HP UX Patch Management manual Ipd

Page 105

HP-UX Software

A tool that consolidates and simplifies patch management and security bulletin management

Assistant

on HP-UX systems. The SWA tool is the HP-recommended utility to use to maintain currency

 

with HP-published security bulletins and recommended patch levels for HP-UX 11i software.

 

SWA has been released for HP-UX 11i systems. SWA can perform a number of checks including

 

published security issues, installed patches with warnings, and missing patches with critical

 

fixes. Once an analysis has been performed, you can use SWA to download any recommended

 

patches or patch bundles and create a depot ready for installation.

Ignite-UX

An application that facilitates installing and configuring HP-UX systems. Ignite-UX provides

 

a toolset used on HP-UX for doing cold installs and system recovery. It uses SD for doing

 

package-based installs, and can also use golden images for supplying software.

installed product

A product that has been installed on a host so that its files can be used by end users. Contrasts

 

with a product residing in a depot on a host's file system. Sometimes referred to as an available

 

product.

Installed Products

Describes the products that are installed on any given host (or within an alternate root). Installed

Database

product information is created by the swinstall command, and managed by the swmodify

 

command. The contents of an IPD reside in a directory structure with a single common root.

IPD

See Installed Products Database.

IUX

See Ignite-UX.

object

The pieces of software that SD-UX packages, distributes, installs, and manages. There are three

 

classes of objects: software (installed on target roots or available in depots), containers (depot,

 

roots, alternate roots), and jobs.

patch

Software designed to update specific bundles, products, subproducts, filesets, or files on a

 

system. By definition, patch software is packaged with the is_patch attribute set to true.

patch bundle

Is a collection of patches that have been grouped into a single software object (bundle) to meet

 

a specific need.

 

See also bundle.

patch category

Patches have categories, or category tags, associated with them to simplify the process of

 

determining the general purpose of a specific patch.

patch rollback

The process of removing a patch from the system and restoring the system to the prepatched

 

state.

patch warning

Is a notification that a patch causes or exposes adverse behavior. Patch warnings provide specific

 

information about this incorrect behavior, as well as other important details and

 

recommendations.

prerequisite

A dependency in which one fileset requires another fileset to be installed or configured before

 

the first fileset can be installed or configured. For example, fileset A might require that fileset

 

B is installed before fileset A can be installed. Therefore, fileset B is a prerequisite for fileset A.

 

See also dependency, corequisite.

product directory

The root directory of a product object, in which most of its files are contained. You can change

 

(relocate) the default product directory when you install a locatable product.

rollback

See patch rollback.

SD

See Software Distributor.

SD-UX

HP-UX software management commands. These commands are referred to as SD-UX (Software

 

Distributor-HP-UX).

 

See also Software Distributor.

serial depot

See tape depot.

software depot

An SD format structure that contains one or more software products that can be installed on

 

other systems or copied to other depots.

Software

The native toolset used on HP-UX for managing software packages.

Distributor

 

software object

The objects packaged, distributed, installed, or managed by SD. A software object can be a file,

 

fileset, bundle, or product. Most operations are performed on filesets.

105

Page 104 Page 106
Image 105
Page 104 Page 106
Contents Patch Management User Guide for HP-UX 11.x Systems Revision history Table of Contents What are standard HP-UX patch bundles? Using Dynamic Root Disk for patch management 107 104Patch management strategies HP-UX patches and patch managementWhere to start How to get patchesOverview Quick start guide for patching HP-UX systemsBefore you begin Should you use standard HP-UX patch bundles?Acquiring and installing standard HP-UX patch bundles Standard HP-UX patch bundlesAcquiring the bundles As root, run the createdepothp-ux11script Installing the bundlesSwlist Advanced topic using Dynamic Root Disk DRDAcquiring the patches Acquiring and installing individual patchesQuick start guide for patching HP-UX systems Swverify -d \* @ /tmp/somepatchdirectory/depot Installing the patchesAdvanced topic using Dynamic Root Disk DRD Patch-related concepts HP-UX patch overviewPatch identification HP-UX software structureSoftware depots and patch depots Patch bundlesPatch state Patch statusState Category tagsSwlist -l fileset -a state grep patchid Swlist -l product -a categorytag patchid Which patches are on a system?For example Examples of the swlist command$ swlist -l product *,c=patch $ swlist -l bundle @ somesystem $ swlist -l product *,c=manualdependenciesAncestors and supersession Ancestors$ swlist -l fileset -a ancestor PHSS29183 Supersession Swlist -a appliedpatches filesetname$ swlist -a appliedpatches Xserver.AGRM Showpatches -s Swlist -l patch -x showsupersededpatches=trueSwlist -a patchstate -x showsupersededpatches=true patchid $ swlist -l fileset -a supersedes PHSS28681HP-UX Patch Supersession Chain Patch-related attributesSee Category tags Patch dependencies Types of dependenciesCorequisites and prerequisites Enforced and unenforced manual dependencies Impact of dependencies on acquiring patchesSwlist -vl fileset -a dependencytype fileset Patch rollback and commitment Patch rollbackPatch commitment Advanced topic patch cleanup utility Cleanup -p -c numberHP-UX patch ratings Rating details HP patch ratingFinding information for a specific patch Critical and noncritical patchesPatch documentation $ swlist -l product -a categorytag PHSS30011Subset of fields in patch text file and patch details Patch warnings Obtaining information using the ItrcAdvanced topic the readme attribute Swlist -l product -a readme patchid moreCritical and noncritical warnings How to handle patch warnings Questions to askAdvanced topic finding patches with warnings Considerations Backup and recoveryPatch management life cycle Patch management overviewPatch management life cycle Patch management overview Restrictive Conservative Innovative Establishing a software change management strategyOperational factor and patch management strategy matrix Recommendations for software change managementPatch management and software depots Consideration of HP patch ratingAcquiring patches for proactive patching Proactive patching strategyAdvanced topic HP-UX Software Assistant Reactive patching strategyAcquiring patches for reactive patching Advanced topic security patching strategyAdvanced topic scanning for security patches Testing the patches to be installedKey features What are standard HP-UX patch bundles?Standard HP-UX patch bundles Standard HP-UX patch bundle use and release dates Obtaining standard HP-UX patch bundlesQuick start guide for patching HP-UX systems Obtaining an Itrc user account Using the IT Resource CenterUseful pages on the Itrc Find individual patchesAccessing the patch database and finding an individual patch Key featuresClick the add to selected patch list button Using the IT Resource Center Check for patches with dependencies Advanced topic checking for all patch dependenciesUsing the IT Resource Center Click the add to selected patch list button Custom patch bundles run a patch assessment Standard patch bundlesSupport information digests Ask your peers in the forumsSearch knowledge base Common software distributor commands for patching Using software depots for patch managementDirectory depots Depot typesTape depots Using depotsViewing depots Choosing depot type and depot locationSwlist -l depot $ swlist -l depot Swlist -l depot @ remotesystem$ swlist -l depot @ swdepot.xyz.com Creating and adding to a directory depot Depot/patches/11.11 Copying patches to depotsRegistering and unregistering directory depots Advanced topic HP-UX Software AssistantCopying products with patch dependencies to depots Examples of registering and unregistering depots Advanced topic access control lists$ swreg -l depot /depot/patches/2003-07periodicdepot $ swreg -u -l depot /depot/patches/2003-07periodicdepotVerifying directory depots Examples of verifying directory depots$ swverify -d \* @ /mydepots/newdirectorydepot Removing software from a directory depot Verification had errorsVerification succeeded $ swverify -d \* @ /mydepots/PHSS30278depotExecution succeeded $ /usr/sbin/cleanup -d /mydepots/patchdepot Advanced topic removing superseded patches from a depot$ swlist -l product -d @ /mydepots/patchdepot Removing a directory depot Installing patches from a depot$ swlist -l product @ /mydepots/patchdepot $ swreg -u -l depot /mydepots/PHCO27780depotReboots the system when required Analysis succeeded Examples of installing patches from a depotInstalling products with patch dependencies from a depot Custom patch bundlesAnalysis and Execution succeeded Examples of listing patches and bundles Rev Patch descriptionRev Bundle Description $ swlist -d @ /mydepots/temporarydepot Creating a custom bundleAnalysis succeeded Finally, remove the temporary depot For more information Using HP-UX Software Assistant for patch managementUsing Dynamic Root Disk for patch management Drd1m Using the Patch Assessment Tool Patch Assessment ToolBenefits of the Patch Assessment Tool Example of running the Patch Assessment Tool Select upload new system information Support and other resources Contacting HPRelated information Typographic conventions HP websitesNon-HP websites Times Patch usage models Components in test Image Then production Patch usage model 1 hardware/application software changeDRD Begi n Product needs to be certified on HP-UX 11i v2/v3 Patch usage model 3 operating environment cold install Patch usage model 3 operating environment cold install Patch usage model 4 operating environment update Patch usage model 4 operating environment update Create clone Patch usage model 5 proactive patchPassed? System Patch usage model 6 reactive patchAncestor GlossaryIPD SWA Index Index See also HWE Index
Top Page Image Contents