Editing the Masthead on Linux systems
To modify the masthead, run the following command as super user:
./BESAdmin.sh -editmasthead -sitePvkLocation=<path+license.pvk>
[ -sitePvkPassword=<password> ]
[ -display ] [ -advGatherSchedule=<0-10> ] [ -advController=<0-2> ]
[ -advInitialLockState=<0|2> | -advInitialLockState=1 -advInitialLockDuration=<num> ]
[ -advActionLockExemptionURL=<url> ] [ -advRequireFIPScompliantCrypto=<true|false> ]
[ -advEnableFallbackRelay=0 | -advEnableFallbackRelay=1
-advFallbackRelay=<host> ]
where:-sitePvkLocation=<path+license.pvk>
- Specifies the private key file (
filename.pvk
). This private key file and its password are required to run the Administration Tool. Only users with access to the site level signing key and password are able to create new BigFix operators.Note: The notation<path+license.pvk>
used in the command syntax stands forpath_to_license_file/license.pvk
. -sitePvkPassword=<password>
- Specifies the password associated to the private key file
(
filename.pvk
). This setting is optional, if you omit it you will be asked to specify the password interactively when the command runs. -display
- Displays the current settings for the masthead.
-advGatherSchedule (optional, integer)
- Determines how long the clients wait without hearing from the server before
they check whether new content is available. In general, whenever the server
gathers new content, it attempts to notify the clients that the new content
is available through a UDP connection, circumventing this delay. However, in
situations where UDP is blocked by firewalls or where network address
translation (NAT) remaps the IP address of the client from the servers
perspective, a smaller interval becomes necessary to get a timely response
from the clients. Higher gathering rates only slightly affect the
performance of the Server, because only the differences are gathered; a
client does not gather information that it already has. Valid values are:
0=Fifteen Minutes, 1=Half Hour, 2=Hour, 3=Eight Hours, 4=Half day, 5=Day, 6=Two Days, 7=Week, 8=Two Weeks, 9=Month, 10=Two Months
-advController (optional, integer)
- Determines who can change the action lock state. The default is
Console, which allows any Console operator with
management rights to change the lock state of any client in the network. If
you want to delegate control over locking to the user, you can select
Client, but this is not recommended. Valid values
are:
0=console, 1=client, 2=nobody
-advInitialLockState (optional, integer)
- Specifies the initial lock state of all clients. Locked clients report which
Fixlet messages are relevant for them, but do not apply any actions. The
default is to leave them unlocked and to lock specific clients later on.
However, you might want to start with the clients locked and then unlock
them on an individual basis to give you more control over newly-installed
clients. Alternatively, you can set them to be locked for a certain period
of time. Valid values
are:
0=Locked, 1=timed (specify duration), 2=Unlocked
-
-advInitialLockDuration (optional, integer)
- Defines the period of time in seconds the clients must be locked.
-advActionLockExemptionURL (optional, string)
- In rare cases, you might need to exempt a specific URL from any locking
actions. Check this box and enter the exempt URL. Note: You can specify only one site URL and it must begin with
http://
. -advRequireFIPScompliantCrypto (optional, boolean)
- Implements the Federal Information Processing Standard on your network. This
changes the masthead so that every BigFix component
attempts to go into FIPS mode. By default, the client continues in non-FIPS
mode if it fails to correctly enter FIPS, which might be a problem with
certain legacy operating systems. Be aware that checking this box can add a
few seconds to the client startup time.Note: Enabling FIPS mode prevents the use of some authentication methods when connecting to a proxy. If you selected to use a proxy to access the Internet or to communicate with BigFix subcomponents, ensure that the proxy configuration is set up to use an authentication method other than digest, negotiate or ntlm.
-advEnableFallbackRelay (optional,boolean)
- Enables or disables a fallback relay for your clients when they do not connect to any relay specified in their settings. If you do not define a fallback relay, the root server of your environment is used.
-advFallbackRelay (optional, string)
- Defines the host name of the fallback relay of your environment in one of
the following formats:
- Hostname. For example, myhostname.
- Fully qualified domain name (FQDN). For example, myhostname.mydomain.com.
- IP address. For example, 10.10.10.10.
Note: Before specifying a fallback relay, ensure that any client or relay reporting directly to the root server has the root server defined as a relay. This setting will not prevent endpoints from selecting the root server. Also set _BESRelay_Register_Affiliation_AdvertisementList on the BES Root Server to a group name that will not be set on any clients, such as DoNotSelectMe.