Red Hat Installation Instructions

How to install the client on Red Hat.

Before installing the client on Red Hat Enterprise Linux 6 or later, ensure that you have:
  • Disabled the SELinux process.

    The BigFix client and relay installation on a Red Hat Enterprise Linux Version 6 and 7 operating system can be performed also on computers having SELinux enabled. With SELinux enabled, the following SELinux settings are supported:

    selinux = enforcing, policy = targeted.

  • Installed the Athena library (libXaw package) that is used by the user interface component of the client.
  • Installed the initscripts package before installing the client on Red Hat Enterprise Linux™ 9.

To install the client perform the following steps:

  1. Download the corresponding BigFix client RPM file to the Red Hat computer.
  2. Install the RPM by running the command
    rpm -ivh client_RPM_path

    Starting from BigFix Version 9.5.9, if you are installing the signed packages and you have not imported the public key for that signature, you receive the following warning:

    BESAgent-9.5.9.xx-rhe6.x86_64.rpm: Header V4 RSA/SHA256 
    Signature, key ID 3e83b424: NOKEY
  3. Copy your actionsite masthead to the client computer (the masthead contains configuration, license, and security information). The action site masthead (actionsite.afxm) can be found in your BES Installation folders (by default they are placed under C:\Program Files (x86)\BigFix Enterprise\BES Installers\Client on Windows and /var/opt/BESInstallers/Client/ on Linux). If the masthead is not named actionsite.afxm, rename it to actionsite.afxm and place it on the computer at the following location: /etc/opt/BESClient/actionsite.afxm.
    Note: The directory /etc/opt/BESClient/ is not automatically created by the installer. If it does not exist, create it manually.
    The masthead file for each BigFix Server can be downloaded at http://servername:port/masthead/masthead.afxm (example:
  4. Start the BigFix client by running the command:
    /etc/init.d/besclient start
Note: On Red Hat Enterprise Linux™ 9, the user interface component of the client is displayed only if you log in choosing GNOME on Xorg.

Signed Client Red Hat RPM packages

Starting from BigFix Version 9.5.9, the Red Hat RPM packages are signed with a PGP key.

Starting from BigFix Version 10.0.8, the signature of the Red Hat RPM package for BigFix Agent contains the SHA256 digest and header, thus you can install the BigFix Agent on Red Hat systems with FIPS mode enabled.

The RPM packages available for download are stored, divided by product version and platform, in the following repository:

Run the following command to check if the package file is signed:
rpm -qpi <package>.rpm
In the command output the content of the Signature field shows if the package is signed or not:
  • The package is signed if the Signature field is not empty.
  • The package is not signed if the Signature field does not contain any value.
This is a sample output that you can get if the package is signed:
 Name : BESAgent
Version     :
Release     : rhe6
Architecture: x86_64
Install Date: (not installed)
Group       : Applications/Security
Size        : 54525522
License     : (c) Copyright HCL Technologies Limited 2001-2020 ALL RIGHTS RESERV                                          ED
Signature   : RSA/SHA256, Sun 29 Mar 2020 11:01:24 PM CEST, Key ID f103a7e216055                                          553
Source RPM  : BESAgent-
Build Date  : Sun 29 Mar 2020 08:52:46 PM CEST
Build Host  :
Relocations : (not relocatable)
Packager    : HCL Technologies Limited
Vendor      : HCL Technologies Limited
URL         :
Summary     : BigFix Agent
Description :
BigFix Agent for Linux.                                          

If the package is signed:

If you are using Version 9.5.9, you can manually download and import the public key for that signature from the following web site:

If you are using Version 9.5.10 or later, you can download and import the public key for that signature by running the BES Support Fixlet named Import BigFix version 9.5 public GPG key for RedHat RPMs.

If you download the key, then import it into your local machine keystore by using the command:
rpm --import <keyfile>
where the key file can be a URL or a local file.

The BigFix public key available for download is stored in the following repository:

At this point, you can proceed to install the RPM package on the client system by running the command:
'rpm -i <package name>'
or an equivalent command.

If you did not import the public key, during the client installation you might see a warning message saying that the signature cannot be verified. This message does not prevent your RPM package from being installed successfully on the client system.