deploy:ibm_bigfix_install
This is an old revision of the document!
Table of Contents
IBM BigFix
IBM Bigfix also known as TEM (Tivoli EndPoint Manager), IEM (IBM EndPoint Manager)
BigFix Server installation
First install Redhat (also supported on Windows)
/var/opt/BESServer 20GB /var/opt/BESWebReportsServer 3GB /home/db2inst1 30GB # DB2 home dir and DB /opt 2GB /opt/ibm/LMT 2GB /opt/ibm/db2 4GB # DB2 bin /opt/BESWebUI 1GB /backup 20GB
Ensure that on Red Hat Enterprise Linux 8.0 the libnsl.so.1 and libstdc++.so.6 libraries are installed
ilmtsrv:$ bigfix_backup.ksh #!/usr/bin/ksh #================================================================================== # # FILE: bigfix_backup.ksh # # PURPOSE: Backup BigFix + ILMT Server # # AUTHOR: # # PARAMETERS: # # SAMPLES: # #================================================================================== backup_bigfix() { echo "**********************************" echo "***** Stopping BigFix Server *****" echo "**********************************" date '+%Y-%m-%d %H:%M:%S' /etc/init.d/LMTserver stop /etc/init.d/besfilldb stop /etc/init.d/besgatherdb stop /etc/init.d/besserver stop /etc/init.d/beswebreports stop /etc/init.d/besclient stop echo "**********************************" echo "***** Removing old backups *****" echo "**********************************" date '+%Y-%m-%d %H:%M:%S' rm -f /backup/BFENT* rm -f /backup/BESREPOR* rm -f /backup/TEMADB* echo "**********************************" echo "***** Backup DB2 to disk *****" echo "**********************************" date '+%Y-%m-%d %H:%M:%S' /usr/sbin/runuser -l db2inst1 -c "db2 backup db BFENT to /backup" /usr/sbin/runuser -l db2inst1 -c "db2 backup db BESREPOR to /backup" /usr/sbin/runuser -l db2inst1 -c "db2 backup db TEMADB to /backup" echo "**********************************" echo "***** Backup to disk *****" echo "**********************************" date '+%Y-%m-%d %H:%M:%S' tar cvf /backup/BESClient.tar /var/opt/BESClient tar cvf /backup/BESServer.tar /var/opt/BESServer tar cvf /backup/BESWebReportsServer.tar /var/opt/BESWebReportsServer tar cvf /backup/misc.tar /etc/opt/BESServer/actionsite.afxm /var/.com.zerog.registry.xml tar cvf /backup/LMT.tar /opt/ibm/LMT echo "**********************************" echo "***** Startting BigFix Server ****" echo "**********************************" date '+%Y-%m-%d %H:%M:%S' /etc/init.d/besfilldb start /etc/init.d/besgatherdb start /etc/init.d/besserver start /etc/init.d/beswebreports start /etc/init.d/besclient start /etc/init.d/LMTserver start date '+%Y-%m-%d %H:%M:%S' } ################# # Main ################# backup_bigfix > /tmp/backup.log 2>&1
BigFix Client installation
Download BESClient from
http://support.bigfix.com/bes/release/
Linux
Get the masterhead file from BigFix server:
wget -O /etc/opt/BESClient/actionsite.afxm https://<server_ip>:52311/masthead/masthead.afxm
Or
Copy the server file masthead.afxm to the client created folder /etc/opt/BESClient and rename it as actionsite.afxm
Then install the client:
rpm --nosignature -Uhv BESclient.rpm (same version as server) and start the service /etc/rc.d/init.d/besclient start
Windows
Use the same method as linux, path is : “C:\Program Files(x86)\BigFix Entreprise\BES Installers\Client\”
CLI
https://developer.bigfix.com/rest-api/iem_cli/iem_samples.html
Ex: command line
[root@BIGFIXSRV]# /opt/BESServer/bin/iem login --server=10.10.10.137:52311 --user=IEMAdmin --password=password Server : 10.10.10.137:52311 User : IEMAdmin The security certificate used by 10.10.10.137 is not trusted. Do you want to trust security certificates signed by IBM_Endpoint_Manager when connecting to 10.10.10.137?[Y/N]: Y Successfully logged in to server!
[root@BIGFIXSRV]# /opt/BESServer/bin/iem get help /api/action /api/actions /api/admin /api/analyses /api/analysis /api/authenticate /api/clientquery /api/clientqueryresults /api/computer /api/computergroup /api/computergroups /api/computers /api/dashboardvariable /api/dashboardvariables /api/fixlet /api/fixlets /api/help /api/import /api/ldapdirectories /api/ldapdirectory /api/login /api/mailbox /api/operator /api/operators /api/properties /api/property /api/query /api/replication /api/role /api/roles /api/samlprovider /api/samlproviders /api/serverinfo /api/session /api/site /api/sites /api/task /api/tasks /api/upload /api/uploads /api/webreports /api/webui-app /api/webui-apps /api/webui-content-upgrade-status /api/webui-sites /api/webui-using-local-config /api/webui-variables
[root@BIGFIXSRV]# /opt/BESServer/bin/iem get ldapdirectories <?xml version="1.0" encoding="UTF-8"?> <BESAPI xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BESAPI.xsd"> <LDAPDirectory Resource="https://10.10.10.137:52311/api/ldapdirectory/140"> <ID>140</ID> <Name>My LDAP Server</Name> <IsActiveDirectory>false</IsActiveDirectory> <UseSSL>true</UseSSL> <BaseDN>dc=mydom,dc=tst</BaseDN> <UIDAttribute>uid</UIDAttribute> <UserFilter>(objectClass=account)</UserFilter> <GroupFilter>(objectClass=organizationalUnit)</GroupFilter> <User>cn=Manager,dc=mydom,dc=tst</User> <Servers> <Server> <Host>10.10.10.11</Host> <Port>636</Port> <Priority>0</Priority> </Server> </Servers> </LDAPDirectory> </BESAPI>
QNA
Optional you can install for windows only “Session Relevance Editor”
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Session%20Relevance%20Editor
Fixlet Debugger can be used to extract informations:
[root@BIGFIXSRV]# /opt/BESClient/bin/qna Default masthead location, using /etc/opt/BESClient/actionsite.afxm Q: total space of filesystem "/opt" A: 1023303680 T: 318 Q: properties of type "filesystem" A: name of <filesystem>: string A: volume of <filesystem>: string A: size of <filesystem>: integer A: total space of <filesystem>: integer A: free space of <filesystem>: integer A: used space of <filesystem>: integer A: free percent of <filesystem>: integer A: used percent of <filesystem>: integer A: file count of <filesystem>: integer A: free file count of <filesystem>: integer A: used file count of <filesystem>: integer A: type of <filesystem>: string A: mount point of <filesystem>: string A: device name of <filesystem>: string A: fstype of <filesystem>: string A: filesystem type of <filesystem>: string A: mount option of <filesystem>: string A: block size of <filesystem>: integer A: uuid of <filesystem>: string T: 7209 Q: lines whose (it as lowercase contains "root") of file "/etc/security/limits" E: Singular expression refers to nonexistent object. T: 228 Q: exists filesystem "/var" A: True T: 7531 Q: lines whose (it as lowercase contains "root") of file "/etc/security/limits" E: Singular expression refers to nonexistent object. T: 302 Q: names of sites A: BES Asset Discovery A: BES Inventory and License A: BES Support A: BigFix Labs A: IBM License Reporting A: Patches for RHEL 7 A: Patching Support A: Server Automation A: Software Distribution A: actionsite A: mailboxsite A: opsite10 T: 3046 Q: type of site whose (name of it is "BES Support") A: Fixlet Site T: 4690 Q: (name of it, type of it, version of it) of sites A: BES Asset Discovery, Fixlet Site, 96 A: BES Inventory and License, Fixlet Site, 179 A: BES Support, Fixlet Site, 1301 A: BigFix Labs, Fixlet Site, 51 A: IBM License Reporting, Fixlet Site, 94 A: Patches for RHEL 7, Fixlet Site, 132 A: Patching Support, Fixlet Site, 720 A: Server Automation, Fixlet Site, 65 A: Software Distribution, Fixlet Site, 77 A: actionsite, Master Action Site, 92 A: mailboxsite, Mailbox Site, 0 A: opsite10, Operator Site, 1 T: 499
BigFix diagnistic
https://<bigfix_server>:52311/rd
BigFix help for CLI (command line)
https://<bigfix_server>:52311/api/help
Example BigFix help for CLI
# List all ID computers https://<bigfix_server>:52311/api/computers # Detail info about a computer https://<bigfix_server>:52311/api/computer/4194896
deploy/ibm_bigfix_install.1642266226.txt.gz · Last modified: 2022/01/15 18:03 by manu
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
