The Tanium Server certificate and private/public keys directory must be protected with appropriate permissions.

An XCCDF Rule

Description

<VulnDiscussion>If the private key is discovered, an attacker can use the key to authenticate as an authorized user and gain access to the network infrastructure. The cornerstone of the PKI is the private key used to encrypt or digitally sign information. If the private key is stolen, this will lead to the compromise of the authentication and non-repudiation gained through PKI because the attacker can use the private key to digitally sign documents and pretend to be the authorized user. Both the holders of a digital certificate and the issuing authority must protect the computers, storage devices, or whatever they use to keep the private keys.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-93395r1_rule
Severity: High
References: CCI-000186
Updated: about 1 year ago

Access the Tanium Server interactively.

Log on with an account with administrative privileges to the server.

Open an Explorer window.
Navigate to Program Files >> Tanium >> Tanium Server.

Right-click on "Certs" folder.
Choose "Properties".
Select the "Security" tab.
Click on the "Advanced" button.

Change the owner of the directory to the [Tanium service account].

Reduce System and the [Tanium service account] to Read-Only permissions.

Provide the [Tanium Admin group] with Full permissions.

Navigate to >> Program Files >> Tanium >> Tanium Server >> Certs.

Right-click on each of the following files:
Select "Properties".
Select the "Security" tab.
Click on the "Advanced" button.

For the following files, reduce System and the [Tanium service account] to Read-Only:
Installedcacert.crt
Installed-server.crt
Installed-server.key
SOAPServer.crt
SOAPServer.key

Ensure the [Tanium Admin group] has Full permissions for those same files.

Navigate to >> Program Files >> Tanium >> Tanium Server >> content_public_keys.

Select "Properties".

Select the "Security" tab.

Click on the "Advanced" button.

Reduce System to Read-Only permissions. - apply to child objects.

Reduce [Tanium service account] to Read-Only permissions. - apply to child objects.

Provide [Tanium Admin group] with Full permissions - apply to child objects.

The Tanium Server certificate and private/public keys directory must be protected with appropriate permissions.

Description

Remediation - Manual Procedure