Editing the Masthead on Linux systems
To modify the masthead, run the following command as super user:
./BESAdmin.sh -editmasthead -sitePvkLocation=<path+license.pvk>
[ -sitePvkPassword=<password> ]
[ -display ] [ -advGatherSchedule=<0-10> ] [ -advController=<0-2> ]
[ -advInitialLockState=<0|2> | -advInitialLockState=1 -advInitialLockDuration=<num> ]
[ -advActionLockExemptionURL=<url> ] [ -advRequireFIPScompliantCrypto=<true|false> ]
where:-sitePvkLocation=<path+license.pvk>
- Specifies the private key file (
filename.pvk
). This private key file and its password are required to run the Administration Tool. Only users with access to the site level signing key and password are able to create new BigFix operators.Note: The notation<path+license.pvk>
used in the command syntax stands forpath_to_license_file/license.pvk
. -sitePvkPassword=<password>
- Specifies the password associated to the private key file (
filename.pvk
). This setting is optional, if you omit it you will be asked to specify the password interactively when the command runs. -display
- Displays the current settings for the masthead.
advGatherSchedule (optional, integer)
- Determines how long the clients wait without hearing from the
server before they check whether new content is available. In general,
whenever the server gathers new content, it attempts to notify the
clients that the new content is available through a UDP connection,
circumventing this delay. However, in situations where UDP is blocked
by firewalls or where network address translation (NAT) remaps the
IP address of the client from the servers perspective, a smaller interval
becomes necessary to get a timely response from the clients. Higher
gathering rates only slightly affect the performance of the Server,
because only the differences are gathered; a client does not gather
information that it already has. Valid values are:
0=Fifteen Minutes, 1=Half Hour, 2=Hour, 3=Eight Hours, 4=Half day, 5=Day, 6=Two Days, 7=Week, 8=Two Weeks, 9=Month, 10=Two Months
advController (optional, integer)
- Determines who can change the action lock state. The default is Console,
which allows any Console operator with management rights to change
the lock state of any client in the network. If you want to delegate
control over locking to the user, you can select Client,
but this is not recommended. Valid values are:
0=console, 1=client, 2=nobody
advInitialLockState (optional, integer)
- Specifies the initial lock state of all clients. Locked clients
report which Fixlet messages are relevant for them, but do not apply
any actions. The default is to leave them unlocked and to lock specific
clients later on. However, you might want to start with the clients
locked and then unlock them on an individual basis to give you more
control over newly-installed clients. Alternatively, you can set them
to be locked for a certain period of time. Valid values are:
0=Locked, 1=timed (specify duration), 2=Unlocked
-
advInitialLockDuration (optional, integer)
- Defines the period of time in seconds the clients must be locked.
advActionLockExemptionURL (optional, string)
- In rare cases, you might need to exempt a specific URL from any
locking actions. Check this box and enter the exempt URL. Note: You can specify only one site URL and it must begin with
http://
. advRequireFIPScompliantCrypto (optional, boolean)
- Implements the Federal Information Processing Standard on your
network. This changes the masthead so that every IBM BigFix component
attempts to go into FIPS mode. By default, the client continues in
non-FIPS mode if it fails to correctly enter FIPS, which might be
a problem with certain legacy operating systems. Be aware that checking
this box can add a few seconds to the client startup time.Note: Enabling FIPS mode prevents the use of some authentication methods when connecting to a proxy. If you selected to use a proxy to access the Internet or to communicate with IBM BigFix subcomponents, ensure that the proxy configuration is set up to use an authentication method other than digest, negotiate or ntlm.