The Version column reports the version of the Tanium Client software running on the managed machine. # mysql -version mysql Ver 14.14 Distrib 5.1.73, for redhat-linux-gnu (x8664) using readline can you post a screen shot of the sep client on linux, all this time I was under impression that only sav can be installe on Linux, may the screen. Testcontainers is a Golang library that providing a friendly API to run Docker container. It is designed to create runtime environment to use during your automatic tests. Go 0 MIT 141 0 0 Updated Feb 10, 2021.
-->This article shows you how to deploy your code as a ZIP, WAR, JAR, or EAR package to Azure App Service. It also shows how to deploy individual files to App Service, separate from your application package.
Titanium Client
Prerequisites
To complete the steps in this article, create an App Service app, or use an app that you created for another tutorial.
If you don't have an Azure subscription, create a free account before you begin.
Create a project ZIP package
Note
If you downloaded the files in a ZIP package, extract the files first. For example, if you downloaded a ZIP package from GitHub, you cannot deploy that file as-is. GitHub adds additional nested directories, which do not work with App Service.
In a local terminal window, navigate to the root directory of your app project.
This directory should contain the entry file to your web app, such as index.html, index.php, and app.js. It can also contain package management files like project.json, composer.json, package.json, bower.json, and requirements.txt.
Unless you want App Service to run deployment automation for you, run all the build tasks (for example, npm
, bower
, gulp
, composer
, and pip
) and make sure that you have all the files you need to run the app. This step is required if you want to run your package directly.
Create a ZIP archive of everything in your project. For dotnet
projects, this folder is the output folder of the dotnet publish
command. The following command uses the default tool in your terminal:
Deploy a ZIP package
When you deploy a ZIP package, App Service unpacks its contents in the default path for your app (D:homesitewwwroot
for Windows, /home/site/wwwroot
for Linux).
This ZIP package deployment uses the same Kudu service that powers continuous integration-based deployments. Kudu supports the following functionality for ZIP package deployment:
- Deletion of files left over from a previous deployment.
- Option to turn on the default build process, which includes package restore.
- Deployment customization, including running deployment scripts.
- Deployment logs.
- A package size limit of 2048 MB.
For more information, see Kudu documentation.
Note
Tanium Python Package Runner 2
Files in the ZIP package are copied only if their timestamps don't match what is already deployed. Generating a zip using a build process that caches outputs can result in faster deployments. See Deploying from a zip file or url, for more information.
Deploy a ZIP package to your web app by using the az webapp deploy command. The CLI command uses the Kudu publish API to deploy the files and can be fully customized.
The following example pushes a ZIP package to your site. Specify the path to your local ZIP package for --src-path
.
This command restarts the app after deploying the ZIP package.
Depending on your web apps's networking configuration, direct access to the site from your local environment may be blocked. To deploy your code in this scenario, you can publish your ZIP to a storage system accessible from the web app and trigger the app to pull the ZIP from the storage location, instead of pushing the ZIP to the web app. See this article on deploying to network secured web apps for more information.
The following example uses the --src-url
parameter to specify the URL of an Azure Storage account that the site should pull the ZIP from.
The following example uses Publish-AzWebapp to upload the ZIP package. Replace the placeholders <group-name>
, <app-name>
, and <zip-package-path>
.
The following example uses the cURL tool to deploy a ZIP package. Replace the placeholders <username>
, <zip-package-path>
, and <app-name>
. When prompted by cURL, type in the deployment password.
Depending on your web apps's networking configuration, direct access to the site from your local environment may be blocked. To deploy your code in this scenario, you can publish your ZIP to a storage system accessible from the web app and trigger the app to pull the ZIP from the storage location, instead of pushing the ZIP to the web app. See this article on deploying to network secured web apps for more information.
The following example uses the packageUri
parameter to specify the URL of an Azure Storage account that the web app should pull the ZIP from.
In the browser, navigate to https://<app_name>.scm.azurewebsites.net/ZipDeployUI
.
Upload the ZIP package you created in Create a project ZIP package by dragging it to the file explorer area on the web page.
When deployment is in progress, an icon in the top right corner shows you the progress in percentage. The page also shows verbose messages for the operation below the explorer area. When it is finished, the last deployment message should say Deployment successful
.
The above endpoint does not work for Linux App Services at this time. Consider using FTP or the ZIP deploy API instead.
Enable build automation for ZIP deploy
By default, the deployment engine assumes that a ZIP package is ready to run as-is and doesn't run any build automation. To enable the same build automation as in a Git deployment, set the SCM_DO_BUILD_DURING_DEPLOYMENT
app setting by running the following command in the Cloud Shell:
For more information, see Kudu documentation.
What happens to my app during deployment?
All the officially supported deployment methods make changes to the files in the /home/site/wwwroot folder of your app. These files are used to run your app. So the deployment can fail because of locked files. The app might also behave unpredictably during deployment because the files aren't all updated at the same time. This behavior is undesirable for a customer-facing app. There are a few ways to avoid these issues:
- Run your app directly from the ZIP package, without unpacking it.
- Stop your app or enable offline mode for it during deployment. For more information, see Deal with locked files during deployment.
- Deploy to a staging slot with auto swap turned on.
Deploy WAR/JAR/EAR packages
You can deploy your WAR, JAR, or EAR package to App Service to run your Java web app using the Azure CLI, PowerShell, or the Kudu publish API.
The deployment process places the package on the shared file drive correctly (see Kudu publish API reference). For that reason, deploying WAR/JAR/EAR packages using FTP or WebDeploy is not recommended.
Deploy a WAR package to Tomcat or JBoss EAP by using the az webapp deploy command. Specify the path to your local Java package for --src-path
.
Depending on your web apps's networking configuration, direct access to the site from your local environment may be blocked. To deploy your code in this scenario, you can publish your ZIP to a storage system accessible from the web app and trigger the app to pull the ZIP from the storage location, instead of pushing the ZIP to the web app. See this article on deploying to network secured web apps for more information.
The following example uses the --src-url
parameter to specify the URL of an Azure Storage account that the web app should pull the ZIP from.
The CLI command uses the Kudu publish API to deploy the package and can be fully customized.
The following example uses Publish-AzWebapp to upload the .war file. Replace the placeholders <group-name>
, <app-name>
, and <package-path>
(only WAR and JAR files are supported in Azure PowerShell).
The following example uses the cURL tool to deploy a .war, .jar, or .ear file. Replace the placeholders <username>
, <file-path>
, <app-name>
, and <package-type>
(war
, jar
, or ear
, accordingly). When prompted by cURL, type in the deployment password.
Depending on your web apps's networking configuration, direct access to the site from your local environment may be blocked. To deploy your code in this scenario, you can publish your ZIP to a storage system accessible from the web app and trigger the app to pull the ZIP from the storage location, instead of pushing the ZIP to the web app. See this article on deploying to network secured web apps for more information.
The following example uses the packageUri
parameter to specify the URL of an Azure Storage account that the web app should pull the WAR from. The WAR file could also be a JAR or EAR file.
For more information, see Kudu publish API reference
The Kudu UI does not support deploying JAR, WAR, or EAR applications. Please use one of the other options.
Deploy individual files
Deploy a startup script, library, and static file to your web app by using the az webapp deploy command with the --type
parameter.
If you deploy a startup script this way, App Service automatically uses your script to start your app.
The CLI command uses the Kudu publish API to deploy the files and can be fully customized.
Deploy a startup script
Deploy a library file
Deploy a static file
Not supported. See Azure CLI or Kudu API.
Deploy a startup script
Tanium Python Package Runner Free
The following example uses the cURL tool to deploy a startup file for their application.Replace the placeholders <username>
, <startup-file-path>
, and <app-name>
. When prompted by cURL, type in the deployment password.
Deploy a library file
The following example uses the cURL tool to deploy a library file for their application. Replace the placeholders <username>
, <lib-file-path>
, and <app-name>
. When prompted by cURL, type in the deployment password.
Deploy a static file
The following example uses the cURL tool to deploy a config file for their application. Replace the placeholders <username>
, <config-file-path>
, and <app-name>
. When prompted by cURL, type in the deployment password.
The Kudu UI does not support deploying individual files. Please use the Azure CLI or Kudu REST API.
Kudu publish API reference
The publish
Kudu API allows you to specify the same parameters from the CLI command as URL query parameters. To authenticate with the Kudu API, you can use basic authentication with your app's deployment credentials.
The table below shows the available query parameters, their allowed values, and descriptions.
Key | Allowed values | Description | Required | Type |
---|---|---|---|---|
type | war |jar |ear |lib |startup |static |zip | The type of the artifact being deployed, this sets the default target path and informs the web app how the deployment should be handled. - type=zip : Deploy a ZIP package by unzipping the content to /home/site/wwwroot . path parameter is optional. - type=war : Deploy a WAR package. By default, the WAR package is deployed to /home/site/wwwroot/app.war . The target path can be specified with path . - type=jar : Deploy a JAR package to /home/site/wwwroot/app.jar . The path parameter is ignored - type=ear : Deploy an EAR package to /home/site/wwwroot/app.ear . The path parameter is ignored - type=lib : Deploy a JAR library file. By default, the file is deployed to /home/site/libs . The target path can be specified with path . - type=static : Deploy a static file (e.g. a script). By default, the file is deployed to /home/site/scripts . The target path can be specified with path . - type=startup : Deploy a script that App Service automatically uses as the startup script for your app. By default, the script is deployed to D:homesitescripts<name-of-source> for Windows and home/site/wwwroot/startup.sh for Linux. The target path can be specified with path . | Yes | String |
restart | true |false | By default, the API restarts the app following the deployment operation (restart=true ). To deploy multiple artifacts, prevent restarts on the all but the final deployment by setting restart=false . | No | Boolean |
clean | true |false | Specifies whether to clean (delete) the target deployment before deploying the artifact there. | No | Boolean |
ignorestack | true |false | The publish API uses the WEBSITE_STACK environment variable to choose safe defaults depending on your site's language stack. Setting this parameter to false disables any language-specific defaults. | No | Boolean |
path | '<absolute-path>' | The absolute path to deploy the artifact to. For example, '/home/site/deployments/tools/driver.jar' , '/home/site/scripts/helper.sh' . | No | String |
Next steps
For more advanced deployment scenarios, try deploying to Azure with Git. Git-based deployment to Azure enables version control, package restore, MSBuild, and more.
More resources
Review the requirements before you install and use Incident Response.
Tanium dependencies
Component | Requirement |
---|---|
Platform | Version 7.2 or later. |
Tanium Client | Any supported version of Tanium Client. For the Tanium Client versions supported for each OS, see Tanium Client Management User Guide: Client version and host system requirements. If you use a client version that is not listed, certain product features might not be available, or stability issues can occur that can only be resolved by upgrading to one of the listed client versions. |
License | The license for Incident Response includes the following solutions:
|
Tanium™ Trace | Version 2.3.2.0004 or later is required for real-time events on Linux endpoints with Tanium Index 2.0.0 or later. |
Third-party software requirements
For Tanium Incident Response, the required third-party software is installed automatically.
However, the IR Gatherer solution has third-party software requirements that are not installed automatically. The related documentation includes instructions to download the software and include it in packages that are distributed to the endpoints.
Endpoints
Supported operating systems
The following endpoint operating systems are supported by Incident Response, Copy tools, Quarantine, Index, and Live Response:
- Windows (A minimum of Windows 7 with SP1 or Windows Server 2008 R2 with SP1 is required. Windows 7 Service Pack 1 requires Microsoft KB2758857.)
- macOS (macOS 10.14 (Mojave) or later is required for Tanium Incident Response 4.5.3 or later and Tanium Index 2.3.2 or later)
- Linux
See the documentation for each IR solution for specific version numbers.
Disk space requirements
Index requires 1 GB free space. For other solutions, the required disk space is minimal.
Host and network security requirements
Specific ports and processes are needed to run Incident Response.
Ports
The following ports are required for IR communication.
Source | Destination | Port | Protocol | Purpose |
---|---|---|---|---|
Tanium Client | Destination Servers | 443 (S3), 22 (SFTP/SCP), or 445 (SMB) | TCP | Outbound connections over ports depending on how the collected data is being transferred. |
Configure firewall policies to open ports for Tanium traffic with TCP-based rules instead of application identity-based rules. For example, on a Palo Alto Networks firewall, configure the rules with service objects or service groups instead of application objects or application groups.
Security exclusions
If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference.
Target Device | Notes | Exclusion Type | Exclusion |
---|---|---|---|
Windows x86 or x64 endpoints | Process | <Tanium Client>ToolsIRTaniumPersistenceAnalyzer.exe | |
Process | <Tanium Client>ToolsEPITaniumExecWrapper.exe | ||
Process | <Tanium Client>ToolsIRTaniumExecWrapper.exe | ||
Process | <Tanium Client>ToolsIRTanFileInfo.exe | ||
Process | <Tanium Client>ToolsIRTaniumHandle.exe | ||
Process | <Tanium Client>ToolsIRTanListModules.exe | ||
Process | <Tanium Client>ToolsEPITaniumEndpointIndex.exe | ||
Process | <Tanium Client>ToolsIRPowerForensicsPowerForensics.dll | ||
1 | Process | <Tanium Client>DownloadsAction_nnnWinpmem.gb414603.exe | |
1 | Process | <Tanium Client>DownloadsAction_nnnTaniumFileTransfer.exe | |
1,2 | Process | <Tanium Client>DownloadsAction_nnnsurge-collect.exe | |
1,2 | Process | <Tanium Client>DownloadsAction_nnnsurge.dat | |
7.2.x clients, 3 | Process | <Tanium Client>Python27TPython.exe | |
7.4.x clients, 3 | Process | <Tanium Client>Python38TPython.exe | |
7.4.x clients | Folder | <Tanium Client>Python38 | |
macOS endpoints | Process | <Tanium Client>/Tools/EPI/TaniumExecWrapper | |
Process | <Tanium Client>/Tools/IR/TaniumExecWrapper | ||
Process | <Tanium Client>/Tools/EPI/TaniumEndpointIndex | ||
1,2 | Process | <Tanium Client>/Downloads/Action_nnn/surge-collect | |
1,2 | Process | <Tanium Client>/Downloads/Action_nnn/surge.dat | |
1 | Process | <Tanium Client>/Downloads/Action_nnn/osxpmem.app/osxpmem | |
1 | Process | <Tanium Client>/Downloads/Action_nnn/taniumfiletransfer | |
7.2.x clients | Process | <Tanium Client>/python27/python | |
7.4.x clients | Process | <Tanium Client>/python38/python | |
Linux x86 or x64 endpoints | Process | <Tanium Client>/Tools/EPI/TaniumExecWrapper | |
Process | <Tanium Client>/Tools/IR/TaniumExecWrapper | ||
Process | <Tanium Client>/Tools/EPI/TaniumEndpointIndex | ||
1,2 | Process | <Tanium Client>/Downloads/Action_nnn/surge-collect | |
1,2 | Process | <Tanium Client>/Downloads/Action_nnn/surge.dat | |
1 | Process | <Tanium Client>/Downloads/Action_nnn/linpmem-<version>.bin | |
1 | Process | <Tanium Client>/Downloads/Action_nnn/taniumfiletransfer | |
7.2.x clients | Process | <Tanium Client>/python27/python | |
7.4.x clients | Process | <Tanium Client>/python38/python | |
1 = Where nnn corresponds to the action ID. 2 = Exception is required if Volexity Surge is used for memory collection. 3 = TPython requires SHA2 support to allow installation. |
Internet URLs
If security software is deployed in the environment to monitor and block unknown URLs, your security administrator must whitelist the following URL:
- content.tanium.com
User role requirements
Permission | Content Set for Permission | Incident Response Administrator | Incident Response User | Incident Response Read Only User |
---|---|---|---|---|
Ask Dynamic Questions | * | * | * | |
Read Action | Incident Response | |||
Read Package | Incident Response | * | ||
Read Saved Question | Incident Response | * | ||
Read Sensor | Incident Response | * | ||
Write Action | Incident Response | |||
Write Action for Saved Questions | Incident Response | |||
Write Package | Incident Response | |||
Write Saved Question | Incident Response | |||
Write Sensor | Incident Response |
‡ To install IR solutions, you must have the Import Signed Content micro admin permission (Tanium Core Platform 7.4 or later) or the reserved role of Administrator.
* Requires permissions for the Interact module to ask questions, see results, and drill-down to endpoints.
Permission | Content Set for Permission | Index Administrator | Index User | Index Read Only User |
---|---|---|---|---|
Ask Dynamic Questions | * | * | * | |
Read Action | Index | |||
Read Package | Index | * | ||
Read Saved Question | Index | * | * | |
Read Sensor | Index | * | * | |
Write Action | Index | |||
Write Action for Saved Questions | Index | |||
Write Package | Index | |||
Write Saved Question | Index | |||
Write Sensor | Index |
‡ To install IR solutions, you must have the Import Signed Content micro admin permission (Tanium Core Platform 7.4 or later) or the reserved role of Administrator.
* Requires permissions for the Interact module to ask questions, see results, and drill-down to endpoints.