Reference: Tanium Operations menu
Tanium™ operations include management of Tanium services, configuration settings, and certificate and public key files.
Start, stop, and restart Tanium services
Manage Tanium™ Core Platform servers and the database server with these common service control commands:
- Start
- Stop
- Restart
- Disable
- Enable
Use the TanOS menus to stop, start, or restart a service, regardless if the service is enabled or disabled.
To issue a command:
- Sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu.
View screen------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 1 to go to the Tanium Service Control menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Tanium Service Control <<<
1: ipsec enabled started
2: postgresql-tms enabled stopped
3: postgresql-ts-firewall enabled started
4: postgresql-ts enabled started
5: slapd enabled started
6: taniumserver enabled started
A: Restart ALL enabled Tanium services
B: Stop ALL Tanium services
C: Start ALL enabled Tanium services
D: Disable ALL Tanium services
E: Enable ALL Tanium services
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter the line number of the service that you want to manage to view the service commands. View screen
>>> Tanium Operations -> Tanium Service Control -> Service <<<
Service State Status
taniumserver enabled running
1: Start service
2: Stop service
3: Restart service
4: Disable service
5: Enable service
6: Status Details
R: Return to previous menu
------------------------------------------------------
- Enter the number associated with the service control command to issue it.
Change a Tanium server configuration
Use the Configuration Settings menu to change the log level or the Tanium component server configuration settings. Contact Tanium Support before changing Tanium configuration settings.
Edit server settings
- Sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 2 to go to the Configuration Settings menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Configuration Settings <<<
Note: Some settings may require a service restart to take effect.
1: Edit Tanium Server Settings
2: Edit Tanium Server TDL Settings
3: Add Tanium Server TDL Auth User
4: Add Tanium Server TDL Auth Cert
5: Edit Tanium Module Server Settings
6: Edit Tanium Module Server TDL Settings
7: Add Tanium Module Server TDL Auth User
8: Add Tanium Module Server TDL Auth Cert
9: Edit Tanium Zone Server Settings
11: Edit isolated subnets list
12: Edit separated subnets list
13: Control Root CA Certs
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Use the menu to view and edit Tanium component server settings.
Add an authentication user for TDownloader
Tanium Downloader (TDL) is a utility that the Tanium Core Platform uses to download files from other servers, including updates from content.tanium.com. Some servers require user authentication. Use this menu to add user credentials for the Tanium Server TDownloader instance or the Module Server TDownloader instance.
If you have Tanium Core Platform 7.5.3 or later, and Tanium Console 3.1 or later, you can use the Tanium Console to manage authentication certificates for remote sources. For information, see Tanium Console User Guide: Managing downloads authentication.
- Sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 2 to go to the Configuration Settings menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Configuration Settings <<<
Note: Some settings may require a service restart to take effect.
1: Edit Tanium Server Settings
2: Edit Tanium Server TDL Settings
3: Add Tanium Server TDL Auth User
4: Add Tanium Server TDL Auth Cert
5: Edit Tanium Module Server Settings
6: Edit Tanium Module Server TDL Settings
7: Add Tanium Module Server TDL Auth User
8: Add Tanium Module Server TDL Auth Cert
9: Edit Tanium Zone Server Settings
11: Edit isolated subnets list
12: Edit separated subnets list
13: Control Root CA Certs
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 3 (Tanium Server TDL Auth User) or 7 (Tanium Module Server TDL Auth User) and follow the prompts to configure user credentials for the server URL or Windows file share from which you want to download files. View screen
------------------------------------------------------
>>> Tanium Operations -> Configuration Settings <<<
Note: Some settings may require a service restart to take effect.
1: Edit Tanium Server Settings
2: Edit Tanium Server TDL Settings
3: Add Tanium Server TDL Auth User
4: Add Tanium Server TDL Auth Cert
5: Edit Tanium Module Server Settings
6: Edit Tanium Module Server TDL Settings
7: Add Tanium Module Server TDL Auth User
8: Add Tanium Module Server TDL Auth Cert
9: Edit Tanium Zone Server Settings
11: Edit isolated subnets list
12: Edit separated subnets list
13: Control RedHat CA Cert
R: Return to previous menu RR: Return to top
------------------------------------------------------
TanOS Version: 1.7.3
TanOS_Shell Version: 1.7.3
Please select: 7
URL: https://www.test.com/share
Username: taniumsvc
Password:
Password (confirm):The URL field can contain the path for a Windows file share, such as \\tam.local\dc1\share. For file access using Tanium, read-only permissions are sufficient. If you want to share files from a Windows share location, you must provide read-write permissions at a minimum. See the Microsoft Windows documentation for information about file and share permissions.
For security reasons, Tanium does not support hidden shares, such as c$.
- Review the resulting configuration.
Edit TDownloader settings
Use this menu to add and edit settings for the Tanium Server TDownloader instance or the Module Server TDownloader instance. For example, if your deployment uses proxies and contains only IPV6 addresses, add the ForceIPV6 setting to force the TDownloader to resolve proxy addresses as IPV6.
For a list of supported settings, see Tanium Core Platform Deployment Reference Guide: Tanium Core Platform server settings.
- Sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 2 to go to the Configuration Settings menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Configuration Settings <<<
Note: Some settings may require a service restart to take effect.
1: Edit Tanium Server Settings
2: Edit Tanium Server TDL Settings
3: Add Tanium Server TDL Auth User
4: Add Tanium Server TDL Auth Cert
5: Edit Tanium Module Server Settings
6: Edit Tanium Module Server TDL Settings
7: Add Tanium Module Server TDL Auth User
8: Add Tanium Module Server TDL Auth Cert
9: Edit Tanium Zone Server Settings
11: Edit isolated subnets list
12: Edit separated subnets list
13: Control Root CA Certs
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 2 to show the TDL settings. View screen
------------------------------------------------------
>>> Tanium Operations -> Configuration Settings -> Edit <<<
Editing: Tanium Server Downloader Settings
# Line Content
1 LogVerbosityLevel 1
2 TrustedCertPath /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
3 TrustedHostList ts1.tam.local,localhost,127.0.0.1,ts2.tam.local
A: Add a line
R: Return to previous menu
Please select a line number or menu item:- To add a new setting, enter A and follow the prompts to enter a key-value pair.
- To edit a setting, enter the line number of the setting, enter E, and type in the new value of the setting.
- To delete a setting, enter the line number of the setting, and enter D.
- For a list of settings, see Tanium Core Platform Deployment Reference Guide: Proxy server settings.
You can use the Tanium Console to manage proxy settings. For information, see Tanium Console User Guide: Configure proxy server settings.
Add an authentication certificate for TDownloader
If you have Tanium Core Platform 7.5.3 or later, and Tanium Console 3.1 or later, you can use the Tanium Console to manage authentication certificates for remote sources. For information, see Tanium Console User Guide: Managing downloads authentication.
Servers from which you want to download files might require certificate authentication. Use this menu to add a client certificate and key to the Tanium Server TDownloader instance or the Module Server TDownloader instance.
-
Use SFTP to copy the client certificate file and key file to the /incoming folder.
- Sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 2 to go to the Configuration Settings menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Configuration Settings <<<
Note: Some settings may require a service restart to take effect.
1: Edit Tanium Server Settings
2: Edit Tanium Server TDL Settings
3: Add Tanium Server TDL Auth User
4: Add Tanium Server TDL Auth Cert
5: Edit Tanium Module Server Settings
6: Edit Tanium Module Server TDL Settings
7: Add Tanium Module Server TDL Auth User
8: Add Tanium Module Server TDL Auth Cert
9: Edit Tanium Zone Server Settings
11: Edit isolated subnets list
12: Edit separated subnets list
13: Control Root CA Certs
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 4 (Add Tanium Server TDL Auth Cert) or 8 (Add Tanium Module Server TDL Auth Cert) and follow the prompts to upload the certificate and key file and configure TDownloader to use them for the server URL from which you want to download files. View screen
------------------------------------------------------
>>> Tanium Operations -> Configuration Settings <<<
Note: Some settings may require a service restart to take effect.
1: Edit Tanium Server Settings
2: Edit Tanium Server TDL Settings
3: Add Tanium Server TDL Auth User
4: Add Tanium Server TDL Auth Cert
5: Edit Tanium Module Server Settings
6: Edit Tanium Module Server TDL Settings
7: Add Tanium Module Server TDL Auth User
8: Add Tanium Module Server TDL Auth Cert
9: Edit Tanium Zone Server Settings
11: Edit isolated subnets list
12: Edit separated subnets list
13: Control Root CA Certs
R: Return to previous menu RR: Return to top
------------------------------------------------------
TanOS Version: 1.7.3
TanOS_Shell Version: 1.7.3
Please select: 4
Upload the certificate and key files into tancopy's incoming/ directory and
then provide the names of those files here to be loaded into the configuration
database.
URL: https://cdn.redhat.com
Certificate filename: client-certificate.pem
Key filename: client-key.pem
- Review the resulting configuration.
Manage authentication certificates for Tanium Patch connections with Red Hat
Tanium™ Patch downloads files from a Red Hat Satellite Server that requires certificate authentication.
If you have Tanium Core Platform 7.5.3 or later, and Tanium Console 3.1 or later, you can use the Tanium Console to manage authentication certificates for remote sources. For information, see Tanium Console User Guide: Managing downloads authentication.
- Download a client certificate and key file from the Red Hat website that is specific to your subscription entitlement and create files named client-certificate.pem and client-key.pem. For more information, see Tanium Patch User Guide: Enable and configure Linux features.
- Use SFTP to copy the certificate file and key file to the /incoming folder.
- Sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 2 to go to the Configuration Settings menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Configuration Settings <<<
Note: Some settings may require a service restart to take effect.
1: Edit Tanium Server Settings
2: Edit Tanium Server TDL Settings
3: Add Tanium Server TDL Auth User
4: Add Tanium Server TDL Auth Cert
5: Edit Tanium Module Server Settings
6: Edit Tanium Module Server TDL Settings
7: Add Tanium Module Server TDL Auth User
8: Add Tanium Module Server TDL Auth Cert
9: Edit Tanium Zone Server Settings
11: Edit isolated subnets list
12: Edit separated subnets list
13: Control Root CA Certs
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 4 (Tanium Server TDL Auth Cert) and follow the prompts to upload the certificate file and key file and to configure TDownloader to use them for the server URL from which you want to download files. View screen
------------------------------------------------------
>>> Tanium Operations -> Configuration Settings <<<
Note: Some settings may require a service restart to take effect.
1: Edit Tanium Server Settings
2: Edit Tanium Server TDL Settings
3: Add Tanium Server TDL Auth User
4: Add Tanium Server TDL Auth Cert
5: Edit Tanium Module Server Settings
6: Edit Tanium Module Server TDL Settings
7: Add Tanium Module Server TDL Auth User
8: Add Tanium Module Server TDL Auth Cert
9: Edit Tanium Zone Server Settings
11: Edit isolated subnets list
12: Edit separated subnets list
13: Control Root CA Certs
R: Return to previous menu RR: Return to top
------------------------------------------------------
TanOS Version: 1.7.3
TanOS_Shell Version: 1.7.3
Please select: 4
Upload the certificate and key files into tancopy's incoming/ directory and
then provide the names of those files here to be loaded into the configuration
database.
URL: https://cdn.redhat.com
Certificate filename: client-certificate.pem
Key filename: client-key.pem
- Enter 13 and use the menu to install the Red Hat enterprise CA certificate file (redhat-uep.pem). View screen
>>> Control Root CA Certs <<<
1: redhat-uep.pem (Not installed)
A: Add Root CA Cert
R: Return to previous menu
------------------------------------------------------
Edit Zone Server list
This option is deprecated for Tanium Core Platform 7.4 and does not appear in the menu.
- Sign in to the Zone Server Hub appliance as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 2 to go to the Configuration Settings menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Configuration Settings <<<
Note: Some settings may require a service restart to take effect.
1: Edit Tanium Server Settings
2: Edit Tanium Server TDL Settings
3: Add Tanium Server TDL Auth User
4: Add Tanium Server TDL Auth Cert
5: Edit Tanium Module Server Settings
6: Edit Tanium Module Server TDL Settings
7: Add Tanium Module Server TDL Auth User
8: Add Tanium Module Server TDL Auth Cert
9: Edit Tanium Zone Server Settings
10: Edit zone server list
11: Edit isolated subnets list
12: Edit separated subnets list
13: Control Root CA Certs
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 10 to edit the zoneserverlist.txt file.
- Add the IP address or FQDN for each Zone Server and save the file.
Edit Zone Server isolated subnets list
Use the TanOS menus to configure the isolated subnets list for Zone Servers.
For Tanium Servers (not Zone Servers), use the Tanium Console to configure the isolated subnets list. For more information, see Tanium Client Management User Guide: Configure isolated subnets.
- Sign in to the TanOS console of the Zone Server appliance as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 2 to go to the Configuration Settings menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Configuration Settings <<<
Note: Some settings may require a service restart to take effect.
1: Edit Tanium Server Settings
2: Edit Tanium Server TDL Settings
3: Add Tanium Server TDL Auth User
4: Add Tanium Server TDL Auth Cert
5: Edit Tanium Module Server Settings
6: Edit Tanium Module Server TDL Settings
7: Add Tanium Module Server TDL Auth User
8: Add Tanium Module Server TDL Auth Cert
9: Edit Tanium Zone Server Settings
11: Edit isolated subnets list
12: Edit separated subnets list
13: Control Root CA Certs
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 11 to edit the IsolatedSubnets.txt file. View screen
>>> Tanium TanOS -> Tools -> Edit Files -> IsolatedSubnets.txt <<<
#: Line Content
1: 192.168.1.0/24
A: Add a line
R: Return to previous menu
------------------------------------------------------
- Use the menu to specify the CIDR IP address for subnets in which clients should never peer.
Change a Tanium component server port
Perform the following steps to change a Tanium component server port. For more information about appliance ports, see Tanium network ports.
- Sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 2 to go to the Configuration Settings menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Configuration Settings <<<
Note: Some settings may require a service restart to take effect.
1: Edit Tanium Server Settings
2: Edit Tanium Server TDL Settings
3: Add Tanium Server TDL Auth User
4: Add Tanium Server TDL Auth Cert
5: Edit Tanium Module Server Settings
6: Edit Tanium Module Server TDL Settings
7: Add Tanium Module Server TDL Auth User
8: Add Tanium Module Server TDL Auth Cert
9: Edit Tanium Zone Server Settings
11: Edit isolated subnets list
12: Edit separated subnets list
13: Control Root CA Certs
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter the line number for the Tanium component server to modify.
- Use the menu to select and edit the Tanium component server port settings.
- Restart the service for the modified server. For more information, see Start, stop, and restart Tanium services.
Install a custom SOAP certificate
You can replace the self-signed certificates generated by the Tanium Server and Tanium Module Server installers with an SSL certificate issued by a commercial or enterprise certificate authority (CA).
In a Tanium cluster, repeat the following procedures to upload and install the certificate and key files to each Tanium Server.
For detailed information about the SSL certificates used in a Tanium deployment, see the Tanium Core Platform Deployment Reference Guide: Securing Tanium Console, API, and Module Server access.
Upload the CA certificate file
- Set up an SFTP client to connect to the Tanium Appliance:
- Specify tancopy for user name.
- Click Advanced.
- Under SSH, browse and select the private key that pairs with the public key that is uploaded to the appliance. For information, see Configure user access (Tanium™ Physical Appliance) or Configure user access (virtual appliance).
- Use SFTP to copy the SOAP certificate and key files to the /incoming directory on the appliance.
Install the SOAP certificate file
Install the new, CA-issued certificate and associated private key on the Tanium Server. In an active-active deployment, perform these steps on each Tanium Server. Because the steps include stopping and restarting the servers, perform this task during a maintenance window.
- Sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 4 to go to the Install Custom SOAP Cert procedure. View screen
------------------------------------------------------
>>> Tanium Operations -> Install Custom SOAP Cert <<<
This menu will allow you to install a custom SOAP Certificate on the Tanium server.
The detailed process and requirements can be reviewed at:
https://docs.tanium.com/platform_deployment_reference/platform_deployment_reference/
ssl_certificates.html#Appliance
Attention: the Tanium Server service will be restarted during this operation!
Please ensure that you have completed the following steps before continuing:
1) Follow the instructions on docs.tanium.com to generate a key/cert pair
2) Upload the SOAPServer.key and SOAPServer.crt files into the incoming
Would you like to continue? [Yes|No]:
- Follow the prompts to install the certificate and key files that you uploaded:
- Enter Yes at the prompt to proceed with the installation.
- Select the certificate that you are importing, verify that the displayed certificate details are correct, and enter Yes at the prompt. View screen
>>> Operations -> Install Custom SOAP Certs -> Select Certificate <<<
Pick a certificate (*.pem or *.crt) to import. Press ENTER to re-scan the
incoming directory.
1: SOAPServer.crt 2.1K
subject= /C=DE/ST=BE/L=Berlin/OU=IT
R: Return, no selection
Please select: 1
Examining SOAPServer.crt
MD5: dae8ad7e536540e97ddac0b75316a32b
Valid through: Dec 4 04:40:55 2029 GMT
Subject: CN=localhost
Use this file? [Yes|No]: - Select the private key that you are importing.
The Appliance verifies that the key is valid and matches the certificate. View screen
>>> Operations -> Install Custom SOAP Certs -> Select Certificate <<<
Pick a certificate (*.pem or *.crt) to import. Press ENTER to re-scan the
incoming directory.
1: SOAPServer.key 1.8K
Valid RSA Key, matching certificate
R: Return, no selection
Please select: 1
Creating backup of existing files.
Would you like to backup existing SOAP files to tancopy outgoing? [Yes|No]: - Enter Yes at the prompt to create a backup of the files in the /outgoing directory of the tancopy user.
The Tanium Appliance stops the Tanium Server service, installs the new certificate and key, and restarts the service. View screen
Creating backup of existing files.
Would you like to backup existing SOAP files to tancopy outgoing? [Yes|No]: yes
Existing SOAP files have been placed in the sftp outgoing directory.
This location will be cleaned daily at 02:00am appliance time
Stopping the Tanium Server service - this might take a while...
Installing new certificate...
Starting the Tanium Server service...
Successfully installed new SOAP certificate and restarted the Tanium Server
- If the Appliances are in an array, the last step is to re-register the Module Server: enter Yes at the prompt and enter the password of the Tanium Console admin user. View screen
This appliance is part of an Appliance Array containing a remote Tanium Module Server.
The TMS needs to re-register with this appliance to begin using the newly loaded certificate.
Do you want to register the TMS now? [Yes|No]: yes
Enter Tanium Console admin user (tanium) password for 10.1.20.30:
Otherwise, if the Appliance is not in an array, press Enter to continue and perform the steps described in Re-register the remote Module Server with each Tanium Server. View screen
Local Tanium Module Server service found - updating trusted.crt.
Restarting the Tanium Module Server service.
Finished updating trusted .crt and restarted Tanium Module Server.
Restart of other module services may be required.
Validate all other module services are functioning as expected and use the service control options to restart as required.
Custom SOAP Cert installation completed
Press enter to continue
Re-register the remote Module Server with each Tanium Server
After you replace the certificate and private key on the Tanium Server, re-register the Module Server if you did not already do so in the preceding task. In an active-active deployment, you must re-register with each Tanium Server. Because the steps include stopping and restarting services, perform this task during a maintenance window.
- Repeat the remote Module Server configuration steps to update the certificates that are used to validate SOAPServer.crt and ssl.crt on each server: trusted.crt on the Module Server appliance and trusted-module-servers.crt on the Tanium Server appliance. See the Tanium Appliance Deployment Guide: Configure the Tanium Server to use the remote Module Server.
- Restart all Tanium services on the Module Server appliance. See Tanium Appliance Deployment Guide: Start, stop, and restart Tanium services.
Manage content signing keys
- Sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 5 to go to the Install Content Signing Keys menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Install Content Signing Keys <<<
L: List Content Signing Keys
A: Add Content Signing Key
D: Delete Content Signing Key
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Use the menus to add, delete, or list the key files.
Enable import of user-created content
The Tanium Server requires content files that are imported into the Tanium Console to be signed, and the signatures are verified by public keys stored on the Tanium Server. The public keys for content developed by Tanium and delivered through content.tanium.com are included with the installation. To import user-created content, you must use a utility provided by Tanium to sign the content, and you must upload the public key from that pair to the Tanium Server. In an active-active cluster, perform the following steps for each active Tanium Server in the deployment.
- Contact Tanium Support for instructions on how to download the content signing key utility (keyutility.exe). For more information, see Contact Tanium Support.
- Use keyutility.exe to generate a cryptographic key pair and use it to sign the user-created content you want to import into the Tanium Server. See Tanium Core Platform User Guide: Authenticating content files.
- Rename the public key file from that key pair import.pub and use SFTP to upload it to the /incoming folder of the Tanium Server appliance.
- Sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 5 to go to the Install Content Signing Keys menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Install Content Signing Keys <<<
L: List Content Signing Keys
A: Add Content Signing Key
D: Delete Content Signing Key
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter A to go to the Add Content Signing Key menu and follow the prompts to import the public key file. View screen
>>> Tanium Operations -> Install Content Signing Certificate -> Add Content Signing Key <<<
Please use the tancopy account to transfer the public key via sftp into the incoming directory
The filename of the public key must be import.pub
Would you like to continue? [Yes|No]: yes
Continue with adding content signing key.
Found candidate file with md5 dc170530b4a5f957dd3e97b1edbd076a
Please enter the key's owner first name: John
Please enter the key's owner last name: Doe
Installed new content signing key for the Tanium Server:
SELF_John_Doe_1521239953.pub with md5 dc170530b4a5f957dd3e97b1edbd076a
Installed new content signging key for the Tanium Module Server:
SELF_John_Doe_1521239953.pub with md5 dc170530b4a5f957dd3e97b1edbd076a
Press enter to exit.
You can now upload signed user-created content to the Tanium Server on the appliance. In a Tanium Cluster, Tanium Servers write content to the shared Tanium database. Therefore, after you import content on a Tanium Server in an Tanium cluster, the content is available on the other Tanium Server.
Watch the tutorial about how to manage content signing keys for the Tanium Appliance.
Download the Tanium Server public key file
Download the Tanium Server public key file so you can include it in Tanium Client installation packages.
The option to download the public key only appears on appliances with Tanium Core Platform 7.3 or earlier installed. To download keys on Tanium Core Platform 7.4 or later, use the Tanium Console. For more information, see Tanium Console User Guide: Download infrastructure configuration files (keys).
- Sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
6: Download Public Key
7: Download SOAP Certificate
8: Import Existing Keys
A: Configure Remote Module Server
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 6 to go to the Download Public Key procedure.
- Follow any prompts to copy the public key to the /outgoing directory. View screen
>>> Tanium Operations -> Download public key <<<
There is a public key already in the outgoing directory.
If you copy again we will overwrite the current key.
Do you want to continue to copy again? [Yes|No]: yes
Public key (tanium.pub) has been copied to tancopy outgoing.
You can connect with tancopy via sftp and fetch it from the outgoing directory
Press enter to continue
- Use SFTP to copy the tanium.pub file from the /outgoing directory on the appliance to your management computer.
Download the Tanium Server SOAP certificate
Download the Tanium Server SOAP certificate file for configuration of a remote Windows Module Server, or other use.
- Sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 7 to go to the Download SOAP Certificate procedure.
- Follow any prompts to copy the SOAP certificate file to the /outgoing directory. View screen
>>> Tanium Operations -> Download SOAP Certificate <<<
There is a certificate already in the outgoing directory.
If you copy again we will overwrite the certificate.
Do you want to continue to copy again? [Yes|No]: yes
SOAP Certificate (SOAPServer.crt) has been copied to tancopy
outgoing and to the pub directory of the Tanium web server.
You can connect with tancopy via sftp to outgoing directory
to download or use https://<tanium server>/pub/SOAPServer.crt
and then distribute as required.
Press enter to continue
- Use SFTP to copy the tanium.pub file from the /outgoing directory on the appliance to your management computer.
Import the Tanium public/private key pair (Tanium Core Platform 7.3)
When you migrate an existing deployment to Tanium Core Platform 7.3 installations, you might want to migrate the Tanium Server public/private key pair to avoid redistributing the tanium.pub key file to Tanium Clients.
Beginning in Tanium Core Platform 7.4, the Tanium Server includes a pki.db file that contains the root keys, Tanium Server TLS keys, and message-signing keys for the Tanium Server. The option to import the tanium.pub and tanium.pvk files does not exist. If you have a pki.db file from a previous Tanium Server 7.4 installation, you can import the keys when you install the Tanium Server. For more information, see the import key information in Installing an Appliance Array.
You can use a hardware security module (HSM) to manage the digital keys that the Appliance uses for Transport Layer Security (TLS) communication. For more information, see the Tanium Core Platform Deployment Reference Guide: Securing keys with an HSM.
Upload the public and private key files
- Add the public/private key pair you want to copy to a passphrase-protected file named tanium.zip (minimum 10 character password).
- Use SFTP to copy the tanium.zip file to the /incoming directory on the Tanium Server appliance.
Replace the public and private keys
- Sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
6: Download Public Key
7: Download SOAP Certificate
8: Import Existing Keys
A: Configure Remote Module Server
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 8 and follow the prompts to import the ZIP file and install the keys.
Import a common access card certificate file
The Tanium Console supports smart card authentication. A smart card is a physical credential that has a microchip and data, such as secure certificates and keys. Smart cards are also known as common access cards (CAC) and personal identity verification (PIV) cards. Endpoint systems are set up with smart card readers, and end users use their smart card to authenticate and gain access. For more information, see the Tanium Core Platform Deployment Reference Guide: Smart card authentication.
Upload the certificate file
- Use SFTP to copy the certificate file (PEM format) to the /incoming directory on the Tanium Server appliance.
Install the certificate file
- Sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 9 and follow the prompts to import and install the CAC certificate file.
Configure a Tanium cluster
You can deploy two Tanium Servers in an active-active cluster to ensure continuous availability in the event of an outage or scheduled maintenance. This active-active cluster is referred to as a Tanium cluster, where the Tanium Server application is active-active, and the database component is active-passive. A Tanium cluster (the Active-Active Tanium Server pair) communicates with other components of the Tanium Core Platform, including Tanium Module Servers and Tanium Zone Servers.
Before you begin
- Install the Tanium Server role on both members of the cluster.
- Set up the IPsec tunnel to ensure end-to-end security between appliances. An IPsec tunnel is automatically configured when you set up an array. For instructions, see Set up an IPsec tunnel.
- Note the host name and domain name of both the primary and secondary members of the cluster, as you will need these to configure the cluster.
- Create an authorized key for the tancopy user on the secondary appliance using the public key for the user performing the cluster configuration on the primary appliance.
Initialize Cluster
- On the primary appliance to use in the cluster, sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter B to go to the Cluster Configuration menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Cluster Configuration <<<
1: Step 1 -> Initialize cluster (Primary member)
2: Step 2 -> Join cluster (Secondary member)
3: Read about cluster operations
A: Database Server Failover
S: Replication Status
L: Remove Cluster
B: Reinitialize Replication
C: SSH Key management
D: IPSEC management
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 1 to go to the Step 1 -> Initialize Cluster screen.
- Follow the prompts to enter the host name and domain name of the secondary appliance and complete cluster initialization.
Join cluster
- On the secondary appliance to use in the cluster, sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter B to go to the Configure Tanium Cluster menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Cluster Configuration <<<
1: Step 1 -> Initialize cluster (Primary member)
2: Step 2 -> Join cluster (Secondary member)
3: Read about cluster operations
A: Database Server Failover
S: Replication Status
L: Remove Cluster
B: Reinitialize Replication
C: SSH Key management
D: IPSEC management
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 2 to go to the Step 2 -> Join Cluster screen.
- Follow the prompts to enter the host name and domain name of the primary appliance and complete adding the secondary appliance to the cluster.
Perform database failover
- On the secondary, or passive, appliance, sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter B to go to the Cluster Configuration menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Cluster Configuration <<<
1: Step 1 -> Initialize cluster (Primary member)
2: Step 2 -> Join cluster (Secondary member)
3: Read about cluster operations
A: Database Server Failover
S: Replication Status
L: Remove Cluster
B: Reinitialize Replication
C: SSH Key management
D: IPSEC management
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter A to go to the Database Server Failover screen.
- Follow the prompts to to perform the failover to the secondary appliance database and promote the secondary appliance database to primary.
- To demote the original primary Tanium Server database to the passive role, on the original primary appliance, reinitialize replication. For instructions, see Reinitialize replication.
Check replication status
- On either Tanium Server in the cluster, sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter B to go to the Cluster Configuration menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Cluster Configuration <<<
1: Step 1 -> Initialize cluster (Primary member)
2: Step 2 -> Join cluster (Secondary member)
3: Read about cluster operations
A: Database Server Failover
S: Replication Status
L: Remove Cluster
B: Reinitialize Replication
C: SSH Key management
D: IPSEC management
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter S to display the replication status between the cluster members.
Remove server from cluster
Perform the following steps to remove the Tanium Server cluster configuration from the current appliance.
- On the Tanium Server that is the primary node in the cluster, sign in to the TanOS console as a user with the tanadmin role.
Enter @ to go to the About This Appliance menu, where you can check which Tanium Server is the primary node.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter B to go to the Cluster Configuration menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Cluster Configuration <<<
1: Step 1 -> Initialize cluster (Primary member)
2: Step 2 -> Join cluster (Secondary member)
3: Read about cluster operations
A: Database Server Failover
S: Replication Status
L: Remove Cluster
B: Reinitialize Replication
C: SSH Key management
D: IPSEC management
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter L, and follow the prompts to remove the cluster configuration.
Reinitialize replication
You can reinitialize replication on the passive, or secondary, database, which removes all existing database contents and replaces them with the contents from the currently active database. After you perform a failover, you can initialize replication from the newly active secondary appliance to the original primary appliance by performing this procedure on the original primary appliance.
- On the Tanium Server appliance with the passive database, sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter B to go to the Cluster Configuration menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Cluster Configuration <<<
1: Step 1 -> Initialize cluster (Primary member)
2: Step 2 -> Join cluster (Secondary member)
3: Read about cluster operations
A: Database Server Failover
S: Replication Status
L: Remove Cluster
B: Reinitialize Replication
C: SSH Key management
D: IPSEC management
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter B to go to the Reinitialize Replication screen.
- Follow the prompts to reinitialize replication between the cluster members, and, if applicable, demote the original primary Tanium Server.
Change the Tanium content manifest URL
- Sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter C to go to the Manage Content menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Manage Content <<<
Manifest: Default
https://content.tanium.com/files/initialcontent/74/manifest.xml
Labs Manifest: Default
https://content.tanium.com/files/initialcontent/74/labs_manifest.xml
1: Install Airgap Content
2: Airgap Usage Report
3: Prune Airgap Content
4: Manage Web Server Content
A: Edit Airgap Options
B: Set Manifest
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter B to go to the Manifest URL Change menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Manifest URL Change <<<
Manifest change should be performed with the prior agreement of your TAM.
Only modify the manifest if you intend to test non general releases of
versions of Tanium Modules or content, or if you are using the airgap
installer.
Manifest: Default
https://content.tanium.com/files/initialcontent/73/manifest.xml
Labs Manifest: Default
https://content.tanium.com/files/initialcontent/73/labs_manifest.xml
1: Set Manifest To Default
2: Set Labs Manifest To Default
3: Set Manifest To Custom
4: Set Labs Manifest To Custom
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Use the menu to change the manifest URL.
Schedule sync jobs
- Sign in to the source Module Server appliance as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu.
- Enter D to go to the Module Server Sync menu.
- Enter 5 to go to the Schedule TMS Sync menu. View screen
>>> Schedule TMS Sync <<<
Current time: Thu 2019-05-16 21:06:37 UTC
Active: Disabled
Day of Month | 1 | 00:00 UTC
Crontab formatted time string: 00 00 1 * *
Pending: Disabled
Day of Month | 1 | 00:00 UTC
Crontab formatted time string: 00 00 1 * *
1: Disable Schedule
2: Enable Schedule
4: Schedule by Day of Month
5: Schedule by Day of Week
6: Select Time of Day
7: Activate Schedule Settings
R: Return to previous menu RR: Return to top
------------------------------------------------------The top of the menu shows active and pending settings. The changes you make are pending until you use menu 7 to make them active.
- Use the menu to configure the schedule:
- Enter 1 or 2 to toggle the enabled/disabled status for the schedule.
- Enter 4 or 5 to set the schedule by days of the month or days in a week.
- A comma (,) indicates separate days. For example, 1,15.
- A hyphen (-) indicates contiguous days. For example, mon-fri.
- Specify days of the week with three-letter abbreviations: sun, mon, tue, wed, thu, fri, sat.
- Enter 6 to set the time of day.
- Enter 7 to make your changes active.
View detailed status for Module Server sync
The top of the Module Server Sync menu shows configuration status and the last return code for the sync job. You can use menu 1 to view detailed status.
- Sign in to the source Module Server appliance as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu.
- Enter D to go to the Module Server Sync menu.
- Enter 1 to view the status. View screen
>>> Tanium Operations -> Module Server Sync -> Check Status <<<
Secured connectivity to remote IP 192.168.76.104 is working
Active sync state (source)
Current time: Thu May 16 21:08:18 UTC 2019
Last sync log:
#### Starting module server sync ####
Start time: Thu May 16 20:52:13 UTC 2019
SYNC_ROLE 1 found
Thu May 16 20:52:14 UTC 2019 Synchronizing dir TaniumModuleServer - Started
Thu May 16 20:52:14 UTC 2019 CMD: sudo nohup rsync -aAvp --delete-after --stats --exclude
services /opt/Tanium/TaniumModuleServer/ /opt/mounts/sync_tms/
Thu May 16 20:52:15 UTC 2019 rsync return code 0
Thu May 16 20:52:15 UTC 2019 Synchronizing dir TaniumModuleServer - 85 files updated.
sent 121,565 bytes received 611 bytes 244,352.00 bytes/sec
Thu May 16 20:52:15 UTC 2019 Synchronizing dir TaniumModuleServer - Completed
End time: Thu May 16 20:52:15 UTC 2019
%%%% Ended module server sync %%%%%
Last return code: OK
Press enter to continue
Promote the standby Module Server
The Module Server service on the standby appliance is not enabled while the active appliance is running. To make the standby appliance active, such as in the event of a failure on the active Module Server, perform the following steps to promote the standby Module Server.
- Sign in to the Tanium Server appliance as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu.
- Enter A to go to the Configure Module Server(s) menu.
- Enter P to Promote TMS. View screen
>>> Tanium Operations -> Configure Module Server(s) -> Promote TMS <<<
Active Module Server: tms1.test.tanium.local
Module Server 1:
Name: tms1.test.tanium.local
TMS Sync Role: source
TMS Sync Ready: no
Module Server 2:
Name: tms2.test.tanium.local
TMS Sync Role: target
TMS Sync Ready: yes
Which Module Server should be promoted to active?
1: tms1.test.tanium.local
2: tms2.test.tanium.local
R: Return to previous menu RR: Return to top
Please select: - Enter the line number of the Module Server to promote to active.
- Enter the administrative user name for the web-based Tanium Console. This is different from TanOS console tanadmin users.
- Enter the password for the Tanium Console administrative user and press Enter.
After you perform this procedure, the two Module Servers are disconnected from each other and the standby Module Server is active and registered with the Tanium Server. To use the non-active Module Server as a standby appliance, disable synchronization on the non-active Module Server, assign the Module Server synchronization role of source to the active Module Server, and assign the Module Server synchronization role of target to the new standby Module Server.
