On Linux Systems
You can set the security options after you install BigFix V9.5 or upgrade it to V9.5, by running the following command as super user:
./BESAdmin.sh -securitysettings -sitePvkLocation=<path+license.pvk>
-enableEnhancedSecurity -requireSHA256Downloads
Note: The notation
<path+license.pvk>
used in
the command syntax stands for path_to_license_file/license.pvk
.The full syntax of the
./BESAdmin.sh -securitysettings
is
the following:./BESAdmin.sh -securitysettings -sitePvkLocation=<path+license.pvk>
[-sitePvkPassword=<password>]
{ -status | {-enableEnhancedSecurity|-disableEnhancedSecurity}
| {-requireSHA256Downloads|-allowSHA1Downloads} }
where:- status
- Shows the status of the security settings in your BigFix environment. Example:
BESAdmin.sh -securitysettings -sitePvkLocation=/root/backup/license.pvk -sitePvkPassword=mypassw0rd -status Enhanced security is currently ENABLED SHA-256 downloads are currently OPTIONAL
- enableEnhancedSecurity | disableEnhancedSecurity
- Enables or disables the enhanced security that adopts the SHA-256
cryptographic digest algorithm for all digital signatures as well
as content verification and the TLS 1.2 protocol for communications
among the BigFix components.Warning: If you use this setting you break backward compatibility because BigFix version 9.0 or earlier components cannot communicate with BigFix version 9.5 server or relays.
- requireSHA256Downloads
- Ensures that data has not changed after you download it using
the SHA-256 algorithm.Note: You can set requireSHA256Downloads only if you also set enableEnhancedSecurity.
- allowSHA1Downloads
- Ensures that the file download integrity check is run using the SHA-1 algorithm.