Configuring Appliance connections

You are prompted to configure basic host and network settings when you complete the initial configuration. Use the Appliance Configuration menu to modify the configuration as necessary.

Changes to the network configuration do not go into effect until you restart network services. If you connect over a remote SSH connection and change the configuration for the interface with which you are connected, your SSH connection terminates.

Modify the host name and DNS configuration

Host, domain, DNS server, and /etc/hosts settings are configured during the initial setup. If necessary, you can use the Hostname/DNS Configuration menu to make changes.

Contact Tanium Support if you plan to change the Tanium Server host name.Tanium Support needs the new host name to update the Tanium license for you. For more information, see Support for Tanium Appliances.

Modify the host name

Sign in to the TanOS console as a user with the tanadmin role.
Enter A-1 (Appliance Configuration > Hostname/DNS Configuration).

Enter 1 and follow the prompts to change the host name, which must be a fully qualified domain name (FQDN).

View screen

>>> Appliance Configuration -> Hostname/DNS Configuration -> Hostname <<< 


Current hostname (FQDN): 
ts1.test.tanium.local

Please contact Tanium Support prior to changing the hostname of an
active TanOS appliance!

New FQDN: ts1.test.tanium.local

Modify the DNS server

Sign in to the TanOS console as a user with the tanadmin role.
Enter A-1 (Appliance Configuration > Hostname/DNS Configuration).

Enter 2 and follow the prompts to modify the DNS server configuration.

View screen

>>> Appliance Configuration -> Hostname/DNS Configuration -> Domain Name <<< 

Currently configured name server(s):
192.168.76.2

Would you like to change the DNS Server address? [Yes|No]: yes
Please provide the first DNS server address: 10.10.10.10
Please provide second DNS server address: 
Finished setting new DNS Servers

Press enter to continue

Modify the hosts file

Sign in to the TanOS console as a user with the tanadmin role.
Enter A-1 (Appliance Configuration > Hostname/DNS Configuration).

Enter 3 and use the manual_hosts menu to update the /etc/hosts file.

View screen

  >>> Tanium TanOS -> Tools -> Edit Files -> manual_hosts <<< 

#### Contents of /etc/hosts #####
# Generated 2022-03-07 19:06:46
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

# This appliance
10.20.70.11 ts1.test.tanium.local ts1

# Appliance array members
10.20.70.12 ts2.test.tanium.local ts2
10.20.70.13 tms1.test.tanium.local tms1
10.20.70.14 tms2.test.tanium.local tms2
10.20.70.15 tzs.test.tanium.local tzs

# Manual entries
# No manual entries
#################################

             file is empty

          A: Add a line

          R: Return to previous menu  RR: Return to top

Modify the network interface configuration

Contact Tanium Support before changing the IP address for the interface used by the Tanium Server. The Tanium Server IP address is used in multiple configurations.

Sign in to the TanOS console as a user with the tanadmin role.
Enter A-2-1 (Appliance Configuration > Networking > Network Interfaces).

Enter the line number of the interface that you want to configure to go to the selected Network Interface menu.

View screen

>>> Appliance Configuration -> Networking -> Network Interface <<< 

 Current settings:
   Interface: ens160
   IPv4 Address: 10.10.10.60/24
   Default IPv4 Gateway: 10.10.10.2
   IPv6 Address: fe80::20c:29ff:feed:26f/64
   IPv6 Gateway:

          1: Manage IP address
          2: Manage MTU Size
          3: Manage Temporary Interface Status (up/down)

          R: Return to previous menu  RR: Return to top

------------------------------------------------------

Use the menu to change the IP address, MTU size, or up/down status.

Set up an IPsec tunnel

Use IPsec to ensure end-to-end security between two Tanium Server appliances. An IPsec tunnel is automatically configured when you install an Appliance Array.

Start two SSH terminal sessions so you can copy and paste between them:
- First Tanium Server appliance
- Second Tanium Server appliance
Sign in to each of the Tanium Server appliances as a user with the tanadmin role and enter A-2-2 (Appliance Configuration > Networking Configuration > IPSEC).

On the second appliance, copy the IPsec host key to the clipboard:

From the IPSEC menu, enter 1 to view the local IPsec host key.

View screen

>>> Appliance Configuration -> IP -> IPSEC -> Display Host Key <<< 

 Local Host Key Information:

0sAwEAAbnlzZ6venWVMdFLWEHGNEd6bMnNMVBkH+Ye3f7y360CbeBa6SSTOzI0NqHNOCnTWBDEMVWpfE3Dk/2feh1rjH
pNpMdhknhO5+8B47Q9HsH7DEGN4VoybNtH42xVKnApD51CGkH4Ns2o7JfHLUo+Dkv1Tw03b2vGNs/m//bLcUHwFKQLd1
xKNOkR4BhbQ0d7AVctY5tIKzhA8BS+aIkI7XuKCfy9YEMPOgyWVvPY2UTRXwvTcvK0+JHyxuu0UL6yvIVKeV1H8ohSbr
DD213ut8lDQJ6KbJQ5Zl/x3A0LrgTg8l0jNCGIB6d0oPiKpL7vePApViTTAgGh2l2b3KiwZldH6fof/h+dADWWuwcgge
k4NzyI1DRtBbdA5bWuAEYdzC3038/N++FQnKJ5QRXe+b9O9aHf8VTUjZbFWc/5Q0wYeQ1GoTny1OiWArEDJUoW8IYUQI
qPvmItG76zKwfIL1z07dMIAs71W3L/X0QthogKCAYYawktpgukqJ3HHGkAWQFHgHKoJxVhJeF4Lw46G2OQaO1Eg5LHzY
GS6BnEUG896yXvlxZJWZgG7Y9yj3mIea9ltV7/ifPIbXoMRkWMYbnK81biqw1j2yPJfj6MrHet5LrI+kUpA8FUCgY1tI
dQPdXMU6F0K+wWapSzCtbs8D343LYOMmiKgP2rZpFPOEc9

 Press enter to continue

Copy the key to the clipboard.

On the first appliance, from the IPSEC menu, enter 3 and follow the prompts to configure this side of the IPsec tunnel. When prompted, paste the IPsec host key for the second appliance.

View screen

>>> Appliance Configuration -> IP -> IPSEC -> Configure IPSEC <<< 

 To configure IPSEC connectivity between TanOS systems the following information is required

 - Local IP address
 - Remote IP address
 - Remote host key

 Any exiting configuration will be overwritten!

 Would you like to continue with IPSEC configuration? [Yes|No]: yes
 Please provide the local ip address: 192.168.76.101
 Please provide the remote ip address: 192.168.76.102
 Please provide the remote hostkey: 0sAwEAAbnlzZ6venWVMdFLWEHGNEd6bMnNMVBkH+Ye3f7y360CbeBa6SSTO
zI0NqHNOCnTWBDEMVWpfE3Dk/2feh1rjHpNpMdhknhO5+8B47Q9HsH7DEGN4VoybNtH42xVKnApD51CGkH4Ns2o7JfHLUo+
Dkv1Tw03b2vGNs/m//bLcUHwFKQLd1xKNOkR4BhbQ0d7AVctY5tIKzhA8BS+aIkI7XuKCfy9YEMPOgyWVvPY2UTRXwvTcvK
0+JHyxuu0UL6yvIVKeV1H8ohSbrDD213ut8lDQJ6KbJQ5Zl/x3A0LrgTg8l0jNCGIB6d0oPiKpL7vePApViTTAgGh2l2b3K
iwZldH6fof/h+dADWWuwcggek4NzyI1DRtBbdA5bWuAEYdzC3038/N++FQnKJ5QRXe+b9O9aHf8VTUjZbFWc/5Q0wYeQ1Go
Tny1OiWArEDJUoW8IYUQIqPvmItG76zKwfIL1z07dMIAs71W3L/X0QthogKCAYYawktpgukqJ3HHGkAWQFHgHKoJxVhJeF4
Lw46G2OQaO1Eg5LHzYGS6BnEUG896yXvlxZJWZgG7Y9yj3mIea9ltV7/ifPIbXoMRkWMYbnK81biqw1j2yPJfj6MrHet5Lr
I+kUpA8FUCgY1tIdQPdXMU6F0K+wWapSzCtbs8D343LYOMmiKgP2rZpFPOEc9

On the first appliance, copy the IPsec host key to the clipboard:
1. From the IPSEC menu, enter 1 to view the local IPsec host key.
2. Copy the key to the clipboard.
Go to the second appliance and complete the IPsec configuration:
1. From the IPSEC menu, enter 3 and follow the prompts to configure the IPsec tunnel on the second appliance. When prompted, paste the IPsec host key for the first appliance.
2. Enter 6 to test the connection from the second appliance. View screen
```
>>> Appliance Configuration -> IP -> IPSEC -> Test IPSEC <<< 

 Testing secured connectivity to the remote ip.

 Secure connectivity to remote IP 192.168.76.101 is working


 Press enter to continue
```
Go back to the first appliance and enter 6 to test the connection.

View the IPSEC configuration for an appliance

Sign in to the appliance as a user with the tanadmin role.
Enter A-2-2 (Appliance Configuration > Networking Configuration > IPSEC).

Enter 2 to display the IPSEC configuration. View screen

>>> Appliance Configuration -> IP -> IPSEC -> Display IPSEC Configuration <<< 

Current configuration:

conn tanos
  left=172.16.115.122
pcjs1MBKlrG7mgzWU7rVHvH0o/ZGoUOCn1mvtANoYEODzwbSHT1WM+ZtndzwcyAj/V1sEVs
  leftrsasigkey=AAAAB3NzaC1yc2EAAAADAQABAAABgQCWIw43lJhtp9VG1phnrjy4exh
2L1k1pG2yTFggzVEjl/dI9w7pfKJworsp3oYW8XvMiVtN4k7MnMzjLu7BNCZB93iwdokWxi
qEcK9BteS2CjXWIgkriRA0fwLt2vDtY0OtKVsyKyZkqIE0VDNuHNj2XOgSorzvup9un71eG
Jah9A6FcOWfH/xd6XyAr4ytwDdCi8a2zRTrX28vQr0S9sKHstZxxRGOUQydYwOQDfobRufi
7XGixUsIWDHj5PI2PtzW3XOObn6m4YP6pRLW0X8FzAnT9Ad23cPtEkrtGNlmL91vpkTMKB3
xFcyAAhmbJzmOT+/B3fharzA3inVFRY/ou5lKcfTw1leglf1u5KQgwrOLyHMqeL3MJWYsxH
B/Wcu0tDXONQjWkjFWwWEw4yg2QgfKHwU3rjH31Md8PqRvU+cadMLNAM+ZOUyWj+aH5R9vt
9PLtM3tKSxe3M4DuwP73dDzMv3by/8inSBtLmIyDyTOjHZgEJu91I4t9Qq0h4U

  right=172.16.115.123
  rightrsasigkey=AAAAB3NzaC1yc2EAAAADAQABAAABgQDj8h1WKKKGw7KVHTFIPA8ATq
eGwXVzmjlcLBgJb8MnIpnp3GMCoxHw0t+UeITkTi4hvbUae/wmOR92zTn9n8GR7R+T/u7j3
NRFY/BNIRiOCwOhxkfHfP0ALYAkFKrAo9jA3F7DFR8ey9gXCX1ftzjU+EKFx/asy9YhIqWI
hzpRs86ImfaRKSDZZTZrR+Fp3Bo2ja2hdWcTdmBI77JprcTFiYPg3gDXd7yJ1w6LQyEnWcs
dqHPJCDQ9KrB0WyDZ/3cEdpV9nC5I+4Ysi4jAuxqjY8kElrbzKJZ5045T3UHb2Rafc7Myn8
Ecb3OseBPY/IFmXuXYztZQy12q7M7VeAHoLhtkgXPwKxXYNoPpg7qtWXMOksxFiQutdYKHC
euzzcUHdP+k8/oS7jg7EcQG6xxxCOh3jhO73Fx0frgBHSEisUxSSHOTFKIhulwFiMRZDp/O
yaI2xA7WY0FtBtLTAGu1vUKMrV/zHIEg4tTGU5m4FS+9nG9BlbEki1ePJ8Ilpls

  authby=rsasig
  # load and initiate automatically
  auto=start
  encapsulation=auto
  salifetime=230m
  ikev2=insist
  ike=aes_gcm256-sha2;dh21


 Press enter to continue

Modify the routing configuration

You can add a static route, if necessary.

Sign in to the TanOS console as a user with the tanadmin role.
Enter A-2-3 (Appliance Configuration > Networking > Routing).
Use the menu to manage the routing table.

Configure NIC teaming

This procedure applies only to the physical Tanium Appliance.

Tanium™ Appliance supports active/passive network interface controller (NIC) teaming. Active/passive NIC teaming allows multiple interfaces to be placed in a group to support NIC failover. When you configure the NIC team, you must select interfaces of the same type.

Create NIC team

To create a NIC team, there must be two NICs available for teaming. If you have a physical Tanium Appliance, make sure to enable the tanremote user and configure the iDRAC interface.

Sign in to the TanOS console as a user with the tanadmin role.
Enter A-2-T (Appliance Configuration > Networking > NIC Teaming).
Enter A and follow the prompts to create the NIC team configuration.

When you create a NIC team, the system automatically assigns a MAC address from one of the NICs to the team. The NIC Teaming menu displays the details for each NIC team, including the assigned MAC address.

Manage NIC team

Sign in to the TanOS console as a user with the tanadmin role.
Enter A-2-T (Appliance Configuration > Networking > NIC Teaming).
Enter the line number of the NIC team that you want to manage.

Use the NIC Team menu to change the IP address, delete the NIC team, or view the status.

View screen

>>> Appliance Configuration -> Networking -> NIC Team <<< 

 Current settings:
   Interface: team1
   IPv4 Address: 10.10.10.61/24
   Default IPv4 Gateway: 10.10.10.2
   IPv6 Address: 
   IPv6 Gateway:

          C: Change Team IP Address
          D: Delete
          S: Show Status

          R: Return to previous menu  RR: Return to top

------------------------------------------------------

Modify the NTP configuration

Sign in to the TanOS console as a user with the tanadmin role.
Enter A-3 (Appliance Configuration > NTP Configuration).
Enter the line number of the existing NTP server to modify or remove, or enter A to add a new NTP server.
Follow the prompts to add, modify, or remove the NTP server. To add or modify an NTP server, enter the NTP server address and whether the server requires authentication. If the NTP server requires authentication, enter the NTP key ID, NTP key type, and NTP key at the prompts.
Enter yes to save changes and restart the NTP server.

Change from a static IP address to DHCP (virtual Tanium Appliance only)

Sign in to the TanOS console as a user with the tanadmin role.
Enter A (Appliance Configuration).
Enter 7 and follow the prompts to use DHCP.