group, select "All Computers" from the drop-down.

12. Click "Show preview to continue".

13. Noncompliant systems will be displayed at the bottom.

14. Click "Deploy Action".

15. Verify settings.

16. Click "Show Client Status Details".

Control of the Tanium Client service must be restricted to SYSTEM access only for all managed clients.

Description

Remediation - Manual Procedure