HP UX Patch Management manual HP-UX patch ratings, Advanced topic patch cleanup utility

Page 34

Advanced topic: patch cleanup utility

The patch utility called cleanup allows you to commit all patches that have been superseded a specified number of times. You can execute this command in preview mode in order to see what effect the command will have without actually making any changes. You should always use the preview mode first. This is accomplished by including the -poption. The command has the following format:

cleanup [-p] -c number

The cleanup utility is delivered by the following patches (and their superseding patches):

PHCO_27779 (HP-UX 11.0, B.11.00)

PHCO_27780 (HP-UX 11i v1, B.11.11)

PHCO_32220 (HP-UX 11i v2, B.11.23)

Shipped with SD-UX (HP-UX 11i v3, B.11.31)

For example, the following command will execute in preview mode. When executed without the -poption, the command causes all patches superseded three or more times to be committed. The patches to be committed are shown in the output of the command.

$ cleanup -p -c3

###Cleanup program started at 04/13/04 07:17:40

Preview mode enabled. No modifications will be made.

Commit patches superseded at least 3 time(s) on 'some_system'. Obtaining superseded patch information...done.

The following patches superseded at least 3 time(s) can be committed:

Superseded

# Times Superseded

Disk Space in /var/adm/sw/save

Superseded By

==========

==================

==============================

=============

PHKL_23313

3

66560

bytes

PHKL_26519

PHKL_26233

3

180224

bytes

PHKL_28267

PHNE_23288

3

59392

bytes

PHNE_23645

PHNE_26388

4

6581248

bytes

PHNE_28103

PHNE_28103

3

6694912

bytes

PHNE_28983

PHSS_21817

5

12379136

bytes

PHSS_26619

PHSS_26492

3

8761344

bytes

PHSS_27872

PHSS_26619

4

14969856

bytes

PHSS_26622

PHSS_26622

3

27064320

bytes

PHSS_26638

All information has been logged to /var/adm/cleanup.log.

### Cleanup program completed at 04/13/04 07:17:40

HP-UX patch ratings

HP-UX patches have a corresponding quality rating called the HP rating. HP assigns a patch rating of 1 (numeral or star) to each HP-UX patch when it is released. Over time, HP might update the rating value to 2 or 3 (numeral or stars) to convey increased confidence in the patch. The higher the rating, the lower the risk of side effects and the more suitable the patch is for mission-critical environments.

You can use the ITRC's Patch Database to find the rating value for a specific patch. The ITRC graphically represents a patch's rating by displaying one to three stars beside the patch ID in the results of a patch search. “Obtaining information using the ITRC” (page 38) provides details on how to do this.

If HP learns of a problem caused by or exposed by an HP-UX patch, HP issues a patch warning describing the problem and ceases recommending the patch, but does not change the patch rating. If a patch has a warning associated with it, you will no longer be able to view the rating on the ITRC's Patch Database. For more information on patch warnings, see “Patch warnings” (page 38).

The following rating related information pertains only to patches that have no associated warnings.

34 HP-UX patch overview

Image 34
Contents Patch Management User Guide for HP-UX 11.x Systems Revision history Table of Contents What are standard HP-UX patch bundles? Using Dynamic Root Disk for patch management 104 107HP-UX patches and patch management Patch management strategiesHow to get patches Where to startBefore you begin Quick start guide for patching HP-UX systemsOverview Should you use standard HP-UX patch bundles?Standard HP-UX patch bundles Acquiring and installing standard HP-UX patch bundlesAcquiring the bundles Installing the bundles As root, run the createdepothp-ux11scriptAdvanced topic using Dynamic Root Disk DRD SwlistAcquiring and installing individual patches Acquiring the patchesQuick start guide for patching HP-UX systems Installing the patches Swverify -d \* @ /tmp/somepatchdirectory/depotAdvanced topic using Dynamic Root Disk DRD Patch identification HP-UX patch overviewPatch-related concepts HP-UX software structurePatch bundles Software depots and patch depotsPatch status Patch stateCategory tags StateSwlist -l fileset -a state grep patchid Which patches are on a system? Swlist -l product -a categorytag patchidExamples of the swlist command For example$ swlist -l product *,c=patch $ swlist -l product *,c=manualdependencies $ swlist -l bundle @ somesystemAncestors Ancestors and supersession$ swlist -l fileset -a ancestor PHSS29183 Swlist -a appliedpatches filesetname Supersession$ swlist -a appliedpatches Xserver.AGRM Swlist -l patch -x showsupersededpatches=true Showpatches -s$ swlist -l fileset -a supersedes PHSS28681 Swlist -a patchstate -x showsupersededpatches=true patchidPatch-related attributes HP-UX Patch Supersession ChainSee Category tags Types of dependencies Patch dependenciesCorequisites and prerequisites Impact of dependencies on acquiring patches Enforced and unenforced manual dependenciesSwlist -vl fileset -a dependencytype fileset Patch rollback Patch rollback and commitmentPatch commitment Cleanup -p -c number Advanced topic patch cleanup utilityHP-UX patch ratings HP patch rating Rating detailsPatch documentation Critical and noncritical patchesFinding information for a specific patch $ swlist -l product -a categorytag PHSS30011Subset of fields in patch text file and patch details Advanced topic the readme attribute Obtaining information using the ItrcPatch warnings Swlist -l product -a readme patchid moreCritical and noncritical warnings Questions to ask How to handle patch warningsAdvanced topic finding patches with warnings Backup and recovery ConsiderationsPatch management overview Patch management life cyclePatch management life cycle Patch management overview Establishing a software change management strategy Restrictive Conservative InnovativeRecommendations for software change management Operational factor and patch management strategy matrixConsideration of HP patch rating Patch management and software depotsProactive patching strategy Acquiring patches for proactive patchingReactive patching strategy Advanced topic HP-UX Software AssistantAdvanced topic security patching strategy Acquiring patches for reactive patchingTesting the patches to be installed Advanced topic scanning for security patchesWhat are standard HP-UX patch bundles? Key featuresStandard HP-UX patch bundles Obtaining standard HP-UX patch bundles Standard HP-UX patch bundle use and release datesQuick start guide for patching HP-UX systems Useful pages on the Itrc Using the IT Resource CenterObtaining an Itrc user account Find individual patchesKey features Accessing the patch database and finding an individual patchClick the add to selected patch list button Using the IT Resource Center Advanced topic checking for all patch dependencies Check for patches with dependenciesUsing the IT Resource Center Click the add to selected patch list button Support information digests Standard patch bundlesCustom patch bundles run a patch assessment Ask your peers in the forumsSearch knowledge base Using software depots for patch management Common software distributor commands for patchingDepot types Directory depotsUsing depots Tape depotsChoosing depot type and depot location Viewing depotsSwlist -l depot Swlist -l depot @ remotesystem $ swlist -l depot$ swlist -l depot @ swdepot.xyz.com Creating and adding to a directory depot Copying patches to depots Depot/patches/11.11Advanced topic HP-UX Software Assistant Registering and unregistering directory depotsCopying products with patch dependencies to depots $ swreg -l depot /depot/patches/2003-07periodicdepot Advanced topic access control listsExamples of registering and unregistering depots $ swreg -u -l depot /depot/patches/2003-07periodicdepotExamples of verifying directory depots Verifying directory depots$ swverify -d \* @ /mydepots/newdirectorydepot Verification succeeded Verification had errorsRemoving software from a directory depot $ swverify -d \* @ /mydepots/PHSS30278depotExecution succeeded Advanced topic removing superseded patches from a depot $ /usr/sbin/cleanup -d /mydepots/patchdepot$ swlist -l product -d @ /mydepots/patchdepot $ swlist -l product @ /mydepots/patchdepot Installing patches from a depotRemoving a directory depot $ swreg -u -l depot /mydepots/PHCO27780depotReboots the system when required Examples of installing patches from a depot Analysis succeededCustom patch bundles Installing products with patch dependencies from a depotAnalysis and Execution succeeded Rev Patch description Examples of listing patches and bundlesRev Bundle Description Creating a custom bundle $ swlist -d @ /mydepots/temporarydepotAnalysis succeeded Finally, remove the temporary depot Using HP-UX Software Assistant for patch management For more informationUsing Dynamic Root Disk for patch management Drd1m Patch Assessment Tool Using the Patch Assessment ToolBenefits of the Patch Assessment Tool Example of running the Patch Assessment Tool Select upload new system information Contacting HP Support and other resourcesRelated information HP websites Typographic conventionsNon-HP websites Times Patch usage models Patch usage model 1 hardware/application software change Components in test Image Then productionDRD Begi n Product needs to be certified on HP-UX 11i v2/v3 Patch usage model 3 operating environment cold install Patch usage model 3 operating environment cold install Patch usage model 4 operating environment update Patch usage model 4 operating environment update Patch usage model 5 proactive patch Create clonePatch usage model 6 reactive patch Passed? SystemGlossary AncestorIPD SWA Index Index See also HWE Index