Skip to content Skip to site navigation Skip to service navigation

BigFix for Linux Servers

The following instructions apply to Red Hat, CentOS, Debian, and Ubuntu.

  1. On your servers, create the folder /etc/opt/BESClient and /var/opt/BESClient:
    mkdir -p /etc/opt/BESClient
    mkdir -p /var/opt/BESClient
    
  2. Create the file actionsite.afxm at /etc/opt/BESClient/actionsite.afxm from the contents of web.stanford.edu/dept/its/support/bigfix/masthead/bfc/masthead.afxm:
    wget https://web.stanford.edu/dept/its/support/bigfix/masthead/bfc/masthead.afxm -O
    /etc/opt/BESClient/actionsite.afxm
    
  3. Create /var/opt/BESClient/besclient.config with the following content. Replace the group and subgroup in the example “client_DepartmentX" and "Graduate" with your group and subgroup, exactly as provided by the BigFix team:

    Example:
    [Software\BigFix\EnterpriseClient\Settings\Client\SU Group]
    value                          = "Client_DepartmentX"
    effective date                 = Tue,%2008%20Mar%202016%2012:02:25%20-0800
    
    [Software\BigFix\EnterpriseClient\Settings\Client\SU Subgroup]
    value                          = "Graduate"
    effective date                 = Tue,%2008%20Mar%202016%2012:02:26%20-0800
    
  4. Install the “Agent” binary for your Linux distro from:
    support.bigfix.com/bes/release/9.5/patch6/
  5. Ensure there is a firewall rule for incoming and outbound UDP on port 52311.
    • To determine whether there is already a rule for port 53211, use this command:
      iptables -nL | grep 53211
      
    • These are example commands to add the recommended firewall rules to an existing Linux iptables setup:

      Example:
      iptables -A INPUT -i eth0 -p udp -s 171.67.33.154 --dport 53211 -m state 
      --state NEW,ESTABLISHED -j ACCEPT
      
      iptables -A OUTPUT -i eth0 -p udp --sport 53211 -m state --state 
      ESTABLISHED -j ACCEPT
      
      iptables -A INPUT -i eth0 -p tcp -s 171.67.33.154 --dport 53211 -m state 
      --state NEW,ESTABLISHED -j ACCEPT
      
      iptables -A OUTPUT -i eth0 -p tcp --sport 53211 -m state --state 
      ESTABLISHED -j ACCEPT
      
  6. Check the BigFix for Servers console for your server. Installation is complete.
Last modified August 8, 2017