Frequently asked questions
Learn from these questions and answers that are designed to help you better understand BigFix Patch for Debian.
- Which support fixlet can I use for installing the newest versions of all the packages installed on an endpoint?
- You can use the
Run `dist-upgrade` to install and intelligently handle dependencies of new packages
support fixlet for installing the latest versions of all the packages installed on a system/endpoint. Theapt-get dist-upgrade
command installs the newest versions of all packages that are currently installed on the system from the sources that are defined for `apt`. The command also attempts to intelligently handle changing dependencies.
- Using which support fixlet can I install all available security updates from a vendor repository?
- You can use the
Install all available updates from the vendor security repository (amd64)
support fixlet to install all the security updates from your vendor repository. This fixlet gets a list of all the available updates from the vendor security package repository and installs them on the system/endpoint.
- What are Unspecified Fixlets and why do we need them?
- Unspecified Fixlets are for the packages found in Debian's security repositories and that do not have a security notice (DSA) associated with them. Not all security packages released by Debian have a DSA associated with them - Unspecified Fixlets covers such packages.
- Where can I search and download the packages?
- The current version of packages can be found and downloaded from the Debian website at https://www.debian.org/security/, while previous versions can be found in the Debian snapshot (http://snapshot.debian.org). You can also search packages at https://www.debian.org/distrib/packages.
- Are there other Debian resources I should be aware of?
- Here are a few helpful resources:
- Debian website: https://www.debian.org/security/
- Mail list: https://lists.debian.org/debian-security-announce/
- Debian snapshot: http://snapshot.debian.org/
- Search package: https://www.debian.org/distrib/packages
- Debian security repository host: http://security.debian.org
- Security Bug Tracker: https://security-tracker.debian.org/tracker/
- Why would a patch complete successfully, but ultimately fail?
- Under specific circumstances, a patch is successfully applied but the relevance conditions indicate that it is still needed in your deployment. Check to see if there are any special circumstances that are associated with the patch, or contact HCL Software Support.
- If a patch fails to install, what should I do?
- Ensure that you applied the patch to the correct computers. Also,
check the following logs:
- /var/opt/BESClient/__BESData/__Global/Logs/<YYYYMMDD>.log
- /var/opt/BESClient/EDRDeployData/EDR_DeploymentResults.txt
- What are superseded patches?
- Superseded Fixlets are Fixlets that contain outdated packages. If a Fixlet is superseded, then a newer Fixlet exists with newer versions of the packages. The newer Fixlet ID can be found in the description of the superseded Fixlet.
- How do I find out if the Debian package is upgradeable?
- You must first install the apt-show-versions, which is a rpm package
to find out if any Debian packages are upgradeable.
- To install apt-show-versions, enter
apt-get install apt-show-versions. - To get a list of only the upgradeable packages, enter
apt-show-versions -u | less. You can also use grep as follows:apt-show-versions -u | grep "apache"
- To install apt-show-versions, enter
- How do I upgrade specific packages?
- You should specify the package name. For example, if you want
to upgrade apache-perl package, type the following command:
apt-get install apache-perl. This command is useful if you just want to upgrade a single package and not the entire system. - The client logs contains a prefetch plug-in error that prevents the Fixlet from completing successfully. What is causing the error? What should I do?
- The ActionScript that was running on the endpoint might have been blacklisted, causing the prefetch plug-in issue.