Does BigFix have a client or a masthead that can assess the vulnerabilities of an Apache web server? I see a list of supported Windows products, but what about non-windows server applications list? I’ve found someone talking about Oracle, AIX, ESX, Solaris, and HP-UX mastheads, but I can’t find any official BigFix documentation listing that BigFix supports these products. I need to provide my customer a formal list.
Also, I’m trying to configure my RHEL 5 patch deployment. I have all the fixlets in my BES console, but none of them are showing as relevant to my RHEL 5 server. Can anyone speculate as to what I’m doing wrong… I followed the documentation as best as I could.
We have SCM content that can address some common requirements in applications like Apache, based on federal standards.
The patch question sounds like you might not have subscribed the server to the content site? In 8.0 we default new sites to ‘no computers’, in order to minimize instances of over-targeting (subscribing Windows systems to Red Hat content doesn’t help anyone).
Actually, I remembered to subscribe the RedHat box to all the RHEL sites, so that didn’t solve the issue. That is the first thing everyone over here asked me as well.
Also, could you please point me to where the SCM content is for Apache, Oracle, ESX, or HP-UX? I’m not finding it very well…
That makes me wonder if there’s an agent problem, probably best to call support.
SCM content is sorted by OS, and the application would then be checked on a per OS basis. Particularly when it comes to *nix, there is an enforced assumption that the OS vendor’s package is used, otherwise it’s not possible to locate and test the product.