Interpreting relevance conditions in commonly used ILMT/BFI fixlets

Transcription

1 Interpreting relevance conditions in commonly used ILMT/BFI fixlets IBM LICENSE METRIC TOOL AND BIGFIX INVENTORY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by accessing the Communicate > Audio Connection menu option. To ask a question by voice, you must either Call In or have a microphone on your device. You will not hear sound until the host opens the audio line. For more information, visit: 25 April 2017 NOTICE: BY PARTICIPATING IN THIS CALL, YOU GIVE YOUR IRREVOCABLE CONSENT TO IBM TO RECORD ANY STATEMENTS THAT YOU MAY MAKE DURING THE CALL, AS WELL AS TO IBM S USE OF SUCH RECORDING IN ANY AND ALL MEDIA, INCLUDING FOR VIDEO POSTINGS ON YOUTUBE. IF YOU OBJECT, PLEASE DO NOT CONNECT TO THIS CALL.

2 Panelists Michał Zalas Presenter ILMT/BFI L2 support member Leslie Gomba ILMT/BFI L2 support member Andrei Ionescu ILMT/BFI L2 support member Khalid Yahya ILMT/BFI L2 support member Hope Maxwell-Daley Moderator ILMT/BFI L2 support team leader 2 IBM Security

3 Goal of session IBM License Metric Tool and IBM BigFix Inventory applications in version 9.x reuse IBM BigFix infrastructure. Instructions to deploy so-called CIT scanner (module allowing to perform scans), run hardware scans or initiate software scans are propagated to endpoints by means of designated fixlets. Those fixlets contain sets of conditions specifying prerequisites for a particular fixlet task to be performed on the endpoint. The goal of this session is to present steps which allow ILMT/BFI users to verify why the most common fixlets are not relevant for a particular endpoint. 3 IBM Security

4 Agenda Checking the fixlet site version Updating the fixlet site Checking fixlet relevance Install or Upgrade Scanner fixlet Initiate Software Scan fixlet Run Capacity Scan and Upload Results fixlet 4 IBM Security

5 Checking the fixlet site version

6 Checking the fixlet site version 6 IBM Security ILMT: Version: 95 BFI: Version: 86

7 Checking the fixlet site version ILMT: Version: 95 BFI: Version: 86 7 IBM Security

8 Updating the fixlet site

9 Updating the fixlet site The content of the ILMT/BFI fixlet site can be periodically modified. New fixlets, tasks, and analyses can be added. The existing ones can be changed or might become obsolete due to functionality changes. If the BigFix server is installed on a computer with the Internet access, the ILMT/BFI fixlet site is updated automatically whenever the updates are available. However, if the BigFix server is installed on a computer without the Internet access, user must update the ILMT/BFI fixlet site manually. The process is described in detail under the Updating the fixlet site chapter of ILMT/BFI documentation: ILMT BFI Note: All the open fixlet actions started before the fixlet site update will remain running with that old definition until they expire. You need to stop and re-run a fixlet for the new definition to be used. 9 IBM Security

10 Checking fixlet relevance

11 Checking relevance In order to see all the fixlets under ILMT/BFI site, click on the Show Non-Relevant Content button: 11 IBM Security

12 Checking relevance 12 IBM Security

13 Checking relevance Starting from ILMT/BFI it is possible to use a feature called Analyze the Relevance of a Fixlet or Task to evaluate relevance conditions of fixlets available under ILMT/BFI site. 13 IBM Security

14 Checking relevance From the drop-down list choose from among ILMT/BFI fixlets. A result is creation of a new analysis which covers all the endpoints subscribed to ILMT/BFI site. The new analysis gets created under Master Action Site of BigFix. It can be reviewed under Analyses section. Its name pattern is Relevance Check for the Task/Fixlet: source fixlet name. 14 IBM Security

15 Checking relevance After a short moment, required for endpoints to receive instructions from BigFix server and return information on relevance conditions evaluation, the newly created analysis gets populated with results: 15 IBM Security

16 Checking relevance Under analysis Results tab, every column named Relevance # maps to the source fixlet relevance condition with the same number under fixlet Details tab. Exemplary relevance conditions will be explained in the following slides. If a particular condition is met on the endpoint, then its analysis result column entry shows True. Otherwise the False value is displayed. Note: If a particular fixlet condition is not met it does not indicate an error. It may also mean that it is a temporary state, e.g. due a scan operation already running, scanner already installed in the same version, etc. All the fixlet conditions must show True for the fixlet to be relevant. The relevance check process is covered in ILMT/BFI documentation at: ILMT BFI 16 IBM Security

17 Checking relevance Common files and locations evaluated by relevance conditions of Install or Upgrade Scanner, Initiate Software Scan and Run Capacity Scan and Upload Results fixlets: CIT scanner configuration file from - %WINDIR%\cit\cit.ini - /etc/cit/cit.ini CIT scanner home directory specified by CIT_HomeDirectory key value in cit.ini configuration file BigFix client location e.g. - C:\Program Files (x86)\bigfix Enterprise\BES Client\ - /var/opt/besclient/lmt/cit ILMT/BFI scan data folder under BigFix client directory e.g. - C:\Program Files (x86)\bigfix Enterprise\BES Client\LMT\CIT - /var/opt/besclient/lmt/cit 17 IBM Security

18 Install or Upgrade Scanner

19 Install or Upgrade Scanner Relevance 1 (if (name of it as lowercase starts with "win") then (true) else ((name of it as lowercase starts with "linux") OR (name of it as lowercase starts with "aix") OR (name of it as lowercase starts with "mac") OR (name of it as lowercase starts with "hp-ux" AND ((architecture of it as lowercase contains "ia64") OR (family name of main processor as lowercase contains "pa-risc") OR (exists match (regex "^PA8[0-9]{3}(\s+)?$") of (family name of main processor)))) OR (exists match (regex "sunos 5\.( )") of (name of it as lowercase)) of operating system)) of operating system AND (if exists property "in proxy agent context" then ( not in proxy agent context ) else true) Since the release of the IBM Endpoint Manager for Mobile Devices that supports Android, Apple ios and other devices, BigFix installations may include proxy agents in order to support these new devices. Many fixlets contain the relevance above in order to exclude proxy agents from executing. This ensures that proxy agents will not try to execute the fixlet. Relevance 2 not exists settings whose (name of it equals "CIT_Deny" AND value of it = "1") of client This condition checks if the endpoint has a setting named CIT_Deny set to 1. To verify it, right-click on the computer name and choose Edit Computer Settings.... It is set if the Add Targeting Exception fixlet was run earlier to prevent the endpoint from being targeted by the scanner actions. To revert this change run Remove Targeting Exception fixlet. 19 IBM Security

20 Install or Upgrade Scanner Relevance 3 ((name of it as lowercase starts with "win") OR (name of it as lowercase starts with "linux") OR (name of it as lowercase starts with "aix") OR (name of it as lowercase starts with "hp-ux") OR ((name of it as lowercase starts with "sunos 5") AND NOT (name of it as lowercase contains "sunos 5.7")) OR (name of it as lowercase starts with "mac")) of operating system This condition checks if the endpoint is running an operating system type supported by ILMT/BFI. Please refer to Supported operating systems documentation chapter. Relevance 4 (NOT (((name of operating system as lowercase starts with "win") AND (exists folder "cit" of folder (value of variable "windir" of environment))) OR ((NOT (name of operating system as lowercase starts with "win")) AND (exists folder "/etc/cit")))) OR (... long text skipped...) This condtion evaluates if exists the scanner configuration folder named cit located in %WINDIR% directory of Microsoft Windows or /etc/cit in case of other plaftforms. If it is not present then installation can continue. If it turns out to be present, then this fixlet condition checks present configuration to retrieve information on current scanner home directory and scanner version to determine if a newer version should be deployed. Fixlet description always mentions scanner version meant to be installed (e.g ) and user may verify current scanner version on endpoint by means of Scanner Information analysis in BigFix console. Alternatively, it can be read as the "CIT_Version" key value from the cit.ini configuration file on the endpoint. 20 IBM Security

21 Install or Upgrade Scanner Relevance 5 if (name of operating system as lowercase starts with "win") then ((free space of drive of (if (version of client >= "9" as version) then (parent folder of data folder of client) else (parent folder of regapp "besclient.exe")) > ) and (if (exists (folder "cit" of folder (value of variable "windir" of environment)) whose (exists file "cit.ini" of it) and (exists folder (key "CIT_HomeDirectory" of file "cit.ini" of folder "cit" of folder (value of variable "windir" of environment)))) then (free space of drive of (folder (key "CIT_HomeDirectory" of file "cit.ini" of folder "cit" of folder (value of variable "windir" of environment))) > ) else (free space of drive of folder (value of variable "ProgramFiles" of environment) > ))) else if (not(name of operating system as lowercase starts with "mac")) then ((free space of drive of (if (version of client >= "9" as version) then (parent folder of data folder of client) else (parent folder of parent folder of client folder of site "actionsite")) > ) and (if (exists (folder "/etc/cit") whose (exists file "cit.ini" of it) and (exists folder (key "CIT_HomeDirectory" of file "cit.ini" of folder "/etc/cit"))) then (free space of drive of (folder (key "CIT_HomeDirectory" of file "cit.ini" of folder "/etc/cit")) > ) else (free space of drive of (folder "/opt") > ))) else true This condition checks if the endpoint has at least 20MB of free space in BigFix client location. Additionally at least 50MB of free space is required on the drive/filesystem with CIT scanner home directory. It is read from the cit.ini configuration file. If CIT scanner is not present, then this space condition is checked against the Program Files directory (Windows) or /opt (Linux). 21 IBM Security

22 Install or Upgrade Scanner Relevance 6 if (name of operating system as lowercase contains "sunos") then (if exists file "/usr/bin/zonename" then (not exists process whose (name of it = "wscansw") whose (zone of it as string =tuple string item 0 of concatenation ", " of names of zones as string)) else (not exists process whose (name of it = "wscansw"))) else (not exists process whose (name of it = "wscansw.exe" or name of it = "wscansw")) This condition checks if on the endpoint there is no wscansw process running at the moment of scanner installation attempt. That process is responsible for software scans and evaluation of software catalog repository of software discovery rules. In case of large filesystems SW scan may last a couple of hours preventing scanner upgrade. Relevance 7 if (name of operating system as lowercase contains "sunos") then (if exists file "/usr/bin/zonename" then (not exists process whose (name of it = "wscanfs") whose (zone of it as string =tuple string item 0 of concatenation ", " of names of zones as string)) else (not exists process whose (name of it = "wscanfs"))) else (not exists process whose (name of it = "wscanfs.exe" or name of it = "wscanfs")) This condition checks if on the endpoint there is no wscanfs process running at the moment of scanner installation attempt. That process is responsible for filesystem scans. In case of large filesystems scan may last a couple of hours preventing scanner upgrade. 22 IBM Security

23 Install or Upgrade Scanner Relevance 8 if (name of operating system as lowercase contains "sunos") then (if exists file "/usr/bin/zonename" then (not exists process whose (name of it = "itsit") whose (zone of it as string =tuple string item 0 of concatenation ", " of names of zones as string)) else (not exists process whose (name of it = "itsit"))) else (not exists process whose (name of it = "itsit.exe" or name of it = "itsit")) This condition checks if on the endpoint there is no itsit process running at the moment of scanner installation attempt. That is a legacy process from IBM SUA 2.x product line, responsible for filesystem scans. Relevance 9 if (name of operating system as lowercase contains "mac") then "SUA"="INV" else true This condition is checked only for Mac OS and is related to support of BES Inventory and License fixlet site. For more information on this site, refer to 23 IBM Security

24 Initiate Software Scan

25 Initiate Software Scan Relevance 1 (if (name of it as lowercase starts with "win") then (true) else ((name of it as lowercase starts with "linux") OR (name of it as lowercase starts with "aix") OR (name of it as lowercase starts with "mac") OR (name of it as lowercase starts with "hp-ux" AND ((architecture of it as lowercase contains "ia64") OR (family name of main processor as lowercase contains "pa-risc") OR (exists match (regex "^PA8[0-9]{3}(\s+)?$") of (family name of main processor)))) OR (exists match (regex "sunos 5\.( )") of (name of it as lowercase)) of operating system)) of operating system AND (if exists property "in proxy agent context" then ( not in proxy agent context ) else true) Since the release of the IBM Endpoint Manager for Mobile Devices that supports Android, Apple ios and other devices, BigFix installations may include proxy agents in order to support these new devices. Many fixlets contain the relevance above in order to exclude proxy agents from executing. This ensures that proxy agents will not try to execute the fixlet. Relevance 2 not exists settings whose (name of it equals "CIT_Deny" AND value of it = "1") of client This condition checks if the endpoint has a setting named CIT_Deny set to 1. To verify it, right-click on the computer name and choose Edit Computer Settings.... It is set if the Add Targeting Exception fixlet was run earlier to prevent the endpoint from being targeted by the scanner actions. To revert this change run Remove Targetting Exception fixlet. 25 IBM Security

26 Initiate Software Scan Relevance 3 (if (name of operating system as lowercase starts with "win") then (exists (folder "cit" of folder (value of variable "windir" of environment)) whose (exists file "cit.ini" of it) and (exists folder ((key "CIT_HomeDirectory" of file "cit.ini" of folder "cit" of folder (value of variable "windir" of environment)) & "\bin") whose ((exists file "wscansw.exe" of it) and (exists file "wscanfs.exe" of it)))) else (exists (folder "/etc/cit") whose (exists file "cit.ini" of it) and (exists folder ((key "CIT_HomeDirectory" of file "cit.ini" of folder "/etc/cit") & "/bin") whose ((exists file "wscansw" of it) and (exists file "wscanfs" of it))))) OR (name of operating system as lowercase starts with "mac") This condition checks for scanner configuration file (cit.ini) to read information on scanner home directory and locate binaries required to run a softwatre scan (wscansw, wscanfs). Relevance 4 name of operating system as lowercase starts with "mac") OR ((if (name of operating system as lowercase starts with "win") then (key "CIT_Version" of file "cit.ini" of folder "cit" of folder (value of variable "windir" of environment)) else (key "CIT_Version" of file "cit.ini" of folder "/etc/cit")) >= " ") This condition checks for scanner configuration file (cit.ini) to read information on scanner version. It should be at least User may verify current scanner version on endpoint by means of Scanner Information analysis in BigFix console. Alternatively, it can be read as the "CIT_Version" key value from the cit.ini file on the endpoint. Run Install or Upgrade Scanner fixlet if CIT scanner version is obsolete. 26 IBM Security

27 Initiate Software Scan Relevance 5 if (name of operating system as lowercase contains "sunos") then (if exists file "/usr/bin/zonename" then (not exists process whose (name of it = "wscansw") whose (zone of it as string =tuple string item 0 of concatenation ", " of names of zones as string)) else (not exists process whose (name of it = "wscansw"))) else (not exists process whose (name of it = "wscansw.exe" or name of it = "wscansw")) This condition checks if on the endpoint there is no wscansw process already running. That process is responsible for software scans and evaluation of software catalog repository of software discovery rules. In case of large filesystems SW scan may last a couple of hours preventing subsequent runs. Relevance 6 if (name of operating system as lowercase contains "sunos") then (if exists file "/usr/bin/zonename" then (not exists process whose (name of it = "wscanfs") whose (zone of it as string =tuple string item 0 of concatenation ", " of names of zones as string)) else (not exists process whose (name of it = "wscanfs"))) else (not exists process whose (name of it = "wscanfs.exe" or name of it = "wscanfs")) This condition checks if on the endpoint there is no wscanfs process already running. That process is responsible for filesystem scans. In case of large filesystems scan may last a couple of hours preventing subsequent runs. 27 IBM Security

28 Initiate Software Scan Relevance 7 (if (name of operating system as lowercase starts with "win") then ((exists (folder "cit" of folder (value of variable "windir" of environment)) whose (exists file "cit.ini" of it)) and ((key "CIT_Exploiters" of file "cit.ini" of folder "cit" of folder (value of variable "windir" of environment)) contains "SUA:")) else ((exists (folder "/etc/cit") whose (exists file "cit.ini" of it)) and ((key "CIT_Exploiters" of file "cit.ini" of folder "/etc/cit") contains "SUA:"))) OR (name of operating system as lowercase starts with "mac") This condition checks for scanner configuration file (cit.ini) to read information on scanner exploiters (CIT_exploiters). ILMT/BFI tag is SUA:. It is set by the Install or Upgrade Scanner fixlet. The SUA: tag is required to run a scan. If it is missing run Install or Upgrade Scanner fixlet. Relevance 8 (name of operating system as lowercase starts with "mac") OR (if (name of operating system as lowercase starts with "win") then (exists file "catalog.xml.bz2" of folder ((if (version of client >= "9" as version) then (pathname of parent folder of data folder of client) else (pathname of parent folder of regapp "besclient.exe")) & "\LMT\CIT") or exists file "catalog.xml" of folder ((if (version of client >= "9" as version) then (pathname of parent folder of data folder of client) else (pathname of parent folder of regapp "besclient.exe")) & "\LMT\CIT")) else (exists file "catalog.xml.bz2" of folder (((if (version of client >= "9" as version) then (pathname of parent folder of data folder of client) else (pathname of parent folder of parent folder of client folder of site "actionsite"))) & "/LMT/CIT") or exists file "catalog.xml" of folder (((if (version of client >= "9" as version) then (pathname of parent folder of data folder of client) else (pathname of parent folder of parent folder of client folder of site "actionsite"))) & "/LMT/CIT"))) This condition checks if under LMT\CIT subfolder of BigFix client there is so-called software catalog present. Software catalog is a repository of software discovery rules used by scanner. If catalog is not present, run Catalog Download fixlet. It is described in Updating scanner catalogs chapter of ILMT/BFI documentation. 28 IBM Security

29 Initiate Software Scan Relevance 9 (name of operating system as lowercase starts with "mac") OR (if (name of operating system as lowercase starts with "win") then (exists file "bzip2.exe" of folder ((if (version of client >= "9" as version) then (pathname of parent folder of data folder of client) else (pathname of parent folder of regapp "besclient.exe")) & "\LMT\CIT")) else (exists file "bzip2" of folder (((if (version of client >= "9" as version) then (pathname of parent folder of data folder of client) else (pathname of parent folder of parent folder of client folder of site "actionsite"))) & "/LMT/CIT"))) This condition checks if under LMT\CIT subfolder of BigFix client there is bzip2 archiver present. It is required to compress scan results. It is deployed by the Install or Upgrade Scanner fixlet. Relevance 10 NOT (if (name of operating system as lowercase starts with "win") then (exists file ((if (version of client >= "9" as version) then (pathname of parent folder of data folder of client) else (pathname of parent folder of regapp "besclient.exe")) & "\LMT\CIT\cit_config.xml")) else (exists file (((if (version of client >= "9" as version) then (pathname of parent folder of data folder of client) else (pathname of parent folder of parent folder of client folder of site "actionsite"))) & "/LMT/CIT/cit_config.xml"))) OR (name of operating system as lowercase starts with "mac") This condition checks if under BigFix client directory, in LMT\CIT subfolder there is no cit_config.xml file. That is a legacy configuration file related to IBM SUA 2.x product line. If it is still present, then the Install or Upgrade Scanner fixlet should be run. 29 IBM Security

30 Initiate Software Scan Relevance 11 if (name of operating system as lowercase starts with "win") then (exists file "zip.exe" of folder ((if (version of client >= "9" as version) then (pathname of parent folder of data folder of client) else (pathname of parent folder of regapp "besclient.exe")) & "\LMT\CIT")) else if (((name of it as lowercase starts with "sunos 5") AND NOT (name of it as lowercase contains "sunos 5.7")) of operating system) then (exists pkginfo whose (pkginst of it contains "gzip") of pkgdb) else true This condition checks if under LMT\CIT subfolder of BigFix client on Microsoft Windows there is zip.exe archiver present. It is deployed by Install or Upgrade Scanner fixlet. In case of Solaris 5.x OS (except 5.7) the gzip package is required. Other OS types are not evaluated by this condition. Refer to Supported operating systems documentation chapter. 30 IBM Security

31 Run Capacity Scan and Upload Results

32 Run Capacity Scan and Upload Results Relevance 1 (if (name of it as lowercase starts with "win") then (true) else ((name of it as lowercase starts with "linux") OR (name of it as lowercase starts with "aix") OR (name of it as lowercase starts with "mac") OR (name of it as lowercase starts with "hp-ux" AND ((architecture of it as lowercase contains "ia64") OR (family name of main processor as lowercase contains "pa-risc") OR (exists match (regex "^PA8[0-9]{3}(\s+)?$") of (family name of main processor)))) OR (exists match (regex "sunos 5\.( )") of (name of it as lowercase)) of operating system)) of operating system AND (if exists property "in proxy agent context" then ( not in proxy agent context ) else true) Since the release of the IBM Endpoint Manager for Mobile Devices that supports Android, Apple ios and other devices, BigFix installations may include proxy agents in order to support these new devices. Many fixlets contain the relevance above in order to exclude proxy agents from executing. This ensures that proxy agents will not try to execute the fixlet. Relevance 2 not exists settings whose (name of it equals "CIT_Deny" AND value of it = "1") of client This condition checks if the endpoint has a setting named CIT_Deny set to 1. To verify it, right-click on the computer name and choose Edit Computer Settings.... It is set if the Add Targeting Exception fixlet was run earlier to prevent the endpoint from being targeted by the scanner actions. To revert this change run Remove Targetting Exception fixlet. 32 IBM Security

33 Run Capacity Scan and Upload Results Relevance 3 if (name of operating system as lowercase starts with "win") then (exists (folder "cit" of folder (value of variable "windir" of environment)) whose (exists file "cit.ini" of it) and (exists folder ((key "CIT_HomeDirectory" of file "cit.ini" of folder "cit" of folder (value of variable "windir" of environment)) & "\bin") whose (exists file "wscanhw.exe" of it))) else (exists (folder "/etc/cit") whose (exists file "cit.ini" of it) and (exists folder ((key "CIT_HomeDirectory" of file "cit.ini" of folder "/etc/cit") & "/bin") whose (exists file "wscanhw" of it))) This condition checks for scanner configuration file (cit.ini) to read information on scanner home directory ( CIT_HomeDirectory key) and locate binaries required to run a hardware scan (wscanhw). Relevance 4 if (name of operating system as lowercase contains "sunos") then (if exists file "/usr/bin/zonename" then (not exists process whose (name of it = "wscanhw") whose (zone of it as string =tuple string item 0 of concatenation ", " of names of zones as string)) else (not exists process whose (name of it = "wscanhw"))) else (not exists process whose (name of it = "wscanhw.exe" or name of it = "wscanhw")) This condition checks if on the endpoint there is no wscanhw process already running. That process is responsible for hardware capacity scans. 33 IBM Security

34 Run Capacity Scan and Upload Results Relevance 5 if (name of operating system as lowercase starts with "win") then ((exists (folder "cit" of folder (value of variable "windir" of environment)) whose (exists file "cit.ini" of it)) and ((key "CIT_Exploiters" of file "cit.ini" of folder "cit" of folder (value of variable "windir" of environment)) contains "SUA:")) else ((exists (folder "/etc/cit") whose (exists file "cit.ini" of it)) and ((key "CIT_Exploiters" of file "cit.ini" of folder "/etc/cit") contains "SUA:")) This condition checks for scanner configuration file (cit.ini) to read information on scanner exploiters (CIT_exploiters). ILMT/BFI tag is SUA:. It is set by the Install or Upgrade Scanner fixlet. The SUA: tag is required to run a scan. If it is missing run Install or Upgrade Scanner fixlet. Relevance 6 if (name of operating system as lowercase starts with "win") then (exists folder ((if (version of client >= "9" as version) then (pathname of parent folder of data folder of client) else (pathname of parent folder of regapp "besclient.exe")) & "\LMT\CIT")) else (exists folder (((if (version of client >= "9" as version) then (pathname of parent folder of data folder of client) else (pathname of parent folder of parent folder of client folder of site "actionsite"))) & "/LMT/CIT")) This condition checks if under BigFix client directory there is LMT\CIT subfolder where scan results are meant to be placed. It is created by the Install or Upgrade Scanner fixlet. 34 IBM Security

35 Run Capacity Scan and Upload Results Relevance 7 NOT (if (name of operating system as lowercase starts with "win") then (exists file ((if (version of client >= "9" as version) then (pathname of parent folder of data folder of client) else (pathname of parent folder of regapp "besclient.exe")) & "\LMT\CIT\cit_config.xml")) else (exists file (((if (version of client >= "9" as version) then (pathname of parent folder of data folder of client) else (pathname of parent folder of parent folder of client folder of site "actionsite"))) & "/LMT/CIT/cit_config.xml"))) This condition checks if under BigFix client directory, in LMT\CIT subfolder there is no cit_config.xml file. That is a legacy configuration file related to IBM SUA 2.x product line. If it is still present, then the Install or Upgrade Scanner fixlet should be run. Relevance 8 if (((name of it as lowercase starts with "sunos 5") AND NOT (name of it as lowercase contains "sunos 5.7")) of operating system) then (exists pkginfo whose (pkginst of it contains "gzip") of pkgdb) else true This condition checks if in case of Solaris 5.x OS (except 5.7) the gzip package exists. Other OS types are not evaluated by this condition. Refer to Supported operating systems documentation chapter. 35 IBM Security

36 Troubleshooting

37 Troubleshooting Additional troubleshooting steps: Restart BigFix client process on the endpoint In BigFix console right-click on the endpoint computer name and click Send Refresh 37 IBM Security

38 Questions for the panel Now is your opportunity to ask questions of our panelists. To ask a question now: Raise your hand by clicking Raise Hand. The Raise Hand icon appears next to your name in the Attendees panel on the right in the WebEx Event. The host will announce your name and unmute your line. or Type a question in the box below the Ask drop-down menu in the Q&A panel. Select All Panelists from the Ask drop-down-menu. Click Send. Your message is sent and appears in the Q&A panel. To ask a question after this presentation: You are encouraged to participate in the dw Answers forums for ILMT: BigFix Inventory: 38 IBM Security

39 Where do you get more information? License Metric Tool wiki: Security Learning Academy training roadmap for BigFix Inventory and ILMT: More articles you can review: IBM developerworks articles: - ILMT 9.2.x - BFI 9.2.x IBM Knowledge Center: - ILMT 9.2.x - BFI 9.2.x Useful links: Get started with IBM Security Support IBM Support Portal Sign up for My Notifications Follow us: 39 IBM Security

40 THANK YOU FOLLOW US ON: securityintelligence.com xforce.ibmcloud.com Copyright IBM Corporation All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.