HP UX Patch Management Benefits of the Patch Assessment Tool, Using the Patch Assessment Tool

Page 88

10 The Patch Assessment Tool

Benefits of the Patch Assessment Tool

You can use the Patch Assessment Tool to create custom patch bundles for individual HP-UX systems and for multiple systems you manage as a group. The Patch Assessment Tool simplifies the bundle creation process by guiding you through system-based patch analysis and selection. HP's web-based Patch Assessment Tool is available on the IT Resource Center (ITRC) website at http://itrc.hp.com.

TIP: HP-UX Software Assistant (SWA) was released in January, 2007 as a software upgrade to

the Patch Assessment Tool. For more information, see Chapter 8: “Using HP-UX Software Assistant for patch management” (page 85).

The Patch Assessment Tool replaces the Custom Patch Manager (CPM) Tool.

In addition to creating custom bundles, you can also use the Patch Assessment Tool to do the following:

Ensure your system meets the HP recommended patch configuration.

Ensure all applicable security patches are installed on the system.

Identify and acquire replacement patches for patches with warnings installed on the system.

If you are implementing a proactive patch management strategy, the Patch Assessment Tool can be useful as your primary method of patch selection. See Chapter 4: “Patch management overview” (page 42) for more information about proactive patching.

The benefits of using the Patch Assessment Tool to select and acquire patches include:

The assessment returns a set of patches customized to your needs based on your input:

Select or deselect patches that provide critical fixes.

Select or deselect patches that fix security vulnerabilities.

Include sets of patches that pertain to specific applications.

Select or deselect replacement (or superseding) patches for patches already on a system that have noncritical or critical warnings.

Require that a specific patch be included in the assessment.

Request the latest Quality Pack (QPK) patch bundle.

The tool automatically checks the selected patches against each other as well as against patches currently installed on the system to detect conflicts and dependencies.

The assessment results include information detailing why each patch was recommended.

You can download recommended patches as a tar, zip, or gzip package.

You can use the program locating commands whereis(1) and which(1) to make sure you have the appropriate software. For example, use whereis gzip to determine if the program is installed and use which gzip to determine if the program is in your path.

Using the Patch Assessment Tool

1.Log in to the ITRC at http://itrc.hp.com.

Please note that you need to log in to the appropriate site (Americas/Asia Pacific or European).

2.Select Patch database.

3.Select run a patch assessment.

The run a patch assessment page is displayed.

88 The Patch Assessment Tool

Page 87 Page 89
Image 88
Page 87 Page 89
Contents Patch Management User Guide for HP-UX 11.x Systems Revision history Table of Contents What are standard HP-UX patch bundles? Using Dynamic Root Disk for patch management 104 107HP-UX patches and patch management Patch management strategiesHow to get patches Where to startQuick start guide for patching HP-UX systems OverviewBefore you begin Should you use standard HP-UX patch bundles?Standard HP-UX patch bundles Acquiring and installing standard HP-UX patch bundlesAcquiring the bundles Installing the bundles As root, run the createdepothp-ux11scriptAdvanced topic using Dynamic Root Disk DRD SwlistAcquiring and installing individual patches Acquiring the patchesQuick start guide for patching HP-UX systems Installing the patches Swverify -d \* @ /tmp/somepatchdirectory/depotAdvanced topic using Dynamic Root Disk DRD HP-UX patch overview Patch-related conceptsPatch identification HP-UX software structurePatch bundles Software depots and patch depotsPatch status Patch stateCategory tags StateSwlist -l fileset -a state grep patchid Which patches are on a system? Swlist -l product -a categorytag patchidExamples of the swlist command For example$ swlist -l product *,c=patch $ swlist -l product *,c=manualdependencies $ swlist -l bundle @ somesystemAncestors Ancestors and supersession$ swlist -l fileset -a ancestor PHSS29183 Swlist -a appliedpatches filesetname Supersession$ swlist -a appliedpatches Xserver.AGRM Swlist -l patch -x showsupersededpatches=true Showpatches -s$ swlist -l fileset -a supersedes PHSS28681 Swlist -a patchstate -x showsupersededpatches=true patchidPatch-related attributes HP-UX Patch Supersession ChainSee Category tags Types of dependencies Patch dependenciesCorequisites and prerequisites Impact of dependencies on acquiring patches Enforced and unenforced manual dependenciesSwlist -vl fileset -a dependencytype fileset Patch rollback Patch rollback and commitmentPatch commitment Cleanup -p -c number Advanced topic patch cleanup utilityHP-UX patch ratings HP patch rating Rating detailsCritical and noncritical patches Finding information for a specific patchPatch documentation $ swlist -l product -a categorytag PHSS30011Subset of fields in patch text file and patch details Obtaining information using the Itrc Patch warningsAdvanced topic the readme attribute Swlist -l product -a readme patchid moreCritical and noncritical warnings Questions to ask How to handle patch warningsAdvanced topic finding patches with warnings Backup and recovery ConsiderationsPatch management overview Patch management life cyclePatch management life cycle Patch management overview Establishing a software change management strategy Restrictive Conservative InnovativeRecommendations for software change management Operational factor and patch management strategy matrixConsideration of HP patch rating Patch management and software depotsProactive patching strategy Acquiring patches for proactive patchingReactive patching strategy Advanced topic HP-UX Software AssistantAdvanced topic security patching strategy Acquiring patches for reactive patchingTesting the patches to be installed Advanced topic scanning for security patchesWhat are standard HP-UX patch bundles? Key featuresStandard HP-UX patch bundles Obtaining standard HP-UX patch bundles Standard HP-UX patch bundle use and release datesQuick start guide for patching HP-UX systems Using the IT Resource Center Obtaining an Itrc user accountUseful pages on the Itrc Find individual patchesKey features Accessing the patch database and finding an individual patchClick the add to selected patch list button Using the IT Resource Center Advanced topic checking for all patch dependencies Check for patches with dependenciesUsing the IT Resource Center Click the add to selected patch list button Standard patch bundles Custom patch bundles run a patch assessmentSupport information digests Ask your peers in the forumsSearch knowledge base Using software depots for patch management Common software distributor commands for patchingDepot types Directory depotsUsing depots Tape depotsChoosing depot type and depot location Viewing depotsSwlist -l depot Swlist -l depot @ remotesystem $ swlist -l depot$ swlist -l depot @ swdepot.xyz.com Creating and adding to a directory depot Copying patches to depots Depot/patches/11.11Advanced topic HP-UX Software Assistant Registering and unregistering directory depotsCopying products with patch dependencies to depots Advanced topic access control lists Examples of registering and unregistering depots$ swreg -l depot /depot/patches/2003-07periodicdepot $ swreg -u -l depot /depot/patches/2003-07periodicdepotExamples of verifying directory depots Verifying directory depots$ swverify -d \* @ /mydepots/newdirectorydepot Verification had errors Removing software from a directory depotVerification succeeded $ swverify -d \* @ /mydepots/PHSS30278depotExecution succeeded Advanced topic removing superseded patches from a depot $ /usr/sbin/cleanup -d /mydepots/patchdepot$ swlist -l product -d @ /mydepots/patchdepot Installing patches from a depot Removing a directory depot$ swlist -l product @ /mydepots/patchdepot $ swreg -u -l depot /mydepots/PHCO27780depotReboots the system when required Examples of installing patches from a depot Analysis succeededCustom patch bundles Installing products with patch dependencies from a depotAnalysis and Execution succeeded Rev Patch description Examples of listing patches and bundlesRev Bundle Description Creating a custom bundle $ swlist -d @ /mydepots/temporarydepotAnalysis succeeded Finally, remove the temporary depot Using HP-UX Software Assistant for patch management For more informationUsing Dynamic Root Disk for patch management Drd1m Patch Assessment Tool Using the Patch Assessment ToolBenefits of the Patch Assessment Tool Example of running the Patch Assessment Tool Select upload new system information Contacting HP Support and other resourcesRelated information HP websites Typographic conventionsNon-HP websites Times Patch usage models Patch usage model 1 hardware/application software change Components in test Image Then productionDRD Begi n Product needs to be certified on HP-UX 11i v2/v3 Patch usage model 3 operating environment cold install Patch usage model 3 operating environment cold install Patch usage model 4 operating environment update Patch usage model 4 operating environment update Patch usage model 5 proactive patch Create clonePatch usage model 6 reactive patch Passed? SystemGlossary AncestorIPD SWA Index Index See also HWE Index
Top Page Image Contents