Welcome
Configuration Management (SCM)
BigFix Compliance Configuration Management (SCM) includes configurable content that is checks and checklists, which assess and manages the devices to ensure compliance standards are met.
Configuration Management for Console User Guide
Configuration management (SCM) is used to manage security configuration of devices using checklists which includes creating custom checklists, customize individual checks, synchronizing, deploying checklists to devices.
Configuring Linux checklists
The Configuration Management checklists for Linux systems are delivered as a set of Fixlets and tasks that can help you find the information you need to manage your deployment.
Checklist components
The Linux Checklist Components ensure that the system is systematically reviewed and remains operational, secure, and compliant.
Deploy and Run task
Deploy and Run tasks are a crucial part of the checklist, especially for checks where continuous monitoring is not feasible.
Modifying global scan options
You can control the behavior of the global scan through the pop box on Deploy and Run in the Linux Checklists.

BigFix Documentation Homepage
BigFix 11 Compliance Documentation
Welcome to the BigFix Compliance documentation, where you can find information about how to install, maintain, and use BigFix Compliance.
BigFix Platform
BigFix Query
Compliance Overview
BigFix Compliance helps support endpoint security throughout your organization.
Compliance Guides in PDF format
Following is a list of links to the BigFix Compliance user guides in PDF format:
Compliance Setup Guide and User Guide
BigFix Compliance Analytics is a web-based application designed to help you manage security, vulnerability, and risk assessment. The application archives security and vulnerability compliance check results to identify configuration issues and report levels of compliance toward security configuration goals.
Configuration Management (SCM)
BigFix Compliance Configuration Management (SCM) includes configurable content that is checks and checklists, which assess and manages the devices to ensure compliance standards are met.
- Configuration Management for Console User Guide
  Configuration management (SCM) is used to manage security configuration of devices using checklists which includes creating custom checklists, customize individual checks, synchronizing, deploying checklists to devices.
  - Setting up Configuration Management
    Follow these steps to set up your Configuration Management deployment.
  - Using checks and checklists
  - Configuring Windows and Web Browser Checklist
    The Configuration Management checklists for the Windows™ and Web Browser systems are delivered as a set of Fixlets and tasks that can help you find the information you need to manage your deployment.
  - Configuring Linux checklists
    The Configuration Management checklists for Linux systems are delivered as a set of Fixlets and tasks that can help you find the information you need to manage your deployment.
    - Overview
      Learn about concepts and the work process in Linux checklists.
    - Setup and configuration
      Create custom copies of the Linux checklist content if you want to modify the checks based on a specific corporate policy. You can manually create a custom site to host the Linux checklist or use the Create Custom Checklist wizard to create copies of the Linux checklist and save them in a custom site.
    - Checklist components
      The Linux Checklist Components ensure that the system is systematically reviewed and remains operational, secure, and compliant.
      - Deploy and Run task
        Deploy and Run tasks are a crucial part of the checklist, especially for checks where continuous monitoring is not feasible.
        Understanding the output of deploy and Run task
        With Linux content, endpoint scans are performed using a series of Linux shell scripts, offering enhanced accessibility for Linux system administrators.
        Modifying global scan options
        You can control the behavior of the global scan through the pop box on Deploy and Run in the Linux Checklists.
      - Applicability Fixlets
        Learn about concepts and the work process in Configuration Management.
      - Remediation
        Most Linux audit checks include built-in remediation capabilities. However, a smaller subset of Linux audit checks can be customized to audit non-default values.
    - Measured Value Analysis
      Many check Fixlets have a corresponding analysis, often referred to as "measured values", which report the value of the element being evaluated by the check Fixlet.
    - Using checks and checklists
      The check Fixlets in Configuration Management checklists evaluate an endpoint against a defined configuration standard. Many of these check Fixlets have a corresponding analysis, often referred to as "measured values", which reports the value of the element being assessed by the check Fixlet.
  - Configuring Middleware Checklists
    The Configuration Management checklists for Middleware systems are delivered as a set of Fixlet and tasks that can help you find the information you need to manage your deployment.
  - Configuring Unix checklists
    The Configuration Management checklists for UNIX™ systems are delivered as a set of Fixlets and tasks that can help you find the information you need to manage your deployment.
  - Importing SCAP content
  - Configuration Management Reporting
  - Frequently asked questions
- Security Configuration Management for WebUI User Guide
  Security Configuration Management (SCM) App in WebUI continuously assess and manages the device for security misconfiguration and deviation, which enables operator to deploy remediation action to ensure the device meets compliance standards.
Client Manager for Endpoint Protection
BigFix Compliance CMEP is an effective tool to monitor the deployment and health status of various Endpoint Protection products and provide quick remediation actions to recover needed endpoint protection.
BigFix Client Compliance
This guide describes the BigFix Client Compliance and its solutions (BigFix Client Compliance Configuration and BigFix Client Compliance Windows (IPSec Framework)) which helps in maintaining the compliance status of the computers.
BigFix and Carbon Black integration
The HCL BigFix and Carbon Black integration allows administrators to deploy a full endpoint security solution to detect, contain, investigate, and remediate security threats and attacks on endpoints across the enterprise. The following sections provide useful information and links to the resources available for the solution.
Middleware Application Patching
Middleware Application Patching is an important process for organizations to ensure their systems are secure and up to date. By applying the appropriate patches and security updates, organizations can minimize the risk of malicious attacks and potential data loss. BigFix users can enjoy unified patch management by using a single platform for deploying database and middleware patches.
RBI Compliance User Guide
Discover how the RBI Compliance Report provides a centralized and automated reporting solution for monitoring device and Fixlet compliance.
BigFix Remediate
BigFix MCM
Glossary
This glossary provides terms and definitions for the BigFix® Compliance software and products.

Modifying global scan options

You can control the behavior of the global scan through the pop box on Deploy and Run in the Linux Checklists.

Linux™ content includes a global scan script part of the Deploy and Run tasks and that is used to do a full system scan. The results of this scan are used in several scripts. This script eliminates the need to run a full system scan multiple times when you are evaluating a set of checks on a single system. This feature allows Endpoint Manager to be more efficient and causes less impact on the system during a configuration scan.

Table 1. Parameters and their descriptions
Parameter	Description
EXCLUDEFS	A list of specific file systems to exclude from scanning. This list must be a space-separated list of all the file system types to exclude from the search. By default, the global find script excludes the following file system types from its search: devpts tmpfs cdrfs procfs ctfs fd hsfs proc mntfs smbfs iso9660 nfs3 nfs4 nfs msdos nfsd rpc_pipefs binfmt_misc sysfs sharefs
EXCLUDEMOUNTS	A list of specific mount points to exclude from scanning. This parameter must be defined as a space-separated list of all the file system mounts to exclude from the search. This prevents the shared file system from being scanned from multiple systems. For example, if several systems mount a shared directory on a Storage Area Network named /san, you might want to exclude them with a parameter such as: EXCLUDEMOUNTS="/san" By default, this parameter is not used and is represented as an empty value.
EXCLUDEINODES	Threshold Inode count to skip file system during scan.

Action Parameter

Action Parameter

To view the policies, click Reports > Policies.