Installing the scanner
The scanner collects hardware information as well as information about files and packages that exist on the computers in your infrastructure. Install the scanner on every computer on which you want to detect software. If you enabled the default scan configuration, the scanner is installed automatically and this configuration is not required.
Before you begin
Before you install the scanner, note the following considerations.
- Ensure that the BigFix client is installed and running on the computers on which you want to detect software and that the computers are subscribed to the BigFix Inventory v10 site.
- To install the scanner on a WPAR, you must install it on the LPAR first.
-
Ensure that on AIX the
xlC.rte
library version 13.1.0.0 or higher is installed on the target computer. - For scanner versions 9.2.17 and 10.0.0, ensure that
libnsl.so.1
on Red Hat Enterprise Linux 8.0 is installed on the target computer. - For scanner versions 2.8.0.3000 and below, ensure that
libstdc++.so.5
is installed on 32-bit Linux x86 computers.
- For scanner versions 9.2.17 and 10.0.0, ensure that
- Ensure that the
libstdc++.so.6
library is installed on the target computer. - Software discovery on Mac OS X does not require installing the scanner nor scheduling regular uploads of scan results. To enable the discovery, it is enough to run the package data scan.
About this task
The scanner can be used by multiple applications. By default, the scanner that is delivered with BigFix Inventory is installed in the single user mode. It means that if it is used by other applications, it must be run by root (UNIX) or SYSTEM (Windows). If any of the applications requires that the scanner is run by a different user, install it in the regular mode. For more information, see: CIT deployed by LMT/BFI 9 by other IBM products.
Procedure
Results
What to do next
Installing or Upgrading the scanner in a private mode
About this task
Private scanner installation mode allows to install BigFix Inventory private CIT instance that does not share any resources with global CIT installation made by other CIT exploiters.
The task installs CIT binaries in <BES Client>\LMT\CIT\scanner directory, but without registering the instance in CIT global files (no cit.ini or other global CIT configuration files).
In case when there is a global CIT with SUA exploiter already installed, the SUA exploiter will be uninstalled from the global CIT and upgraded to the private version.
- CIT trace log level
- maximum size of trace files
- maximum number of trace files
The installation requires at least 70 MB of free disk space on the drive where BigFix client is installed. The private installation mode is available currently for Windows platform only.
To check the version of the scanner that is currently installed on the endpoints, activate the analysis: Scanner Information. The scanner that is installed in the private mode would have exploiter 'BFI Private'.
To make it working you have to update the Catalog Download fixlet templates in the BFI server using 'Update Catalog Download fixlet templates on BFI server' fixlet.
Limitation:
The Install or Upgrade Scanner fixlet uses an executable that by default runs directly from the /var directory, a partition on the endpoint. If you choose to install the scanner in another location, specifically under the BESClient directory in '/var', and then add the 'noexec' restriction after the scanner installation, it can cause issues with scanning fixlets as well. The fixlets will not work when '/var' is set with the noexec option. Therefore, ensure that '/var' directory is not set with the noexec option.- Remove the noexec mount option.
- Move /var/opt/BESClient to a different partition, which is not noexec, and create a symbolic link to it in its place.