URL's for Patch Content for Bigfix Server

ravik 2017-11-20 11:53:44 UTC #1

Hi all,

Bigfix server needs to access the respective vendor sites for downloading the patches. Does anyone has a comprehensive list of “ALL Vendor URL’s” that need to be opened out?

I wish there was a document that stated all vendors URL requirements in the following format

Bigfix Platform

*.bigfix.com
*.ibm.com

Microsoft Patching

*.microsoft.com
*.windowsupdate.com

Additional List of URL’s, IP addresses and port numbers

AIX Patching
List of URL’s, IP addresses and port numbers

Debian Patching
List of URL’s, IP addresses and port numbers

Suse Patching
List of URL’s, IP addresses and port numbers

RHEL Patching
List of URL’s, IP addresses and port numbers

uBuntu Patching
List of URL’s, IP addresses and port numbers

Apple MacOS Patching
List of URL’s, IP addresses and port numbers

and so on

shawntdaniel 2017-11-27 11:00:28 UTC #2

Hi Ravik, you should be able to run a session relevance to identify the URLs that need to be whitelisted.

ravik 2017-11-28 07:20:37 UTC #3

Hi Shawn,

Unfortunately, the non-Windows OS’es - specially the *Nix ones RHEL, Solaris, AIX etc do not throw up the URLs in the session relevance output. Probably the download link in the fixlet does not exist.

regards

SmokyMTN 2019-07-31 16:57:28 UTC #4

Did you ever get the correct list of URL’s? I sure could use them myself. I found your post while searching…

Thanks,
Chris

mhayden 2019-07-31 21:42:48 UTC #5

@JasonWalker assisted on a similar thread previously. This should be a good start for some of the prefetch locations you’re looking for. I will see if I can track down any others you might be interested in.

DanPaquette 2019-08-01 13:27:34 UTC #6

First, you can enable debug mode in the console to use the presentation debugger:
https://www-01.ibm.com/support/docview.wss?uid=swg21506082

In the debug menu, select “Presentation Debugger” and paste the following…

unique values of (matches (case insensitive regex “(http|https|ftp)://[^ ^/]") of matches (case insensitive regex "^(download|prefetch).$”) of scripts of it) of actions whose (exists script of it) of fixlets of bes sites whose (name of it = “Enterprise Security”)

Note that the site name “Enterprise Security” is actually “patches for windows” . You can change the site name to get lists of download URLs to compile for your white listing purposes.

Port 80 change to port 443

DanPaquette 2023-05-25 20:59:49 UTC #7

Updated link to info on the presentation debuger: https://developer.bigfix.com/tools/presentation_debugger.html