Skip to main content

Please keep in mind there's several ways to deploy this. I'm sharing what worked for me :)
Getting the Installer
- Using the Tanium Client Deployment Tool, go to Clients, then click on Generate Archive
- Choose .iso and platform osx. Click OK



Creating a DMG
- Open Composer
- Open the .iso file by double-clicking on it
- Drag the .pub file to the left column of composer
- Take the file out of the directories, delete the empty directories
- Drag the pkg to Composer, make sure it's outside of any directory and delete any other directory so the only two things in Composer should be the .pub and the .pkg
- I changed the name to TaniumClient_osx so it was just like the .iso
- Click on Build as DMG
- Upload the DMG to Jamf



Extension Attribute(s) (I might add more later)
- Create a new EA called 'Install Status - Tanium'
- Data Type: String
- Input Type: Script



#!/bin/bash
taniumLaunchDaemon=`ls /Library/LaunchDaemons/ | grep com.tanium.taniumclient.plist`
if [[ $taniumLaunchDaemon != '' ]]; then
echo "<result>Installed</result>"
else
echo "<result>Not Installed</result>"
fi
exit 0



  • Create a new EA called 'Contains: Tanium Cached'
    • Data Type: String

    • Input Type: Script
      #!/bin/bash
      if [ -e /Library/Application Support/JAMF/Waiting Room/TaniumClient_osx.iso.dmg ]; then
      echo "<result>Yes</result>"
      else
      echo "<result>No</result>"
      fi
      exit 0



Smart Group(s)
- Create a new smart group called 'Not Cached: Tanium'
- Criteria: Contains: Tanium Cached is No (you might have to click on Show Advanced Criteria to see it)
- Create a new smart group called 'Cached: Tanium'
- Criteria: Contains: Tanium Cached is Yes (you might have to click on Show Advanced Criteria to see it)
- Create a new smart group called 'Not Installed: Tanium'
- Criteria: Install Status - Tanium is Installed (you might have to click on Show Advanced Criteria to see it)
- Create a new smart group called 'Ready to Install: Tanium'
- Criteria: Computer Group is member of Cached: Tanium
- Criteria: Computer Group is member of Not Installed: Tanium
(Alternatively, you can also just not create the cached: tanium group and just put Contains: Tanium Cached is Yes in the last group)



Creating the Script
- Set parameter 4 to ServerName



#!/bin/bash
echo "Start of Tanium Install Script"
hdiutil mount /Library/Application Support/JAMF/Waiting Room/TaniumClient_osx.iso.dmg -nobrowse
echo "Mounted cached dmg"
installer -pkg /Volumes/TaniumClient_osx.iso/TaniumClient-7.2.314.3518.pkg -target /
hdiutil unmount /Volumes/TaniumClient_osx.iso/
echo "unmount successful"
/Library/Tanium/TaniumClient/TaniumClient config set ServerName $4
sudo launchctl unload /Library/LaunchDaemons/com.tanium.taniumclient.plist
echo "unload /Library/LaunchDaemons/com.tanium.taniumclient.plist"
sudo launchctl load /Library/LaunchDaemons/com.tanium.taniumclient.plist
echo "load /Library/LaunchDaemons/com.tanium.taniumclient.plist"
exit 0


Policy#1: Cache Tanium
- Trigger: Recurring Check-In, Custom: cache_tanium
- In Packages, add the DMG you previously created
- Action: Cache (This is important!)
- Scope: Not Cached: Tanium
- Maintenance: Update Inventory
- Execution Frecuency: I always like to start with Once Per Computer to make sure it's not 'overinstalling' but given the smart group we are using, we should be able to set it to Ongoing from the start



Policy#2: Install Tanium
- Trigger: Recurring Check-In, Custom: tanium
- Script: Add the Script you created. Add the ServerName (or IP address) if your Tanium Server
- Scope: Ready to Install: Tanium
- Maintenance: Update Inventory
- Execution Frequency: I always like to start with Once Per Computer to make sure it's not 'over installing' but given the smart group we are using, we should be able to set it to Ongoing from the start



Check the comments for pppc for it

Hi Rany, yes please can you assist?


Hi sdagley, I see that you put the .pkg, the .dat and the .ini in the same folder in /tmp, then you ran a script to install the .pkg. Question is how does the .dat and the .ini get put in the /TaniumClient directory after the install?
Thanks


I did something similar to what @sdagley did. My .INI file is super simple and just has the text "ServerNameList=our.server.org"


@rserva Sorry, missed your question when it was posted. Hopefully you've found the answer by now, but for anyone just finding this thread, the Tanium installer handles creating the necessary config files in the TaniumClient directory by reading the ones in the same directory as the client installer when it's run.


I'm having issues with this KB since the package available in the Tanium Console doesn't match this article.
Any chance to get some assistance on how to properly deploy the client in my company environment using Jamf Pro?

Regards


Wondering if any of you folks know if we need a PPPC Profile for Tanium?  I've read both yes and no...

New to Tanium, so looking for some advice.  Thank you!


Wondering if any of you folks know if we need a PPPC Profile for Tanium?  I've read both yes and no...

New to Tanium, so looking for some advice.  Thank you!


I was wondering the same thing. I've pushed the agent to a handful of devices but as is I get no prompts for it to do anything permissions wise. I've followed their guide here: Deploying the Tanium Client using an installer or package file and as I can tell I've created the PPPC profile with the permissions it requires but no way of testing whether it actually works or not.


Reply