Just curious how other BigFixers are using BigFix to manage and patch Oracle Linux. I have setup a mirror server and deployed repo files to all my endpoints to help with patching. BigFix doesn’t appear to go out to the https://yum.oracle.com site to pull update, never did figure that out, but uses the local repo file to get packages. What I find interesting is some of these relevant fixlets are showing packages from development repos and I am not sure why. I would like to just leverage BigFix because I have never had a maintenance window where I deployed the fixlets and not had some issue where the package that was being requested was in a repo that I didn’t have configured. It really would be nice if BigFix would use the https://yum.oracle.com to pull the packages and I could quit maintaining local repo files AND when a package was needed BigFix could/would just download and install it. A download plugin would be nice too.
Anyways, how are other Oracle Linux BigFix users benefiting from BigFix patching? I am trying to figure out how I can improve my environment or learn something that will help me when it comes to patching both Oracle Linux 7 and Oracle Linux 8 servers.
the reason why BigFix does not include a download plugin for Oracle Linux is that a limitation to download patches on behalf of the customer was defined in the Terms & Conditions at the time we started the support for Oracle Linux. I am investigating if this limitation is still valid, if it refers only to the ULN or also to the YUM repository. If this is no longer a restriction, there are good chances that the download plugin will be added in the Product roadmap.
I’m having an issue where all my Oracle Linux 8 clients have a ton of security fixlets reported as relevant in the console, reported relevant in the log initially and then reported non-relevant in the log (as usual), exits with an exit code=1, but the patch actions status is reported as Failed. This is happening to 8 Oracle Linux Servers.
Here’s the Log from the client (/var/opt/BESClient/__BESData/__Global/Logs/YYYMMDD.log):