IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

Release Notes TanOS (Version 1.7)

From Tanium Knowledge Base
Jump to navigation Jump to search

Thank you for choosing Tanium. The following Release Notes document changes between releases of the TanOS software for the Tanium Appliance.
The previous version can be found here: Release_Notes_TanOS_(Version_1.6.0)


Install/Upgrade Considerations

For initial setup, please read one of the following before starting:

Initial setup (Tanium Physical Appliances)
Initial setup (Tanium Virtual Appliances)
Initial setup (Tanium Cloud Appliances)

For upgrades, please read upgrade Tanium Appliance software before starting.

Tanium Platform Support

  • This release of TanOS will support the latest released and supported Platform versions (7.4, 7.5, 7.6) unless stated otherwise in TanOS release notes.

TanOS 1.7.6.0187

General Availability Release Date: October 31, 2023
End of Life Date: June 30, 2024

See Install and Upgrade Considerations

Additional Requirements

  • This release requires Tanium RDB to be at version 1.2.174 or later prior to upgrading

Bug Fixes

  • Resolved an issue that would cause airgap bundle imports to fail with an error message
  • Resolved an issue that could cause the secondary module server firewall to fail to start during appliance startup
  • Resolved an issue that would cause errors in the TanOS health log when Health Check ran automatically
  • Resolved an issue causing the wrong directories to be created on cloud appliances, and will remove incorrect directories upon upgrade

TanOS 1.7.6.0180

General Availability Release Date: August 22, 2023
End of Life Date: June 30, 2024

See Install and Upgrade Considerations

Additional Requirements

  • This release requires Tanium RDB to be at version 1.2.174 or later prior to upgrading

Security Updates

  • Resolved a Tanium security advisory for customers that must remain on TanOS 1.7.6 versions.

Improvements

  • Added a SSH key scanner feature to help validate remote system keys

Bug Fixes

  • Resolved an issue that would prevent SAR performance data from being collected

TanOS 1.7.6.0176

General Availability Release Date: July 18, 2023
End of Life Date: June 30, 2024

See Install and Upgrade Considerations

Additional Requirements

  • This release requires Tanium RDB to be at version 1.2.174 or later prior to upgrading

Improvements

  • Includes OEM firmware updates for physical appliances
  • Users can now delete SSH keys using the TanOS CLI (previously could only add)

Bug Fixes

  • Resolved an error that could display when fixing module ACLs via TanOS menu
  • Fixed an issue where physical appliances could mis-report their NIC type (copper vs fiber)
  • Resolved TanOS Health Check false positives when customers use an HSM to store Tanium certificates/keys
  • Reduced the timeout when reading from the TanOS manifest to check for or download upgrades
  • Resolved an error during array upgrade that could cause an appliance to lose it's array config
  • Updated iDRAC VirtualPlugin type to be more compatible with modern hardware appliances
  • Updated LDAP mappings to allow the underscore character
  • Resolved issues where timestamps at the end of TanOS upgrades could be confusing to the end user
  • Improved recovery of the appliance in the rare instance that an TanOS upgrade corrupts the TanOS configuration file
  • Resolved an error that could occur during the Re-Initialize Replication workflow

TanOS 1.7.6.0144

General Availability Release Date: May 16, 2023
End of Life Date: June 30, 2024

See Install and Upgrade Considerations

Additional Requirements

  • This release requires Tanium RDB to be at version 1.2.174 or later prior to upgrading

Bug Fixes

  • Resolved an issue that prevented the Increase Storage option from displaying on cloud and virtual appliances
  • Resolved an error when trying to increase storage on AWS or Azure cloud appliances
  • TanOS now syncs RDB certs across TMS cluster members to ensure successful failover to the secondary member
  • Resolved an issue in the TanOS LDAP authentication setup that could prevent setup due to a malformed LDAP string
  • Resolved an issue that would prevent TanOS from booting if the /cores disk failed
  • Resolved the TanOS SSH timeout setting not being honored
  • Resolved a TanOS upgrade issue that would cause upgrade to fail due to unexpected pre-existing PostgreSQL log files

TanOS 1.7.6.0130

General Availability Release Date: April 11, 2023
End of Life Date: June 30, 2024

See Install and Upgrade Considerations

Additional Requirements

  • This release requires Tanium RDB to be at version 1.2.174 or later prior to upgrading

Improvements

  • Includes OEM firmware updates for physical appliances
  • Tanium appliances now default to a 20GB max_wal_size where postgres is used, to improve performance at large scale
  • TanOS now assigns a severity to all TanOS Health Check items, and alerts based on specified severity to the configured alerting destination. See Reference: TanOS health check results in the Tanium Appliance documentation.
  • Added TanOS Health Check when postgres wal files are consuming >50% of total disk space
  • TanOS now offers to set FIPS mode during appliance initial configuration
  • Updated TLS cipher suite for Tanium platform installs
  • TanOS now includes detailed replication status in TSG output
  • Set system swappiness setting to perform less swap operations
  • Added the "Display Journal" option to OS Services menu
  • TanOS now blocks install of unsupported Tanium platform versions
  • Example configuration of TMS Sync scheduling now shows the wildcard option
  • Added Cloud Access Point logs to Logging menu, when CAP role is installed
  • Upgrader improvements to prevent partial upgrades
  • Removed ssh-rsa from SSH signature algorithms
  • Improved manifest upgrade logic to enforce required upgrade paths
  • Improved Database Replication Health Check to accommodate state changes, resulting in fewer false positives
  • Prevent login failure immediately following new local user creations
  • Added database cluster role (Primary or Secondary) to TanOS footer
  • TanOS 1.7.6 can download EL8 platform installers from Tanium, in preparation for TanOS 1.8 upgrade

Bug Fixes

  • TanOS will no longer uninstall a Zone Server Hub when no Zone Server array member is present
  • Fixed an issue that would cause upgrade failures when local LDAP users were orphaned
  • Resolved an issue that prevented tanuser role users from viewing the service journal file
  • Resolved an issue preventing external LDAP bind credentials from using a "/" character
  • TanOS now syncs protected platform files to prevent TanOS Health Check failures and to improve the TMS failover process
  • Fixed an issue that caused errors in the output during nameserver initial configuration
  • Resolved issue where upgrade step 680 would fail when no LDAPS certs were present
  • Fixed an issue preventing the LDAP Auth Activate Changes menu from activating changes
  • Added CAP role logs to TSG to prevent errors from missing files
  • Trace Path network diagnostics command now allows up to 30 hops
  • Added check for existing mount before creating another
  • Resolved errors when increasing TanOS storage volumes
  • Fixed an incorrect memory plan suggestion in TanOS Health Check
  • Fixed an issue that would cause TSG to hang
  • Resolved an issue causing Tanium Console authentication failures after TanOS or Tanium platform upgrades, when LDAPS certificates are used
  • Resolved cause of intermittent postgres service start failures
  • Resolved an issue causing overwrite of upgrade files to fail on array members
  • Improved wording on error message when Replication Status menu is chosen on a non-clustered array member
  • Resolved an issue causing postgres CRL failures when changing TMS Sync state
  • TanOS OVA Health Check will now only execute on virtual appliances
  • Resolved an issue preventing rsync service management on secondary TMS
  • Cloud appliances in AWS now automatically set DNS servers
  • Aligned references to RAID Controller Security Key throughout TanOS
  • Resolved an error "No such file or directory" on Tanium platform install
  • Resolved an issue that would cause TanOS Health Check failure, that LDAPS was mismatched between Tanium Servers, when adding a secondary Tanium Server
  • Resolved an error when showing SSH fingerprints with FIPS mode enabled
  • Removed SSH Ciphers menu as toggling FIPS mode sets these automatically, and can cause upgrade errors if not set correctly by FIPS mode
  • Resolved issue where appliance could run out of entropy, causing certain functions to fail
  • Resolved an issue where secondary TMS services would remain started after a platform upgrade, when they should be stopped
  • Resolved an issue that would cause the CLI to hang during Tanium platform upgrade
  • TanOS now properly detects the appliance generation value from the model number
  • Fixed an issue causing DNS entries to be reset on IBM Cloud appliances during array refresh
  • Resolved a number of issues related to hangs or errors during TanOS upgrade
  • Resolved an issue causing Tanium Server role installs to fail on Tanium appliances hosted in Microsoft Azure
  • Resolved a permissions error during partition sync

Known Issues/Workarounds

TanOS 1.7.5.0082

General Availability Release Date: November 29, 2022
End of Life Date: June 30, 2024

See Install and Upgrade Considerations

Improvements

  • Includes OEM firmware updates for physical appliances
  • TanOS appliances can now have a Zone Server added to the array when using an All-in-One appliance for pre-production environments
  • TanOS will now sync LDAPS certificates when clustering 2 Tanium Servers via the array role install workflow
  • Added a new Tanium Cloud Access Point role to TanOS for connecting clients from restricted subnets to Tanium Cloud
  • Improved database operations from the TanOS menus on the Tanium Module Server
  • Returned iotop utility access when using a root shell key
  • Reduced repeated messages in TanOS Event log
  • Improved text notification during Tanium Module Server configuration, by informing the user that the IP/FQDN will be added to the hosts file

Bug Fixes

  • Resolved an issue where memory tuning could trigger a TanOS upgrade failure
  • Resolved an issue where smtp status messages could be truncated
  • Removed unnecessary steps when adding disk space to an appliance, and added a new log file related to disk space workflows
  • Resolved an issue where a space in the TanOS upgrader filename could cause an upgrade to fail
  • Resolved an issue that would cause the "rr" command (Return to Top) to fail on specific Log viewing menus
  • Clarified error received on array member addition workflow when an IPSEC issue is encountered
  • Resolved an issue where deleting an LDAP Certificate would leave links behind
  • Resolved an issue that would cause HA TanOS upgrades to fail when the memory plan is mismatched
  • Resolved an issue related to IP address configuration errors not persisting on screen
  • Resolved an issue that would cause errors when enabling the alternate partition
  • Resolved text on the RAID key export menu to properly identify the RAID keys origin
  • Resolved an issue that prevented SSH key authentication from working on AD/LDAP integrated TanOS users
  • Resolved an issue where the TanOS backup did not include the Tanium Module Server databases on an All-in-One appliance
  • Resolved an issue where certain os.txt commands were returning empty values
  • Resolved an issue where TanOS Health Check would not properly return older EULA acceptances
  • Resolved an issue that would cause the tanadmin user to get locked out when password authentication was disabled
  • Improved error messaging when postgres configuration fails
  • Improved detection of missing database certificates prior to upgrade to avoid upgrade failures
  • Resolved an issue that would cause the Tanium platform to fail installation
  • Resolved an issue that would cause systemd-login and rsyslog services to fail to start after TanOS upgrade
  • Resolved an issue that would cause an LDAPS certificate management error when creating an array
  • Resolved an issue that would cause Tanium Modules to fail install when SELinux is enabled (the default in recent TanOS versions)
  • Resolved an issue that would cause array creation to fail when using an AD/LDAP authenticated TanOS user
  • Resolved an issue that would cause the sssd service to fail to start due to a LDAP group filter

Known Issues/Workarounds

  • When LDAPS certificates are added in TanOS versions prior to 1.7.5.0082, LDAPS could be disabled during upgrade to 1.7.5.0082 resulting in Tanium Console login failures post-upgrade. This issue will be resolved in the next TanOS release. The workaround in 1.7.5.0082 is to toggle LDAPS/StartTLS configuration to Enabled using A-A-A-3 TanOS menu.

TanOS 1.7.4.0123

General Availability Release Date: August 30, 2022
End of Life Date: June 30, 2024

See Install and Upgrade Considerations

Improvements

  • Updated the Tanium EULA for Aug 2022
  • Added support for TanOS to leverage remote LDAP/AD user authentication
  • Added ability for TanOS to notify users when TanOS updates are available, and download TanOS updates when connected to the Internet
  • Improved consistency of menus managing Tanium Module Server Sync workflows
  • Added ability to access the /altopt partition from a RO/RW shell
  • Updated TanOS to reflect HW Compatibility level 13 support on virtual appliances
  • Updated TanOS appliances to use UEFI and SecureBoot
  • Added a TanOS Upgrade check to ensure a secondary TMS has its services in a stopped and disabled state
  • Added a TanOS Upgrade check to ensure cluster database replication is working before proceeding with upgrade
  • Improved TanOS Upgrade logging, including trimming unnecessary messages
  • Tanium Direct Endpoint Connection proxy add-on component can now be managed from the TanOS CLI
  • TanOS now supports Tanium Airgap installations using the zip format
  • TanOS RW Shell now supports the unzip command
  • Added a service menu to display journalctl output to assist with troubleshooting
  • During array upgrades, we changed terminology to more accurately represent partition sync activity
  • Enabled restricted CLI access for tanuser role users.

Bug Fixes

  • Resolved issue where TanOS Health Check fails for CPU/RAM specifications on a Tanium Server with less than 10k endpoints
  • Resolved issue where AIDE Recent reports field would show “None” even after an AIDE report was generated
  • Resolved an issue where logged in Disabled/Deleted local TanOS accounts could still have read rights to menus. TanOS now terminates all user processes, forcing re-authentication, which would fail menu reads
  • Resolved issue where adding a new Tanium Server with Zone Server Hub to an existing array, would not update the AllowedHubs setting on the existing Zone Server appliance in the array
  • Resolved issue where TanOS Upgrade log would incorrectly show an Error message about database replication
  • Resolved issue that prevented changing users password via TanOS CLI
  • Resolved issue where Restarting all Enabled Tanium services would start Disabled services as well
  • Fixed errors seen on Database Tuning menu

Known Issues and Workarounds

  • SSH key authentication for LDAP integrated TanOS users is not supported until the next TanOS release
  • TanOS no longer ships with the Tanium Platform. The Tanium Platform can be downloaded from a Tokens link or uploaded to /incoming directory on the appliance.
  • Requires TanOS 1.6.4 or later for upgrade

TanOS 1.7.3.0191

General Availability Release Date: June 21, 2022
End of Life Date: June 30, 2024

See Install and Upgrade Considerations

Improvements

  • Adds TanOS support on v4 Tanium Appliance hardware.

Bug Fixes

  • Resolves issue installing Airgap content on TanOS 1.7.3.

Known Issues and Workarounds

  • TanOS no longer ships with the Tanium Platform. The Tanium Platform can be downloaded from a Tokens link or uploaded to /incoming directory on the appliance.
  • Requires TanOS 1.6.4 or later for upgrade

TanOS 1.7.3.0182

General Availability Release Date: June 7, 2022
End of Life Date: June 30, 2024

See Install and Upgrade Considerations

Improvements

  • Initial Configuration wizard has been replaced by menus, so the configuration can be completed in stages by tanadmin. (tanuser account has been removed)
  • iDRAC can now be configured during initial configuration
  • DEC Proxy can now be installed and upgraded from the TanOS CLI
  • SELinux is now in Enforcing mode by default for new installations
  • New TanOS Health Check to detect TanOS version mismatches across array members
  • New TanOS Health Check for TMS Sync status
  • New TanOS CLI to run Health Check
  • Added and improved Linux tools utility availability from RO/RW shell; including openssl, vim, bind-utils, ethtool and iproute

Bug Fixes

  • Resolved issue with SOAP key being deleted unexpectedly, causing SOAP key upload failures
  • Resolved issues with file lock triggering upgrade failures
  • Resolved issues with TMS Sync when SELinux is enabled
  • TanOS backup Health Check will not show as failure if it is disabled on virtual or cloud appliance
  • Numerous other miscellaneous fixes.

Known Issues and Workarounds

  • TanOS no longer ships with the Tanium Platform. The Tanium Platform can be downloaded from a Tokens link or uploaded to /incoming directory on the appliance.
  • Requires TanOS 1.6.4 or later for upgrade

TanOS 1.7.2.0143

General Availability Release Date: March 15, 2022
End of Life Date: June 30, 2024

See Install and Upgrade Considerations

Improvements

  • Added support for Google Cloud Platform.
  • Added support for multi-factor authentication to TanOS.
  • SMTP authentication now supported to send TanOS alerts.
  • Added support for secure NTP.
  • Added tools to monitor performance.
  • Hosts file management improvements.
  • Added SQL queries to review and correct Tanium database servers table.
  • New CLI commands include set fqdn, set nameserver, and show nameservers.
  • Consolidated iDRAC management menu.
  • Virtual and Cloud Appliances now support expanding the existing virtual disk.
  • Syslog forwarding can be configured to support RFC 5424.
  • Tanium Server can now be removed from cluster.
  • IsolatedSubnets and SeparatedSubnets files can now be deleted using the TanOS menu.
  • Updated Tanium Core Platform to 7.5.3.1295.

Bug Fixes

  • Fixed issue with missing appliance domain name during TanOS upgrade.
  • Fixed issue with restarting a TanOS upgrade.
  • Hosts file updated when IP address changes.
  • TanOS health check fixes.
  • Tanium Module Server logging synchronization fixes.
  • Certificate install fixes.
  • Fixed issue that caused PostgreSQL failures on the Tanium Module Server when the certificate revocation list expired.
  • Numerous other miscellaneous fixes.

Known Issues and Workarounds

  • Updated EULA, February 2022.
  • All Help menus have been removed, refer to the Tanium Appliance Deployment Guide for assistance.
  • This is the final TanOS release that can be directly upgraded from TanOS 1.5.6 through TanOS 1.6.3.


TanOS 1.7.1.0096

General Availability Release Date: November 30, 2021
End of Life Date: June 30, 2024

See Install and Upgrade Considerations

Improvements

  • TanOS includes Tanium Platform 7.5.2.3531

Bug Fixes

  • Fixed an issue that could prevent login to the Alternate partition after partition sync
  • Fixed an issue that would cause Tanium Platform logins to fail on 7.3 Tanium versions
  • Fixed an issue that would prevent management of local OS services

Known Issues and Workarounds

  • Centralized TMS database support has been added to TanOS 1.7.x. Upgrade to TanOS 1.7.x to ensure modules supporting the new database are replicated to the secondary module server.
  • Use TanOS menu A – 1 – 3 to check the content of the host file on each appliance before you upgrade. Each Tanium appliance should be listed once, and the format should be: <IP Address> <FQDN> <hostname>. If this is not correct your upgrade will be stopped.

TanOS 1.7.1.0092

General Availability Release Date: November 9, 2021
End of Life Date: June 30, 2024

See Install and Upgrade Considerations

Improvements

  • Appliance Array now configures Secondary TMS
  • Users can now copy files to/from sftp outgoing/incoming directories from a Read-Only and Read-Write shell
  • Changing a TanOS IP now properly updates /etc/hosts
  • Various TanOS Health Check improvements, including collecting all FAIL findings at the bottom of the report
  • Added new local LDAP check, menu C - L - C to help diagnostic/repair LDAP issues
  • Added new Tanium EULA for 2H2021
  • TanOS now sets SNMP sysObjectID.0 to Tanium assigned ID
  • New TanOS Event Log (menu 3 – 1 - 1 - 7), shows important events in the life of the appliance.

Bug Fixes

  • Fixed an issue that could cause Appliance local LDAP authentication to stop working on the secondary Tanium Server in an HA Tanium cluster.
  • Numerous other miscellaneous fixes

Known Issues and Workarounds

  • Centralized TMS database support has been added to TanOS 1.7.0. Upgrade to TanOS 1.7.0 to ensure modules supporting the new database are replicated to the secondary module server.
  • Appliances must have domain name set, and hostname + domain name set to less than 64 characters. Some cloud appliances may not automatically set domain, or set them too long, requiring manual setting.
  • In rare circumstances a physical appliance may fail to boot, hanging at the TanOS boot screen. In this situation it is likely that you need to disable LLDP in the appliance BIOS.
  • If LACP is enabled on the switch that is connected to the Tanium Appliance, the network interface remains down after the initial configuration. Initial configuration does not yet support NIC team configuration. To avoid this issue, disable LACP from the switch until you can work with your TAM to enable NIC teaming.
  • Before upgrade to TanOS 1.7.x, verify TMS Sync is healthy and active, or fully disable TMS Sync, to ensure successful upgrade of the TMS Sync feature.
  • Tanium PAM4 has been deprecated, any Tanium Server running on TanOS that is currently using a custom PAM4 configuration will not be impacted. However, you should plan to configure the Tanium Server as a SAML service provider as soon as possible to eliminate the need for PAM4.

TanOS 1.7.0.0084

General Availability Release Date: September 14, 2021
End of Life Date: June 30, 2024

See Install and Upgrade Considerations

Improvements

  • TMS Sync now includes module server database replication
  • TMS Sync now runs significantly faster and more reliably
  • TMS Sync can now be controlled from the array manager (primary Tanium Server)
  • Customers can disable Tanium Console SAML authentication via TanOS menu
  • TanOS now supports Azure Government Cloud

Bug Fixes

  • Fixed an issue that could cause Appliance local LDAP authentication to stop working on the secondary Tanium Server in an HA Tanium cluster.

Known Issues and Workarounds

  • Centralized TMS database support has been added to TanOS 1.7.0. Upgrade to TanOS 1.7.0 to ensure modules supporting the new database are replicated to the secondary module server.
  • Appliances must have domain name set, and hostname + domain name set to less than 64 characters. Some cloud appliances may not automatically set domain, or set them too long, requiring manual setting.
  • In rare circumstances a physical appliance may fail to boot, hanging at the TanOS boot screen. In this situation it is likely that you need to disable LLDP in the appliance BIOS.
  • If LACP is enabled on the switch that is connected to the Tanium Appliance, the network interface remains down after the initial configuration. Initial configuration does not yet support NIC team configuration. To avoid this issue, disable LACP from the switch until you can work with your TAM to enable NIC teaming.
  • Before upgrade, verify TMS Sync is healthy and active, or fully disable TMS Sync, to ensure successful upgrade of the TMS Sync feature.
  • tancopy now has read-write access to both /incoming and /outgoing directories

Upgrade Considerations

Product Documentation and Resources