Looking for some information on how the client stores action information on the machine. We’re in the design stages of a process where we would like to keep the action being run as secure as possible as it may contain sensitive information. Can anyone detail how a client stores and retrieves the action information of a fixlet? We are specifically looking for the action script info, not the relevance (we know thats in .fxf)
1 Like
The action history on the client side is in BigFix Enterprise\BES Client\__BESData\__Global\ActionHistory.db
The action script will also appear on the client side in the BigFix Enterprise\BES Client\__BESData\<sitename>\Action<123>.fxf file while the action remains open.
The action script details may also appear in the client logs BigFix Enterprise\BES Client\__BESData\__Global\Logs
Suggest, look at secure parameters for your sensitive parts.
https://www.bigfix.me/fixlet/details/3679
2 Likes
One other thing to consider here is that by default, the BESClient folder (and/or the __BESData folder) is permissioned to only allow SYSTEM and administrators on Windows, and ‘root’ on non-Windows.
Please let us know if any of this is unclear, or if there are additional questions/concerns.
we dont see the action script in any of the .fxf files…
the concern is exposure of a credential in the action script.
If you’re including any kind of credentials in actionscript, as @brolly33 suggests above, we would certainly recommend the use of secure parameters to encrypt the credentials. If it’s unclear how to use the example referenced, let us know.