Configuring endpoints

Some checklists require you to run the Environment Setup Task to populate the necessary properties on the endpoints to enable relevance evaluation. Run this task when it shows as relevant and refresh the results on the endpoint.

Before you begin

Note: You only need to complete this additional prerequisite task if you are using the PCI DSS Checklist for AIX 7 or the PCI DSS Checklist for AIX 6 site.
If Trusted Execution (TE) is implemented in AIX systems, the Environment Setup Task is not able to run the scripts from the Fixlets as designed, which would then cause relevance issues. To avoid such issues, provide the following paths in the Trusted Execution Path list during TEP enablement:
/var/opt/BESClient/__BESData/<siteName>/SCM/AIX/71
/var/opt/BESClient/__BESData/<siteName>/SCM/AIX/util
/var/opt/BESClient/__BESData/<siteName>/SCM
where <siteName> is the name of the site that is used in your environment.

For external sites, the name used in the path is identical to the site name. For example, /var/opt/BESClient/__BESData/PCI DSS Checklist for AIX 7/SCM/AIX/71.

For custom sites, the spaces in the name are replaced with underscores and the CustomSite_ prefix is added. For example, /var/opt/BESClient/__BESData/CustomSite_Checklist_for_AIX_7/SCM/AIX/71.

About this task

You must run the Environment Setup Task or Deploy and Run Taks, if your checklist includes any of these:
Figure 1. Deploy and Run Task in the PCI DSS Checklist for RHEL8 (PCI 4.0) site

Deploy and Run Task in the PCI DSS Checklist for RHEL8 (PCI 4.0) site

Figure 2. Environment Setup Task in the PCI DSS Checklist for MS SQL 2008 site

Environment Setup Task in the PCI DSS Checklist for MS SQL 2008 site

Note: You do not need to complete this task if you are not using any of these checklists.

The check Fixlets from these sites will only show the current results when the Environment Setup Task completes.

Schedule periodic execution of the Environment Setup Task if you are using any of the mixed content sites.

Procedure

  1. From the Security Configuration domain, click All Security Configuration > Sites > External Sites.
  2. Select a checklist, and click Fixlets and Tasks.
  3. In the List panel, locate and click Environment Setup Task.
    Figure 3. Environment Setup Task in the PCI DSS Checklist for MS SQL 2008 site

    Environment Setup Task in the PCI DSS Checklist for MS SQL 2008 site

  4. Click Take Action to deploy the task. You can also click the appropriate link in the Actions box.
  5. Select the appropriate endpoints in your environment.
  6. Click the Execution tab.
    Figure 4. Take Action - Execution tab

    Take Action - Execution tab

  7. Set the environment task to run daily and click OK.
  8. When the task completes, refresh the endpoints.

What to do next

The Environment Setup Task also updates the reports in the Security and Compliance Analytics console (now known as BigFix Compliance Analytics) with the latest results. To ensure that you get the latest content, run this task on the endpoint before running an import. For automatic, daily import to BigFix Compliance Analytics, there is no need to schedule more than one run of the Environment Setup Task action.