I have recently enabled the Ubuntu 1404 and Ubuntu 1604 patch sites, for which we have a small number of endpoints. The instructions (see link below) and IBM support specifically say that the task Setup Download Whitelist for Ubuntu (Linux Server) is necessary for setting up these Ubuntu patch sites - but I cannot find this task anywhere in either of the Patches for Ubuntu 1404 or Patches for Ubuntu 1604 sites.
I manually added the following two entries to the DownloadWhitelist.txt file under BES Server -> Mirror Server -> Config, but am not sure if this is enough or if this is even necessary with these patch sites:
http://security.ubuntu.com/.*
http://archive.ubuntu.com/.*
Here is one of the links that documents the need for setting up the whitelist for the Ubuntu patch site:
https://www.ibm.com/support/knowledgecenter/SS6MER_9.5.0/com.ibm.bigfix.patch.doc/Patch/Patch_Ubuntu/c_site_subscription_ubuntu.html
Can anyone provide any clarity on this? Why aren’t I seeing the supposed setup task for the Ubuntu whitelist for the 1404/1604 patch sites? Is what I’ve done to the DownloadWhitelist.txt file enough (or even necessary)?
Thanks!
Hi,
I can see both the Fixlets under Ubuntu1606/1404 Sites. Please refer to attached screenshots
Task ID: 1 Setup Download Whitelist for Ubuntu
This task is applicable to Windows servers.
Task ID: 2 Setup Download Whitelist for Ubuntu (Linux Server)
This task is applicable to Linux servers.
Have you tried gathering latest version for Ubuntu1404/1604 sites?
Thanks,
Ashish
1 Like
Ubuntu1404 Site with Whitelist fixlets
1 Like
Thanks for reply!!
I eventually found them - for some reason the whitelist fixlets are showing as not relevant, and I thought I had that particular box checked when doing the search for them (Show Non-Relevant Content), but apparently not, because this is how I ultimately found them (although I am, of course, unable to run them, since they are not relevant to the Bigfix server, or any endpoint).
I actually talked to IBM, at first thinking the whitelist fixlet was showing as not relevant to the bigfix server because, by then, I had manually added the security.ubuntu.com and archive.ubuntu.com URLs to the DownloadWhitelist.txt file - but this didn’t appear to be the cause, because the string I used was a little different from the string in the relevance clause of the whitelist fixlet in both the 1404 and 1604 Ubuntu Patch Sites. Specifically, I had “http://security.ubuntu.com/.*” and the relevance clause was looking for presence of “http://security.ubuntu.com/ubuntu/.*”, and same with archive.ubuntu.com. I did not limit it to “/ubuntu/” when I added the whitelist entries in manually.
In any case, I believe that I am OK having simply manually added the URLs to the DownloadWhitelist.txt file. I still don’t know why the whitelist fixlets never showed as relevant, and still do not… supposedly IBM is looking at some screenshots and logs I gave them, so maybe they will be able to tell me. Thanks for the help!
