BigFix for Servers: Deploying Linux MinSec Survey Fixlet

Overview:

The BigFix Client and MinSec Survey Fixlet are required for all High Risk Linux servers. The client and fixlet will only report information on some minimum security attributes to SUSI (Stanford University System Inventory).  It is not configured by default to force automated deployments of system updates and fixlets. University IT will not deploy patches, software, or reboots to servers enrolled in BigFix for Servers.  System administrators must regularly update their systems (patching, etc.), by their preferred means — BigFix is not required for this purpose.

Visit, https://minsec.stanford.edu for more information regarding minimum security standards.

Prerequisites:

To learn more about BigFix for Servers, visit: https://uit.stanford.edu/service/bigfixforservers


Deploying Fixlet

1. Log in to IBM BigFix Console.

2. In the left pane, drill down [STANFORD] Content and select "Fixlets and Tasks."

3. Determine which Linux distribution you are using:

• Debian systems use [STANFORD] Linux MinSec Survey – DEB Systems

• RedHat systems use [STANFORD] Linux MinSec Survey – RPM Systems

4.  Select the Linux MinSec Survey fixlet relevant to your system under "Fixlets and Tasks." In this example we'll use [STANFORD] Linux MinSec Survey – RPM Systems

5.  Click on the Take Action button:


6. Select the server to deploy the Fixlet to and click OK.


7.  Click Yes to confirm the Action Summary.


8.  Once BigFix finishes deployment, the status shows as "Complete."