Reading and Writing BigFix Client Settings on MacOS Terminal

Whenever possible, you should set BigFix Client Settings using a BigFix action using the actionscript commands to set client settings. These settings work on all platforms even though the actual storage mechanism differs on different platforms.

Example:

setting "_BESClient_Comm_CommandPollEnable"="1" on "{ parameter "action issue date" of action}" for client

See here: https://github.com/jgstew/bigfix-content/blob/master/fixlet/clientsettings/Set%20__BESClient_Comm_CommandPollEnable_%20to%20_1_%20-%20Universal.bes

But what if you have a client that isn’t working and you need to fix it on the command line? That gets more complicated, especially on MacOS.

Even just reading what client settings are currently in place is complicated on MacOS.

This will give you more than just client settings:

defaults read /Library/Preferences/com.bigfix.BESAgent Settings

This will limit the scope to just client settings:

/usr/libexec/PlistBuddy -c "print Settings:Client" /Library/Preferences/com.bigfix.BESAgent.plist

See here: https://github.com/jgstew/tools/blob/master/bash/bigfix_settings_read.sh

But what if you want to read the raw plist XML that MacOS uses to store these preferences? In that case, you have to do the following:

sudo /Library/BESAgent/BESAgent.app/Contents/MacOS/BESAgentControlPanel.sh -stop

sudo plutil -convert xml1 /Library/Preferences/com.bigfix.BESAgent.plist
sudo cat /Library/Preferences/com.bigfix.BESAgent.plist

sudo /Library/BESAgent/BESAgent.app/Contents/MacOS/BESAgentControlPanel.sh -start

See here: https://github.com/jgstew/tools/blob/master/bash/bigfix_settings_read_file_macos.sh

What if you want to change 1 specific BigFix Client setting on the MacOS command line?

In that case, you must stop the bigfix client before setting the value.

See here: https://github.com/jgstew/tools/blob/master/bash/bigfix_settings_write.sh

If you were to set multiple client settings at once, it would be better to only stop and restart the bigfix agent once. If you stop bigfix before running the bigfix_settings_write.sh script then it will NOT start it at the end of the script. That way you can handle the stopping and starting of BigFix outside of the script yourself and then invoke it multiple times as needed.

I did plan to have these scripts work on Linux/Unix as well as MacOS, but for now they are all MacOS only.

Also, for the stopping and starting the BigFix agent before and after setting the settings? That is a requirement of MacOS itself, not BigFix, and it is due to how MacOS caches preferences. If you don’t do it this way, then anything you write will be overwritten.

Related:

• https://developer.bigfix.com/action-script/reference/client/setting.html
• Stopping and Starting BESAgent on Mac OSX

[ Posting removed. I misread the usecase for this. Apologies.]

This is for setting client settings outside of bigfix action, not for fixing dates of existing settings with an action. Explicitly for the case in which an action is not possible.

Example, client is broken and you want to enable verbose / debug logging, fix a relay setting, or similar.

That said, your policy action example to fix missing dates from client settings is useful where applicable.

Changed my post.