IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

Release Notes TanOS (Version 1.8)

From Tanium Knowledge Base
Jump to navigation Jump to search

For release notes for the newest versions of TanOS, see the semiannual release notes.

Thank you for choosing Tanium. The following Release Notes document changes between releases of the TanOS software for the Tanium Appliance.
The previous version can be found here: Release_Notes_TanOS_(Version_1.7.0)


Install/Upgrade Considerations

For initial setup, please read one of the following before starting:

Initial setup (Tanium Physical Appliances)
Initial setup (Tanium Virtual Appliances)
Initial setup (Tanium Cloud Appliances)

For upgrades, please read upgrade Tanium Appliance software before starting.


TanOS 1.8.3.0129

General Availability Release Date: August 20, 2024
End of Support Date: November 1st, 2025

Additional Requirements

  • TanOS 1.8.3.0125 is part of the Tanium Semiannual Release. For more information on the semiannual release please see the following linked article. Introducing the Semiannual Release Process for Tanium Appliance and On-Premises Customers: 2024H1 Semiannual Release
  • TanOS 1.8.1.0143 or later must be installed before attempting upgrade to TanOS 1.8.3
  • Platform 7.6.2*_8.zip or newer must be pre-uploaded to upgrade to TanOS.1.8.3.
  • Upload the Platform 7.6.2*_8.zip file to the incoming directory of the TanOS array primary appliance using tancopy user. Please see the TanOS Upgrade Documentation for additional information.
  • Review the Known Issues and Workarounds section before proceeding

Bug Fixes

  • Resolved an issue where restoring the default manifest values in the Restore Default Manifest Values menu would point to an incorrect manifest.
  • Resolved challenges and errors encountered during manual certificate renewals using a shell key by providing a menu option to replace the Module Server ssl.crt file.
  • Disabled SSH for iDRAC by default to enhance security controls and mitigate SSH related threats specific to the iDRAC.

Known Issues and Workarounds

  • Do not use menu B-D on TanOS version 1.8.2 and 1.8.3. In TanOS versions 1.8.2 and 1.8.3, using the "Discard Alt Partitions" menu option (B - D) can result in an inability to boot TanOS. If you have attempted to discard alternate partitions using this menu and can no longer boot, or if you urgently need to discard alternate partitions, please contact Tanium Support for assistance. To contact Tanium Support for help, sign in to : Tanium Support
  • Tanium recommends all product modules on the Solutions page be updated prior to upgrade to TanOS 1.8.1 to ensure compatibility. There are known issues with older Tanium solution versions and TanOS 1.8.x, especially when FIPS Mode is enabled in TanOS. Some older solutions may fail to install or function properly on TanOS 1.8.x.
  • TanOS 1.8.1 and forward requires the use of arrays to install and configure clustered TS and TMS roles.
  • After upgrading from a previous version of TanOS, you may notice a message prompting you to rotate your GRUB key. For directions on managing your GRUB key see the following documentation: Tanium Appliance User Guide
  • During TanOS 1.8.x upgrades, users may encounter the error message 'no match for group package "perl,"' which is inconsequential and does not signify an issue, occurring solely during Perl package switches and not in subsequent upgrades.

TanOS 1.8.3.0125

General Availability Release Date: June 18th, 2024
End of Support Date: November 1st, 2025

Additional Requirements

  • TanOS 1.8.3.0125 is part of the Tanium Semiannual Release. For more information on the semiannual release please see the following linked article. Introducing the Semiannual Release Process for Tanium Appliance and On-Premises Customers: 2024H1 Semiannual Release
  • TanOS 1.8.1.0143 or later must be installed before attempting upgrade to TanOS 1.8.3
  • Platform 7.6.2*_8.zip or newer must be pre-uploaded to upgrade to TanOS.1.8.3.
  • Upload the Platform 7.6.2*_8.zip file to the incoming directory of the TanOS array primary appliance using tancopy user. Please see the TanOS Upgrade Documentation for additional information.
  • Review the Known Issues and Workarounds section before proceeding

Bug Fixes

  • Resolved an issue where BIOS updates were not applied.
  • Resolved an issue through a BIOS update to prevent a condition where the system POST could become stuck at the progress bar.
  • Resolved an issue where Health Check did not report syslog delivery failures.
  • Resolved an issue where log messages were lost after log rotation
  • Resolved an issue in the upgrade process that failed to handle pre-upgrade checks and maintenance mode correctly during upgrade scenarios, leading to aborted upgrades due to errors such as missing LDAP sync replication entries and invalid server IDs
  • Resolved an issue that would cause LDAP sync to fail after TanOS upgrade
  • Resolved an issue were upgrading TanOS resulted in lost SSH access
  • Resolved an issue where some appliances generated unnecessary core files
  • Resolved an issue where partition sync created a faulty /altroot/etc/fstab file
  • Resolved an issue where the alt partition became unusable after upgrading from TanOS 1.7 to 1.8
  • Resolved an issue where the default grub and ldap management passwords were not cleared after the initial configuration.
  • Resolved an issue causing slow boot times when upgrading from TanOS 1.7.6 to 1.8 that would occur after using partition sync.

Known Issues and Workarounds

  • Do not use menu B-D on TanOS version 1.8.2 and 1.8.3. In TanOS versions 1.8.2 and 1.8.3, using the "Discard Alt Partitions" menu option (B - D) can result in an inability to boot TanOS. If you have attempted to discard alternate partitions using this menu and can no longer boot, or if you urgently need to discard alternate partitions, please contact Tanium Support for assistance. To contact Tanium Support for help, sign in to : Tanium Support
  • Tanium recommends all product modules on the Solutions page be updated prior to upgrade to TanOS 1.8.1 to ensure compatibility. There are known issues with older Tanium solution versions and TanOS 1.8.x, especially when FIPS Mode is enabled in TanOS. Some older solutions may fail to install or function properly on TanOS 1.8.x.
  • TanOS 1.8.1 and forward requires the use of arrays to install and configure clustered TS and TMS roles.
  • After upgrading from a previous version of TanOS, you may notice a message prompting you to rotate your GRUB key. For directions on managing your GRUB key see the following documentation: Tanium Appliance User Guide
  • During TanOS 1.8.x upgrades, users may encounter the error message 'no match for group package "perl,"' which is inconsequential and does not signify an issue, occurring solely during Perl package switches and not in subsequent upgrades.

TanOS 1.8.2.0434

General Availability Release Date: June 18th, 2024
End of Support Date: May 1,2025 June 19, 2025

The end of support date for TanOS 1.8.2.0434 has been corrected from May 1st, 2025 to June 19th, 2025 to align with the end of support of this release’s supported Tanium Platform Server version, 7.5. For more information on the end of support for Tanium Platform Server 7.5, please read this announcement)

Additional Requirements

  • TanOS 1.8.1.0143 or later must be installed before attempting upgrade to TanOS 1.8.2
  • Review the Known Issues and Workarounds section before proceeding

Improvements

  • Added parallel appliance upgrades to address lengthy upgrade durations, significantly reducing upgrade duration
  • Removed ssh-rsa from HostKeyAlgorithms in sshd_config to enhance security
  • Added a report feature to indicate whether a module server is active or in standby mode
  • Implemented a check and warning for database replication status before performing a failover.

Bug Fixes

  • Resolved an issue were upgrading from TanOS 1.8.1 to 1.8.2 caused SSH access loss to all array members
  • Resolved an issue where Health Check did not report syslog delivery failures.
  • Resolved an issue where log messages were lost after log rotation
  • Resolved an issue in the upgrade process that failed to handle pre-upgrade checks and maintenance mode correctly during upgrade scenarios, leading to aborted upgrades due to errors such as missing LDAP sync replication entries and invalid server IDs
  • Resolved an issue that would cause LDAP sync to fail after TanOS upgrade
  • Resolved an issue where upgrading TanOS resulted in lost SSH access
  • Resolved an issue where some appliances generated unnecessary core files
  • Resolved an issue where partition sync created a faulty /altroot/etc/fstab file
  • Resolved an issue where the alt partition became unusable after upgrading from TanOS 1.7 to 1.8
  • Resolved an issue where the default grub and ldap management passwords were not cleared after the initial configuration.
  • Resolved an issue causing slow boot times when upgrading from TanOS 1.7.6 to 1.8 that would occur after using partition sync.
  • Resolved an issue where “jq” reported a parsing error on member data during the upgrade process
  • Corrected a typo in the TanOS LDAP authentication groups filter console text.
  • Resolved an issue where missing kernel packages after a TanOS upgrade caused boot failures.
  • Resolved an issue where tokens download failed when using a proxy with authentication that included special characters in the password.
  • Resolved an issue during array creation and Platform installation where the error "mv: cannot create regular file '/etc/tanos/appliance_array.json' was displayed.
  • Resolved an issue where disabling an Ethernet speed from being advertised was not possible.
  • Resolved an issue where the upgrade process caused an unnecessary reboot even when a check prevented the upgrade from proceeding.
  • Resolved an issue where the physical appliance did not fully power cycle during an upgrade.
  • Added BIOS update 2.21.2 for all supported appliances.
  • Resolved an issue where setting the iDRAC IP address from the menu resulted in a "Permission denied" error in /var/log/idrac.log
  • Resolved an issue where responses for full shell keys generated with users assigned the tanadmin role could not be validated
  • Resolved an issue where upgrading TanOS disabled AD/LDAP TanOS Authentication and broke LDAP binding on some servers, requiring a reconfiguration of the binding account
  • Resolved an issue where the upgrade process did not always remove old PostgreSQL versions
  • Resolved an issue where the presence of too many core files prevented CLI tools from being able to clean them
  • Resolved an issue where disk resizing was not working for TanOS when provisioned from a QCOW2 image.

Known Issues and Workarounds

  • Do not use menu B-D on TanOS version 1.8.2 and 1.8.3. In TanOS versions 1.8.2 and 1.8.3, using the "Discard Alt Partitions" menu option (B - D) can result in an inability to boot TanOS. If you have attempted to discard alternate partitions using this menu and can no longer boot, or if you urgently need to discard alternate partitions, please contact Tanium Support for assistance. To contact Tanium Support for help, sign in to : Tanium Support
  • Tanium recommends all product modules on the Solutions page be updated prior to upgrade to TanOS 1.8.1 to ensure compatibility. There are known issues with older Tanium solution versions and TanOS 1.8.x, especially when FIPS Mode is enabled in TanOS. Some older solutions may fail to install or function properly on TanOS 1.8.x.
  • TanOS 1.8.1 and forward requires the use of arrays to install and configure clustered TS and TMS roles.
  • After upgrading from a previous version of TanOS, you may notice a message prompting you to rotate your GRUB key. For directions on managing your GRUB key see the following documentation: Tanium Appliance User Guide
  • During TanOS 1.8.x upgrades, users may encounter the error message 'no match for group package "perl,"' which is inconsequential and does not signify an issue, occurring solely during Perl package switches and not in subsequent upgrades.

TanOS 1.8.1.0209

General Availability Release Date: June 18th, 2024
End of Support Date: End of Support Date: February 8, 2025
TanOS 1.8.1.x should only be used to migrate from 1.7.x to 1.8.

Additional Requirements

  • TanOS 1.7.6.0130 or later must be installed before attempting upgrade to TanOS 1.8.1
  • If you use Tanium Discover, you must have Discover 4.7.164 or later installed prior to upgrading to TanOS 1.8.1
  • TanOS appliances with FIPS enabled (TanOS menu A-A-X) CAN NOW upgrade to TanOS 1.8.1, though customers should update all modules prior to upgrade to TanOS 1.8.1 to ensure compatibility
  • TanOS 1.8.1 is not compatible with Tanium platform 7.5.6.1077 or older, and the Tanium platform would need to be upgraded prior to TanOS 1.8.1 upgrade
  • Upgrade to TanOS 1.8.1 requires Tanium platform installers of exactly the same installed version number but supporting Enterprise Linux 8 (named as [same_version]_linux_server_package_8.zip), to be staged on the appliance, prior to upgrade. The Tanium platform will be migrated to the equivalent EL8 variant binaries during TanOS upgrade so they must be staged prior to TanOS upgrade.
  • Review the Known Issues and Workarounds section before proceeding
  • For additional details, see Tanium Appliance User Guide: Upgrade TanOS
  • This release of TanOS will support the latest released and supported Platform versions (7.5) unless stated otherwise in TanOS release notes.

Improvements

  • Made improvements to TanOS entropy management to ensure appliances do not run out of entropy during long-running tasks
  • Improved PostgreSQL database reindexing during TanOS upgrades

Bug Fixes

  • Resolved an issue in the upgrade process that failed to handle pre-upgrade checks and maintenance mode correctly during upgrade scenarios, leading to aborted upgrades due to errors such as missing LDAP sync replication entries and invalid server IDs
  • Resolved an issue that would cause LDAP sync to fail after TanOS upgrade
  • Resolved an issue that could cause cloud appliances with FIPS enabled to fail to boot
  • Resolved an issue that may prevent Connect jobs from running successfully

Known Issues and Workarounds

  • Because of the complexity of upgrade between TanOS 1.7.x and TanOS 1.8.x, Tanium highly recommends testing upgrade in a Test appliance instance that reflects the Production appliance instance, before upgrading Production.
  • With the release of TanOS 1.8.x, Tanium must declare End of Support for TanOS versions prior to this release (TanOS 1.0.x thru 1.7.x) on June 30, 2024, due to dependent software also going EOL on that date. All customers are strongly encouraged to upgrade to TanOS 1.8.x or later, prior to this date to ensure continued TanOS maintenance and security support.
  • Upgrade to TanOS 1.8.1 may cause your appliance to reboot more than once.
  • TanOS 1.8.1 uses a newer kernel that may change the name of your appliance Network Interface Card (NIC), which can affect some customer monitoring tools.
  • Tanium recommends all product modules on the Solutions page be updated prior to upgrade to TanOS 1.8.1 to ensure compatibility. There are known issues with older Tanium solution versions and TanOS 1.8.x, especially when FIPS Mode is enabled in TanOS. Some older solutions may fail to install or function properly on TanOS 1.8.x.
  • TanOS Array upgrades to TanOS 1.8.1 can take from 1-3 hours (or more depending on system performance). Please allocate ample time for the upgrade to complete. DO NOT interrupt active upgrades.
  • TanOS 1.8.1 upgrade requires that ALL installed packages are updated to compatible versions during TanOS Upgrade. If any non-Tanium delivered packages exist in TanOS (even if not currently running), upgrade to 1.8.1 may result in the system being unable to boot properly. Tanium recommends removing any non-Tanium delivered packages prior to upgrade
  • TanOS 1.8.1 and forward requires the use of arrays to install and configure clustered TS and TMS roles.
  • If operating system services fail to start following upgrade, reboot the appliance before contacting Tanium Support.
  • During TanOS 1.8.1.x upgrades, users may encounter the error message 'no match for group package "perl,"' which is inconsequential and does not signify an issue, occurring solely during Perl package switches and not in subsequent upgrades.

TanOS 1.8.3.0096

General Availability Release Date: May 1st, 2024
End of Support Date: November 1st, 2025

Tanium Platform Support

  • This release of TanOS will support the latest released and supported Platform versions (7.6) unless stated otherwise in TanOS release notes.

Additional Requirements

  • TanOS 1.8.3.0096 is part of the Tanium Semiannual Release. For more information on the semiannual release please see the following linked article. Introducing the Semiannual Release Process for Tanium Appliance and On-Premises Customers: 2024H1 Semiannual Release
  • TanOS 1.8.1.0143 or later must be installed before attempting upgrade to TanOS 1.8.3
  • Platform 7.6.2*_8.zip or newer must be pre-uploaded to upgrade to TanOS.1.8.3.
  • Upload the Platform 7.6.2*_8.zip file to the incoming directory of the TanOS array primary appliance using tancopy user. Please see the TanOS Upgrade Documentation for additional information.
  • Review the Known Issues and Workarounds section before proceeding

Improvements

  • Added parallel appliance upgrades to address lengthy upgrade durations, significantly reducing upgrade duration.
  • Added version 4 hardware Appliance Support
  • Upgraded Postgres 12 to Postgres 16
  • Added pre-failover check to assess database replication status and warn users if replication is in a failed state
  • Added airgap-specific Tanium global settings "is_airgap" and "content_base_url"
  • Added ssh-ed25519 to HostKeyAlgorithms for non-FIPS configurations.
  • Added a version validation feature for TanOS 1.8.3 Semi-Annual Release, ensuring that Tanium Server Binaries are present before proceeding with the upgrade process
  • Reworked 3-3-S Database Replication Status to show more relevant information and allow viewing previous status captures
  • Added an ability to alert operators when TMS Database Sync is not functioning properly
  • Removed ssh-rsa from HostKeyAlgorithms for FIPS configurations.
  • Removed unnecessary TMS cleanup logic.
  • Added OpenSSL3 support for TaniumKeyUtility
  • Enhanced the "@ report" functionality to include information about the status of Module Servers
  • Added functionality to set/limit Ethernet speed and duplex advertisements
  • Added parallel array refresh functionality to optimize performance.
  • Added BIOS update 2.21.2 for all supported appliances.

Bug Fixes

  • Resolved an issue where the default grub and ldap management passwords were not cleared after the initial configuration.
  • Corrected a typo in the TanOS LDAP authentication groups filter console text.
  • Resolved an issue in the upgrade process that failed to handle pre-upgrade checks and maintenance mode correctly during upgrade scenarios, leading to aborted upgrades due to errors such as missing LDAP sync replication entries and invalid server IDs.
  • Resolved an issue where token downloads failed when using a proxy with authentication that includes special characters in the password.
  • Resolved an issue in the TanOS upgrade process where failures led to subsequent upgrade attempts removing all kernel-related files due to incomplete references in the grub configuration.
  • Resolved an issue where appliances were incorrectly rebooting despite the upgrade process being halted by a preventive check.
  • Resolved an issue where responses for full shell key requests generated by users with the tanadmin role could not be validated if the users were not explicitly labeled as tanadmin in TanOS versions 1.7.6 and 1.8.1.
  • Resolved an issue where checking the database replication on an array would hang for several minutes when postgresql-tms was stopped.
  • Resolved an issue where TanOS exhibited a change in swap memory usage behavior, leading to false positives in health checks regarding memory pressure.
  • Resolved an issue where disk resize functionality was not working for instances provisioned from QCOW2 images.
  • Resolved an issue where upgrading TanOS disabled AD/LDAP TanOS Authentication and broke LDAP binding on some servers, requiring a reconfiguration of the binding account.
  • Resolved an issue where CLI tools were unable to clean core files when too many core files were present in the /cores directory.
  • Resolved an issue where TanOS upgrades failed due to missing LDAP server IDs.
  • Reduced frequency of hostname setting for appliance members during array refresh, ensuring hostname is set only when necessary.

Security Update

  • This release includes security updates. Details of the issue, including affected versions, and mitigation information, can be obtained within Tanium's Support Portal, or by contacting your TAM.

Known Issues and Workarounds

  • Do not use menu B-D on TanOS version 1.8.2 and 1.8.3. In TanOS versions 1.8.2 and 1.8.3, using the "Discard Alt Partitions" menu option (B - D) can result in an inability to boot TanOS. If you have attempted to discard alternate partitions using this menu and can no longer boot, or if you urgently need to discard alternate partitions, please contact Tanium Support for assistance. To contact Tanium Support for help, sign in to: Tanium Support
  • Tanium recommends all product modules on the Solutions page be updated prior to upgrade to TanOS 1.8.1 to ensure compatibility. There are known issues with older Tanium solution versions and TanOS 1.8.x, especially when FIPS Mode is enabled in TanOS. Some older solutions may fail to install or function properly on TanOS 1.8.x.
  • TanOS 1.8.1 and forward requires the use of arrays to install and configure clustered TS and TMS roles.
  • After upgrading from a previous version of TanOS, you may notice a message prompting you to rotate your GRUB key. For directions on managing your GRUB key see the following documentation: Tanium Appliance User Guide
  • During TanOS 1.8.x upgrades, users may encounter the error message 'no match for group package "perl,"' which is inconsequential and does not signify an issue, occurring solely during Perl package switches and not in subsequent upgrades.


TanOS 1.8.2.0324

General Availability Release Date: February 13, 2024
End of Support Date: August 13, 2025 June 19, 2025

The end of support date for TanOS 1.8.2.0434 has been corrected from August 13th, 2025 to June 19th, 2025 to align with the end of support of this release’s supported Tanium Platform Server version, 7.5. For more information on the end of support for Tanium Platform Server 7.5, please read this announcement)

Tanium Platform Support

  • This release of TanOS will support the latest released and supported Platform versions (7.5) unless stated otherwise in TanOS release notes.

Additional Requirements

  • TanOS 1.8.1.0143 or later must be installed before attempting upgrade to TanOS 1.8.2
  • Review the Known Issues and Workarounds section before proceeding

Improvements

  • Updated OEM firmware for physical appliances
  • Made improvements to the Reinitialize Replication workflow to halt if it appears replication will fail
  • Improved the Tanium Tokens download workflow to check if the token is valid before attempting download
  • Replication status now shows the data delta between replication members
  • TanOS upgrades now log all screen output to the tanos_upgrade log file, available from the Appliance Logs menu (3-1)
  • Added Direct Endpoint Connect (DEC) log menu under 3-1-4 (Zone Server) menu
  • Added TanOS menu (A-A-C) to manage iDRAC certificates
  • Added TanOS CLI command to run manual backups
  • Added support for Syslog alerting and forwarding on non-standard ports
  • Added support for https links in TanOS login banner
  • TanOS Health Check now checks for the correct NIC firmware version to be installed
  • GCM ciphers are now included in the SSH cipher list when FIPS is enabled
  • Array configuration activities now connect to the other array members as the logged in TanOS user of the array manager, enabling service account-like behavior
  • Added TanOS CLI command to configure user multi-factor authentication
  • Added TanOS CLI command to manage local TanOS system users (see CLI help for system-auth commands)
  • TanOS Cloud Access proxy role now supports connections to distribute.cloud.tanium.com
  • TanOS Cloud Access proxy role now supports connections Tanium Cloud for U.S. Government customers (*.cloud.taniumfed.com tenants)
  • Improved TanOS Shell service management menus to present better on small terminal windows, where functionality was previously degraded on small terminal windows
  • Improved array session management to avoid array refresh collisions between both array managers
  • Made improvements to TanOS entropy management to ensure appliances do not run out of entropy during long-running tasks
  • Manual cluster setup now uses similar logic as array setup, requiring array configuration prior to cluster setup
  • When configuring SMTP alerts, the sender's address is now configurable, enabling support for O365

Bug Fixes

  • Resolved an issue that would cause the database operations menu not to refresh after making a change to audit settings
  • Resolved an issue that would cause database replication to fail after upgrade to TanOS 1.8.x
  • Resolved an issue that caused file duplication in the /altopt volume due to improper rsync exclusions for /opt/jail/opt/Tanium
  • Resolved an issue that would cause Zone Server mapping to fail during setup if installed before the Tanium Server
  • Resolved an issue in the TanOS CLI command "array assign roles apply <config.json>" that would present errors
  • Resolved an issue that would prevent TanOS from properly a handling Root Certificate Authority with a space in the name
  • Removed a double confirmation prompt when downloading a file from Tanium Tokens
  • Resolved an issue that would cause SNMP configurations to be lost during upgrade to TanOS 1.8
  • Resolved an issue that would cause AIDE reports to be blank when AIDE is enabled
  • Removed unnecessary log spam when making SSH connections in TanOS
  • Resolved an issue that would prevent a Module Server from registering with the secondary Tanium Server after a SOAP certificate was loaded onto the primary Tanium Server
  • Resolved LDAP errors seen when initializing cluster replication
  • Fixed an incorrect error message when downloading an incorrect platform rpm version from Tanium Tokens
  • Removed obsolete Tanium Trace module files
  • Fixed an incorrect documentation link in the Manage SOAP Certificates menu
  • Resolved an issue that prevented tanOS users with password access disabled, from changing their password
  • Resolved an issue that could prevent local users with periods in the username from working properly
  • Resolved an issue that would cause storage disk expansion even when a user cancels the action at the confirmation prompt
  • Resolved an issue that could cause the sssd service to fail to start
  • TanOS LDAP authentication now allows bind identities with an “_” (underscore) character
  • Disabled multiple SSH ciphers and MACs associated with the Terrapin SSH attack
  • Resolved a number of miscellaneous errors and performance issues seen when booting from the alternate partition
  • Updated the openssl libraries used by the TaniumKeyUtility
  • Resolved an issue where alternate tanadmin class users were not able to login to the password reset menu
  • Resolved an issue that could cause cloud appliances with FIPS enabled to fail to boot
  • Resolved an issue that would cause LDAP sync to fail after TanOS upgrade
  • Resolved an issue that would prevent performance data and SMTP alerts from working properly

Known Issues and Workarounds

  • Do not use menu B-D on TanOS version 1.8.2 and 1.8.3. In TanOS versions 1.8.2 and 1.8.3, using the "Discard Alt Partitions" menu option (B - D) can result in an inability to boot TanOS. If you have attempted to discard alternate partitions using this menu and can no longer boot, or if you urgently need to discard alternate partitions, please contact Tanium Support for assistance. To contact Tanium Support for help, sign in to: Tanium Support
  • Tanium recommends all product modules on the Solutions page be updated prior to upgrade to TanOS 1.8.1 to ensure compatibility. There are known issues with older Tanium solution versions and TanOS 1.8.x, especially when FIPS Mode is enabled in TanOS. Some older solutions may fail to install or function properly on TanOS 1.8.x.
  • TanOS 1.8.1 and forward requires the use of arrays to install and configure clustered TS and TMS roles.
  • If operating system services fail to start following upgrade, reboot the appliance before contacting Tanium Support.
  • During TanOS 1.8.1.x upgrades, users may encounter the error message 'no match for group package "perl,"' which is inconsequential and does not signify an issue, occurring solely during Perl package switches and not in subsequent upgrades.


TanOS 1.8.1.0165

General Availability Release Date: October 31, 2023
End of Support Date: February 8, 2025

Tanium Platform Support

  • This release of TanOS will support the latest released and supported Platform versions (7.5) unless stated otherwise in TanOS release notes.

Additional Requirements

  • TanOS 1.7.6.0130 or later must be installed before attempting upgrade to TanOS 1.8.1
  • If you use Tanium Discover, you must have Discover 4.7.164 or later installed prior to upgrading to TanOS 1.8.1
  • TanOS appliances with FIPS enabled (TanOS menu A-A-X) CAN NOW upgrade to TanOS 1.8.1, though customers should update all modules prior to upgrade to TanOS 1.8.1 to ensure compatibility
  • TanOS 1.8.1 is not compatible with Tanium platform 7.5.6.1077 or older, and the Tanium platform would need to be upgraded prior to TanOS 1.8.1 upgrade
  • Upgrade to TanOS 1.8.1 requires Tanium platform installers of exactly the same installed version number,but supporting Enterprise Linux 8 (named as [same_version]_linux_server_package_8.zip), to be staged on the appliance, prior to upgrade. The Tanium platform will be migrated to the equivalent EL8 variant binaries during TanOS upgrade so they must be staged prior to TanOS upgrade.
  • Review the Known Issues and Workarounds section before proceeding
  • For additional details, see Tanium Appliance User Guide: Upgrade TanOS

Improvements

  • Upgrade will uninstall the legacy Trace Zone Hub solution, which does not support TanOS 1.8
  • Added CLI commands to manage advanced security settings such as setting FIPS, SELinux, AIDE, etc.

Bug Fixes

  • Resolved an issue related to a package installed by Tanium Discover centralized scans that could impact appliance operation following upgrade. Following upgrade from TanOS 1.7.6.x to TanOS 1.8.1.0165, if Tanium Discover centralized network scans are configured, create or recreate a centralized network scan to ensure these scans continue to work properly
  • Fixed a regression in SSH cryptographic algorithm configuration
  • Resolved an issue could cause upgrade to fail due to ipsec stopping
  • Resolved an issue could cause ipsec to fail to start after upgrade
  • Resolved an issue that would cause airgap bundle imports to fail with an error message
  • Resolved an issue that could cause the secondary module server firewall to fail to start during appliance startup
  • Resolved an issue that would cause errors in the TanOS health log when Health Check ran automatically
  • Resolved an issue causing the wrong directories to be created on cloud appliances, and will remove incorrect directories upon upgrade
  • TanOS Health Checks for cluster members now extends to Tanium Module Server array clusters
  • Resolved an issue that would cause AIDE reports not to be exported to the /outgoing directory

Known Issues and Workarounds

  • Because of the complexity of upgrade between TanOS 1.7.x and TanOS 1.8.x, Tanium highly recommends testing upgrade in a Test appliance instance that reflects the Production appliance instance, before upgrading Production.
  • With the release of TanOS 1.8.x, Tanium must declare End of Support for TanOS versions prior to this release (TanOS 1.0.x thru 1.7.x) on June 30, 2024, due to dependent software also going EOL on that date. All customers are strongly encouraged to upgrade to TanOS 1.8.x or later, prior to this date to ensure continued TanOS maintenance and security support.
  • A minor bug has been identified in TanOS 1.8.1.x which affects the collection of appliance performance data and the sending of SMTP alerts for customers upgrading from version 1.7.x. To mitigate this issue, it is strongly recommended that upon completion of the upgrade process, customers rerun the upgrade to ensure proper functionality.
  • Upgrade to TanOS 1.8.1 may cause your appliance to reboot more than once.
  • TanOS 1.8.1 uses a newer kernel that may change the name of your appliance Network Interface Card (NIC), which can affect some customer monitoring tools
  • Tanium recommends all product modules on the Solutions page be updated prior to upgrade to TanOS 1.8.1 to ensure compatibility. There are known issues with older Tanium solution versions and TanOS 1.8.x, especially when FIPS Mode is enabled in TanOS. Some older solutions may fail to install or function properly on TanOS 1.8.x.
  • TanOS Array upgrades to TanOS 1.8.1 can take from 1-3 hours (or more depending on system performance). Please allocate ample time for the upgrade to complete. DO NOT interrupt active upgrades.
  • TanOS 1.8.1 upgrade requires that ALL installed packages are updated to compatible versions during TanOS Upgrade. If any non-Tanium delivered packages exist in TanOS (even if not currently running), upgrade to 1.8.1 may result in the system being unable to boot properly. Tanium recommends removing any non-Tanium delivered packages prior to upgrade
  • TanOS 1.8.1 and forward requires the use of arrays to install and configure clustered TS and TMS roles.
  • If operating system services fail to start following upgrade, reboot the appliance before contacting Tanium Support.

TanOS 1.8.1.0149

General Availability Release Date: September 18, 2023
End of Support Date: February 8, 2025

Tanium Platform Support

  • This release of TanOS will support the latest released and supported Platform versions (7.5) unless stated otherwise in TanOS release notes.

Additional Requirements

  • TanOS 1.7.6.0130 or later must be installed before attempting upgrade to TanOS 1.8.1
  • If you use Tanium Discover, you must have Discover 4.7.164 or later installed prior to upgrading to TanOS 1.8.1
  • TanOS appliances with FIPS enabled (TanOS menu A-A-X) CAN NOW upgrade to TanOS 1.8.1, though customers should update all modules prior to upgrade to TanOS 1.8.1 to ensure compatibility
  • TanOS 1.8.1 is not compatible with Tanium platform 7.5.6.1077 or older, and the Tanium platform would need to be upgraded prior to TanOS 1.8.1 upgrade
  • Upgrade to TanOS 1.8.1 requires Tanium platform installers of exactly the same installed version number, but supporting Enterprise Linux 8 (named as [same_version]_linux_server_package_8.zip), to be staged on the appliance, prior to upgrade. The Tanium platform will be migrated to the equivalent EL8 variant binaries during TanOS upgrade so they must be staged prior to TanOS upgrade.
  • Review the Known Issues and Workarounds section before proceeding
  • For additional details, see Tanium Appliance User Guide: Upgrade TanOS


Improvements

  • Added new TanOS CLI commands used to export RAID and grub security keys
  • Added a SSH key scanner feature to help validate remote system keys

Bug Fixes

  • Resolved an issue related to a package installed by Tanium Discover centralized scans that could impact appliance operation following upgrade. Following upgrade to TanOS 1.8.1.0149, if Tanium Discover centralized network scans are configured, create or recreate a centralized network scan to ensure these scans continue to work properly
  • Resolved an issue what could cause time sync to fail on Google Cloud and IBM Cloud appliances.
  • Resolved an error about a missing package that could be seen during upgrade on physical appliances.
  • Resolved an issue that prevented the multi-factor authentication QR code from being presented.
  • Resolved an issue that would prevent multi-factor authentication from working when SELinux is set to enforcing mode, which is the default configuration for TanOS.
  • Resolved an issue that could prevent Tanium cloud appliances from installing a role, when not Internet-connected

Known Issues and Workarounds

  • Because of the complexity of upgrade between TanOS 1.7.x and TanOS 1.8.x, Tanium highly recommends testing upgrade in a Test appliance instance that reflects the Production appliance instance, before upgrading Production.
  • With the release of TanOS 1.8.x, Tanium must declare End of Support for TanOS versions prior to this release (TanOS 1.0.x thru 1.7.x) on June 30, 2024, due to dependent software also going EOL on that date. All customers are strongly encouraged to upgrade to TanOS 1.8.x or later, prior to this date to ensure continued TanOS maintenance and security support.
  • Upgrade to TanOS 1.8.1 may cause your appliance to reboot more than once.
  • TanOS 1.8.1 uses a newer kernel that may change the name of your appliance Network Interface Card (NIC), which can affect some customer monitoring tools
  • Tanium recommends all product modules on the Solutions page be updated prior to upgrade to TanOS 1.8.1 to ensure compatibility. There are known issues with older Tanium solution versions and TanOS 1.8.x, especially when FIPS Mode is enabled in TanOS. Some older solutions may fail to install or function properly on TanOS 1.8.x.
  • TanOS Array upgrades to TanOS 1.8.1 can take from 1-3 hours (or more depending on system performance). Please allocate ample time for the upgrade to complete. DO NOT interrupt active upgrades.
  • TanOS 1.8.1 upgrade requires that ALL installed packages are updated to compatible versions during TanOS Upgrade. If any non-Tanium delivered packages exist in TanOS (even if not currently running), upgrade to 1.8.1 may result in the system being unable to boot properly. Tanium recommends removing any non-Tanium delivered packages prior to upgrade
  • TanOS 1.8.1 and forward requires the use of arrays to install and configure clustered TS and TMS roles.
  • If operating system services fail to start following upgrade, reboot the appliance before contacting Tanium Support.
  • A minor bug has been identified in TanOS 1.8.1.x which affects the collection of appliance performance data and the sending of SMTP alerts for customers upgrading from version 1.7.x. To mitigate this issue, it is strongly recommended that upon completion of the upgrade process, customers rerun the upgrade to ensure proper functionality.
  • During TanOS 1.8.1.x upgrades, users may encounter the error message 'no match for group package "perl,"' which is inconsequential and does not signify an issue, occurring solely during Perl package switches and not in subsequent upgrades.

TanOS 1.8.1.0143

General Availability Release Date: August 8, 2023
End of Support Date: February 8, 2025

Tanium Platform Support

  • This release of TanOS will support the latest released and supported Platform versions (7.5) unless stated otherwise in TanOS release notes.

Additional Requirements

  • Tanium strongly encourages customers to use TanOS 1.8.1.0149 to upgrade from TanOS 1.7.6. See TanOS 1.8.1.0149 release notes above for more details
  • TanOS 1.7.6.0130 or later must be installed before attempting upgrade to TanOS 1.8.1
  • If you use Tanium Discover, you must have Discover 4.7.164 or later installed prior to upgrading to TanOS 1.8.1
  • TanOS appliances with FIPS enabled (TanOS menu A-A-X) CAN NOW upgrade to TanOS 1.8.1, though customers should update all modules prior to upgrade to TanOS 1.8.1 to ensure compatibility
  • TanOS 1.8.1 is not compatible with Tanium platform 7.5.6.1077 or older, and the Tanium platform would need to be upgraded prior to TanOS 1.8.1 upgrade
  • Upgrade to TanOS 1.8.1 requires Tanium platform installers of exactly the same installed version number, but supporting Enterprise Linux 8 (named as [same_version]_linux_server_package_8.zip), to be staged on the appliance, prior to upgrade. The Tanium platform will be migrated to the equivalent EL8 variant binaries during TanOS upgrade so they must be staged prior to TanOS upgrade.
  • Review the Known Issues and Workarounds section before proceeding
  • For additional details, see Tanium Appliance User Guide: Upgrade TanOS


Improvements

  • Added an upgrade halt when Tanium platform HSM configuration is detected to avoid incompatible binaries causing upgrade issues, including boot failures
  • Improved entropy collection within TanOS
  • Improved enforcement of StrictHostKeyChecking within specific TanOS workflows

Bug Fixes

  • Syslog now consistently sends hostname value in the proper message location
  • Removed legacy tcp settings that were causing log spam
  • Updated local config to disable SMBv1 when external module mounts are configured
  • Resolved an LDAP issue preventing the mapping of multiple users

Known Issues and Workarounds

  • Customers using MFA (Time-based One-Time Passwords) to authenticate to TanOS should not upgrade to 1.8.1 until a patch is released, else this feature may break in TanOS 1.8.1
  • Because of the complexity of upgrade between TanOS 1.7.x and TanOS 1.8.x, Tanium highly recommends testing upgrade in a Test appliance instance that reflects the Production appliance instance, before upgrading Production.
  • With the release of TanOS 1.8.x, Tanium must declare End of Support for TanOS versions prior to this release (TanOS 1.0.x thru 1.7.x) on June 30, 2024, due to dependent software also going EOL on that date. All customers are strongly encouraged to upgrade to TanOS 1.8.x or later, prior to this date to ensure continued TanOS maintenance and security support.
  • Upgrade to TanOS 1.8.1 may cause your appliance to reboot more than once.
  • TanOS 1.8.1 uses a newer kernel that may change the name of your appliance Network Interface Card (NIC), which can affect some customer monitoring tools
  • Tanium recommends all product modules on the Solutions page be updated prior to upgrade to TanOS 1.8.1 to ensure compatibility. There are known issues with older Tanium solution versions and TanOS 1.8.x, especially when FIPS Mode is enabled in TanOS. Some older solutions may fail to install or function properly on TanOS 1.8.x.
  • TanOS Array upgrades to TanOS 1.8.1 can take from 1-3 hours (or more depending on system performance). Please allocate ample time for the upgrade to complete. DO NOT interrupt active upgrades.
  • TanOS 1.8.1 upgrade requires that ALL installed packages are updated to compatible versions during TanOS Upgrade. If any non-Tanium delivered packages exist in TanOS (even if not currently running), upgrade to 1.8.1 may result in the system being unable to boot properly. Tanium recommends removing any non-Tanium delivered packages prior to upgrade
  • TanOS 1.8.1 and forward requires the use of arrays to install and configure clustered TS and TMS roles.
  • If operating system services fail to start following upgrade, reboot the appliance before contacting Tanium Support.
  • A minor bug has been identified in TanOS 1.8.1.x which affects the collection of appliance performance data and the sending of SMTP alerts for customers upgrading from version 1.7.x. To mitigate this issue, it is strongly recommended that upon completion of the upgrade process, customers rerun the upgrade to ensure proper functionality.

Security Update

  • This release includes security updates. Details of the issue, including affected versions, and mitigation information, can be obtained within Tanium's Support Portal, or by contacting your TAM.