Preparing installation files for disconnected scans

Available from 9.2.7. After you add the disconnected data source, prepare the installation package and distribute it to the disconnected systems. The package should contain the scanner, software catalog and the configuration files that are used to initiate scans. You can download the catalog from the BigFix Inventory server.

About this task

Prepare the installation files for disconnected scans in a few easy steps. First, obtain the disconnected scanner package and include the software catalog in it. If needed, configure the scans by making modifications in the setup_config.ini file, and performing the optional optimization. Then, upload the disconnected scanner packages to endpoints.

Procedure

  1. To obtain the disconnected scanner package, follow one of the listed paths.

    • Go to the BigFix console and run Download the Disconnected Scanner Package (version) fixlet to download the disconnected scanner package.

    • The name of the disconnected scanner package follows the specific naming convention: BFI-DisconnectedScanner-<platform>-<version>-<timestamp>.

  2. Download the software catalog.
    1. Log in to BigFix Inventory, and go to Management > Data Sources.
    2. Select your disconnected data source.
    3. Download the catalog for the appropriate platform.
  3. Prepare the content of the disconnected scanner directory.
    1. Unpack the disconnected scanner package on the computer from which you intend to transfer the scanner to your endpoints.
    2. Open the config directory in the unpacked package.
    3. Place the catalog file CIT_catalog_PLATFORM.xml in the config directory.
  4. Optional Perform optional configuration and optimization of the scanner.

    You can configure the disconnected scan settings mainly by editing the setup_config.ini file that is located in the config directory of the unpacked package. If you upgrade the disconnected scanner, the setup_config.ini file is overwritten and you must configure the scheduled scans and output directory again.

    1. 9.2.17 To schedule regular software or hardware scans, edit the setup_config.ini file that is located in the config directory of the unpacked package.
      • For scheduling regular software scans configure the following parameters.
        • SW_SCAN_SCHEDULE_ENABLED parameter enables regular software scans on the endpoint. To schedule regular software scans, set the parameter to TRUE.
        • SW_SCAN_FREQUENCY parameter allows you to configure the frequency of software scans. Set the parameter to WEEKLY or DAILY. The first software scan is initiated after you install the scanner. For more information, see: Installing the scanner and gathering initial data. Subsequent scans will run on that time with the frequency you choose.
      • 10.0.0 Linux The capacity scan runs regularly. However, if you want to collect the capacity data only once, set the HW_SCAN_SCHEDULE_ENABLED parameter to FALSE.
      For more advanced configuration, you can edit the settings of cron on Unix, or Task Scheduler on Windows.
    2. 9.2.17 To configure the output directory for the disconnected scanner, edit the PACKAGE_OUTPUT_DIR parameter in the setup_config.ini file that is located in the config directory of the unpacked package.
      • PACKAGE_OUTPUT_DIR parameter allows you to configure the path where the scan results are stored. Provide a relative or absolute path. A base of the relative path is the installation directory of the disconnected scanner. The default path is ./output.
    3. If any further modifications are required, customize the configuration files before distributing them to endpoints in your environment. Then, you do not need to configure each endpoint individually. You can change the default configuration; for example, limit the processor utilization, or specify the directories that need to be excluded from being scanned. For more information, see: Troubleshooting the discovery by disconnected scanner.
      Note: Solaris The fs_config.xml file contains the list of collected file extensions under the FileMask parameter. If it is required, you can narrow down this list by removing the unwanted extensions from the file. For other supported systems, the list of extensions is configured automatically based on the software catalog.
  5. Upload the whole content of the disconnected scanner package to the endpoints. Do not change file names.
    Note: After you install the scanner on endpoints, the scanner installation path cannot be changed. The installation path is a location where you upload the installation files. To change the installation path, back up the configuration files, scan results and logs. Then, uninstall the scanner, move the files to a different directory, and then install the scanner in a new location.
    Restriction:

    Solaris The installation path should be short, and should not contain any special characters or spaces.

    Windows The name of the directory where the installation files are copied cannot contain any special or national characters. Spaces are allowed. The entire path cannot exceed the total of 99 characters.

What to do next

Install the scanner and gather initial data.