Ubuntu Whitelist

Can somebody educate me about the “Setup Download Whitelist for Ubuntu” tasks? This page https://www.ibm.com/support/knowledgecenter/SS6MER_9.5.0/com.ibm.bigfix.patch.doc/Patch/Patch_Ubuntu/c_site_subscription_ubuntu.html says that one is applicable for Windows servers and one is applicable for Linux servers.

Why would this need to be deployed to a Windows server?
Why would they all show that they’re not relevant for any computers?

The Download Whitelist is something that’s actually configured on the BES Root Server, not the clients. Your Root Server could be either Windows or Linux, and server Ubuntu clients.

When a client asks for a download, the download request is actually processed by the Root Server. The Download Whitelist is a security measure allowing the master operator to limit the sites from which endpoints can request dynamic downloads.

My BES servers are Windows. I have only subscribed Ubuntu servers to the Patches for Ubuntu sites so my BES servers will never be relevant for those tasks. I guess that was the wrong thing to do?

Hmm, I would’ve thought that the whitelist management would be in the BES Support site but maybe not.

It may be worth also subscribing your root server to the Ubuntu site, or manually configure the whitelist file. I’m not sure whether the Ubuntu patching uses a download plugin, but if so it may be worth subscribing your root server to the site to manage that as well.

I’ve subscribed the root server to the Ubuntu site and the “Setup Download Whitelist for Ubuntu” task is relevant for it now. Would I need to do the same for the relays as well?

Also once the task has been applied to the BES root server can I unsubscribe it from the Ubuntu site or does it need to stay subscribed?

Sorry, I don’t really know on either count.

If there is a Download Plug-in configuration, you may want to remain subscribed so you can install and keep it up to date.

By default, you can keep your relays unsubscribed. If you have customized the download process (have a Relay doing Internet downloads, for instance) then that specific relay might need to be subscribed.

Thanks for the info!

I’m getting the same error on java : ‘the requested URL did not pass the download whitelist’. Wanted to add it in the whitelist but I can’t find the whitelist.txt in mirror server/ config. Should I create it manually? And how do I do that?

Thanks

This is kind of misleading. Be sure and read the instructions on the Java fixlet, in particular this part:

Important Note: Follow the link for the ‘Java SE Runtime Environment (JRE) 8 update xxx’ download on this page. The file “jre-8u172-windows-i586.exe” must be downloaded, renamed “some sha1 value”, and placed in the BES Server download cache for this action to complete successfully. For more information about manually caching file downloads on the BES Server, please see the following BigFix Support Knowledge Base article.

1 Like

Thanks @itsmpro92, will check that.