HP UX Patch Management manual HP patch rating, Rating details

Page 35

HP patch rating of 1

Although these patches have passed rigorous prerelease testing, HP recommends that you use these patches only if all of the following conditions are true:

If you are in a reactive patching situation.

The highest-rated patch that addresses the problem is rated 1.

You cannot wait for the patch to increase to a higher rating.

Whenever possible, you should wait until the patch gains more exposure and achieves a rating of 2 or 3. For more information on reactive and proactive patching, see Chapter 4: “Patch management overview” (page 42).

Rating details

The following list provides more details about patch ratings of 1:

Upon release, patches are assigned a rating of 1.

These patches have successfully completed internal testing by HP.

Because they are new, these patches have an inherent level of risk associated with them that you might find unacceptable. However, they are made available in case you are willing to accept the increased risk because the patch resolves a specific issue on a system.

If you choose to use one of these patches, you should evaluate and test it carefully prior to deployment on a system.

HP patch rating of 2

HP recommends that you use patches rated 2 for both proactive and reactive patching and when a patch rated 3 is not available.

Patches rated 1 might be upgraded to a rating of 2 on any given day (based on the amount of customer exposure). Therefore, if you chose to defer patch installation to wait for a patch rating to be upgraded to a rating of 2, you can check for this upgrade on a daily basis.

Rating details

The following list provides more details on patch ratings of 2:

These patches have met minimum criteria based on the number of days available to customers and the number of times downloaded with no problems reported.

These patches might appear in the recommended column of the ITRC's Patch Database patch search results page (provided they have no associated patch warnings).

HP patch rating of 3

Rating 3 is the highest rating HP assigns to a patch. These patches represent the lowest level of risk. HP recommends you use patches rated 3 whenever possible for both proactive and reactive patching.

If you are waiting for a specific patch to reach a rating of 3, check the patch quarterly to determine whether it has been promoted from a rating of 2 to a rating of 3.

Rating details

The following list provides more details on patch ratings of 3:

These patches have passed more levels of testing than patches rated 1 or 2.

These patches might appear in the recommended column of the ITRC's Patch Database patch search results page (provided they have no associated patch warnings).

HP-UX patch ratings 35

Page 34 Page 36
Image 35
Page 34 Page 36
Contents Patch Management User Guide for HP-UX 11.x Systems Revision history Table of Contents What are standard HP-UX patch bundles? Using Dynamic Root Disk for patch management 107 104Patch management strategies HP-UX patches and patch managementWhere to start How to get patchesShould you use standard HP-UX patch bundles? Quick start guide for patching HP-UX systemsOverview Before you beginAcquiring the bundles Acquiring and installing standard HP-UX patch bundlesStandard HP-UX patch bundles As root, run the createdepothp-ux11script Installing the bundlesSwlist Advanced topic using Dynamic Root Disk DRDAcquiring the patches Acquiring and installing individual patchesQuick start guide for patching HP-UX systems Swverify -d \* @ /tmp/somepatchdirectory/depot Installing the patchesAdvanced topic using Dynamic Root Disk DRD HP-UX software structure HP-UX patch overviewPatch-related concepts Patch identificationSoftware depots and patch depots Patch bundlesPatch state Patch statusSwlist -l fileset -a state grep patchid StateCategory tags Swlist -l product -a categorytag patchid Which patches are on a system?For example Examples of the swlist command$ swlist -l product *,c=patch $ swlist -l bundle @ somesystem $ swlist -l product *,c=manualdependencies$ swlist -l fileset -a ancestor PHSS29183 Ancestors and supersessionAncestors $ swlist -a appliedpatches Xserver.AGRM SupersessionSwlist -a appliedpatches filesetname Showpatches -s Swlist -l patch -x showsupersededpatches=trueSwlist -a patchstate -x showsupersededpatches=true patchid $ swlist -l fileset -a supersedes PHSS28681HP-UX Patch Supersession Chain Patch-related attributesSee Category tags Corequisites and prerequisites Patch dependenciesTypes of dependencies Swlist -vl fileset -a dependencytype fileset Enforced and unenforced manual dependencies Impact of dependencies on acquiring patches Patch commitment Patch rollback and commitmentPatch rollback HP-UX patch ratings Advanced topic patch cleanup utilityCleanup -p -c number Rating details HP patch rating$ swlist -l product -a categorytag PHSS30011 Critical and noncritical patchesFinding information for a specific patch Patch documentationSubset of fields in patch text file and patch details Swlist -l product -a readme patchid more Obtaining information using the ItrcPatch warnings Advanced topic the readme attributeCritical and noncritical warnings Advanced topic finding patches with warnings How to handle patch warningsQuestions to ask Considerations Backup and recoveryPatch management life cycle Patch management overviewPatch management life cycle Patch management overview Restrictive Conservative Innovative Establishing a software change management strategyOperational factor and patch management strategy matrix Recommendations for software change managementPatch management and software depots Consideration of HP patch ratingAcquiring patches for proactive patching Proactive patching strategyAdvanced topic HP-UX Software Assistant Reactive patching strategyAcquiring patches for reactive patching Advanced topic security patching strategyAdvanced topic scanning for security patches Testing the patches to be installedStandard HP-UX patch bundles Key featuresWhat are standard HP-UX patch bundles? Standard HP-UX patch bundle use and release dates Obtaining standard HP-UX patch bundlesQuick start guide for patching HP-UX systems Find individual patches Using the IT Resource CenterObtaining an Itrc user account Useful pages on the ItrcAccessing the patch database and finding an individual patch Key featuresClick the add to selected patch list button Using the IT Resource Center Check for patches with dependencies Advanced topic checking for all patch dependenciesUsing the IT Resource Center Click the add to selected patch list button Ask your peers in the forums Standard patch bundlesCustom patch bundles run a patch assessment Support information digestsSearch knowledge base Common software distributor commands for patching Using software depots for patch managementDirectory depots Depot typesTape depots Using depotsSwlist -l depot Viewing depotsChoosing depot type and depot location $ swlist -l depot @ swdepot.xyz.com $ swlist -l depotSwlist -l depot @ remotesystem Creating and adding to a directory depot Depot/patches/11.11 Copying patches to depotsCopying products with patch dependencies to depots Registering and unregistering directory depotsAdvanced topic HP-UX Software Assistant $ swreg -u -l depot /depot/patches/2003-07periodicdepot Advanced topic access control listsExamples of registering and unregistering depots $ swreg -l depot /depot/patches/2003-07periodicdepot$ swverify -d \* @ /mydepots/newdirectorydepot Verifying directory depotsExamples of verifying directory depots $ swverify -d \* @ /mydepots/PHSS30278depot Verification had errorsRemoving software from a directory depot Verification succeededExecution succeeded $ swlist -l product -d @ /mydepots/patchdepot $ /usr/sbin/cleanup -d /mydepots/patchdepotAdvanced topic removing superseded patches from a depot $ swreg -u -l depot /mydepots/PHCO27780depot Installing patches from a depotRemoving a directory depot $ swlist -l product @ /mydepots/patchdepotReboots the system when required Analysis succeeded Examples of installing patches from a depotAnalysis and Execution succeeded Installing products with patch dependencies from a depotCustom patch bundles Rev Bundle Description Examples of listing patches and bundlesRev Patch description $ swlist -d @ /mydepots/temporarydepot Creating a custom bundleAnalysis succeeded Finally, remove the temporary depot For more information Using HP-UX Software Assistant for patch managementUsing Dynamic Root Disk for patch management Drd1m Benefits of the Patch Assessment Tool Using the Patch Assessment ToolPatch Assessment Tool Example of running the Patch Assessment Tool Select upload new system information Related information Support and other resourcesContacting HP Non-HP websites Typographic conventionsHP websites Times Patch usage models Components in test Image Then production Patch usage model 1 hardware/application software changeDRD Begi n Product needs to be certified on HP-UX 11i v2/v3 Patch usage model 3 operating environment cold install Patch usage model 3 operating environment cold install Patch usage model 4 operating environment update Patch usage model 4 operating environment update Create clone Patch usage model 5 proactive patchPassed? System Patch usage model 6 reactive patchAncestor GlossaryIPD SWA Index Index See also HWE Index
Top Page Image Contents