Analysis - Linux Tar Ball Installs

Jstev 2022-04-27 17:29:09 UTC #1

I’m curious if anyone has been asked to or has had any success in setting up an analysis for reporting on Tar ball Linux applications? I can see ways to query RPM applications but I am curious what others have done for Tar ball apps.

Any advice is greatly appreciated.

JasonWalker 2022-04-28 14:49:27 UTC #2

I think you’d need to build custom properties to identify those files…or, better yet, create Inventory signatures for them.

itsmpro92 2022-04-28 15:11:32 UTC #3

If you have BFI, another option is to add custom SWID tags to your applications. NIST has a pretty detailed document describing the creation of SWID tags: https://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8060.pdf .

Jstev 2022-04-28 15:36:38 UTC #4

We do have BigFix Inventory but ideally I would like to get them into a property within BigFix so that I can query them alongside other BES properties. I have a property in BigFix for RPM apps and was hoping to elevate our collection of data but since the path could be in different places it will likely require additional effort. I’ll investigate the SWID options though.
Thank you for the recommendation.

itsmpro92 2022-04-28 16:23:32 UTC #5

One of BFI’s strengths is its ability to locate software deployed outside of some control mechanism like an RPM or MSI installer.