HP SWA Administrator

HP-UX Software Assistant AdministrationGuideHP-UX 11i Systems

AbstractThis administration guide is for system administrators who maintain the security of HP-UX systems. Administrators are assumedto have in-depth knowledge of HP-UX operating system concepts, commands, and configurations. It assumes familiarity withinstalling HP computer hardware and software, upgrading software, applying patches, and troubleshooting system problems.

HP Part Number: 5900-1760Published: December 2011Edition: 14

© Copyright 2007, 2011 Hewlett-Packard Development Company, L.P.

Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, CommercialComputer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government undervendor's standard commercial license.The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the expresswarranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shallnot be liable for technical or editorial errors or omissions contained herein.

Acknowledgements

Intel® Itanium® Logo, Intel, Intel Inside and Itanium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United

States and other countries.

Microsoft® and Windows® are U.S. registered trademarks of Microsoft Corporation.

Java® is a US trademark of Sun Microsystems, Inc.

UNIX® is a registered trademark of The Open Group.

Revision History

Table 1 Revision History

Publication DateEdition NumberSupported Operating SystemsManufacturing Part Number

December 201114HP-UX 11i v1, 11i v2, 11i v35900-1760

February 201113HP-UX 11i v1, 11i v2, 11i v35900–1287

November 201012HP-UX 11i v1, 11i v2, 11i v35900–1284

September 201011HP-UX 11i v1, 11i v2, 11i v35900–1050

June 201010HP-UX 11i v1, 11i v2, 11i v3B3921-90027

December 20099HP-UX 11i v1, 11i v2, 11i v3B3921-90009

October 20098HP-UX 11i v1, 11i v2, 11i v35992–5123


March 2009 Fusion Release6HP-UX 11i v1, 11i v2, 11i v35992–5841

October 20085HP-UX 11i v1, 11i v2, 11i v35992–5372


March 20083HP-UX 11i v1, 11i v2, 11i v35992-3930

September 20072HP-UX 11i v1, 11i v2, 11i v35992-2903

June 20071HP-UX 11i v1, 11i v2, 11i v35992-0548

Contents1 Introducing HP-UX Software Assistant............................................................5

HP-UX SWA overview................................................................................................................5Release notes...........................................................................................................................5Capabilities.............................................................................................................................5Command structure...................................................................................................................5

The major modes.................................................................................................................6Extended options.................................................................................................................7Help..................................................................................................................................7

2 Installing HP-UX Software Assistant...............................................................8Installation requirements............................................................................................................8

For Windows systems within HP SIM.......................................................................................8For HP-UX systems – CLI or within HP SIM...............................................................................8

Getting the SWA software.........................................................................................................8What version of SWA should I use?............................................................................................9Installing SWA from a local or remote depot................................................................................9Installing SWA to use within HP SIM...........................................................................................9

On Windows......................................................................................................................9On HP-UX...........................................................................................................................9

Uninstalling SWA...................................................................................................................10From a Windows system.....................................................................................................10From an HP-UX system........................................................................................................10

3 Quick Start..............................................................................................11Steps to using SWA................................................................................................................11Create a config file.................................................................................................................11Run the initial report................................................................................................................11Review recommended actions...................................................................................................12Download patches and make a depot.......................................................................................12Read the readBeforeInstall.txt file and take appropriate actions.....................................................13Install the depot......................................................................................................................13Generate a second report........................................................................................................13Put appropriate actions in the ignore file....................................................................................13

4 Creating and interpreting reports................................................................14Analysis................................................................................................................................14Report overview......................................................................................................................15The HTML report.....................................................................................................................15The Assessment Profile.............................................................................................................16The Action report....................................................................................................................17

Patch bundles....................................................................................................................17Patches.............................................................................................................................17Manual actions..................................................................................................................18

The Issue report......................................................................................................................19Latest Quality Pack bundle (QPK).........................................................................................19Security bulletins (SEC).......................................................................................................19Patches that fix critical issues (CRIT)......................................................................................20Patches with warnings (PW)................................................................................................20Specific patch (PATCH), and patch or recommended successor (CHAIN)...................................20Automatically invoked analyzers..........................................................................................20

The Detail report.....................................................................................................................21

Contents 3

5 Networking options..................................................................................23Using SWA in secure network environments...............................................................................23Using proxy servers with Software Assistant................................................................................23Using the download_cmd extended option.................................................................................23Running SWA on a system without access to the Internet..............................................................24

6 Running SWA from within HP SIM..............................................................26The Central Management Server...............................................................................................26Launching SWA.....................................................................................................................26Using the SWA scheduling under HP SIM..................................................................................26Generate report.....................................................................................................................26

Selecting target systems......................................................................................................27Verifying selected systems...................................................................................................29Setting report options for SWA in HP SIM.............................................................................29Running your SWA job in HP SIM........................................................................................33The multisystem summary report...........................................................................................35

Review jobs...........................................................................................................................35Monitoring and maintaining your SWA tasks.............................................................................36

Viewing Task Results...........................................................................................................36Viewing All Scheduled Tasks...............................................................................................36

Authorizing non-privileged users...............................................................................................37Requirements.....................................................................................................................38How to authorize a non-privileged user to run SWA................................................................38

7 Support and other resources......................................................................40Contacting HP........................................................................................................................40

Before you contact HP........................................................................................................40HP contact information.......................................................................................................40Subscription service............................................................................................................40Documentation feedback....................................................................................................40

Related information.................................................................................................................41Documents........................................................................................................................41Websites..........................................................................................................................41

Typographic conventions.........................................................................................................41A Useful files and directories.........................................................................43B Troubleshooting SWA................................................................................45

Log files.................................................................................................................................45The swa.conf file.....................................................................................................................45Common errors......................................................................................................................45

CRL checking error when getting catalog..............................................................................45Failed to read swa_catalog.xml...........................................................................................45Proxy errors.......................................................................................................................46

HP SIM errors related to SWA..................................................................................................46SWA installation error........................................................................................................46

Glossary....................................................................................................47Index.........................................................................................................49

4 Contents

1 Introducing HP-UX Software AssistantHP-UX SWA overview

HP-UX Software Assistant (SWA) is a tool that consolidates and simplifies patch management andsecurity bulletin management on HP-UX systems.SWA can perform a number of checks including applicable security bulletins and installed patcheswith critical warnings. Once an analysis has been performed, you can use SWA to download anyrecommended patches or patch bundles and create a depot ready for installation.SWA requires an active HP support agreement (that includes Software Updates) linked to yourHPSC profile. HP recommends you use SWA version C.02.90 or later.

Release notesFor information on what's new with the latest version of SWA, see the HP-UX Software AssistantRelease Notes available at http://www.hp.com/go/swa-docs.

CapabilitiesSWA's major functions are briefly outlined below.

AnalyzeSWA runs as a client-side patch and security analysis tool. An HP-supplied catalog file with knownproblems and fixes is downloaded from the HP Support Center (HPSC) and compared to thesoftware installed on the system. Depots used for full-system installation, such as the installationdepot on an OE DVD, may also be analyzed.Systems are analyzed for patch warnings, critical defects, security bulletins, missing Quality Pack(QPK) patch bundles, and user-specified patches and supersession chains.SWA optimizes the automatic selection of patch dependencies by assessing the quality of thedependency, providing the best case scenario for the dependency, minimizing changes to thesystem, and assessing future patch dependency changes.

ReportSWA is able to generate a variety of reports based on its analysis. Action, Issue, and Detail reportsare available. A consolidated HTML report with links to the technical knowledge base is alwayscreated. The SWA reports provide information for downloading software from HP and for actionsthat need to be taken manually.

Download Software from HPBased on the analysis, SWA obtains patches from HP and creates a Software Distributor (SD)depot of software for installation.SWA automatically uses MD5 cryptographic hash to verify patch integrity before unpackingdownloaded patches.

Command structureHP-UX Software Assistant is a tool that uses a major mode style interface.# swa <major mode>

SWA has the following major modes: report, get, step, and clean.Extended options modify each SWA command. They can be specified on the command line orsaved in a configuration file.# swa <major mode> -x <extended_option>

HP-UX SWA overview 5

http://www.hp.com/go/hpsc

http://www.hp.com/go/swa-docs

# swa <major mode> -X <extended_option_config_file>

Context sensitive help is available for all SWA commands with the -? option.# swa <major mode> -?

The following sections give a brief overview of SWA commands. For detailed information, see theHP-UX Software Assistant Reference, available at http://www.hp.com/go/swa-docs.

The major modesSWA has the following major modes: report, get, step, and clean.The major modes report and get are comprised of steps, outlined below. The step mode allowsyou to execute one of these steps. The clean mode frees up disk space by removing caches offiles from previous SWA sessions.

Report# swa report

The swa report command is comprised of the following steps, and executes them in the orderlisted.Inventory – The swa report command first does an inventory of the installed software. Theinventory is written to $HOME/.swa/cache/swa_inventory_n.xml.Catalog – Then, swa report downloads an HP-supplied catalog file from the HPSC website thatcontains known security issues and other defects along with their solutions. The catalog file is savedto $HOME/.swa/cache/swa_catalog.xml.Analyze – The inventory file is then compared with the catalog file to see what issues need to beresolved on the system, and the resulting analysis file is written to $HOME/.swa/cache/swa_analysis.xml.Report – A summary of recommended actions are written to standard output and comprehensiveresults are written to $HOME/.swa/report/swa_report.html.

Get# swa get

The swa get command is comprised of the steps download and depot, and executes them inthe order listed. Prerequisites to the swa get command are the steps inventory, catalog,and analyze.Download – The swa get command uses the results file generated by the analysis step of swareport to download the necessary software from HP. Write access to the swcache directory isrequired for this step.Depot – The downloaded software is then packaged in a depot. You must be a privileged user forthis step.

Step# swa step {inventory | catalog | analyze | report | download | depot}

The swa report and swa get commands are made up of steps. The swa report commandis comprised of the steps inventory, catalog, analyze, and report. The swa get commandis comprised of the steps download and depot.With the swa step command, you can execute one discrete step of the swa report or swaget command, such as: swa step inventory.

Clean# swa clean {usercache | swcache | all}

6 Introducing HP-UX Software Assistant


When the swa command runs, it produces a cache of files for its use. Run swa clean to free updisk space after your swa session is complete.The swa clean command has modifiers that specify the caches to clean. The modifiers are:usercache, swcache, and all. The usercache holds the files created by swa report, andthe swcache holds the patches and patch bundles downloaded by swa get or swa stepdownload. The swcache directory can be set with the extended option swcache.

NOTE: The usercache generally does not consume much disk space, but the swcache can consumea significant amount of disk space. There is a trade-off between keeping software in the swcachedirectory and having to repeat a software download.

Extended optionsExtended options allow you to tailor SWA behavior to your own specifications as each phase isperformed: analysis, reporting, and downloading HP software. SWA commands are capable ofaccepting extended options via command line or in an extended options configuration file.Precedence of extended options sources are given in the manpages.To specify an extended option via command line, use the syntax swa_command -x option.To use a configuration file, there are three options:• Specify a file on the command line with swa_command -X option_file.

• Use the $HOME/.swa.conf file.

• Use the /etc/opt/swa/swa.conf file.The SWA manpages document applicable extended options for a command, and the /etc/opt/swa/swa.conf.template file outlines the usage and syntax of each extended option. Be sureto read the manpages so you are aware of the extended options' default values associated witheach command.

HelpUse the -? option at any level of a command to get context sensitive information regarding usageand available options. For example:# swa report -?Usage: swa report [options] Analyze and report issues and new software

Where options include: -a analyzer One of the analyzers to use <multiple -a options can be specified> -q Decrease verbosity of output -r report_type Set the type of the stdout report -s System, depot or existing local inventory file to analyze. -v Increase verbosity of output -x ext_option=value Set the extended option to value <multiple -x options can be specified> -X option_file Read extended option settings from this file

Use "swa report -<option> -?" <e.g. "swa report -x -?"> to get adescription of options that have arguments

Command structure 7

2 Installing HP-UX Software AssistantInstallation requirements

For Windows systems within HP SIMWhen installing SWA on a Windows system to run within HP SIM, all the requirements are metby running a supported version of HP SIM. Be sure to select the Windows software specificationfrom the SWA download webpage at http://www.hp.com/go/swa-download.SWA is only available via HP SIM on a Windows system – there is no command-line interface.Although SWA can run on a Windows system within HP SIM, it can only evaluate and report onHP-UX 11i v2 and v3 systems.

For HP-UX systems – CLI or within HP SIMTo install SWA on an HP-UX system, you will require the following items:• A system running an HP-UX 11i Operating Environment.

• Administrative privileges to install software on the target system.

• The required applications, described in the table below. They are included in the SWA bundlefor download. See the https://www.hp.com/go/java webpage for required Java patches.

Table 2 SWA and Required Applications

StatusBundle/Product IDProduct Name

Required.SwAssistantHP-UX Software Assistant

Required.Jre15.JRE15,r>=1.5.0.04.00 orJre60.JRE60,r>=1.6.0.00.00

Java Runtime1

Required. It is included on theOE and AR media.

Judy-lib.JUDY-COMMON,r>=B.11.11.04.00S

Judy Libraries

Required for HP-UX 11i v1(B.11.11) only.

PHSS_22898C++ Runtime Library Patch

1 Java™ is only required for SWA analysis functionality. If you do not want Java on a system, you have the followingalternatives:

◦ Install Java and the full SWA tool on a single system and do all analysis from that system. The SwaMin productmay be installed on clients that have no network connectivity to the analysis system.

◦ Use the SwaMin product to gather inventory and upload to the HP Support Center web site at http://www.hp.com/go/hpsc for analysis (currently patches only).

Getting the SWA softwareIMPORTANT: SWA requires an active HP support agreement (that includes Software Updates)linked to your HPSC profile. HP recommends you use SWA version C.02.90 or later.

8 Installing HP-UX Software Assistant

http://h18013.www1.hp.com/products/servers/management/hpsim/supportmatrix.html

http://www.hp.com/go/swa-download

https://www.hp.com/go/java



SWA software is available from the following places:

• Software Assistant on the HP Software Depot: for Windows, HP-UX 11i v1 (B.11.11), HP-UX11i v2 (B.11.23), HP-UX 11i v3 (B.11.31). From http://www.hp.com/go/swa-download,click Installation for installation instructions. The newest version of SWA is available on theSoftware Depot.

What version of SWA should I use?HP recommends downloading and using the latest version of SWA, available at http://www.hp.com/go/swa-download. This ensures you have the most up-to-date features and defectfixes, as the SWA product is not patched.

Installing SWA from a local or remote depotIf you choose to create a local or remote depot containing SWA for installation, you must havethe dependent applications either on the system already or in the depot. See “Installationrequirements” (page 8) for a list of dependent applications and where to find them. The installationfrom a local or remote depot is the same as the instructions on the Software Depot webpage, withthe exception that you should use the swcopy command with the dependent applications to includein the depot, and then use the Software Depot instructions with the swinstall command for thedepot contents.To install SWA, enter the command:# swinstall -s <your_depot> SwAssistant

The following bundles should exist on the system:• SwAssistant (bundle wrapper)• SWA (product)• SwaMin (product)The dependencies for SWA are• The Java and Judy libraries• The C++ Runtime Library Patch (PHSS_22898, HP-UX 11i v1 (B.11.11) only)

Installing SWA to use within HP SIM

On WindowsTo use SWA within HP SIM on a Windows system, you should have a supported version of HPSIM installed on your Central Management System (CMS).Select the Windows software specification and download the SWA Windows installer from http://www.hp.com/go/swa-download. Double-click the file you downloaded to start the install wizard.The filename will be similar to HP-UX_SoftwareAssistant_C.02.90.exe. Follow the installwizard instructions. When the installation is complete, you will receive a message that setup hasfinished installing HP-UX Software Assistant. SWA will be available from within HP SIM from theTools→Software Assistant menu.

NOTE: Although SWA can run on a Windows system within HP SIM, it can only evaluate andreport on HP-UX 11i v2 and v3 systems.SWA requires HP SIM in order to run on a Windows system – there is no command line interface.

On HP-UXTo use SWA within HP SIM on an HP-UX system, you should have a current version of HP SIMinstalled on your Central Management System (CMS).

What version of SWA should I use? 9









SWA will be available within HP Systems Insight Manager (HP SIM) if you install SWA while HPSIM is running.If SWA is installed before HP SIM is initially configured via mxinitconfig, SWA will automaticallybe included for use within HP SIM. See mxinitconfig(1M) for more information.If you install SWA when HP SIM is installed but not running, you must run the/opt/swa/lbin/configHPSIM script once HP SIM is running again to configure HP SIM forSWA.The following error indicates HP SIM is not properly configured to run SWA. Use the informationoutlined above to determine whether to run mxinitconfig or configHPSIM.NOTE: Cannot configure HP SIM. Add SWA to HP SIM by running mxinitconfig(1M) or /opt/swa/lbin/configHPSIM

NOTE: HP SIM servers might require significant space in /var/opt/swa/HPSIM to supportclient systems' analysis, catalog, inventory, and report files. You should consider the number ofclient systems you intend to support and adjust file system sizes accordingly.

Uninstalling SWA

From a Windows systemTo uninstall SWA from a Windows system, select All Programs→HP-UX Software Assistant→UninstallHP-UX Software Assistant from the Windows Start menu.

From an HP-UX systemTo remove SWA, enter the command:# swremove -x enforce_dependencies=false SwAssistant

The following objects are removed from the system:• SwAssistant (bundle wrapper)• SWA (product)• SwaMin (product)The dependencies for SWA remain on the system. These include:• The Java and Judy libraries

• The C++ Runtime Library Patch (PHSS_22898, HP-UX 11i v1 (B.11.11) only)If you do not use the -x enforce_dependencies=false option with the swremove command,you will receive error messages regarding dependencies.

10 Installing HP-UX Software Assistant

3 Quick StartSteps to using SWA

To get started using Software Assistant right away, follow these steps:1. Make sure you have your active HP support agreement that includes Software Updates linked

to your HPSC profile to access patch content and services.2. Create a config file that contains your HPSC login information.3. Run the initial report with the command swa report.4. Review recommended actions, especially the manual actions, written to standard output.5. Download patches and make a depot with the command swa get.6. Read the readBeforeInstall.txt file and take appropriate actions.7. Install the depot.8. Generate a second report.9. Put appropriate actions in the ignore file.

Create a config fileCopy the configuration file template to a new location for editing.# cp /etc/opt/swa/swa.conf.template <my_conf_file>

Set the file permissions appropriately so the configuration file is not readable by others.Edit your configuration file and add your HPSC user ID and password. The syntax will behp_id = <HPSC user ID>hp_pw = <HPSC password>

Run the initial reportIssue the following command:# swa report -X <my_conf_file>

SWA first builds an inventory of the software currently installed on the system. Then, the catalogis downloaded from HPSC.======= 02/05/08 15:52:35 MST BEGIN Report on Issues and New Software <user=username> <jobid=systemname> * Gathering Inventory * Getting Catalog of Recommended Actions and Software

NOTE:If the system does not have direct access to the web, you can specify a proxy server with the swareport extended option proxy. For more information, see Appendix B (page 45) andswa-report(1M). SWA supports HTTP basic authentication only. If you do not have a standardproxy, you can also specify an arbitrary command for downloading files. See the extended optiondownload_cmd.

After the catalog is downloaded, the analysis is performed and reports are generated. An HTMLreport is written to the file indicated in the standard output messaging, and an Actions SummaryReport is written to standard output. (Use the -r option to swa report and swa step reportto specify the report type written to standard output: action (default), issue, detail, html ornone.) * Using existing local catalog file * Performing Analysis * Generating ReportsNOTE: See HTML-formatted report "$HOME/.swa/report/swa_report.html"

Steps to using SWA 11


The Actions Summary Report begins with the Assessment Profile. The exact catalog and inventoryfiles used in the analysis are identified. Detailed analysis information follows. Software Assistant Actions Summary Report

ASSESSMENT PROFILE

Catalog Information Catalog File: $HOME/.swa/cache/swa_catalog.xml Catalog Date: dd month year hh:mm:ss

Inventory Source Name: systemname OS: HP-UX B.11.xx Model: model info Inventory File: $HOME/.swa/cache/swa_inventory_n.xml Inventory Date: dd month year hh:mm:ss

Analysis Information Analysis File: $HOME/.swa/cache/swa_analysis.xml Analysis Date: dd month year hh:mm:ss Ignore File(s): $HOME/.swa/ignore Issues Ignored: n

Selected Analyzers QPK: latest Quality Pack patch bundle SEC: security bulletins PCW: patches with critical warnings

The analysis depends on the Selected Analyzers. Default analyzers are quality pack (QPK), security(SEC), and critical patch warnings (PCW) because these watch HP's default patch and bulletinrecommended actions. You can specify the analyzers used with the -a option on the commandline, or by using the analyzers extended option. See swa-report(1M) for more information.The report then goes on to report the recommended actions.

Review recommended actionsManual actions require direct administrator response and are not managed by SWA. These include:• Product (non-patch) updates.

• Product removal.

• Manually updated files.

• Other manual actions, such as direct file system changes.Manual actions that result in the installation or removal of software might cause changes to the listof recommended patches. After resolving the product changes identified as manual actions, it isrecommended a new analysis is run to create the most accurate patch recommendations.

Download patches and make a depotIssue the following command:# swa get -t target_depot -X <my_conf_file>

You are required to specify the depot. By default, a new depot is created.

NOTE: The swa get command requires superuser privileges. See swa-get(1M) for moreinformation.

The swa get command uses the analysis file created by swa report to determine what softwareto download from HP.

12 Quick Start

As each patch is downloaded into the swcache, a notice is displayed on standard output.... * Downloading Software from HP to Local CacheNOTE: Estimated total download size: x bytes. * Downloading PHCO_n (1 of x)...

Once the patches have been downloaded to the swcache directory, they are processed into thedepot. SWA automatically uses MD5 cryptographic hash to verify patch integrity before unpackingdownloaded patches. For more information on the location of the swcache directory, seeAppendix A (page 43).

Read the readBeforeInstall.txt file and take appropriate actionsThe readBeforeInstall.txt is located in the target depot directory.This file lists special installation instructions and dependencies to take under consideration for allthe patches downloaded from HP. Review this file before installing the depot.

Install the depotThe recommended method to install HP-UX patches and patch bundles from a depot is with thecommand:# swinstall -s depot -x patch_match_target=true -x autoreboot=true

Note that this command should only be used within a maintenance window as the system mightrequire a reboot. Any reboot will be performed automatically when required.

Generate a second reportIt is useful to compare a post-SWA report with the initial report to see the issues that have beenresolved and those still requiring resolution. Make sure you save the original report before runningthe following command:# swa report -x inventory_max_age=0 -X <my_conf_file>

The inventory_max_age=0 is a special value that forces an inventory file update.

Put appropriate actions in the ignore fileIt might make sense for you to ignore the following types of issues:• Manual actions — SWA can't detect if security bulletin manual actions (other than installing

specific versions of patches or software) have been taken, so after applying a manual action,add it to the ignore file to track that the action has been taken.

• Deferred actions — If you've made a decision to defer addressing a particular issue for someperiod of time, after taking into account the risk of not addressing it, you might wish to addit to the ignore file until the issue is revisited or fixed. Be careful not to forget about these typesof issues, since SWA will stop warning about them.

HP advises you include comments in the ignore file explaining who added an issue, why, andwhen. Auditors are likely to want this information documented and traceable.The ignore file, $HOME/.swa/ignore, includes comments with instructions regarding syntax andhow to add an issue. You must use the Issue ID given in the Detail report to identify issues in anignore file.It is possible to use more than one ignore file with the following syntax:# swa report -x ignore_file="file1 file2"

Read the readBeforeInstall.txt file and take appropriate actions 13

4 Creating and interpreting reportsAnalysis

All reports are based on the selected analyzers. SWA is capable of performing a variety ofanalyses.To perform an analysis, Software Assistant requires an inventory file and a catalog file. Duringanalysis, those two files are compared to see what issues require attention. Issues in ignore filesare not included in the analysis. For more information, see “Put appropriate actions in the ignorefile” (page 13). By default, the resulting analysis file is written to $HOME/.swa/cache/swa_analysis.xml.To specify the analyses SWA should run, use the -a option of the swa report or the swa stepanalyze command, or use the extended option analyzers.Available analyzers follow, with a description of what SWA will look for:• PCW – Installed, active patches with critical warnings. These patches might cause or expose

a critical problem. The newest recommendable patch in the supersession chain will be reported.This is a default analyzer.

• QPK – Quality Pack (QPK) updates. The quality pack bundle includes stable patches for coreHP-UX and networking drivers. This is a default analyzer.

• SEC – Security bulletins that might apply. These are announcements from HP regarding potentialsecurity issues and recommended actions to resolve them. This is a default analyzer.

• CRIT – Patches to install that fix critical problems. Problems are categorized as critical basedon the severity of the problem, not how likely the problem might occur. Critical problemsinclude system panics or hangs, process failures, data corruption, severe performancedegradation, and application-specific critical issues.

• PW – Installed, active patches with warnings. These patches might cause or expose adversebehavior. This category includes patches with critical warnings. The newest recommendablepatch in the supersession chain will be reported.

• PATCH – Given a specific patch, SWA indicates whether that patch is required for your systemor not. HP recommends the CHAIN analyzer to report a patches' relevance to your system,since it will report the most recent, stable patch in the chain.

• CHAIN – Given a specific patch, SWA indicates whether that patch is required for your systemor not. If the patch is required, SWA selects the HP recommended patch at or above thespecified patch.

If no analyzers are specified, the PCW, QPK, and SEC analyses are performed.For detailed information on QPK patch bundles and types of patches, see the Patch ManagementUser Guide for HP-UX 11.x Systems, available at http://www.hp.com/go/patchmgmt-docs.

14 Creating and interpreting reports

http://www.hp.com/go/patchmgmt-docs

Report overviewAfter the analysis is complete, SWA reports its findings. The types of reports follow.

Table 3 Report Overview

Use this report for...Where to find itHow to generate itWhat it reportsReporttype

Comprehensive –includes the

HTML • Interpreting analyses asrecommended by HP

• $HOME/.swa/report/swa_report.html bydefault

• Alwaysgenerated andwritten to a fileAction, Issue, and

Detail reports. • All the information SWA hason the analysis• -r html for

display of HTML• The file specified by the

html_report extendedoption

• Links to full descriptions ofsecurity bulletins, patches, andbundles

source tostandard output • Standard output when

selected with -r • Links to download patches

• Generated bydefault tostandard output

Summary ofrecommendedactions

Action • A comprehensive to-do list• Standard output by default

• •Included in HTML report Patch bundles and patchesrecommended for installation

• A list of recommended manualactions

• A list of exposed problems,including those with no SWArecommended solution

• -r issue fordisplay tostandard output

Summary ofissues

Issue • Included in HTML report

• Standard output whenselected with -r

• -r detail fordisplay tostandard output

Recommendedactions with issuejustification

Detail • A cross-reference of actions toresolved issues

• Included in HTML report

• Standard output whenselected with -r • Issue IDs

• Dependencies

• Issues detected with no SWArecommendation for resolution

• Web addresses for relevantpatch and security issueinformation

• Web addresses to downloadpatches

Issues in ignore files are excluded from all reports. For more information, see “Put appropriateactions in the ignore file” (page 13).The contents of all reports are dependent on the analyzers selected.Report excerpts in this chapter are HTML; the same information is reported in text-based reports.

The HTML reportHP recommends using the HTML report, since it provides all the SWA analysis information available– it is the compilation of the other reports. This report is always generated and is saved to $HOME/.swa/report/swa_report.html by default. You can specify your own filename with thehtml_report extended option. If you want the HTML report displayed to standard output, usethe -r html option to the swa report command or the swa step report command.The HTML report begins with the Assessment Profile and then includes the Action report, the Issuereport, and the Detail report. See the following sections for more information on each type ofreport: “The Action report” (page 17), “The Issue report” (page 19), “The Detail report” (page 21).The HTML report also includes hyperlinks to detailed information on the HPSC for every patch andsecurity bulletin issue found by SWA, plus direct links to download patches.

Report overview 15


The HTML report begins with a table of contents, which includes links to all sections of the report.

The Assessment ProfileThis section is included in every report. It identifies the catalog used, the inventory used, and theanalysis information for the unique report. The Assessment Profile is required to interpret any reportby giving it context. Using the information in the assessment profile, an analysis can be recreated.

1 Inventory Source – This information describes the system being analyzed and the inventoryinformation for that system. The Model: information will only be available if the system islocal or accessed with a secure shell connection (ssh). The Inventory Date: is the datethe inventory was run on the system with the swa report or swa step inventorycommand.

2 Catalog Information – This is the file downloaded from HPSC with the swa report or swastep catalog command. The Catalog Date: is a data timestamp indicating when thecatalog was created.

3 Analysis Information – This is the file created when the swa report or swa step analysiscommand was run. The Analysis Date: is the date the analysis was run. The ignore filesused in the analysis are indicated. The Issues Ignored: indicate the number of issuesignored during this analysis.

4 Selected Analyzers – These are the analyzers the reports are based on. Although not listed,the automatically invoked analyzer (AUTO) is always run and cannot be deselected. TheAUTO analyzer detects problems such as missing dependent patches and unrecognizedpatches. If your analysis has detected AUTO issues, you will see an Automaticallyinvoked analyzers section in the Issue report. Options to analyzers are not included inthe Assessment Profile, such as the patches specified with the CHAIN and PATCH analyzers.


The Action reportThe Action report is a to-do list of patches and patch bundles to install, plus a list of manual actions.This report does not include explanations as to why the actions are required; for this information,see the Detail report.The patch and patch bundle actions can be taken care of by installing the depot created by theSWA commands swa get and swa step depot. The depot includes all the patches and patchbundles listed in the Action report, which includes all dependent patches. This allows you to installthe depot on any system, but the depot might include patches already installed on your targetsystem.The manual actions require individual, specialized actions as described in the Manual Actionssection.If you have issues that SWA does not have recommendations for (unresolved issues), the Actionreport will warn that the recommended actions are an incomplete solution. Information on unresolvedissues can be found in the Detail report.The Action report is included in the HTML report. It is created and displayed to standard outputby default. It begins with the Assessment Profile and then is followed by the Patch Bundles, Patches,and Manual Actions sections.

Patch bundlesBundles listed here are Quality Pack (QPK) bundles. Quality pack bundles include stable patchesfor core HP-UX, graphics, and networking drivers. Depending on your release, there are twopossible QPK bundles, QPKAPPS and QPKBASE. Both bundles are included in the QPK depot.If the QPK bundles include patches with warnings, the fix patches will be listed in the Patchessection of this report and the patch bundles will be identified as an issue in the Issue report.The listed bundles are not found on the target system, but no information is provided as to whatbundle contents are missing. The bundle equivalency of the QPK contents can be detected withthe CHAIN and PATCH analyzers.

PatchesThe patches listed in this section are required in addition to those in a QPK bundle – they areavailable individually on the HPSC website. Software Assistant will recommend the newest patchin the chain to resolve the issue.If unexpected patches are seen in the list, they are usually included as dependencies or to addresswarnings.The patches included as dependencies are flagged in the Dep column. An asterisk indicates apatch that must be installed, and a plus sign indicates a patch dependency that is satisfied byeither being installed or by having a superseding patch installed.The Detail report can provide the rationale for all patches. SWA creates all depots with all requisitesincluded. This allows installation on any system but might include patches that can't be installedon a specific system. For example, if a there is a patch in the depot for a product that is not installedon a system, that patch will not get installed.If you have a QPK bundle listed under Patch Bundles, this will not be a complete list of patches toinstall since QPK patches are not included in this list.

The Action report 17


Manual actionsThese actions require direct administrator response and include product (non-patch) updates,product removal, manually updating files, and other manual actions, such as direct file systemchanges.Security bulletins are listed only if manual actions are required. If a patch satisfies a security bulletin,it will be included in the QPK patch bundle or listed explicitly in the Patches section.The date listed for security bulletins is the date the bulletin was posted or last updated.A detection confidence rating is included with the action. Note that SWA can only detect softwarethat has been installed with swinstall. The ratings are:• D – Definite. The recommendation is based on specific revisions of installed software. SWA

has determined that this fix has not been done.• R – Relevant. The recommendation is based on installed software. For some recommendations

rated R, SWA cannot determine if the action has already been taken. If SWA cannot detectif an action has been taken, that issue will always be listed until it is entered in an ignore file.

• U – Unknown. The recommendation is based only on operating system version. SWA cannotdetect if recommendations rated U have been taken. Issues rated U will always be listed untilthey are entered in an ignore file.

Manual actions that result in the installation or removal of software might cause changes to the listof recommended patches. After resolving the product changes identified as manual actions, it isrecommended a new analysis is run to create the most accurate patch recommendations.The following example illustrates how one issue, a required Security Bulletin 02284r4, can generatemultiple manual actions. See the Detail report for a detailed cross-reference of actions to issues.

1 Five manual actions are associated with the one Security Bulletin 02284r4.


The Issue reportThe Issue report is included in the HTML report. There is a section for every analyzer selected, plusan Automatically invoked analyzers section if there are AUTO issues detected.The Issue report includes issues SWA does not have recommendations for (unresolved issues), butdoes not indicate they are unresolved. Information on unresolved issues can be found in the Detailreport.Select the Issue report for display to standard output with the -r issue option to the swa reportcommand or the swa step report command.

Latest Quality Pack bundle (QPK)The Quality Pack analyzer detects the revision of the current QPK bundle and selects availableupdates.If patches in a recommended QPK have warnings, they will be listed explicitly in the QPK sectionof the Issue report, as shown in the following example. When available, the patches that fix thesewarnings will be included in the list of actions recommended by SWA.

1 The Quality Pack bundle QPKBASE includes patches with warnings.

Security bulletins (SEC)SWA lists all detected security bulletins that might apply to your system.It is possible for more security bulletins to be listed here than in the Action report, since this listincludes bulletins satisfied by patch and manual actions; the Action report only lists the securitybulletins satisfied by manual actions.The following example illustrates that although an issue might generate multiple actions, such asthe Security Bulletin 02284r4, it is listed once in the Issue report. Below, the various identifiersappearing in the report are explained.

1 The Security Bulletin 02284r4 generates five actions in the Action report (see the associatedAction report), and a single issue in the Issue report.

A security bulletin usually has a number of identifiers associated with it.The following example explains the identifiers associated with security bulletin 02284r4.

The Issue report 19

1 The short form of the external HP security identifier. It is comprised of the numeric portion ofthe HPSBUX identifier, 02284, plus the revision number, r4.

2 The long form of the external HP security identifier, also called the HPSBUX identifier.3 The software security response team number, which is used internally to HP.4 The revision number. A security bulletin revision can be issued for minor or significant changes.

NOTE: The Common Vulnerabilities and Exposures (CVE) identifier, if there is one associatedwith the bulletin, is available with the detailed information on the HPSC. Follow the hyperlink inthe HTML report to access this information.

Patches that fix critical issues (CRIT)Problems are categorized as critical based on the severity of the problem, not how likely theproblem might occur. Critical problems include system panics or hangs, process failures, datacorruption, severe performance degradation, and application-specific critical issues.If there is a newer patch in the supersession chain, that patch might be listed in the Action report,not the patch listed as missing in this section.

Patches with warnings (PW)This section reports patches with warnings identified by the PW orPCW analyzer. If a newerrecommendable patch exists, it will be selected. Note that in some instances the best course ofaction is to retain a patch with a warning.

1 This is the posting date of the most recent patch warning.2 Patches with critical warnings are identified here.

Specific patch (PATCH), and patch or recommended successor (CHAIN)Given a user-specified list, the PATCH and CHAIN analyzers identify user-specified patches thatcan be installed. Patches are omitted from the list because the base product is not present orbecause the patch or its replacement is already installed. In an Issue report, these two analyzersare equivalent; they differ in the recommendations made within the SWA Action report.

Automatically invoked analyzersYou might have a section for Automatically invoked analyzers (AUTO) in your report, which is ananalyzer SWA always runs and cannot be deselected. Problems in this category include missingdependent patches and unrecognized patches. An unidentified patch can be a sign of a specialrelease or site-specific patch. An out-of-date catalog file might also cause unidentified patches.


1 The Patch PHKL_31500 is a special patch for HP-UX 11i v2, in that new dependencies maybe introduced after its release.

The Detail reportThis report is included in the HTML report. The Detail report is a comprehensive cross-referencebetween actions and issues, which comes in handy since some issues require multiple actions andsome actions satisfy multiple issues.The Detail report includes information not available in the Action or Issue reports.

1 This is the only report that includes the full SWA Issue ID, which is required in an ignore file.2 The URL is a link to the security bulletin.3 The dependencies listed are supporting patches or patch bundles that must be installed. The

patches will be listed as action items in the Action report unless they are included in a QPKtargeted for installation. Note that it is not uncommon for HP-UX to have patches that aremutually dependent. For more information on patch dependencies, see the Patch ManagementUser Guide for HP-UX 11.x Systems, available at http://www.hp.com/go/patchmgmt-docs.

The following example illustrates how one issue, a required Security Bulletin 02284r4, can generatemultiple manual actions. The Detail report expands on each of the actions.

The Detail report 21


Sometimes one action will resolve more than one issue. In the following example, installingPHCO_36506 will resolve both a critical issue and a patch warning. Both patches, PHCO_36506and PHCO_31562, will appear in the Issue report. Only PHCO_36506 will appear in the Actionreport. The Detail report below shows the cross-reference of the action to both issues.

The Detail report might include the section, “Unresolved Issues.” These are issues that SWA detectedbut has no action to recommend. An unrecognized patch installed on the target system is anexample of an unresolved issue.Select this report for display to standard output with the -r detail option to the swa reportcommand or the swa step report command.


5 Networking optionsUsing SWA in secure network environments

SWA is able to adapt to a secure network environment where one or more of the default protocolsSWA uses are blocked. When customizing SWA for your environment, you must keep securityconcerns in mind.When SWA runs an analysis of a system, it relies on the integrity of the catalog file and theinventory file. The integrity of the catalog file and the analysis file controls the security propertiesof SWA. Depot creation relies on the integrity of the patches within the swcache directory.The validity of the catalog file is of primary importance, since it contains all the data for identifyingissues, recommending solutions, and downloading and verifying content.Because the integrity of SWA files must be maintained, use either a secure shell (ssh) connectionor media when accessing a remote system for the inventory, catalog, analysis, and swcache files.

Using proxy servers with Software AssistantThe basic way to specify a proxy host and port is with the extended option proxy. You canoptionally specify a basic HTTP authentication user name and password pair. You can use theproxy extended option with the commands swa get, swa report, swa step catalog, andswa step download. By default, no proxy information is specified. For more information, seethe SWA manpages.There are protocol-specific extended options (ftp_proxy, https_proxy, and http_proxy)and environment variables (ftp_proxy, https_proxy, and http_proxy). You cannot use thegeneral proxy extended option, such as proxy=http://web-proxy.mycompany.com:8088,as an environment variable.For information on the various ways to set SWA extended options, see “Extended options”(page 7).For information on SWA errors related to proxies, see Appendix B (page 45).

Using the download_cmd extended optionThe download_cmd extended option can be used to override the default SWA downloadcommands to download the catalog and patch files. The download_cmd option allows you touse commands that are not part of the SWA product, as well as a pipeline or user script to allowdownload through a third remote system.The command specified with this option must:1. Take one argument supplied by SWA: the URL of the file content to download.2. Output the retrieved file content to standard output.The download command extended option will always be run with elevated privileges.External programs like wget, curl, and Perl's GET can be used to pass the contents of a URL tostandard output. These commands may provide support for different types of proxies or can beused with ssh to work with a gateway server. The GET command provides basic functionality.The wget and curl commands provide extended functionality and are provided with HP-UX 11iInternet Express (see www.hp.com/go/internetexpress).

NOTE: The Perl GET utility is not recommended for downloading large objects such as patchbundles.

Using SWA in secure network environments 23

www.hp.com/go/internetexpress

Example: Use SWA With a GatewayThis example requires SWA version C.02.80 or later. Download the latest version of SWA fromhttp://www.hp.com/go/swa-download.If you would like to use SWA without direct internet access, you can use the download_cmdextended option and a gateway server to access the catalog and patch files. This gateway canbe a non-HP-UX system.We will use GET to download the catalog, since the catalog is not very large, and use wget withina script to download the patches.In SWA versions C.02.80 and later, you may use the string %url to represent the web locationsSWA uses to complete any download. SWA will substitute URL destinations for the %url targetstring as it works.Since the example swa get command does not use the %url target string, SWA appends theURL destination to the end of the command, which becomes the script argument.The following procedure is to be run on the system to be analyzed.1. Create an inventory of the local system, then download the catalog using the gateway system,

run an analysis, and create a report:# swa report -x download_cmd="ssh user@gateway /opt/perl/bin/GET \"%url\""

2. Review the recommended actions and issues.3. Download patches using the gateway system and make a depot on the local system:

# swa get -t target_depot -x download_cmd='/usr/local/bin/myGetScript.sh'

where myGetScript.sh could be#! /usr/bin/shURL=”$1”ssh user@gateway 'wget —O — \'$URL\' '

4. Continue with the patch installation procedure as outlined in Chapter 3 (page 11).

TIP: In SWA C.02.85 and later, you can use the extended option url_target to change thetarget string from %url to something else.

For more information on download_cmd, see swa-get(1M), swa-report(1M), and swa-step(1M).

Running SWA on a system without access to the InternetBefore you begin, see if the use of a proxy or gateway will allow indirect access to the Internet.See “Using the download_cmd extended option” (page 23) for information on using a gateway.See “Using proxy servers with Software Assistant” (page 23) for information on using proxies.If you must run SWA on a system that does not have Internet access, you can obtain the catalogand patches using a system connected to the Internet, and then transfer the downloaded files tothe protected system using media or ssh. Required patches will have to be manually requestedand downloaded from the HPSC at http://www.hp.com/go/hpsc. You can run SWA without anynetwork access whatsoever by using media to transfer the files from the system connected to theInternet. You can also print the system's Action report and carry it to a system with Internet accesswhen downloading patches.

Example: Using SWA Without Internet AccessThis example requires SWA version C.02.80 or later.

24 Networking options



1. Using a system with Internet access (this system may be running Linux or Windows), downloadthe catalog from the HPSC.1. Get /opt/swa/lbin/swaFetch.jar from an HP-UX system running SWA version

C.02.80 or later and transfer the file to the system that will be running the download.2. On the system to do the download, run the following command:

# java -jar swaFetch.jar -x hp_id=uname \ -x hp_pw=pw -x proxy=http://user:[email protected]:8088 \ -x file=/export/patches/swa_catalog.xml.gz

3. When swaFetch.jar has completed, the current directory will contain the catalogswa_catalog.xml.gz.

2. Transfer the catalog to the system to be analyzed using ssh or media. The catalog's defaultlocation is $HOME/.swa/cache. Uncompress the file with# gunzip swa_catalog.xml.gz

3. Create an inventory, run an analysis, and generate a report on the system with# swa report -x catalog_max_age=-1

The catalog_max_age=-1 extended option setting instructs SWA to skip the catalogdownload step. Note that you can use the extended option catalog to specify the cataloglocation if it is other than the default $HOME/.swa/cache/swa_catalog.xml.

4. Evaluate the reports and determine the patches to be downloaded.5. Contact the HPSC from a system connected to the Internet and select the patches you wish to

install. Once you have a selected patch list, download them in your desired format. HPrecommends using the depot creation script included with the patches since it will makeinstallation easier.Note that when using media or other means to relocate the swcache files to a new system(the swa get and swa step download commands are not used), the MD5 cryptographichash validation of the patches is not repeated.

6. Continue with the patch installation procedure as outlined in Chapter 3 (page 11).For more information, see the Security Considerations section of swa(1M).

Running SWA on a system without access to the Internet 25

6 Running SWA from within HP SIMThe Central Management Server

Software Assistant runs on a supported version of HP SIM Central Management Server (CMS). See“Installing SWA to use within HP SIM” (page 9) for information on installing SWA for HP SIM.To run SWA from HP SIM on an HP-UX system you must be a privileged user or an authorizeduser as described in “Authorizing non-privileged users” (page 37).If you are logged in as the user “Administrator” on the Windows CMS, inventories will be collectedas the user “root” on remote HP-UX systems. Otherwise, you will be the same user on the HP-UXsystem that you are on the Windows CMS.

Launching SWAOptions on the HP SIM menu for SWA are under Tools→Software Assistant:• Generate report – Launch analyses that result in a comprehensive report. You may run SWA

now, schedule a job, or both.• Review jobs – View a list of SWA jobs, past and present. See overview information and easily

view the comprehensive report for a job.HP SIM options for monitoring and maintaining your SWA tasks are available under

:• “Viewing All Scheduled Tasks” – Manage your scheduled tasks.

• “Viewing Task Results” – See if your jobs completed successfully, and if not, what errors weregenerated.

Using the SWA scheduling under HP SIMThe ability to schedule SWA jobs for multiple systems further simplifies the patch and securitybulletin management on HP-UX systems. It's now easy to keep up-to-date and have your systems'reports waiting for you when you require them. SWA allows you to name your scheduled tasks soyou can track them among all the other HP SIM tasks.To create and manage a scheduled job:1. Create the task via the Generate report tool.2. On the SWA Options page, select Schedule and define the recurrence of your task, as shown

in “Setting report options for SWA in HP SIM”.Scheduling a job requires a configuration file with your HPSC user ID and password definedwith the extended options hp_id and hp_pw. Specify this configuration file on the SWAOptions page under Configuration Files.

3. Manage your scheduled tasks from the All Scheduled Tasks page immediately after launchingor afterwards via Tasks & Logs→View All Scheduled Tasks..., as described in this section:“Viewing Task Results” (page 36).

4. See if your tasks finished successfully via Tasks & Logs→View Task Results....5. View the comprehensive analysis report for your successful jobs from the Review jobs tool.

Generate reportTo run an SWA analysis and generate reports, from the HP SIM toolbar, select Tools→SoftwareAssistant→Generate Report....Use this menu item if you want to run an analysis immediately or if you want to schedule the analysisfor a later time.

26 Running SWA from within HP SIM


NOTE: HP SIM servers might require significant space in /var/opt/swa/HPSIM to supportclient systems' analysis, catalog, inventory, and report files. You should consider the number ofclient systems you intend to support and adjust file system sizes accordingly.

Selecting target systemsFrom HP SIM you can easily run SWA against multiple HP-UX systems simultaneously by selectingan entire collection to analyze, selecting individual systems, or a combination of the two. Afteryour initial selection from the Select Target Systems page, you will be able to add or removesystems on the Verify Target Systems page as described in “Verifying selected systems” (page 29).To select all the systems in a collection for analysis:1. Make sure the Collection radio button is selected in the Add targets by selecting from: box.2. Select a collection from the pull-down menu.3. Select the check-box next to the Select “collection” itself text.4. Select Apply. (Selecting View Contents will change the mode to selecting systems individually,

described below.)

To select individual systems from a collection:1. Select the Collection radio button in the Add targets by selecting from: box.2. Select the desired collection from the pull-down menu.3. Deselect the Select “collection” itself check box.4. Click View Contents.5. Select the check boxes of desired systems. Selecting the check box in the top title row will

toggle between selecting and deselecting all listed systems.6. Click Apply.To search for individual systems to select:1. Select the Search radio button in the Add targets by selecting from: box.2. Type the search text in the text box. The top six search matches appear in a popup box for

quick selection.

Generate report 27

3. Click Search.4. Select the check boxes of desired systems. Selecting the check box in the top title row will

toggle between selecting and deselecting all listed systems.5. Select Apply.

TIP: Clicking in a column header area will sort the systems alphabetically by that column. Clickagain to reverse-order the list.


Verifying selected systemsAfter you select Apply from one of the selection methods listed above, the Verify Target Systemspage is displayed. Use the buttons at the bottom of the system list to manage your selections.

• Select Add Targets... and add systems to the target systems list as described in “Selectingtarget systems” (page 27). Select Apply. You can click Cancel to close the Add Targets...interface and retain the original list of selected systems.

• Select Remove Targets... and select the check box next to systems you wish to remove fromanalysis. Select Apply. Selecting the check box in the top title row will select all systems forremoval. You can click Cancel to close the Remove Targets... interface and retain the originallist of selected systems.

Once you have finalized the systems to be analyzed, select Run Now to either run an analysisimmediately or to schedule an analysis.

NOTE: The Add Event Filter... selection provided by HP SIM is not a valid selection for HP-UXSoftware Assistant.

Setting report options for SWA in HP SIMUse the SWA Options page to select the analyzers, networking parameters, and ignore files forthis analysis. Catalog and networking parameters are under Advanced Options. By default, theQPK, SEC, and PCW analyzers are selected; there is no custom networking information; and theuser ignore file $HOME/.swa/ignore is not selected and no other ignore files are specified. Ifthere is a networking proxy value defined in /etc/opt/swa/swa.conf, it will be reflected onthis page. Settings from previous runs are cached for the next session.

Generate report 29

HPSC Account Information – Patch access is through the HPSC portal. You need to have a validHPSC user ID and password. You will also need an active HP support agreement that includesSoftware Updates. This support agreement must be linked to your HPSC profile to access patchcontent and services.• User ID – Use this to specify your HPSC user ID to gain access to the HPSC patch database.

• Password – Use this to specify your HPSC password.HP recommends using a configuration file to specify your HPSC user ID and password. Valuesentered via the GUI are not automatically saved.Analyzers – Select the checkbox for all analyzers you want used in this report. If no analyzers areselected, SWA will run with the default analyzers: QPK, SEC, and PCW.• Quality Pack (QPK) – The Quality Pack analyzer detects the revision of the current QPK bundle

and selects available updates.• Security Bulletins (SEC) – The Security Bulletins analyzer will list all detected security bulletins

that might apply to your system. These are announcements from HP regarding potential securityissues and recommended actions to resolve them.

• Patches that Fix Critical Issues (CRIT) – This analyzer detects patches that fix critical problems.Problems are categorized as critical based on the severity of the problem, not how likely the


problem might occur. Critical problems include system panics or hangs, process failures, datacorruption, severe performance degradation, and application-specific critical issues.

• Patches with Critical Warnings (PCW) – This analyzer detects installed, active patches withcritical warnings. These patches might cause or expose a critical problem. The newestrecommendable patch in the supersession chain will be reported.

• Patches with Warnings (PW) – The PW analyzer detects installed, active patches with warnings.These patches might cause or expose adverse behavior. This category includes patches withcritical warnings (PCW) and those with noncritical warnings (PNW). The newestrecommendable patch in the supersession chain will be reported.

Ignore Files – All ignore files indicated here correspond to the ignore_file extended option.• Enable user ignore file – Checking this option will cause SWA to use the $HOME/.swa/

ignore file on the CMS when running its report. If you select this option and no user ignorefile exists, SWA will create a template ignore file for you.

• Other ignore files – It is possible to use more than one ignore file when running a report. Enteras many ignore files as you like in the text box, delimited by any white space. If you enter afile that doesn't exist, SWA will display an error message.

• It might make sense for you to ignore the following types of issues:Manual actions – SWA can't detect if security bulletin manual actions (other than installingspecific versions of patches or software) have been taken, so after applying a manualaction, add it to an ignore file to track that the action has been taken.

◦

◦ Deferred actions – If you've made a decision to defer addressing a particular issue forsome period of time, after taking into account the risk of not addressing it, you mightwish to add it to an ignore file until the issue is revisited or fixed. Be careful not to forgetabout these types of issues, since SWA will stop warning about them.

HP advises you to include comments in ignore files explaining who added an issue, why, andwhen. Auditors are likely to want this information documented and traceable. The ignore filetemplate includes comments with instructions regarding syntax and how to add an issue. You mustuse the Issue ID given in the Detail report to identify issues in an ignore file.Configuration Files – SWA commands are capable of accepting extended options from configurationfiles. You may specify additional configuration files in this text field, separated by white space.See “Extended options” (page 7) for more information.

The Load button accesses the specified configuration files to populate the HPSCAccount Information fields User ID and Password, and the Networking proxy under AdvancedOptions.HP recommends using a configuration file to specify your HPSC user ID and password. Valuesentered via the GUI are not automatically saved.The Windows configuration file template is located atC:\Program Files\HP\HP-UX Software Assistant\swa.conf.template

This location assumes the C drive is your root drive and you used the default installation directory.Copy the configuration file template to a new location for editing, then add that file to the UserConfig Files text box.

Advanced Options

Display and hide the Advanced Options section using the expander buttons .

Generate report 31

Catalog –• Disable catalog update – This option corresponds to the catalog_max_age extended option

value of –1. By selecting this box, you are instructing SWA to skip the catalog downloadstep. If this option is not checked, the behavior is for SWA to download a new catalog if thecurrent catalog was created on the HPSC more than 24 hours ago. The creation date is basedon the timestamp recorded inside the file.Because it's important to use the most current catalog from HP, this selection must be explicitlyselected each time you want to disable the catalog download.

Networking –• Disable crl check – When downloading the catalog, SWA requires the Certificate Revocation

List (CRL) to be updated and checked for the trusted Certificate Authority (CA) certificate beingused to validate the remote server. This is the default behavior. You can skip the CRL checkby selecting this box. Checking the CRL requires regular downloads from the CA, which canlengthen the SWA run time. Also, disabling the CRL check can sometimes be a workaroundfor errors. See Appendix B (page 45) for more information.

• Specify proxy – With this, you may specify a proxy host and port (with optional HTTP basicauthentication username and password) for accessing content using the relevant protocol. Thefollowing format is used:http://[user:password@]proxy-server[:port]

For example,http://web-proxy.mycompany.com:8088

If a username and password are specified as authentication credentials to your proxy server,HTTP basic authentication is used, which is a clear-text protocol (your password might bevisible to others on your network). If you do not have a standard proxy, you can also specifyan arbitrary command for downloading files – use the download_cmd extended option. TheHTTPS protocol is used for catalog download and the HTTP protocol is used to download theCRL. This proxy setting controls the default for all proxies.

• URL Target – The url_target extended option is used in conjunction with download_cmd.It allows you to change the target string from %url to something else. See “Example: UseSWA With a Gateway” (page 24) for details on using %url.

• Download Command – The download_cmd extended option can be used to override thedefault methods used by SWA to acquire content such as catalogs and patches. See “Usingthe download_cmd extended option” (page 23) for detailed information on this option.


NOTE: The URL Target and Download Command options are disabled for non-privileged users.

Running your SWA job in HP SIMAfter your options have been set as described in “Setting report options for SWA in HP SIM”(page 29), you can either run the analysis now or schedule the analysis for later.

To run these jobs immediately, select . SWA then runs the jobs as described in “Themultisystem summary report” (page 35).

To run this task at a later time, select . You must use a configuration file to specifyyour HPSC user ID and password when running scheduled jobs. Specify the configuration file onthe SWA Options page. Values entered via the GUI are not automatically saved.

Task name – This identifies the SWA task. You can choose any name you like. Use this name tofind the task in the “Viewing All Scheduled Tasks” page.When would you like this task to run? –• Periodically – when this option is selected, you can create a recurring task. Define the

recurrence with the options available in the Refine Schedule area.

Generate report 33

• Once – This task will be run one time on the date and time specified in the Refine Schedulearea.

• Not Scheduled – By default, this task will not be run now or on a schedule. It will appear inthe “Viewing All Scheduled Tasks” list where it can be managed. If you have selected Runnow from the In Addition menu, it will be run immediately.

In addition: – Use this area to augment the task information set above. You can add a task thatruns when the SIM server reboots or make an immediate run. With the “Disable this task” checkbox, you can create a task with scheduling information that will not run until it is enabled from theView All Scheduled Tasks page.Once you have defined your recurring SWA task, select Done. Your task will then be scheduledand the All Scheduled Tasks page will be displayed. You might have to scroll to see your SWAtask. You will be able to identify the task by the name you gave it and by the Tool identifier “SWAScheduled Task.” You can manage the task from this page as described in “Viewing All ScheduledTasks” (page 36).


The multisystem summary reportThe SWA multisystem summary report includes the following information:• Status – SWA will proceed through the steps: getting catalog, getting inventory,

processing targets, and done. As each target is processed, its status is displayed inthe Status column.

• Actions – The total number of actions listed in the Action report.

• Issues – The total number of exposed problems, including those with no SWA recommendedsolution.

• Analyzers – The number of issues according to each analyzer run.

• AUTO – The number of issues identified by SWA that are not associated with the selectableanalyzers.

• Ignored – The number of issues that were identified but ignored due to the contents of anignore file.

To view the comprehensive analysis report for a specific system, select that system's radio buttonby clicking anywhere in its row. The full results include hyperlinks to detailed information on theHPSC for every patch and security bulletin issue found by SWA, plus direct links to downloadpatches. See “The HTML report” (page 15) for information on interpreting the comprehensivereport.To get SWA online help, select Help→For This Page from the HP SIM toolbar, or select the questionmark icon.

Review jobsThe Review Jobs page is available from the HP SIM menu bar via Tools→Software Assistant→ReviewJobs.... From here you can check the completeness of your jobs, view reports, and download theresults for a single job to your local system.Select the Job ID radio button to see the multisystem summary report, and then the individual systemname to access the comprehensive report. See “The multisystem summary report” (page 35) formore information.When you select a job to view its results or its comprehensive report, a new page opens. You canclose the browser window when you are done reviewing the job results and return to the ReviewJobs page.

Download information about a job to your local system by selecting the Export button for thatJob ID. A zip file is then created containing the table data from the Multisystem Summary Report(index.html), plus the HTML report for all systems. You can either save the zip file to your systemor open it. By default, the zip file is named SwaReport.zip.

NOTE: Depending on the number of systems included in a job, the creation of the Export zip filecould take some time.

Review jobs 35

Monitoring and maintaining your SWA tasks

Viewing Task ResultsInformation related to one task instance is available from Tasks & Logs→View Task Results... onthe HP SIM menu bar. Software Assistant tasks will appear with other HP SIM tasks on the TasksResults page.From the Task Instance Results you can see general results, including whether the task completedwithout errors, and the information sent to standard error and standard output regarding theexecution of this task.

Viewing All Scheduled TasksIf you scheduled your SWA task, it will appear with other scheduled HP SIM tasks on the AllScheduled Tasks page. View this page via Tasks & Logs→View All Scheduled Tasks... on the HPSIM menu bar.Scheduled tasks can be identified by the Launching Task name you gave it when it was scheduled,as shown in “Running your SWA job in HP SIM” (page 33), and the Tool name SWA ScheduledTask.


Task Instance Results information is available on this page for each run of the scheduled task.Selecting the SWA task you scheduled will allow a number of options:• Run Now – Regardless of the scheduling, run this task immediately.

• Disable – Keep this task and its scheduling information, but do not run the task. This selectionis only available for enabled tasks.

• Enable – Allow this task to run as determined by its schedule. This selection is only availablefor disabled tasks.

• Edit – Selecting Edit will take you to the SWA Scheduled Task page as shown below. On thispage you can change the target systems. After your target systems are set, select Next > andthen Schedule to change the scheduling information for this task as described in “Runningyour SWA job in HP SIM” (page 33).

• Delete – Removes the scheduled task completely. If you are not sure you want to permanentlydelete a task, you can instead Disable it until you are sure.

Authorizing non-privileged usersIn an enterprise environment, it might make sense to authorize non-privileged users to run HP SIMSWA on a specific set of systems without giving those users full access on the HP SIM CentralManagement System (CMS). SWA toolboxes are available to enable this – the procedure follows.

Authorizing non-privileged users 37

RequirementsIn order to allow a non-privileged user to run SWA via HP SIM, that user must have:• A login account for HP SIM.

• Login access to the target systems by either certificate or password.

• A home directory on each target system to hold temporary files.

How to authorize a non-privileged user to run SWAMake sure you have met the requirements outlined in “Requirements” (page 38), and then followthe following procedure.

• From HP SIM as a privileged user, select Options→Security→Users and Authorizations...

• Select the Authorizations tab.

• Select user from the “Authorizations for” pull down menu and the user name you wish toauthorize from the “Select name” pull down menu.

• Select New...

• From the New Authorizations section of the Users and Authorizations page, select the “Manuallyassign toolbox and system/system group authorizations:” radio button.


• In the Select Toolbox(es): area, there are two possible selections for SWA: SWA Privilegedand SWA Tools.SWA Tools will give the user access to all the SWA tools except the Download Commandoption.SWA Privileged allows the authorized user access to all the SWA tools plus the DownloadCommand functionality. The Download Command functionality will be run with elevatedprivileges. Care must always be taken when giving this authorization to a user. See theAdvanced Options Networking section in “Setting report options for SWA in HP SIM” (page 29)for more information on how to access the Download Command extended option in HP SIM,and “Using the download_cmd extended option” (page 23) for an overview.Selecting both SWA Tools and SWA Privileged is the equivalent of selecting SWA Privileged.

• In the Select Systems: area, the CMS check box must be selected if you want the user to runthe Tools→Software Assistant→Review Jobs... tool, since that tool runs on the CMS.Use the Add... button to make collections, systems, or both available for selection. Then, selectthe collections and systems the user will be allowed to run SWA on.

• Select OK

NOTE: The ability to schedule jobs as described in “Using the SWA scheduling under HP SIM”(page 26) is not available for authorized users.

Authorizing non-privileged users 39

7 Support and other resourcesContacting HP

Before you contact HPBe sure to have the following information available before you contact HP:

• Technical support registration number (if applicable)

• Service agreement ID (SAID)

• Product serial number

• Product model name and number

• Product identification number

• Applicable error message

• Add-on boards or hardware

• Third-party hardware or software

• Operating system type and revision level

HP contact informationFor the name of the nearest HP authorized reseller:

• See the Contact HP worldwide (in English) webpage (http://welcome.hp.com/country/us/en/wwcontact_us.html).

For HP technical support:

• In the United States, for contact options see the Contact HP United States webpage (http://welcome.hp.com/country/us/en/contact_us.html). To contact HP by phone:◦ Call 1-800-HP-INVENT (1-800-474-6836). This service is available 24 hours a day, 7

days a week. For continuous quality improvement, calls may be recorded or monitored.◦ If you have purchased a Care Pack (service upgrade), call 1-800-633-3600. For more

information about Care Packs, refer to the HP website (http://www.hp.com/hps).

• In other locations, see the Contact HP worldwide (in English) webpage (http://welcome.hp.com/country/us/en/wwcontact_us.html).

Subscription serviceHP recommends you register your product at the Subscriber's Choice for Business website: http://www.hp.com/united-states/subscribe/gatewayAfter registering, you will receive email notification of product enhancements, new driver versions,firmware updates, and other product resources.

Documentation feedbackHP welcomes your feedback. To make comments and suggestions about product documentation,send a message to http://www.hp.com/bizsupport/feedback/ww/webfeedback.html.Include the document title and manufacturing part number. All submissions become the propertyof HP.

40 Support and other resources

http://welcome.hp.com/country/us/en/wwcontact_us.html


http://welcome.hp.com/country/us/en/contact_us.html

http://welcome.hp.com/country/us/en/contact_us.html

http://www.hp.com/hps



http://www.hp.com/united-states/subscribe/gateway

http://www.hp.com/united-states/subscribe/gateway

http://www.hp.com/bizsupport/feedback/ww/webfeedback.html

Related information

Documents• HP-UX Software Assistant Administration Guide

• HP-UX Software Assistant Reference

• HP-UX Software Assistant Frequently Asked Questions

• Patch Management User Guide for HP-UX 11.x Systems

• HP-UX 11i Version 3 Release Notes

• HP-UX 11i v3 Installation and Update Guide

• The SWA manpages describe the commands and provide examples. The manpages areavailable from the HP-UX command line using the man command and are presented in theHP-UX Software Assistant Reference.

◦ swa(1M)

◦ swa-clean(1M)

◦ swa-get(1M)

◦ swa-report(1M)

◦ swa-step(1M)

Websites• HP-UX Software Assistant home page: http://www.hp.com/go/swa

• Download HP-UX Software Assistant: http://www.hp.com/go/swa-download

• HP-UX Software Assistant documentation: http://www.hp.com/go/swa-docs

• HP Support Center website: http://www.hp.com/go/hpsc.

• HP_UX_Docs Twitter account: http://www.twitter.com/HP_UX_Docs

• HP SIM support matrix: http://h18013.www1.hp.com/products/servers/management/hpsim/supportmatrix.html

Typographic conventionsThe following conventions are used in this document:

Table 4 Typographic Conventions

ExamplesUsageTypeface

The VxVM components in the Ignite-UX installenvironment and the installation must be version 5.0.

EmphasisItalics

Ignite-UX ReferenceBook titlesBook Title

configuration clauseGlossary termglossary term

EscA keyboard key (Return and Enter refer tothe same key)

Key

Go!A selectable GUI or TUI item.Bold

bootsys -RCommands entered via the keyboardCommand

/dev/dsk/c0t0d0Files and directoriesFile name

Related information 41





http://www.hp.com/go/hpux-core-docs

http://www.hp.com/go/hpux-core-docs

http://www.hp.com/go/swa




http://www.twitter.com/HP_UX_Docs



Table 4 Typographic Conventions (continued)

ExamplesUsageTypeface

Please select a boot optionText a program displaysComputeroutput

15.1.54.117Text you typeUser input

IP AddressVariables to be replaced by a name orvalue

Variable

cfg "HP-UX b.11.23 Default" {}

File contentsListing

Seconds left until autoboot - 0AUTOBOOTING...

An example displayScreen

ls [ -a ]The contents are command options. If thecontents are a list separated by |, chooseone of the items.

[ ]

mount [suid | nosuid ]

source_type="NET".

Extensive computer output or an excerpt..

.. .

}

CAUTION: Any data on the client disks that areused for installation, including the operating system,are removed entirely as part of this installationprocess.

An alert that calls attention to importantinformation that if not understood orfollowed can result in data loss, datacorruption, or damage to hardware orsoftware.

CAUTION

IMPORTANT: You must select Save to enable thenew boot menu option before selecting OK to exit.

An alert that calls attention to essentialinformation.

IMPORTANT

NOTE: Depending on your server, this screen mightlook slightly different.

An alert that contains additional orsupplementary information.

NOTE

42 Support and other resources

A Useful files and directoriesMany of the following files have characteristics that may be modified by extended options, includingthe location and name. For more information, see swa-report(1M), swa-get(1M), swa-step(1M),and swa-clean(1M).

Table 5 SWA Useful Files and Directories

PurposeLocation

The per-user SWA configuration file. This file takesprecedence over the system-wide SWA configuration file.

$HOME/.swa.conf

An HP-supplied catalog file from the HPSC website thatcontains known security issues and other defects along

$HOME/.swa/cache/swa_catalog.xml

with their solutions. This file is downloaded with thecommand swa report or swa step catalog.

The analysis of the inventory file and the catalog filecreated with swa report or swa step analyze.

$HOME/.swa/cache/swa_analysis.xml

The inventory of installed software created by swainventory or swa step inventory.

$HOME/.swa/cache/swa_inventory_n.xml

Use this file to specify issues for analyzers to ignore. It ispossible to use more than one ignore file by using theextended option ignore_file.

$HOME/.swa/ignore

The comprehensive report written by swa report andswa step report.

$HOME/.swa/report/swa_report.html

Default alternative log file if you don't have permissions towrite to /var/opt/swa/swa.log.

$HOME/.swa/swa.log

Job-specific log file when running HP SIM with an WindowsCMS.

C:\Users\<username>\HP\HP-UX SoftwareAssistant\<username>\job_<ID>\swa-web.log

SWA log file when running HP SIM on a Windows CMS.C:\Users\<hpsc_user>\HP\HP-UX SoftwareAssistant\swa_hpsim.log

The default location for the configuration file template whenusing HP SIM on a Windows CMS.

C:\Program Files\HP\HP-UX SoftwareAssistant\swa.conf.template

The system-wide SWA configuration file./etc/opt/swa/swa.conf

An example configuration file outlining the usage of eachextended option.

/etc/opt/swa/swa.conf.template

Script to configure HP SIM for SWA. Only required if SWAis installed when HP SIM is installed but not running. HPSIM must be running when configHPSIM is run.

/opt/swa/lbin/configHPSIM

Manpages./opt/swa/share/man

The default directory for downloading software before itis packaged in a depot. This directory can be set with the

/var/opt/swa/cache

extended option swcache. Note that this directory canconsume a significant amount of disk space.

Directory that holds all clients' files generated from SWAwithin HP SIM. Files are kept in user and job-specific

/var/opt/swa/HPSIM

subdirectories. This directory might require significant spaceto support clients' analysis, catalog, inventory, and reportfiles.

The SWA log file when running HP SIM with an HP-UXCMS.

/var/opt/swa/HPSIM/swa_hpsim.log

43

Table 5 SWA Useful Files and Directories (continued)

PurposeLocation

User-specific directory used by SWA when running underHP SIM.

/var/opt/swa/HPSIM/user

Job-specific log file when running HP SIM with an HP-UXCMS.

/var/opt/swa/HPSIM/user/job_<ID>/swa-web.log

Default log file./var/opt/swa/swa.log

Lists all files downloaded from HP to the swcache. It islocated in the swcache directory.

download.contents

Lists special installation instructions and dependencies forthe patches in the depot. It is located in the depot directory.

readBeforeInstall.txt

The default name for the file created by the Export buttonon the HP SIM Review Jobs page. It contains the table data

SwaReport.zip

from the Multisystem Summary Report, plus the HTML reportfor the selected system.

44 Useful files and directories

B Troubleshooting SWALog files

The HP-UX command line SWA log file details each SWA session. Its default location for root usersis /var/opt/swa/swa.log. If you do not have permissions to write to the default file, the logfile is written to $HOME/.swa/swa.log.Each action in the log file can be verified by looking in the swcache, the usercache, or the reportsgenerated by SWA.

Table 6 HP SIM log file locations

FilenameCMS

/var/opt/swa/HPSIM/swa_hpsim.logHP-UXLog files

C:\Users\<hpsc_user>\HP\HP-UX SoftwareAssistant\swa_hpsim.log

Windows

/var/opt/swa/HPSIM/<username>/job_<ID>/swa-web.log

HP-UXJob-specific log files

C:\Users\<username>\HP\HP-UX SoftwareAssistant\<username>\job_<ID>\swa-web.log

Windows

The swa.conf file.The SWA configuration file is useful for showing the extended options settings used in your SWAsession. The system-wide configuration file is located in /etc/opt/swa. You may also find.swa.conf files for local users in their $HOME directories. Extended options given on the commandline override settings in SWA configuration files. For more information, see the Extended Optionsarea of the manpages swa-clean(1M), swa-get(1M), swa-report(1M), and swa-step(1M).

Common errors

CRL checking error when getting catalogBecause of some changes in catalog acquisition, you might see an error like this:* Getting Catalog of Recommended Actions and SoftwareCertificate issued to VeriSign Class 3 Secure Server CA was not signedby the same certificate as the certificate revocation list (CRL)"http://crl.verisign.com/RSASecureServer.crl", specified by the"crl_url" extended option. It may be necessary to disable the CRLchecking with the "crl_check" option.

This problem has been fixed in version C.02.11. HP recommends upgrading to the latest SWAversion to avoid this error. Download SWA from HP Software Depot at https://www.hp.com/go/swa-download. You can also avoid this error by setting the crl_check option to false.

Failed to read swa_catalog.xmlOccasionally the catalog file is unavailable from the HPSC. If this is the case, you might see anerror like this:* Gathering Inventory* Using existing inventory for host "gold"* Getting Catalog of Recommended Actions and SoftwareERROR: Failed to read: https://system.hp.com/wpsl/bin/getFile.pl?Path=/export/patches/swa_catalog.xml&UserID=hpsc_user&Auth=51727287136481886157812111

Log files 45

https://www.hp.com/go/swa-download

https://www.hp.com/go/swa-download


Proxy errorsA proxy server is sometimes required. If this is the case, and proxy settings are absent or incorrect,you might see an error like this:ERROR: Failed to access authorization service.

You can specify a proxy server with the swa report extended option proxy. For moreinformation, see swa-report(1M). If you do not have a standard proxy, you can specify an arbitrarycommand for downloading files. See the extended option download_cmd.

HP SIM errors related to SWA

SWA installation errorNOTE: Cannot configure HP SIM. Add SWA to HP SIM by running mxinitconfig(1M) or /opt/swa/lbin/configHPSIM

This note means HP SIM has not been configured to run SWA. See “Installing SWA to use withinHP SIM” (page 9) for information on installing SWA for use within HP SIM, and the use of themxinitconfig and configHPSIM commands.

46 Troubleshooting SWA

GlossaryA glossary term appears in boldface when used for the first time in the text of this manual.Italicized terms in the following glossary refer to other terms in the glossary.

A

analysis A comparison of the inventory and the catalog to determine the recommended actions andapplicable patches for installation.

analyzer An option of the swa report and swa step analyze commands used to specify the typeof analyses to run. Available analyzers are: CRIT, PCW, PW, QPK, SEC, CHAIN, and PATCH. Ifno analyzers are specified, the QPK, SEC, and PCS analyses are performed.

B

bulletin See security bulletin.bundleequivalency

The state of a system where all patches in a bundle that are capable of being installed are presentor superseded by newer components.

C-D

cache Inventory, catalog, analysis, and downloaded software stored by SWA on the target system.catalog A list of known problems with HP-UX software and their fixes, located at the HP Support Center

(HPSC).command lineinterface (CLI)

Text formatted commands and options entered at an HP-UX command line prompt or executedby a script.

E-G

extended option Customizations for a major mode. They can be specified on the command line, in an option file,or in a configuration file.

H

HP Support Center(HPSC)

An HP support portal, http://www.hp.com/go/hpsc, with access to personalized support, forums,support case submittal, drivers, software downloads, firmware downloads, patch management,product pages, guided troubleshooting, top issues, warranty information, contract details, andsoftware updates.

I-L

inventory A list of all the software installed on a system.IT Resource Center(ITRC)

A deprecated HP portal, replaced by the HP Support Center (HPSC) in June 2011.

M-O

major mode A style of CLI of the format command <major mode>. SWA has the following major modes:report, get, clean, and step.

MD5 Message Digest-5. Authentication algorithm developed by RSA. MD5 generates a 128-bit messagedigest using a 128-bit key. IPSec truncates the message digest to 96 bits.

P

patch Software designed to update specific bundles, products, subproducts, filesets, or files on a system.

47



Patch AssessmentTool

Guided patch analysis and selection software available on the HP Support Center that ensuresyour systems meet the HP recommended patch configuration. HP-UX Software Assistant has allthe capabilities of the HPSC Patch Assessment Tool and more.

patch chain See supersession chain.

Q

Quality Pack (QPK) A bundle of HP-UX defect-fix patches for proactive patching. QPK bundles are targeted for aparticular version of HP-UX. The patches are tested as thoroughly as an operating system release.

R

report A summary of actions to take based on the analysis.

S-T

security bulletin The mechanism used by Hewlett-Packard to announce the presence of potential security issuesand lists actions recommended to resolve the issue.

Security PatchCheck (SPC)

SPC is superseded by HP-UX Software Assistant. Full support of SPC ended November 1, 2008.

Software Assistant(SWA)

A tool that consolidates and simplifies patch management and security bulletin management onHP-UX systems. The SWA tool is new for HP-UX releases as of January 2007.

step One discrete action of the swa report or swa get command. SWA steps are initiated withthe swa step command. Valid steps are: inventory, catalog, analyze, report,download, and depot.

supersession chain A series of patches for a software product, beginning with the nonpatched software product andprogressing from the oldest patch to the newest patch. Newer patches completely replace theolder ones. In general, patch numbers increase along a patch supersession chain.

swcache Files containing the software downloaded from the HP Support Center during the swa get orthe swa step download command. These files are stored in the swcache directory.

U-Z

usercache Files created by swa report, such as the inventories of the systems or depots, the catalog, andthe analysis file. These files are stored in the cache subdirectory.

48 Glossary


Index

Symbols%url, 24

AAction report

explained, 17overview, 15

analyzedepot, 5overview, 5

analyze step, 6analyzers, 14

see also automatic analyzers (AUTO)see also CHAIN analyzersee also CRIT analyzersee also PATCH analyzersee also PCW analyzersee also PW analyzersee also QPK analyzersee also SEC analyzerdefault, 14overview, 14setting in HP SIM, 29specifying, 12

assessment profileexplained, 16overview, 12

automatic analyzers (AUTO)in the Issue report, 20overview, 16

Bbundle equivalency, 17

Ccatalog

and analysis, 14and the assessment profile, 16downloading, 5, 11failed to read error, 45location, 43out-of-date, 20

catalog step, 6CHAIN analyzer

in the assessment profile, 16in the Issue report, 20overview, 14

clean major mode, 6commands

configHPSIM, 9, 46help, 7mxinitconfig, 9, 46overview, 5swa clean, 6swa get, 6

swa report, 6swa step, 6

configHPSIM, 9in error message, 46

configuration fileadding HPSC login information, 11HP SIM, 31hp-ux, 7

CRIT analyzerin the Issue report, 20overview, 14

CRLdisabling crl_check in HP SIM, 32error downloading, 46error getting catalog, 45

Ddependent applications, 8depot

analyzing, 5and the Action report, 17creating, 12installing, 13

depot step, 6Detail report


detection confidence, 18documentation

release notes, 5download patches

overview, 5download step, 6download_cmd, 23

Eerrors, common, 45examples

using SWA with a gateway, 24using SWA without Internet access, 24

exporting reports from HP SIM, 35extended options, 7

Ffiles

.swa.conf, 7, 43analysis, 6, 43caches, 6, 12catalog, 5, 6, 11, 43comprehensive report, 6configHPSIM, 43configuration, 7, 43download contents, 44downloading, 11, 12example configuration, 43HP SIM directory, 43

49

HP SIM log, 45HP SIM log file for HP-UX CMS, 43HP SIM log file for Windows CMS, 43HP SIM root directory, 44HP-UX log, 45HPSIM config file template, 43HPSIM configuration, 43ignore, 13, 21, 43inventory, 6, 43job-specific HP SIM log file for HP-UX CMS, 44job-specific HP SIM log file for Windows CMS, 43list of useful files, 43log, 43, 44manpages directory, 43options, 7readBeforeInstall.txt, 13, 44report, 15, 43swa.conf, 7, 45swa.conf.template, 7swa_analysis.xml, 6swa_catalog.xml, 6, 45swa_report.html, 6SwaReport.zip, 35, 44swcache, 43

Ggateway server, 24get major mode, 6glossary, 47

Hhelp, 7HP SIM

allowing non-privileged users to run SWA, 37client directory, 43configHPSIM command, 9errors related to SWA, 46exporting reports, 35how to run jobs, 26HPSC login information, 30installing SWA, 9job-specific log file for HP-UX CMS, 44job-specific log file for Windows CMS, 43log file for HP-UX CMS, 43log file for Windows CMS, 43managing tasks, 36menu options, 26mxinitconfig command, 9reviewing past jobs, 35root directory, 44scheduling jobs, 26, 33setting analyzers, 29setting options, 29specifying configuration files, 31

HP-UX Software Assistant see SWAHPSC

getting access to patch download, 8, 11login information, 11login information and scheduled jobs, 26

login information in HP SIM, 30HTML report


Iignore file

adding actions, 13issue id, 21using more than one, 13

installing SWA, 8for HP SIM, 9getting the software, 8requirements for HP-UX, 8requirements for Windows, 8

inventory fileand analysis, 14and the assessment profile, 16forcing an update, 13location, 43

inventory step, 6issue ID, 21Issue report


JJava requirements, 8

Llog files

alternative, 43default, 44HP-UX, 45Windows, 45

Mmajor modes, 6

clean, 6get, 6report, 6step, 6

manpagesdirectory, 43

manual actionsin the Action report, 18in the ignore file, 13overview, 12

MD5, 5, 13media, 8menu options in HP SIM, 26mxinitconfig, 9

in error message, 46

Ooptions file, 7overview, 5

50 Index

PPATCH analyzer

in the assessment profile, 16in the Issue report, 20overview, 14

PCW analyzeroverview, 14

proxyerrors, 46using, 23using in HP SIM, 31, 32

PW analyzerin the Issue report, 20overview, 14

QQPK analyzer

in the Issue report, 19overview, 14

QPK bundlesin the Action report, 17with warnings, 19

RreadBeforeInstall.txt file, 13, 44report major mode, 6report step, 6reports

Action, 17Detail, 21detailed overview, 15HTML, 15Issue, 19overview, 5

requirements, 8reviewing past jobs, 35

Sscheduling jobs

GUI walkthrough, 33HPSC login information, 26procedure, 26

SEC analyzerin the Issue report, 19overview, 14

software, 8step major mode, 6steps

analyze, 6catalog, 6depot, 6download, 6inventory, 6report, 6using the step major mode, 6

SWAcommand structure, 5installing, 8latest version, 5, 9

major modes, 6media, 8overview, 5recommended version, 8, 9software, 8troubleshooting, 45uninstalling, 10

SwaReport.zip file, 35, 44swcache

default directory, 43downloading software, 12freeing disk space, 6write access, 6

Uuninstalling SWA, 10url_target

in HP SIM, 32in HP-UX, 24

usercachefreeing disk space, 6

Vversion

of SWA to use, 9required for HPSC access, 8

Wwebsites

list, 41SWA download webpage, 9

Windowsinstallation requirements, 8installing SWA, 9

51

HP SWA Administrator

Documents

Transcript of HP SWA Administrator