BigFix For Linux Servers

Download as pdf or txt
Download as pdf or txt
You are on page 1of 2

BigFix for Linux Servers | University IT https://uit.stanford.edu/service/bigfixforservers/li...

University IT
Explore services I want to ... Log into ... View alerts 1 Get support

Server Configuration Management (BigFix for Servers)

BigFix for Linux Servers


The following instructions apply to Red Hat, CentOS, Debian, and Help
Ubuntu.

1. On your servers, create the folder /etc/opt/BESClient and /var/opt


 Submit a Help ticket
[https://stanford.service-
now.com
/BESClient :
/services?id=get_help&
mkdir -p /etc/opt/BESClient
cmdb_ci=84d7c11a1374e20063eadf82e144b05b]
mkdir -p /var/opt/BESClient

2. Create the file actionsite.afxm at /etc/opt/BESClient


/actionsite.afxm from the contents of web.stanford.edu/dept
/its/support/bigfix/masthead/bfc/masthead.afxm
[https://web.stanford.edu/dept/its/support/bigfix/masthead
/bfc/masthead.afxm] :

wget https://web.stanford.edu/dept/its/support/bigfi
x/masthead/bfc/masthead.afxm [https://web.stanford.edu/
dept/its/support/bigfix/masthead/bfc/masthead.afxm] -O
/etc/opt/BESClient/actionsite.afxm

3. Create /var/opt/BESClient/besclient.config with the following


content. Replace the group and subgroup in the example
“client_DepartmentX" and "Graduate" with your group and
subgroup, exactly as provided by the BigFix team:

Example:
[Software\BigFix\EnterpriseClient\Settings\Client\SU
Group]
value = "Client_Department
X"
effective date = Tue,%2008%20Mar%202
016%2012:02:25%20-0800

[Software\BigFix\EnterpriseClient\Settings\Client\SU
Subgroup]
value = "Graduate"
effective date = Tue,%2008%20Mar%202
016%2012:02:26%20-0800

4. Install the “Agent” binary for your Linux distro from:


support.bigfix.com/bes/release/9.5/patch13/
[http://support.bigfix.com/bes/release/9.5/patch13/]

5. Ensure there is a firewall rule for incoming and outbound UDP on


port 52311.
To determine whether there is already a rule for port 53211,
use this command:
iptables -nL | grep 53211

These are example commands to add the recommended


firewall rules to an existing Linux iptables setup:

Example:
1 of 2 12/10/19, 2:30 PM
BigFixiptables
for Linux Servers
-A INPUT -i eth0| -p
University IT
udp -s 171.67.33.154 https://uit.stanford.edu/service/bigfixforservers/li...
--dport 53211 -m state
--state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -i eth0 -p udp --sport 53211 -


m state --state
ESTABLISHED -j ACCEPT

iptables -A INPUT -i eth0 -p tcp -s 171.67.33.154


--dport 53211 -m state
--state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -i eth0 -p tcp --sport 53211 -


m state --state
ESTABLISHED -j ACCEPT

6. Check the BigFix for Servers console for your server. Installation is
complete.

Last modified August 9, 2019

2 of 2 12/10/19, 2:30 PM

You might also like