Checklist components

The Linux Checklist Components ensure that the system is systematically reviewed and remains operational, secure, and compliant.

Deploy and Run Task

Deploy and Run tasks are a crucial part of the checklist, especially for checks where continuous monitoring is not feasible.

These tasks are prerequisite actions that must be executed on the target endpoints before accurate compliance results can be reported. The task includes all the necessary action scripts and should be performed periodically (e.g., once per day) to update the compliance data collected for the Fixlets listed in the Deploy and Run Task description tab.
Figure 1. Deploy and run

Deploy and run

Linux checklists require you to run the Deploy and Run tasks to populate the necessary properties on the endpoints, enabling relevance evaluation. Execute this task when it appears as relevant and refresh the results on the endpoint.

For custom sites, spaces in the name are replaced with underscores, and the CustomSite_ prefix is added. For example:/var/opt/BESClient/__BESData/CustomSite_Checklist_for_RHEL7.

The site includes all required action scripts. When scheduled or executed, it runs all the scripts and stores the results in result.db and .out files under the BigFix folder structure:/var/opt/BESClient/__BESData/__SCMData/.
Note: For more details about the folder structure and its output, refer to the Understanding the output of deploy and Run tasks section.
Note: You do not need to complete this task if your checklist does not include these checks.
Note: For some checklists, the SQLite package is required to make the Deploy and Run task relevant.
The check Fixlets from these sites will only display current results once the Deploy and Run tasks are completed. If you are using any mixed content sites, schedule periodic execution of the Deploy and Run Task.
  1. From the Security Configuration domain, navigate to All Security Configuration > Sites > External Sites.
  2. Select a checklist and click Fixlets and Tasks.
  3. In the List panel, locate and click the Deploy and Run Task.
    Figure 2. Deploy and Run

    Deploy and run
  4. Click Take Action to deploy the task, or click the appropriate link in the Actions box.
  5. Select the appropriate endpoints in your environment.
  6. Click the Execution tab.
    Take action
  7. Set the Deploy and Run Task to run daily and click OK.
  8. Once the task is complete, refresh the endpoints.
The Deploy and Run Task will update the reports in the Security and Compliance Analytics console (now known as BigFix Compliance Analytics) with the latest results. To ensure you get the most current content, run this task on the endpoint before initiating an import. For automatic daily imports to BigFix Compliance Analytics, scheduling more than one run of the Deploy and Run Task action is unnecessary.
Note: Parameter changes will take effect only after the next run of the Deploy and Run Task.