AboutUs Documentation Support Resources Blog. Train @GTANIUM PRODUCTS SOLUTIONS CUSTOMERS PARTNERS NEWSAND PRE Search Client Preparing the Tanium Client on OS images You can install the Tanium Client on an operating system (OS) image that you use as a master when provisioning an OS for new computers or virtual desktop infrastructure (VDI) instances. When you start the OS image for the first time and the Tanium Client registers, the Tanium Server assigns a unique ComputeriD to the endpoint. The Tanium Server uses this ComputerlD to track and monitor each endpoint even if other identifiers change, such as the computer name, IP address, MAC address, or OS GUID. The Tanium Server detects and resolves duplicate IDs during registration to ensure each computer has a unique identifier, even if computers are cloned from an OS image that has a non- zero value for the ComputerID. However, to avoid the additional processing required to resolve duplicate IDs and the potential data infidelity during that processing, the best practice is to delete the Tanium Client ComputertD setting (non-Windows) or set it to 0 (Windows) in the OS image. The following procedures are best practices for preparing the Tanium Client on OS, images. Windows OS Refer to Microsoft documentation for complete details on Windows OS imaging. Prepare the Tanium Client as follows: 1. Install the Tanium Client: see Deployin; and supported Host system requirements. 2. Go to Windows Services and stop the Tanium Client service. 3. Confirm that the Tanium Client service is still set to start automatically when the computer reboots. 4, Perform the following steps in the Tanium Client Windows Registry key. © Set the ComputeriD data value to @ (zero). Do not simply delete the value or set it to a blank or null character. © Delete the registry value RegistrationCount. © Verify the ServerName and ServerPort values are correct. 5, Perform the following steps in the Tanium Client installation folder. © Delete the Strings folder. © Delete the loge. txt file.© Delete all files in the Downloads folder. (In other words, you should have an empty Downloads folder) © Delete all files in the Tools\Scans folder and in the Tools\Content Logs folder. © Consult your TAM to review the rest of the Tools folder to ensure no other stale Tanium Client data will be replicated. © Confirm that the date and timestamp on the Tanium Client tanium. pub file matches the Tanium Server tanium. pub file. 6. Save the image and shut down the computer. Note: The Tanium Client service is configured to start automatically when the OS is started. Ifthe reference computer is restarted before the reference image is captured, you might need to repeat these steps. Linux OS The commands for creating a Linux OS reference image vary by Linux distribution: + Earlier distributions implement the BSD init system (/etc/init. 4), These distributions use the service command to start, stop, or restart the service, + More recent distributions, such as CentOS 7.x, Oracle Enterprise Linux 7.x, RHEL 7.x, and Ubuntu 16.04, implement the newer systemd init system. The Tanium Client service is added to the services in /etc/systemd/system/multi- user. target.wants. These distributions use the systemetl command to start, stop, or restart a service. Each supported platform distribution requires a specific Tanium Client installation package file: see Ianium Client package files for Linux. IMPORTANT: Linux service commands vary by Linux distribution: see Manage the Tanium Client service on Linux. This documentation provides examples but is not a reference for each Linux distribution. if you are not already familiar with installing and managing services on your target Linux distribution, please review the documentation for the particular Linux operating system before you begin. Prepare the Tanium Client as follows: 1. Install the Tanium Client. Be sure to use the Tanium Client installation package file for your particular Linux distribution. See Deploying the Tanjum Client to Linux ‘endpoints and supported Host 2. Stop the Tanium Client daemon by entering the service command for your Linux distribution, The following are example commands: service TaniunClient stop systemetl stop taniumel ient 3. Configure basic Tanium Client settings on the reference computer (see Taniuum Client settings) | |ServerName or Tanium Server FQDN or P address. ServerNameList LogverbosityLevel The following decimal values are best practices for specific use cases: © 0 : Disable logging. This is the best practice value for clients installed on sensitive endpoints or virtual desktop infrastructure (VOM endpoints, © | 1 :Thisis the best practice value during normal operation. © 41: Thisis best practice value during troubleshooting. © 91 orhigher: Enable the most detailed log levels for short, periods of time only. Version Tanium Client version number The steps to configure the settings depend on the Tanium Client version: © Tanium Client 6.0: Edit the /opt/Tanium/TaniumClient/TaniumClient. ini file so that it has only the preceding settings. The following is an example of the file contents: version=6.0.314.1579 ServerNanel ist=ts1 .exazple.com,ts2.exanple.com LogverbosityLeve © Tanium Client 7.2: Issue the following CLI commands to navigate to the Tanium Client installation folder (default is /opt /Tanium/TaniumClient} and configure the settings (for details, see Non-Windows}. Version 7.2 does not require TaniumClient. ini ora version setting, cé-pronpt> cd end-pronpt> sudo ./TaniunClient config set ServerNameList tst-example.com,ts2.example.com end-prompt> sudo ./TaniunClient config set LogVerbosityLevel 1 4, Confirm that the Tanium Client daemon still exists in the system init folder. For example: /etc/init .d/TaniumClient or /etc/systemd/system/multi- user. target .wants/taniumclient. service. This ensures the daemon is launched when the system is rebooted. 5, Go to the Tanium Client installation folder and delete all files and subfolders except: © TaniumClient © tanium.pub © Sensors folder © Tools folder © TaniumClient.ind (Tanium Client 6.0 only) © client .db (Tanium Client 7.2 or later) © Libss1.so.1.0.0 (Tanium Client 7.2 or later) © Libpython2.7.50 (Tanium Client 7.2 or later) ‘© Libpython2.7.so.1.0 (Tanium Client 7.2 or later) © Liberypto.so.1.0.0 (Tanium Client 7.2 or later) © python27 folder (Tanium Client 7.2 or later) 6. Save the image and shut down the computer.Note: The Tanium Client daemon is configured to start automatically when the OS is started. Ifthe reference computer is restarted before the reference image is captured, you might need to repeat these steps. macOS Refer to Apple documentation for complete details on macOS imaging. Prepare the Tanium Client as follows: 1. Install the Tanium Client: see Deploying the Tanium Client to macOS endpoints and supported Host system requirements, 2. Use the launchetl command to stop the Tanium Client daemon (sudo permissions are required), For example: sudo Launchetl untoad /Library/LaunchDaenons/com,taniun.taniumclient plist 3. Confirm that com. tanium.taniumclient. plist still exists in /Library/Launchdaemons /. This ensures the daemon is launched when the system is rebooted. 4, On the reference computer, configure basic Tanium Client settings (for details, see Tanium Client settings). ServerName or _Tanium Server FQDN or IP address. ServerNameList LogVerbostyLevel The following decimal values are best practices for specific use cases: © 8 : Disable logging Thisis the best practice value fr clients installed on sensitive endpoints or virtual desktop infastructure (YON endpoints © | 1: Thisis the best practice value duringnormal operation © 41 :Thisis the best practice value during troubleshooting © 91 orhigher: Enable the most detailed log levels for short, period oftime only. Version Tanium Client version number The steps to configure the settings depend on the Tanium Client version: © Tanium Client 6.0: Edit the /Library/Tanium/TaniumClient/TaniumClient.ini file so that it has only the preceding settings. The following is an example of the file contents: Version=6.0.314.1579 ServerNanel ist=ts1.example.con,ts2.exanple.com LogverbosityLevel © Tanium Client 7.2: ssue the following CLI commands to navigate to the Tanium Client installation folder (default is /Library/Tanium/TaniumClient) and configure the settings (for details, see Non-Windows), Version 7.2 does not require a version setting, cnd-pronpt> cd end-pronpt> sudo ./TaniumClient config set SenverNameList ts1.example.con,ts2.example.com end-pronpt> sudo -/TaniumCLient config set LogVerbosityLevel 15, Go to the Tanium Client installation folder and delete all files and subfolders except: © TaniumClient © tanium. pub © Sensors folder © Tools folder © TaniumClient .ind (Tanium Client 6.0) © client. db (Tanium Client 7.2) © Libcrypto.1.@.0.dylib (Tanium Client 7.2) © Libpython2.7.dylib (Tanium Client 7.2) © Libss1.1.0.0.dylib (Tanium Client 7.2) © python27 folder (Tanium Client 7.2) 6, Save the image and shut down the computer. Note: The Tanium Client daemon is configured to start automatically when the OS. is started, Ifthe reference computer is restarted before the reference image is captured, you might need to repeat these steps. vol Licensing for VDI instances varies by VDI model type: + Persistent desktop instances are instances that are not reset more than once every 30 days. Each persistent instance requires a single license. + Non-persistent desktop instances are instances that are reset over the course of 30 days. A non-persistent instance requires one license for each reset during a 30-day period Use the following matrix to calculate the number of licenses required to support your Tanium deployment. Physical devices and persistent VDI systems + Reimage/resets within non-persistent VDI over a 30-day period , Physical or persistent VDI systems that are reimaged, reinstalled, orreset overa | + 30-day period Total required licenses | = Create a VDI golden image as follows: 1 Install the Tanium Client 2 Verify that the default client configuration is applied. To confirm this: © Check the ComputerID value in the Windows Registry, TaniumClient. ini file, or client. db (CLI) At this point, the setting should have a non-zero numeric value. © Ensure the client has executed all relevant scheduled actions. If you do not want to wait for the scheduled actions to run based on their defaultschedules, you can target the respective packages to the device hosting the golden image through one-time actions. 3. Stop the Tanium Client service (Manage the Tanium Client service on Windows) or process (Manage the Tanium Client service on Linu) 4, Verify that the service or process has stopped and that itis configured to start automatically on the next reboot. 5. Goto the Windows Registry, TaniumClient ini file, or client .db (CLI) and add or update the following settings. The goals to diffuse the concentration of resource utilization that otherwise might occur as a consequence of cloning and shared hardware. Client Setting Registry | Value | Guidelines Value Type | Data ComputeriD REG_DwoRD|0 —_| Explicitly setthe value to (2070). Do not simply delete the value or sett toa blank or null character, RandomSensorDelayinseconds | REG_OWORD 30 —_| Delays execution ofall sensors randomly with 30-second delays to prevent any concurrent execution of sensors and packages. MaxAgeMultipier REG_DWORD|2 | Themaximum age for each ‘Sensor is multiplied by this value to reduce impact on the VDI device. MinbistributeOverTimeinSeconds | REG_OWORD |60 _| Distribute an action over no less than 1 minute. LogverbosityLevel REG_DWORD|0 _ Disable logging in VOI instances, SaveClientStatelntervallnSeconds | REG_OWORD | 1800 | Write client state to disk every 30 minutes to reduce disk writes. 6. Run the initial Tanium™ index scan on the reference computer to indexits file syste. Running the scan before saving the golden image obviates the need to perform the scan for each VM when itis created from the image. Complete all other image preparations before starting the scan, and let the scan completely finish before finalizing the image. Note: For more information about Index scans, see Tanium Inciden’ Response User Guide: indexing file systems, Perform the following steps to run the Index scan: a. Access the Tanium Console, b. Deploy index tools to the reference computer fit does not already have them: see Tanium Incident Response User Guide: Deploy index tools to endpoints, c Issue the question Get Computer Name fron all machines with Computer Name contains ,whete is the hostname of the reference computer.d. Select the reference computer in the Question Results and click Deploy Action. €. For the Deployment Package, enter Start Indexing £. Specify an Action Group that contains the reference computer. g, Click Show Preview to Continue, verify that the reference computer is the target, and click Deploy Action. h, Return to the Tanium Console home page and, after giving the scan enough time to complete, issue the question Get Index Status from alt machines with Computer Nane contains When the scan completes, the Question Results display the followin, Index Status: Initial Index Scan Completed Index Status: Running 7. Save the image and then turn off the reference computer or block network access to the Tanium Server so that the Tanium Client on the reference computer does not register with the Tanium Server. Note: The Tanium Client service is configured to start automatically when the OS is started. ifthe reference computer is restarted before the reference image is captured, you might need to repeat these steps. Lastupdoediiszei9e a coach 1 Tanium inc Al rights reserved. Tanium isa regstere PrivacyPolicy Termsof Use Trademarks Contact Site Credits