Scribd
Upload
100 views

BigFix For Linux Servers

This document provides instructions for installing BigFix for Linux servers on Red Hat, CentOS, Debian, and Ubuntu systems. It involves creating directories, downloading configuration files, editing the besclient.config file with the correct group and subgroup, installing the agent binary, and ensuring firewall rules allow incoming and outgoing traffic on port 52311. Once complete, the server should appear in the BigFix for Servers console.

Uploaded by

Juan Carlos Lauri Ponte
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
100 views

BigFix For Linux Servers

This document provides instructions for installing BigFix for Linux servers on Red Hat, CentOS, Debian, and Ubuntu systems. It involves creating directories, downloading configuration files, editing the besclient.config file with the correct group and subgroup, installing the agent binary, and ensuring firewall rules allow incoming and outgoing traffic on port 52311. Once complete, the server should appear in the BigFix for Servers console.

Uploaded by

Juan Carlos Lauri Ponte
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

BigFix for Linux Servers | University IT https://uit.stanford.edu/service/bigfixforservers/li...

University IT
Explore services I want to ... Log into ... View alerts 1 Get support

Server Configuration Management (BigFix for Servers)

BigFix for Linux Servers


The following instructions apply to Red Hat, CentOS, Debian, and Help
Ubuntu.

1. On your servers, create the folder /etc/opt/BESClient and /var/opt


 Submit a Help ticket
[https://stanford.service-
now.com
/BESClient :
/services?id=get_help&
mkdir -p /etc/opt/BESClient
cmdb_ci=84d7c11a1374e20063eadf82e144b05b]
mkdir -p /var/opt/BESClient

2. Create the file actionsite.afxm at /etc/opt/BESClient


/actionsite.afxm from the contents of web.stanford.edu/dept
/its/support/bigfix/masthead/bfc/masthead.afxm
[https://web.stanford.edu/dept/its/support/bigfix/masthead
/bfc/masthead.afxm] :

wget https://web.stanford.edu/dept/its/support/bigfi
x/masthead/bfc/masthead.afxm [https://web.stanford.edu/
dept/its/support/bigfix/masthead/bfc/masthead.afxm] -O
/etc/opt/BESClient/actionsite.afxm

3. Create /var/opt/BESClient/besclient.config with the following


content. Replace the group and subgroup in the example
“client_DepartmentX" and "Graduate" with your group and
subgroup, exactly as provided by the BigFix team:

Example:
[Software\BigFix\EnterpriseClient\Settings\Client\SU
Group]
value = "Client_Department
X"
effective date = Tue,%2008%20Mar%202
016%2012:02:25%20-0800

[Software\BigFix\EnterpriseClient\Settings\Client\SU
Subgroup]
value = "Graduate"
effective date = Tue,%2008%20Mar%202
016%2012:02:26%20-0800

4. Install the “Agent” binary for your Linux distro from:


support.bigfix.com/bes/release/9.5/patch13/
[http://support.bigfix.com/bes/release/9.5/patch13/]

5. Ensure there is a firewall rule for incoming and outbound UDP on


port 52311.
To determine whether there is already a rule for port 53211,
use this command:
iptables -nL | grep 53211

These are example commands to add the recommended


firewall rules to an existing Linux iptables setup:

Example:
1 of 2 12/10/19, 2:30 PM
BigFixiptables
for Linux Servers
-A INPUT -i eth0| -p
University IT
udp -s 171.67.33.154 https://uit.stanford.edu/service/bigfixforservers/li...
--dport 53211 -m state
--state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -i eth0 -p udp --sport 53211 -


m state --state
ESTABLISHED -j ACCEPT

iptables -A INPUT -i eth0 -p tcp -s 171.67.33.154


--dport 53211 -m state
--state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -i eth0 -p tcp --sport 53211 -


m state --state
ESTABLISHED -j ACCEPT

6. Check the BigFix for Servers console for your server. Installation is
complete.

Last modified August 9, 2019

2 of 2 12/10/19, 2:30 PM

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy