On Linux
In an air-gapped environment where a secure network is physically isolated from insecure networks, such as the public Internet or an insecure local area network, and the computers on opposite sides of the air gap cannot communicate, to download and transfer files to the main BigFix server running on a Linux system, you can use the Airgap utility.
This utility can also help download patch contents in a Fixlet site or single file downloads from a url.
In addition to the BigFix server
which is being configured on the isolated network, you need a Windows
computer that has access to the public Internet, to download Fixlet
site content using the BESAirgapTool.exe
utility.
The downloaded site content and files are transferred to the BigFix server
on the Linux computer.
- It must be connected to the Internet to download contents from the Fixlet sites. For additional information, see the Administration Tool documentation.
- The
BESAirgapTool.exe
tool must be installed. You can download the Windows BigFix Airgap utility (BESAirgapTool.exe
), from the Utilities page. - The following libraries must be copied to the Windows computer,
in the same directory as
BESAirgapTool.exe
:
In addition, Microsoft C/C++ Runtime Libraries are needed.libBEScrypto.dll libBEScryptoFIPS.dll
msvcm90.dll msvcp90.dll msvcr90.dll Microsoft.VC90.CRT.manifest
You can copy these libraries from the folder where you installed the BigFix client. The default folder is
%PROGRAM FILES%\Bigfix Enterprise\BES Client
. You can find these libraries also in the following folder:%PROGRAM FILES%\Bigfix Enterprise\BES Server\IEM CLI
.
Perform these steps to run the Airgap utility on the Linux BigFix server:
- Ensure that on the Linux computer, the Airgap utility is in the
path where you installed the BigFix server.
The default path is
/opt/BESServer/bin
. - Open the Linux Terminal, and type these commands to create a tar
file named
airgap.tar
, containing theAirgapRequest.xml
based on the information about the BigFix database:# cd /opt/BESServer/bin # ./Airgap.sh -run
Note: The complete syntax ofAirgap.sh
is the following:
where:Airgap { -run | -remotedir directory | -proxy [user:password@]host[:port] | -help }
- -run
- Runs Airgap to generate the tar file with the request in the local folder.
- -remotedir directory
- Runs Airgap to generate the tar file with the request in the specified folder.
- -proxy [user:password@]host[:port]
- Specifies the proxy information as follows:
- Authenticating_proxy:
-proxy user:password@ipaddress:port
- Non-authenticating proxy:
-proxy ipaddress:port
- -help
- Lists the Airgap usage.
- On the Linux computer, extract the
airgap.tar
file with the following command under theairgap
sub-folder::# tar -xf airgap.tar
- Copy the file
AirgapRequest.xml
, created in theairgap
folder, to the folder containing theBESAirgapTool.exe
file of the Windows computer. - On the Windows computer, run
BESAirgapTool.exe
to download the data related to theAirgapRequest.xml
request into theAirgapResponse
file. - Copy the
AirgapResponse
file, generated byBESAirgapTool.exe
, from the Windows computer to theairgap
folder of the Linux workstation. - On the Linux computer, from the
airgap
folder, run theAirgap
tool to load the data on the database:# cd /opt/BESServer/bin # ./Airgap.sh -run
To download patches and other files from the Internet and deploy Fixlets on the main BigFix server see Transferring Downloaded Files.