Home
Configuration Management (SCM)
BigFix Compliance Configuration Management (SCM) includes configurable content that is checks and checklists, which assess and manages the devices to ensure compliance standards are met.
Configuration Management for Console User Guide
Configuration management (SCM) is used to manage security configuration of devices using checklists which includes creating custom checklists, customize individual checks, synchronizing, deploying checklists to devices.
Configuring UNIX checklists
You can configure the checklists for the AIX®, MAC, and Solaris.
Running checklists
The process of running a checklist involves executing tasks like the Environment Setup task or Deploy and Run security checklist. Both tasks are directed towards achieving compliance with regulatory standards such as those established by CIS or DISA.
Modifying global scan options
You can control the behavior of the global scan through the pop box on Environment Setup task or Deploy and Run security checklist in Solaris and AIX® checklists.

Configuration Management (SCM)
BigFix Compliance Configuration Management (SCM) includes configurable content that is checks and checklists, which assess and manages the devices to ensure compliance standards are met.
- Configuration Management for Console User Guide
  Configuration management (SCM) is used to manage security configuration of devices using checklists which includes creating custom checklists, customize individual checks, synchronizing, deploying checklists to devices.
  - Setting up Configuration Management
    Follow these steps to set up your Configuration Management deployment.
  - Using checks and checklists
  - Configuring Windows checklists
  - Configuring UNIX checklists
    You can configure the checklists for the AIX®, MAC, and Solaris.
    - Running checklists
      The process of running a checklist involves executing tasks like the Environment Setup task or Deploy and Run security checklist. Both tasks are directed towards achieving compliance with regulatory standards such as those established by CIS or DISA.
      - Understanding the output
        With UNIX™ content, endpoint scans are accomplished by a series of UNIX shell scripts that provide greater accessibility to UNIX system administrators.
      - Modifying global scan options
        You can control the behavior of the global scan through the pop box on Environment Setup task or Deploy and Run security checklist in Solaris and AIX® checklists.
    - Analyses
    - Using the Create Custom Relevance SCM content wizard
      Follow these steps to incorporate custom checks into an existing SCM custom site.
    - Creating custom UNIX Security Configuration Management content
      Follow these steps to create custom check for UNIX Security Configuration Management.
  - Importing SCAP content
  - Configuration Management Reporting
  - Frequently asked questions
- Security Configuration Management for WebUI User Guide
  Security Configuration Management (SCM) App in WebUI continuously assess and manages the device for security misconfiguration and deviation, which enables operator to deploy remediation action to ensure the device meets compliance standards.

Modifying global scan options

You can control the behavior of the global scan through the pop box on Environment Setup task or Deploy and Run security checklist in Solaris and AIX® checklists.

UNIX™ content includes a global scan script part of the runme.sh and that is used to do a full system scan. The results of this scan are used in several scripts. This script eliminates the need to run a full system scan multiple times when you are evaluating a set of checks on a single system. This feature allows Endpoint Manager to be more efficient and causes less impact on the system during a configuration scan.

Table 1. Parameters and their descriptions
Parameter	Description
EXCLUDEFS	A list of specific file systems to exclude from scanning. This list must be a space-separated list of all the file system types to exclude from the search. By default, the global find script excludes the following file system types from its search: devpts tmpfs cdrfs procfs ctfs fd hsfs proc mntfs smbfs iso9660 nfs3 nfs4 nfs msdos nfsd rpc_pipefs binfmt_misc sysfs sharefs
EXCLUDEMOUNTS	A list of specific mount points to exclude from scanning. This parameter must be defined as a space-separated list of all the file system mounts to exclude from the search. This prevents the shared file system from being scanned from multiple systems. For example, if several systems mount a shared directory on a Storage Area Network named /san, you might want to exclude them with a parameter such as: EXCLUDEMOUNTS="/san" By default, this parameter is not used and is represented as an empty value.
EXCLUDEINODES	Threshold Inode count to skip file system during scan.

Action Parameter

Action Parameter

Action Parameter