uk-bolly
commented
6 months ago hi @vivekbangare
Thank you for taking the time to raise this issue. We will require some more information to understand this issue completely.
Have you tried torun the benchmark with a the tag to work out which control is making these changes? The control_IDs you mention shouldn't be anywhere near Tanium they are related to auditd files in some way? Im Afraid i have no knowledge around the product so this really will be a matter of testing as with all baselines to see what breaks and how to mitigate the risk or to document the exception. Happy to add/change if this issue can be better defined and a fix created.
many thanks
uk-bolly
Describe the Issue When applying the CIS benchmark to my system, I've encountered an unexpected behavior that results in the removal of Tanium configuration files. This issue occurs specifically between principles 4.1.4.6 to 4.1.4.8.
Steps to Reproduce
Expected Behavior The Tanium configuration files should not be deleted or modified during the application of CIS benchmarks. I expect the Tanium configuration to persist after applying the benchmarks.
Actual Behavior The Tanium configuration files, located in /opt/Tanium/TaniumClient/, are being removed or modified during the application of CIS benchmarks. This behavior is observed consistently when applying principles 4.1.4.6 to 4.1.4.8.
Control(s) Affected What controls are being affected by the issue
Environment (please complete the following information):
Additional Notes I have attempted to apply the Tanium configuration both before and after applying CIS benchmarks, and the issue persists in both scenarios.