Hi All,
I am new to BigFix and still learning.
I have a requirement of creating a Fixlet that should get the script from GiTLab repository. This script will check a service in Windows server and reboot it, if it is not running.
The requester need to change the script if needed, therefore they keep the script in GitLab repo. I would appreciate if anyone share details of creating the fixlet with example.
Thank you!
BigFix is specifically designed to avoid this - we use hash checking on downloads to prevent running unknown or tampered commands.
For this, you’d probably need to use the ‘download now’ command so clients download the file directly. The download won’t go through the root or relay hierarchy, each client would download from the git repo directly. You’ll need to figure out the URL from which to download and how credentials would work.
https://developer.bigfix.com/action-script/reference/download/download-now.html
Hi Jason,
Thank you very much for your response.
I agree on you. I should use download now command. I will follow your instructions.
Thanks again!
Have a wonderful day!
Or leverage Dynamic Downloads.
Some potential references:
https://developer.bigfix.com/action-script/guide/dynamic_download.html
Thank you, Aram!
This is very useful. Do you have details of adding GitLab location and token to get script?
Appreciated your support!
I wonder if it is possible to create a custom download plugin that would function like the ones for RedHat and other patch sites that require authentication?
https://bigfix-ideas.hcltechsw.com/ideas/BFLCM-I-298
(sound of throat clearing)
Not to be undertaken lightly, but if you have a thirst for danger and want to explore further you could try the download plugin I wrote about at Prefetch with authentication, for example Azure DevOps - #10 by JasonWalker
I have confirmation it works for authenticated access to one repo (mine). But it’ll expect to download the file from a tagged release, not necessarily whatever latest source is in ‘main’.
If you’re creating Releases and attaching the file to the latest Release in a predictable way it may be useful though.