Red Hat Installation Instructions
How to install the client on Red Hat.
Before installing the client on Red Hat Enterprise Linux™ 7, 8 or 9, ensure that you have disabled the SELinux process or, if you want to keep SELinux enabled, that the following settings are configured:
selinux = enforcing, policy = targeted.
- Installed the Athena library (libXaw package) that is used by the user interface component of the client.
- Installed the initscripts package before installing the client on Red Hat Enterprise Linux™ 9.
To install the client perform the following steps:
- Download the corresponding BigFix client RPM file to the Red Hat computer.
- Install the RPM by running the command
rpm -ivh client_RPM_path
Note:Starting from BigFix Version 9.5.9, if you are installing the signed packages and you have not imported the public key for that signature, you receive the following warning:
BESAgent-9.5.9.xx-rhe6.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 3e83b424: NOKEY
- Copy your actionsite masthead to the client computer (the masthead contains configuration,
license, and security information). The action site masthead (
actionsite.afxm
) can be found in your BES Installation folders (by default they are placed underC:\Program Files (x86)\BigFix Enterprise\BES Installers\Client
on Windows™ and/var/opt/BESInstallers/Client/
on Linux™). If the masthead is not namedactionsite.afxm
, rename it toactionsite.afxm
and place it on the computer at the following location:/etc/opt/BESClient/actionsite.afxm
.Note: The directoryThe masthead file for each BigFix Server can be downloaded at/etc/opt/BESClient/
is not automatically created by the installer. If it does not exist, create it manually.http://servername:port/masthead/masthead.afxm
(example:http://bes.BigFix.com:52311/masthead/masthead.afxm
). - Start the BigFix client
by running the command:
Up to BigFix Version 11.0.1, for backward compatibility reasons, you can also run the command:systemctl start besclient
/etc/init.d/besclient start
Note: When upgrading to BigFix Version 11.0.2 or later, the/etc/init.d/besclient
file, if present, is removed by the upgrade process and the/etc/init.d/besclient start|stop|status|restart
commands are no longer available.
Signed Client Red Hat RPM packages
Starting from BigFix Version 9.5.9, the Red Hat RPM packages are signed with a PGP key.
Starting from BigFix Version 10.0.8, the signature of the Red Hat RPM package for BigFix Agent contains the SHA256 digest and header, thus you can install the BigFix Agent on Red Hat systems with FIPS mode enabled.
The RPM packages available for download are stored, divided by product version and platform, in the following repository: http://support.bigfix.com/bes/release/.
rpm -qpi <package>.rpm
In the command output the content of the
Signature field shows if the package is signed or not:- The package is signed if the Signature field is not empty.
- The package is not signed if the Signature field does not contain any value.
Name : BESAgent
Version : 10.0.0.133
Release : rhe6
Architecture: x86_64
Install Date: (not installed)
Group : Applications/Security
Size : 54525522
License : (c) Copyright HCL Technologies Limited 2001-2020 ALL RIGHTS RESERV ED
Signature : RSA/SHA256, Sun 29 Mar 2020 11:01:24 PM CEST, Key ID f103a7e216055 553
Source RPM : BESAgent-10.0.0.133-rhe6.src.rpm
Build Date : Sun 29 Mar 2020 08:52:46 PM CEST
Build Host : platbuild-rhel-6-x86-64-2.platform.bes.prod.hclpnp.com
Relocations : (not relocatable)
Packager : HCL Technologies Limited
Vendor : HCL Technologies Limited
URL : http://www.bigfix.com/
Summary : BigFix Agent
Description :
BigFix Agent for Linux.
If the package is signed, you can download and import the public key for that signature by running the BES Support Fixlet named Import BigFix public GPG key for RedHat RPMs.
rpm --import <keyfile>
where the key file can be a URL or a local
file.The BigFix public key available for download is stored in the following repository: http://support.bigfix.com/bes/release/
'rpm -i <package name>'
or an equivalent command.If you did not import the public key, during the client installation you might see a warning message saying that the signature cannot be verified. This message does not prevent your RPM package from being installed successfully on the client system.