Reference: Appliance Maintenance menu

Use the Appliance Maintenance menu to perform backups, system resets, TanOS upgrades, and system reboots or shutdowns.

Backup overview

TanOS contains the options to perform core and comprehensive backups. physical Tanium Appliances and virtual Tanium Appliances with inactive partitions also have the option to back up the active partition to the inactive partition. On virtual Tanium Appliances and cloud-based Tanium Appliances, you can also take a snapshot of the appliance image. For core and comprehensive backups, you can schedule automatic backups or perform a manual backup. The following sections describe the available options:

• Configure and run automatic backups
  • Add encryption key for the backups
  • Configure an automatic backup
  • Test an automatic backup
  • Schedule an automatic backup
• Configure and run manual backups
  • Add encryption key for the backups
  • Perform a partition sync (physical Tanium Appliance and virtual Tanium Appliance only)
  • Perform a core or comprehensive backup
• Manage Tanium database backups

For information on backup and recovery terminology, options, and planning, see the TanOS backup and recovery reference.

Configure and run automatic backups

Use TanOS to schedule automatic backups for the Tanium Appliance. Through TanOS, you can schedule core and comprehensive backups.

After you perform the initial setup for an appliance, a core backup is scheduled by default. The TanOS health check reports an error that automatic backups cannot complete until you set up an encryption key. To remove the error from the health check, you can either add an encryption key or disable the scheduled core backup. For more information on the TanOS health check, see Run the Health Check.

The general process to set up an automatic backup includes the following steps:

1. Add an encryption key for all backups.
2. Configure a core or comprehensive backup.
3. Test the automatic backup.
4. Schedule the automatic backup.

When you schedule an automatic backup, TanOS prompts you to select a remote host to which to save the recovery bundle. TanOS also saves the recovery bundle to the /outgoing directory, where you can use SFTP to download the recovery bundle.

Add encryption key for the backups

Encrypt all core and comprehensive backup recovery bundles with a key pair. Encryption is required for both automatic and manual backups.

1. Use OpenSSL to generate a public/private key pair in a PEM file. Enter a passphrase when prompted.

   openssl genrsa -aes256 -out ssl-pvk.pem 3072

2. (FIPS mode only) For customers that need to decrypt backup bundles on a FIPS-enabled appliance, encrypt your backup key using the following command:

   openssl pkcs8 -topk8 -in OLD_FILENAME.pem -v2 aes-256-cbc -out NEW_FILENAME.pem'

3. Extract the public key from the PEM file. Enter your passphrase when prompted.

   openssl pkey -in ssl-pvk.pem -pubout -out ssl-pub.pem

4. Extract the identifier for the public key. This identifier is visible in the backup file and can be useful to find a particular public key.

   openssl pkey -pubin -in ssl-pub.pem -outform DER | openssl dgst -sha1

5. Copy the contents of the ssl-pub.pem file (the public key) to the clipboard.

6. Sign in to the TanOS console as a user with the tanadmin role.

7. Enter B to go to the Appliance Maintenance menu. View screen

    ------------------------------------------------------
   
                >>> Appliance Maintenance <<< 
   
             1: Backup
             2: Alerting
             3: Upgrade TanOS
             5: Shell Keys
   
             A: Clean directories
             B: Reboot/Shutdown
             C: Maintenance mode
             I: Increase storage
             S: OS Services	
             T: Tokens Download	
   
             X: Advanced Maintenance
   
             R: Return to previous menu  RR: Return to top
   
    ------------------------------------------------------

8. Enter 1 to go to the Backup menu. View screen

    ------------------------------------------------------
   
           >>> Appliance Maintenance -> Backup <<< 
   
               Automatic Backups 
   
             E: Set Encryption Key
             C: Configure Automatic Backup
             A: Run Automatic Backup Now
             S: Schedule Automatic Backup
   
               Manual Backups 
   
             P: Partition Sync
             N: Core Backup
             F: Comphrehensive Backup
             L: List Database Backups
   
             R: Return to previous menu  RR: Return to top
   
    ------------------------------------------------------

9. Enter E, paste the public key from the clipboard, and press Ctrl-D. View screen

    ------------------------------------------------------
   
           >>> Appliance Maintenance -> Backup <<< 
   
               Automatic Backups 
   
             E: Set Encryption Key
             C: Configure Automatic Backup
             A: Run Automatic Backup Now
             S: Schedule Automatic Backup
   
               Manual Backups 
   
             P: Partition Sync
             N: Core Backup
             F: Comphrehensive Backup
             L: List Database Backups
   
             R: Return to previous menu  RR: Return to top
   
    ------------------------------------------------------
    
    TanOS Version:        1.7.4
    TanOS_Shell Version:  1.7.4
   
    Please select: E
   Paste the PEM public key then press Ctrl-D
   -----BEGIN PUBLIC KEY-----
   MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAxlgJIiY7Lxq0OtQYP1ic
   l6QKvpiLTiMFprfGx5HpvjED8ea90k3NLs4gqKCnNfqzoflBDam12jdtqm0XM7TD
   ythv8tPL2qoCk8HRilJzRQqk8YpAw0tz2tgvl9WqZfjIrRgN/CReTPxXg08OTr8g
   8v/P8NY/IHs2xEQttC3ALgwlUpjEnIfZIYvGX/sFLioTCiuntIEDZqDRd086FC8K
   6Zrdz6z8Rb9iCZu//Usc5o+uNpVJT2iOjXsSt5ZnWZzF6LlgwI/RPB1UZ+loCRQP
   /A8vpp3FcyjcE04XYgMRFJI1/fiGI9MzZC0V2Ki2dAWJERN37+11CeLZip0AXf5T
   q7psBQwu9I85q681F/aGZ9vsJuX0JTkEKzKJdoGiWsmuUVNUX3gUrLQHNf0OBtx2
   7yivtj2dQAdjE8qGFKoZ/ndUqX/BYg6FCktMvwqmMtVVlKyWTl4g/h75tvmMBKOS
   H3iCa4S+jag34+D1J8q9YAU0t7m9EY3uXzQIdvkCJWAFAgMBAAE=
   -----END PUBLIC KEY-----
   Successfully imported key 24cc7840d640bbcc6a15a756c49428e50323c2d9
    Press enter to continue

10. Press Enter to go to the Backup menu.

11. To test the encryption, perform a manual core backup using the steps described in Perform a core or comprehensive backup.

    1. After the backup completes, download the recovery bundle. Note that you are not prompted to set a password.
    2. Extract the recovery bundle. The folder contains a README.txt file that describes how to decrypt the recovery bundle.

Configure an automatic backup

In a new installation with a Tanium role installed, an automatic core backup is scheduled to run nightly at 2:01 AM UTC. You can edit the backup, disable the backup, or configure an automatic comprehensive backup.

1. Sign in to the TanOS console as a user with the tanadmin role.
2. Enter B to go to the Appliance Maintenance menu. View screen

    ------------------------------------------------------
   
                >>> Appliance Maintenance <<< 
   
             1: Backup
             2: Alerting
             3: Upgrade TanOS
             5: Shell Keys
   
             A: Clean directories
             B: Reboot/Shutdown
             C: Maintenance mode
             I: Increase storage
             S: OS Services	
             T: Tokens Download	
   
             X: Advanced Maintenance
   
             R: Return to previous menu  RR: Return to top
   
    ------------------------------------------------------

3. Enter 1 to go to the Backup menu. View screen

    ------------------------------------------------------
   
           >>> Appliance Maintenance -> Backup <<< 
   
               Automatic Backups 
   
             E: Set Encryption Key
             C: Configure Automatic Backup
             A: Run Automatic Backup Now
             S: Schedule Automatic Backup
   
               Manual Backups 
   
             P: Partition Sync
             N: Core Backup
             F: Comphrehensive Backup
             L: List Database Backups
   
             R: Return to previous menu  RR: Return to top
   
    ------------------------------------------------------

4. Enter C to configure an automatic backup. View screen

    ------------------------------------------------------
   
          >>> Maintenance -> Backup -> Configure <<< 
   
   Type                    Enabled         Export (SCP)    Scheduled 
   ===============         =======         ============    ========= 
   Core                    no              no              yes
   Comprehensive           no              no              no
   
             N: Configure Core Backup
             F: Configure Comprehensive Backup
   
             R: Return to previous menu  RR: Return to top
   
    ------------------------------------------------------

5. Select the type of backup to configure:
   • To configure a core backup, enter N.
   • To configure a comprehensive backup, enter F.
6. Follow the prompts to enable the backup and to specify file transfer options.
   • Automatic backups always save the recovery bundles to the /outgoing directory for download with SFTP.
   • You can specify a username and IP address for a destination server to reach with secure copy protocol (SCP). If you set up a file transfer with SCP, copy the public SSH key of the TanOS user that you are using to configure and run the backup to the remote user's ~/.ssh/authorized_keys file on the remote system. Ensure proper privileges on the remote system; you may need to run CHMOD 600 on the ~/.ssh/authorized_keys file.
     To locate a TanOS user's public SSH key to copy and store in the remote user's authorized keys file, sign in to the TanOS menu and navigate to User Administration C > TanOS U > user # > Key Pair P. The public SSH key is presented for copying.

     The backup files are stored on the remote system at /home/<remote user>/ .

     For information on managing TanOS user SSH keys, see Manage SSH keys.

Test an automatic backup

1. Sign in to the TanOS console as a user with the tanadmin role.
2. Enter B to go to the Appliance Maintenance menu. View screen

    ------------------------------------------------------
   
                >>> Appliance Maintenance <<< 
   
             1: Backup
             2: Alerting
             3: Upgrade TanOS
             5: Shell Keys
   
             A: Clean directories
             B: Reboot/Shutdown
             C: Maintenance mode
             I: Increase storage
             S: OS Services	
             T: Tokens Download	
   
             X: Advanced Maintenance
   
             R: Return to previous menu  RR: Return to top
   
    ------------------------------------------------------

3. Enter 1 to go to the Backup menu. View screen

    ------------------------------------------------------
   
           >>> Appliance Maintenance -> Backup <<< 
   
               Automatic Backups 
   
             E: Set Encryption Key
             C: Configure Automatic Backup
             A: Run Automatic Backup Now
             S: Schedule Automatic Backup
   
               Manual Backups 
   
             P: Partition Sync
             N: Core Backup
             F: Comphrehensive Backup
             L: List Database Backups
   
             R: Return to previous menu  RR: Return to top
   
    ------------------------------------------------------

4. Enter A to go to the Run Now menu. View screen

   >>> Maintenance -> Backup -> Run Now <<< 
   
   Type                    Enabled         Export (SCP)    Scheduled 
   ===============         =======         ============    ========= 
   Core                    yes             no              yes
   Comprehensive           no              no              no
   
             N: Run Core Backup
             F: Run Comprehensive Backup
   
             R: Return to previous menu  RR: Return to top
   
    ------------------------------------------------------

5. Select the type of backup to run.
6. Verify the backup settings and enter Yes to run the backup.
7. Verify the backup completes successfully. View screen
   • If the backup exports the recovery bundle to a remote server with SCP, sign in to the remote server and verify the recovery bundle exists.
   • Extract the recovery bundle. The folder contains a README.txt file that describes how to decrypt the recovery bundle.

   >>> Maintenance -> Backup -> Run Core Now <<< 
   
    Current Backup Configuration 
   
    Enabled:                  yes
    TanOS User:               tanadmin
   
    Export via SCP:           no
    Remote SCP Host: 
    Remote SCP User: 
    Remote SCP Directory: 
   
    Run automatic backup now with these settings? [Yes|No]: yes
   
   Searching for files to include in the Recovery Bundle
   Capturing TaniumServer database snapshot
   Packaging and encrypting Recovery Bundle
   Backup file copied to outgoing
   Finished processing core Recovery Bundle.
    Successfully completed the scheduled backup
   
    Press enter to continue

Schedule an automatic backup

1. Sign in to the TanOS console as a user with the tanadmin role.
2. Enter B to go to the Appliance Maintenance menu. View screen

    ------------------------------------------------------
   
                >>> Appliance Maintenance <<< 
   
             1: Backup
             2: Alerting
             3: Upgrade TanOS
             5: Shell Keys
   
             A: Clean directories
             B: Reboot/Shutdown
             C: Maintenance mode
             I: Increase storage
             S: OS Services	
             T: Tokens Download	
   
             X: Advanced Maintenance
   
             R: Return to previous menu  RR: Return to top
   
    ------------------------------------------------------

3. Enter 1 to go to the Backup menu. View screen

    ------------------------------------------------------
   
           >>> Appliance Maintenance -> Backup <<< 
   
               Automatic Backups 
   
             E: Set Encryption Key
             C: Configure Automatic Backup
             A: Run Automatic Backup Now
             S: Schedule Automatic Backup
   
               Manual Backups 
   
             P: Partition Sync
             N: Core Backup
             F: Comphrehensive Backup
             L: List Database Backups
   
             R: Return to previous menu  RR: Return to top
   
    ------------------------------------------------------

4. Enter S to go to the Schedule menu. View screen

   >>> Maintenance -> Backup -> Schedule <<< 
   
   Type                    Enabled         Export (SCP)    Scheduled 
   ===============         =======         ============    ========= 
   Core                    yes             no              yes
   Comprehensive           no              no              no
   
             N: Schedule Core Backup
             F: Schedule Comprehensive Backup
   
             R: Return to previous menu  RR: Return to top
   
    ------------------------------------------------------

5. Select the type of backup to view the schedule settings. The schedule settings include the current settings and the pending settings. View screen

   >>> Maintenance -> Backup -> Schedule Core <<< 
   
   Current time: Thu 2022-03-07 20:09:55 UTC
   Active : Disabled  
   Every Day          | 02:01 UTC
   Crontab formatted time string: 01 02 * * *
   
   Pending: Disabled  
   Day of Month | 1             | 00:00 UTC
   Crontab formatted time string: 00 00 1 * *
   
            1: Disable Schedule
            2: Enable Schedule
   
            4: Schedule by Day of Month
            5: Schedule by Day of Week
            6: Select Time of Day
   
            7: Activate Schedule Settings
   
            R: Return to previous menu  RR: Return to top
   
   ------------------------------------------------------

   • Enter 1 to disable the backup.
   • Enter 2 to enable the backup.
   • Enter 4 to enter the days of the month to run the backup. You can enter a date range or comma-separated days.
   • Enter 5 to enter the days of the week to run the backup. You can enter a range or comma-separated values.
   • Enter 6 to select the time to run the backup. Enter the hours and minutes in UTC time.
   • To confirm the pending settings, enter 7 to activate the settings. The active settings update to match the pending settings.

If you enter R and do not activate the settings, the changes do not save.

View log files after a backup

If a backup fails, you can review the TanOS log file for additional information.

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter 3 to go to the Tanium Support Menu menu.
3. Enter 1 to go to the Tanium Log Files menu.
4. Enter 1 to go to the TanOS Appliance menu.
5. Enter 1 to go to the TanOS Log menu.
6. Enter V to view the log file.

Configure and run manual backups

You must encrypt all backups with a key pair. Encryption is required for both automatic and manual backups. For steps on how to set up encryption, see Add encryption key for the backups.

Perform a core or comprehensive backup

Complete the following steps to perform a manual backup of the Tanium Appliance:

1. Sign in to the TanOS console as a user with the tanadmin role.
2. Enter B to go to the Appliance Maintenance menu. View screen

    ------------------------------------------------------
   
                >>> Appliance Maintenance <<< 
   
             1: Backup
             2: Alerting
             3: Upgrade TanOS
             5: Shell Keys
   
             A: Clean directories
             B: Reboot/Shutdown
             C: Maintenance mode
             I: Increase storage
             S: OS Services	
             T: Tokens Download	
   
             X: Advanced Maintenance
   
             R: Return to previous menu  RR: Return to top
   
    ------------------------------------------------------

3. Enter 1 to go to the Backup menu.
4. Use the menu to create a backup:
   • Enter N to go to the Backup off-box Core menu.
   • Enter F to go to the Backup off-box Comprehensive menu.
5. Follow the prompts to confirm the backup and to specify file transfer options. You can save the backup file to the /outgoing directory for download with SFTP, and you can specify a username and IP address for a destination server that can be reached with secure copy protocol (SCP). View screen

   >>> Appliance Maintenance -> Backup/Restore -> Backup off-box Comprehensive <<< 
   
    The remote backup will:
    - stop services during file collection (TMS comprehensive only)
    - create an archive with appropriate files
    - encrypt the archive using the pre-arranged public key
    - transfer the backup via scp (optional)
    - provide the backup for sftp download (optional)
   
    The backup will be deleted at the end; a transfer option MUST be chosen.
   
    Would you like to continue with a Comprehensive backup? [Yes|No]: yes
    Would you like to make this backup available for download via sftp? [Yes|No]: yes
   
    If you'd like to copy this backup file to a remote system via scp, ensure
    that the public key of tanadmin has been added to the authorized keys of
    the user on the target system. The file will be placed in the home directory
    of that user.
   
    Would you like to transfer the file via scp to a remote location? [Yes|No]: no
    Searching for files to include in the Recovery Bundle
    Capturing TaniumServer database snapshot
    Packaging and encrypting Recovery Bundle
    Backup file copied to outgoing
    Finished processing comp Recovery Bundle.
    Press enter to continue
   

6. After the backup completes, press Enter to go to the Backup menu.

If a backup fails, you can review the TanOS log file for additional information.

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter 3 to go to the Tanium Support Menu menu.
3. Enter 1 to go to the Tanium Log Files menu.
4. Enter 1 to go to the TanOS Appliance menu.
5. Enter 1 to go to the TanOS Log menu.
6. Enter V to view the log file.

Manage Tanium database backups

Beginning with TanOS 1.6.3, Tanium database backups are included with core backups and comprehensive backups. TanOS contains the option to manage Tanium database backups produced prior to TanOS 1.6.3.

To select a specific backup from the last 7 days, navigate to the List Tanium Database Backups menu.

1. Sign in to the TanOS console as a user with the tanadmin role.
2. Enter B to go to the Appliance Maintenance menu. View screen

    ------------------------------------------------------
   
                >>> Appliance Maintenance <<< 
   
             1: Backup
             2: Alerting
             3: Upgrade TanOS
             5: Shell Keys
   
             A: Clean directories
             B: Reboot/Shutdown
             C: Maintenance mode
             I: Increase storage
             S: OS Services	
             T: Tokens Download	
   
             X: Advanced Maintenance
   
             R: Return to previous menu  RR: Return to top
   
    ------------------------------------------------------

3. Enter 1 to go to the Backup menu.
4. Enter L to list the Tanium database backups.
5. Follow the prompts to export, rename, or delete the backup.

Configure alerts

TanOS can send alerts to a syslog server or to an email recipient. For optimal results, configure an SMTP email recipient. If the syslog server fails, the SMTP recipient receives a failure notification every 15 minutes until the failure is resolved or syslog forwarding is disabled.

Severity level is a global setting that applies to both Syslog and SMTP alerts.

Configure alerts

Use the Configure Alerts menu to set the alert severity threshold to info, warn, or error.

• Info: Includes all alerts
• Warn: Includes all error and warning alerts
• Error: Includes error alerts

1. Sign in to the TanOS console as a user with the tanadmin role.
2. Enter B to go to the Appliance Maintenance menu. View screen

    ------------------------------------------------------
   
                >>> Appliance Maintenance <<< 
   
             1: Backup
             2: Alerting
             3: Upgrade TanOS
             5: Shell Keys
   
             A: Clean directories
             B: Reboot/Shutdown
             C: Maintenance mode
             I: Increase storage
             S: OS Services	
             T: Tokens Download	
   
             X: Advanced Maintenance
   
             R: Return to previous menu  RR: Return to top
   
    ------------------------------------------------------

3. Enter 2 to go to the Alerting menu. View screen

   ------------------------------------------------------
   
          >>> Appliance Maintenance -> Alerting <<< 
   
            1: Configure Syslog Destination
            2: Configure SMTP Destination
            3: Configure Alerts
            4: Status
   
            R: Return to previous menu  RR: Return to top
   
   ------------------------------------------------------

4. Enter 3 to go to the Configure Alerts menu. View screen

   >>> Appliance Maintenance -> Alerting -> Configure Alerts <<< 
   
    Current global alert status: Disabled 
    Current alert severity:
   
            1: Enable/Disable global alerts
            2: Edit Severity Level
   
            R: Return to previous menu  RR: Return to top
   
   ------------------------------------------------------

5. Use the menu to set a severity level and enable/disable alerting.

Configure syslog destination

The syslog alert configuration is separate from the syslog configuration in the Appliance Configuration menu. This configuration sends alerts for the alert threshold severity. The syslog configuration in the Appliance Configuration menu sends all logs.

1. Sign in to the TanOS console as a user with the tanadmin role.
2. Enter B to go to the Appliance Maintenance menu. View screen

    ------------------------------------------------------
   
                >>> Appliance Maintenance <<< 
   
             1: Backup
             2: Alerting
             3: Upgrade TanOS
             5: Shell Keys
   
             A: Clean directories
             B: Reboot/Shutdown
             C: Maintenance mode
             I: Increase storage
             S: OS Services	
             T: Tokens Download	
   
             X: Advanced Maintenance
   
             R: Return to previous menu  RR: Return to top
   
    ------------------------------------------------------

3. Enter 2 to go to the Alerting menu. View screen

   ------------------------------------------------------
   
          >>> Appliance Maintenance -> Alerting <<< 
   
            1: Configure Syslog Destination
            2: Configure SMTP Destination
            3: Configure Alerts
            4: Status
   
            R: Return to previous menu  RR: Return to top
   
   ------------------------------------------------------

4. Enter 1 to go to the Configure Syslog Destination menu. View screen

   >>> Appliance Maintenance -> Alerting -> Configure Syslog Destination <<< 
   
   Current destination status: Disabled 
   Current server address: 
   Current server port: 
   Current server protocol: 
   
            1: Enable/Disable syslog alerts
            2: Edit Syslog Destination
   
            R: Return to previous menu  RR: Return to top
   
   ------------------------------------------------------

5. Enter 2 and follow the prompts to configure a syslog destination. View screen

   >>> Appliance Maintenance -> Alerting -> Configure Syslog Destination <<< 
   
   Please enter the destination host: 10.10.10.10
   Please enter the destination port: 514
   Please enter the destination protocol [tcp/udp]: udp
   
   Alert syslog destination updated.

6. Enter 1 to enable syslog alerts. The Configure Syslog Destination menu updates to show the current status. View screen

   >>> Appliance Maintenance -> Alerting -> Configure Syslog Destination <<< 
   
   Current destination status: Enabled 
   Current server address: 10.10.10.10
   Current server port: 514
   Current server protocol: udp
   
            1: Enable/Disable syslog alerts
            2: Edit Syslog Destination
            3: Send Syslog Test Alert
   
            R: Return to previous menu  RR: Return to top
   
   ------------------------------------------------------

7. Enter 3 to send a test alert to the syslog server.

The test alert appears in the syslog server logs.

Configure SMTP destination

1. Sign in to the TanOS console as a user with the tanadmin role.
2. Enter B to go to the Appliance Maintenance menu. View screen

    ------------------------------------------------------
   
                >>> Appliance Maintenance <<< 
   
             1: Backup
             2: Alerting
             3: Upgrade TanOS
             5: Shell Keys
   
             A: Clean directories
             B: Reboot/Shutdown
             C: Maintenance mode
             I: Increase storage
             S: OS Services	
             T: Tokens Download	
   
             X: Advanced Maintenance
   
             R: Return to previous menu  RR: Return to top
   
    ------------------------------------------------------

3. Enter 2 to go to the Alerting menu. View screen

   ------------------------------------------------------
   
          >>> Appliance Maintenance -> Alerting <<< 
   
            1: Configure Syslog Destination
            2: Configure SMTP Destination
            3: Configure Alerts
            4: Status
   
            R: Return to previous menu  RR: Return to top
   
   ------------------------------------------------------

4. Enter 2 to go to the Configure SMTP Destination menu. View screen

   >>> Appliance Maintenance -> Alerting -> Configure SMTP Destination <<< 
   
    Destination status: Disabled 
    Recipient address   : 
    Server address      : 
    Server port         : 
    Require TLS         : 
    Server protocol     : 
    Authentication Type : 
    Server Username     :  
   
            1: Enable/Disable SMTP alerts
            2: Edit SMTP Destination
   
            R: Return to previous menu  RR: Return to top
   
   ------------------------------------------------------

5. Enter 2 and follow the prompts to configure the SMTP destination. View screen

   >>> Appliance Maintenance -> Alerting -> Configure SMTP Destination <<< 
   
   Please enter the SMTP host: 10.10.10.10
   Please enter the destination port: 25
   Please enter the recipient email address: [email protected]
   
   Alert SMTP destination updated.

6. Enter 1 to enable SMTP alerts. The Configure SMTP Destination menu updates to show the current status. View screen

   >>> Appliance Maintenance -> Alerting -> Configure SMTP Destination <<< 
   
   Current destination status: Enabled 
   Current server address: 10.10.10.10
   Current server port: 25
   Current recipient address: [email protected] 
   
            1: Enable/Disable SMTP alerts
            2: Edit SMTP Destination
            3: Send SMTP Test Alert
   
            R: Return to previous menu  RR: Return to top
   
   ------------------------------------------------------

7. Enter 3 to send a test alert to the mail recipient.

Upgrade TanOS

See Upgrade TanOS.

Request a shell access key

You can request OS shell access to examine OS processes and files written to the file system. See Examine Tanium and TanOS files.

Clean up generated files

Clean directories to clear up disk space or clear logs to make it easier to work with new entries in the log viewer.

1. Sign in to the TanOS console as a user with the tanadmin role.
2. Enter B to go to the Appliance Maintenance menu. View screen

    ------------------------------------------------------
   
                >>> Appliance Maintenance <<< 
   
             1: Backup
             2: Alerting
             3: Upgrade TanOS
             5: Shell Keys
   
             A: Clean directories
             B: Reboot/Shutdown
             C: Maintenance mode
             I: Increase storage
             S: OS Services	
             T: Tokens Download	
   
             X: Advanced Maintenance
   
             R: Return to previous menu  RR: Return to top
   
    ------------------------------------------------------

3. Enter A to go to the Clean directories menu. View screen

   ------------------------------------------------------
   
     >>> Appliance Maintenance -> Clean directories <<< 
   
            1: SFTP (IN/OUT)
            2: Cores
            3: Tanium Application Logs
            4: Tanium TSG HTTP Files
   
            T: /tmp Directory
   
            R: Return to previous menu  RR: Return to top
   
   ------------------------------------------------------

4. Use the menu to delete files that have been generated in the SFTP /incoming and /outgoing directories, core dump files, application logs, and so on.

Reboot or shut down

Tasks that you complete with TanOS menus typically do not require you to reboot the system. A reboot might be required during troubleshooting workflows.

Shutdown turns off the system and powers down the appliance.

On a physical Tanium Appliance, you must have physical or iDRAC access to the appliance to power it on. Do not perform a system shutdown unless you are prepared to power the appliance back on.

Reboot

1. Sign in to the TanOS console as a user with the tanadmin role.
2. Enter B to go to the Appliance Maintenance menu. View screen

    ------------------------------------------------------
   
                >>> Appliance Maintenance <<< 
   
             1: Backup
             2: Alerting
             3: Upgrade TanOS
             5: Shell Keys
   
             A: Clean directories
             B: Reboot/Shutdown
             C: Maintenance mode
             I: Increase storage
             S: OS Services	
             T: Tokens Download	
   
             X: Advanced Maintenance
   
             R: Return to previous menu  RR: Return to top
   
    ------------------------------------------------------

3. Enter B to go to the Reboot/Shutdown menu. View screen

   ------------------------------------------------------
   
       >>> Appliance Maintenance -> Reboot/Shutdown <<< 
   
            1: Reboot the appliance
            2: Shutdown the appliance
   
            R: Return to previous menu  RR: Return to top
   
   ------------------------------------------------------

4. Enter 1 to go to the Reboot menu. View screen

   ------------------------------------------------------
   
   >>> Appliance Maintenance -> Reboot/Shutdown -> Reboot <<< 
   
    Rebooting this appliance
   
    The reboot might take a while to finish!
   
    Would you like to continue with the reboot? [Yes|No]:

5. Follow the prompts to reboot the appliance.

Shut down

1. Sign in to the TanOS console as a user with the tanadmin role.
2. Enter B to go to the Appliance Maintenance menu. View screen

    ------------------------------------------------------
   
                >>> Appliance Maintenance <<< 
   
             1: Backup
             2: Alerting
             3: Upgrade TanOS
             5: Shell Keys
   
             A: Clean directories
             B: Reboot/Shutdown
             C: Maintenance mode
             I: Increase storage
             S: OS Services	
             T: Tokens Download	
   
             X: Advanced Maintenance
   
             R: Return to previous menu  RR: Return to top
   
    ------------------------------------------------------

3. Enter B to go to the Reboot/Shutdown menu. View screen

   ------------------------------------------------------
   
       >>> Appliance Maintenance -> Reboot/Shutdown <<< 
   
            1: Reboot the appliance
            2: Shutdown the appliance
   
            R: Return to previous menu  RR: Return to top
   
   ------------------------------------------------------

4. Enter 2 to go to the Shutdown menu. View screen

   ------------------------------------------------------
   
   >>> Appliance Maintenance -> Reboot/Shutdown -> Shutdown <<< 
   
    Shutting down this appliance.
   
    This is a shutdown! 
    You will require physical access to restart the system! 
   
    Would you like to continue with the shutdown? [Yes|No]:

5. Follow the prompts to shut down the appliance.

Exit maintenance mode

Some maintenance procedures that you perform with TanOS menus prompt you to enter maintenance mode to ensure Tanium services are not affected by the maintenance operation. When the operation completes, exit maintenance mode to resume normal operations.

1. Sign in to the TanOS console as a user with the tanadmin role.
2. Enter B to go to the Appliance Maintenance menu. View screen

    ------------------------------------------------------
   
                >>> Appliance Maintenance <<< 
   
             1: Backup
             2: Alerting
             3: Upgrade TanOS
             5: Shell Keys
   
             A: Clean directories
             B: Reboot/Shutdown
             C: Maintenance mode
             I: Increase storage
             S: OS Services	
             T: Tokens Download	
   
             X: Advanced Maintenance
   
             R: Return to previous menu  RR: Return to top
   
    ------------------------------------------------------

3. Enter C to go to the Maintenance Mode menu.
4. Enter 1 to clear any maintenance actions.

Increase storage

On cloud-based Tanium Appliances and virtual Tanium Appliances, you can add a disk to the virtual image or increase the size of the existing virtual disk to increase the amount of storage that is available to TanOS.

This action is not reversible. Storage that you add to the appliance is permanently allocated. Do not attempt to remove disk storage from an appliance, as the appliance becomes unusable.

1. Modify the virtual image to add a disk or increase the size of the existing virtual disk.
2. Sign in to the TanOS console as a user with the tanadmin role.
3. Enter B to go to the Appliance Maintenance menu. View screen

    ------------------------------------------------------
   
                >>> Appliance Maintenance <<< 
   
             1: Backup
             2: Alerting
             3: Upgrade TanOS
             5: Shell Keys
   
             A: Clean directories
             B: Reboot/Shutdown
             C: Maintenance mode
             I: Increase storage
             S: OS Services	
             T: Tokens Download	
   
             X: Advanced Maintenance
   
             R: Return to previous menu  RR: Return to top
   
    ------------------------------------------------------

4. Enter I to go to the Increase Storage menu. View screen

   >>> Maintenance -> Increase Storage <<< 
   
    Utilize unused disks or free disk space to expand the TanOS /opt partition.
    
    This space can be additional storage that has been added through the hypervisor
    or reclaimed space from discarding alternate paritions.
    
    Be advised: This action is permanent!
   
    Current space
   Filesystem                 Size  Used Avail Use% Mounted on
   /dev/mapper/VolGroup1-opt  349G   14G  318G   4% /opt
   
    Additional space available: 445.41 GiB
   
   Would you like to add this additional space to TanOS? [Yes|No]: 

5. Follow the prompts to add the disk storage. View screen

   >>> Maintenance -> Increase Storage <<< 
   
    Utilize unused disks or free disk space to expand the TanOS /opt partition.
    
    This space can be additional storage that has been added through the hypervisor
    or reclaimed space from discarding alternate paritions.
    
    Be advised: This action is permanent!
   
    Current space
   Filesystem                 Size  Used Avail Use% Mounted on
   /dev/mapper/VolGroup1-opt  349G   14G  318G   4% /opt
   
    Additional space available: 445.41 GiB
   
   Would you like to add this additional space to TanOS? [Yes|No]: yes
     Size of logical volume VolGroup1/opt changed from 354.34 GiB (90712 extents) to <799.76 GiB (204
   738 extents).
     Logical volume VolGroup1/opt successfully resized.
   resize2fs 1.42.9 (28-Dec-2013)
   Filesystem at /dev/mapper/VolGroup1-opt is mounted on /opt; on-line resizing required
   old_desc_blocks = 45, new_desc_blocks = 100
   The filesystem on /dev/mapper/VolGroup1-opt is now 209651712 blocks long.
   
   Filesystem                 Size  Used Avail Use% Mounted on
   /dev/mapper/VolGroup1-opt  788G   14G  739G   2% /opt
    Press enter to continue
   

   If your virtual Tanium Appliance has an inactive partition set, any new storage is evenly allocated across the active (/OPT) and inactive (/ALTOPT) partitions.

Manage OS services

Use this menu to start, stop, restart, enable, and view status details for the network time protocol daemon (chronyd) and SSH daemon (sshd) services.

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter B to go to the Appliance Maintenance menu. View screen

    ------------------------------------------------------
   
                >>> Appliance Maintenance <<< 
   
             1: Backup
             2: Alerting
             3: Upgrade TanOS
             5: Shell Keys
   
             A: Clean directories
             B: Reboot/Shutdown
             C: Maintenance mode
             I: Increase storage
             S: OS Services	
             T: Tokens Download	
   
             X: Advanced Maintenance
   
             R: Return to previous menu  RR: Return to top
   
    ------------------------------------------------------

3. Enter S to go to the OS Services menu.View screen

    ------------------------------------------------------
   
         >>> Appliance Maintenance -> OS Services <<< 
   
             1: chronyd           enabled   started
             2: sshd              enabled   started
   
             R: Return to previous menu  RR: Return to top
    ------------------------------------------------------

4. Select a service to open the Service Control menu:

   • To manage chronyd, enter 1.View screen

      ------------------------------------------------------
     
                  >>> Service Control -> chronyd <<< 
     
         Service        State      Status
         chronyd        enabled    running
     	
         NOTE: Cannot disable OS services
     
               1: Start service
               2: Stop service
               3: Restart service
               4: [DISABLED] Disable service
               5: Enable service
               6: Status Details
     
               R: Return to previous menu  RR: Return to top
     
      ------------------------------------------------------

   • To manage sshd, enter 2.View screen

      ------------------------------------------------------
     
                  >>> Service Control -> sshd <<< 
     
         Service        State      Status
         sshd           enabled    running
     	
         NOTE: Cannot disable OS services
     
               1: Start service
               2: Stop service
               3: Restart service
               4: [DISABLED] Disable service
               5: Enable service
               6: Status Details
     
               R: Return to previous menu  RR: Return to top
     
      ------------------------------------------------------

5. Use the menu to select an action to start, stop, restart, enable, or view status details for the service.

6. Follow the prompts to perform the action.