On Linux

In an air-gapped environment where a secure network is physically isolated from insecure networks, such as the public Internet or an insecure local area network, and the computers on opposite sides of the air gap cannot communicate, to download and transfer files to the main BigFix server running on a Linux system, you can use the Airgap utility.

This utility can also help download patch contents in a Fixlet site or single file downloads from a url.

Note: The AirGap utility does not support a configuration where the clients are air-gapped separately from the main BigFix server. The clients must be air-gapped together with the main BigFix server to be able to gather across the network from the main BigFix server.

In addition to the BigFix server which is being configured on the isolated network, you need a Windows computer that has access to the public Internet, to download Fixlet site content using the BESAirgapTool.exe utility. The downloaded site content and files are transferred to the BigFix server on the Linux computer.

To run the Airgap utility on Linux servers, you must have a Windows computer with the following environment:
  • It must be connected to the Internet to download contents from the Fixlet sites. For additional information, see the Administration Tool documentation.
  • The BESAirgapTool.exe tool must be installed. You can download the Windows BigFix Airgap utility (BESAirgapTool.exe), from the Utilities page.
  • The following libraries must be copied to the Windows computer, in the same directory as BESAirgapTool.exe:
    In addition, Microsoft C/C++ Runtime Libraries are needed.

    You can copy these libraries from the folder where you installed the BigFix client. The default folder is %PROGRAM FILES%\Bigfix Enterprise\BES Client. You can find these libraries also in the following folder: %PROGRAM FILES%\Bigfix Enterprise\BES Server\IEM CLI.

Perform these steps to run the Airgap utility on the Linux BigFix server:

  1. Ensure that on the Linux computer, the Airgap utility is in the path where you installed the BigFix server. The default path is /opt/BESServer/bin.
  2. Open the Linux Terminal, and type these commands to create a tar file named airgap.tar, containing the AirgapRequest.xml based on the information about the BigFix database:
    # cd /opt/BESServer/bin
    # ./Airgap.sh -run
    Note: The complete syntax of Airgap.sh is the following:
    Airgap { -run | -remotedir directory | -proxy [user:password@]host[:port] | -help }
    Runs Airgap to generate the tar file with the request in the local folder.
    -remotedir directory
    Runs Airgap to generate the tar file with the request in the specified folder.
    -proxy [user:password@]host[:port]
    Specifies the proxy information as follows:
    -proxy user:password@ipaddress:port
    Non-authenticating proxy:
    -proxy ipaddress:port
    Lists the Airgap usage.
  3. On the Linux computer, extract the airgap.tar file with the following command under the airgap sub-folder::
    # tar -xf airgap.tar
  4. Copy the file AirgapRequest.xml, created in the airgap folder, to the folder containing the BESAirgapTool.exe file of the Windows computer.
  5. On the Windows computer, run BESAirgapTool.exe to download the data related to the AirgapRequest.xml request into the AirgapResponse file.
  6. Copy the AirgapResponse file, generated by BESAirgapTool.exe, from the Windows computer to the airgap folder of the Linux workstation.
  7. On the Linux computer, from the airgap folder, run the Airgap tool to load the data on the database:
    # cd /opt/BESServer/bin
    # ./Airgap.sh -run

To download patches and other files from the Internet and deploy Fixlets on the main BigFix server see Transferring Downloaded Files.