Frequently asked questions
Learn from these questions and answers that are designed to help you better understand BigFix Patch for Debian.
- Which support fixlet can I use for installing the newest versions of all the packages installed on an endpoint?
- You can use the
Run `dist-upgrade` to install and intelligently handle dependencies of new packages
support fixlet for installing the latest versions of all the packages installed on a system/endpoint. Theapt-get dist-upgrade
command installs the newest versions of all packages that are currently installed on the system from the sources that are defined for `apt`. The command also attempts to intelligently handle changing dependencies.
- Using which support fixlet can I install all available security updates from a vendor repository?
- You can use the
Install all available updates from the vendor security repository (amd64)
support fixlet to install all the security updates from your vendor repository. This fixlet gets a list of all the available updates from the vendor security package repository and installs them on the system/endpoint.
- What are Unspecified Fixlets and why do we need them?
- Unspecified Fixlets are for the packages found in Debian's security repositories and that do not have a security notice (DSA) associated with them. Not all security packages released by Debian have a DSA associated with them - Unspecified Fixlets covers such packages.
- Where can I search and download the packages?
- The current version of packages can be found and downloaded from the Debian website at https://www.debian.org/security/, while previous versions can be found in the Debian snapshot (http://snapshot.debian.org). You can also search packages at https://www.debian.org/distrib/packages.
- Are there other Debian resources I should be aware of?
- Here are a few helpful resources:
- Debian website: https://www.debian.org/security/
- Mail list: https://lists.debian.org/debian-security-announce/
- Debian snapshot: http://snapshot.debian.org/
- Search package: https://www.debian.org/distrib/packages
- Debian security repository host: http://security.debian.org
- Security Bug Tracker: https://security-tracker.debian.org/tracker/
- If a patch fails to install, what should I do?
- Ensure that you applied the patch to the correct computers. Also,
check the following logs:
- /var/opt/BESClient/__BESData/__Global/Logs/<YYYYMMDD>.log
- /var/opt/BESClient/EDRDeployData/EDR_DeploymentResults.txt
- What are superseded patches?
- Superseded Fixlets are Fixlets that contain outdated packages. If a Fixlet is superseded, then a newer Fixlet exists with newer versions of the packages. The newer Fixlet ID can be found in the description of the superseded Fixlet.
- How do I find out if the Debian package is upgradeable?
- You must first install the apt-show-versions, which is a rpm package
to find out if any Debian packages are upgradeable.
- To install apt-show-versions, enter
apt-get install apt-show-versions
. - To get a list of only the upgradeable packages, enter
apt-show-versions -u | less
. You can also use grep as follows:apt-show-versions -u | grep "apache"
- To install apt-show-versions, enter
- How do I upgrade specific packages?
- You should specify the package name. For example, if you want
to upgrade apache-perl package, type the following command:
apt-get install apache-perl
. This command is useful if you just want to upgrade a single package and not the entire system. - The client logs contains a prefetch plug-in error that prevents the Fixlet from completing successfully. What is causing the error? What should I do?
- The ActionScript that was running on the endpoint might have been blacklisted, causing the prefetch plug-in issue.