Filesystem scan configuration

If you are using the PCI DSS UNIX/Linux checklist, you can further configure the range of filesystems and directories to be included in the property file used for relevance evaluation.

Some of the UNIX/Linux Fixlets verify attributes and ownership of various subsets of files on local drives, including the property file that is created by the Environment Setup Task. This property file denotes the list of files that are used by the Fixlets in the UNIX/Linux checklist. It contains a list of all local and regular files with the exclusion of remote filesystems and special filesystems such as /tmp or /dev.

BigFix provides the globalfind feature to help prevent multiple scanning of local filesystems, which in turn provides better performance results.

You can set the parameters for the globalfind feature from Configure Filesystem Scan Options to indicate the mount points, directories, or filesystems that are not to be included in the property file. For example, you can specify to skip the data partitions that have too many files.
Note: The parameter changes will only take effect after the next Environment Setup Task run.