Red Hat Installation Instructions

How to install the client on Red Hat.

Before installing the client on Red Hat Enterprise Linux™ 6 or 7, ensure that you have disabled the SELinux process or, if you want to keep SELinux enabled, that the following settings are configured:

selinux = enforcing, policy = targeted.

Before installing the client on Red Hat Enterprise Linux™ 8 or later, instead, you must disable the SELinux process.

Then, ensure that you have:
  • Installed the Athena library (libXaw package) that is used by the user interface component of the client.

To install the client perform the following steps:

  1. Download the corresponding BigFix client RPM file to the Red Hat computer.
  2. Install the RPM by running the command
    rpm -ivh client_RPM_path

    Starting from BigFix Version 9.5.9, if you are installing the signed packages and you have not imported the public key for that signature, you receive the following warning:

    BESAgent-9.5.9.xx-rhe6.x86_64.rpm: Header V3 RSA/SHA256 
    Signature, key ID 3e83b424: NOKEY
  3. Copy your actionsite masthead to the client computer (the masthead contains configuration, license, and security information). The action site masthead (actionsite.afxm) can be found in your BES Installation folders (by default they are placed under C:\Program Files (x86)\BigFix Enterprise\BES Installers\Client on Windows and /var/opt/BESInstallers/Client/ on Linux). If the masthead is not named actionsite.afxm, rename it to actionsite.afxm and place it on the computer at the following location: /etc/opt/BESClient/actionsite.afxm.
    Note: The directory /etc/opt/BESClient/ is not automatically created by the installer. If it does not exist, create it manually.
    The masthead file for each BigFix Server can be downloaded at http://servername:port/masthead/masthead.afxm (example:
  4. Start the BigFix client by running the command:
    /etc/init.d/besclient start
Note: On Red Hat Enterprise Linux™ 9, the user interface component of the client is displayed only if you log in choosing GNOME on Xorg.

Signed Client Red Hat RPM packages

Starting from BigFix Version 9.5.9, the Red Hat RPM packages are signed with a PGP key.

The RPM packages available for download are stored, divided by product version and platform, in the following repository:

Run the following command to check if the package file is signed:
rpm -qpi <package>.rpm
In the command output the content of the Signature field shows if the package is signed or not:
  • The package is signed if the Signature field is not empty.
  • The package is not signed if the Signature field does not contain any value.
This is a sample output that you can get if the package is signed:
Name: BESAgent
Version     : 9.5.9.xx
Release     : rhe6
Architecture: x86_64
Install Date: Mon 05 Mar 2018 11:31:15 AM CET
Group       : Applications/Security
Size        : 52968659
License     : (c) Copyright IBM Corp. 2001-2018. 
              (c) Copyright HCL Technologies Limited 2018 ALL RIGHTS RESERVED
Signature   : RSA/SHA256, Fri 02 Mar 2018 12:50:16 AM CET, 
              Key ID 19d621d73e83b424
Source RPM  : BESAgent-
Build Date  : Thu 01 Mar 2018 09:44:58 PM CET
Build Host  : rhel6x64bs
Relocations : (not relocatable)
Packager    : IBM Corp. and HCL Technologies Limited
Vendor      : IBM Corp. and HCL Technologies Limited
URL         :
Summary     : BigFix Agent
Description : BigFix Agent for Linux                                             

If the package is signed:

If you are using Version 9.5.9, you can manually download and import the public key for that signature from the following web site:

If you are using Version 9.5.10, you can download and import the public key for that signature by running the BES Support Fixlet named Import BigFix version 9.5 public GPG key for RedHat RPMs.

If you download the key, then import it into your local machine keystore by using the command:
rpm --import <keyfile>
where the key file can be a URL or a local file.

The BigFix public key available for download is stored in the following repository:

At this point, you can proceed to install the RPM package on the client system by running the command:
'rpm -i <package name>'
or an equivalent command.

If you did not import the public key, during the client installation you might see a warning message saying that the signature cannot be verified. This message does not prevent your RPM package from being installed successfully on the client system.