HP-UX Software Assistant Reference HP-UX 11i Systems HP Part Number: 5900-1285 Published: November 2010 Edition: 4
© Copyright 2009, 2010 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Contents 1 The HP-UX Software Assistant Manpages.......................................................4 swa(1M)..................................................................................................................................5 swa-clean(1M)........................................................................................................................11 swa-get(1M).........................................................................................................................
The HP-UX Software Assistant Manpages 4 The HP-UX Software Assistant Manpages
swa(1M) NAME swa -- Access HP-UX Software Assistant major modes SYNOPSIS swa [[-x] -?] swa report [-a analyzer] [-r stdout_report_type] [-s inventory_source] [-q [q[q]]] [-v[v]] [[-option] -?] [-x option=[value|-?]] [-X option_file] swa get [-p] -t target_depot [-q [q[q]]] [-v[v]] [[-option] -?] [-x option=[value|-?]] [-X option_file] swa step {inventory|catalog|analyze |report|download |depot} [step_options] [-q [q[q]]] [-v[v]] [[-option] -?] [-x option=[value|-?]] [-X option_file] swa clean {swcache|user
Options HP-UX Software Assistant is a tool that uses a major mode style interface. # swa swa has the following major modes options: report, get, step, and clean. report The swa report command is comprised of the following steps, and executes them in the order listed. Inventory – The swa report command first does an inventory of the installed software. The inventory is written to $HOME/.swa/cache/swa_inventory_n.xml.
-option -? Describes the legal values for this option. If option is -x, all possible extended options are listed for the specified major mode (swa command). If no major mode is given, all extended options are listed for all the major modes. Extended Options Extended options allow you to tailor SWA behavior to your own specifications as each phase is performed: analysis, reporting, and downloading HP software.
0 Success completion 1 Error 2 Warning EXAMPLES To display swa usage information: swa -? To display usage and list all swa extended options for all major modes: swa -x -? To inventory the local system, analyze it against an HP-supplied catalog (of known software and issues) for newer Quality Pack patch bundles, security issues, and critical patch warnings, and then generate a default standard output Action report: swa report To create a report for security issues (SEC) for a remote system inventory ga
swa clean usercache To remove all cached downloaded software in the default location: swa clean swcache To preview the removal of all cached downloaded software in the default location: swa clean swcache -p To remove all cached inventory, catalog, analysis, and downloaded software in specified locations: swa clean all -x user_dir=~/myusercache -x swcache=/my/cache AUTHOR swa was developed by HP.
/var/opt/swa/HPSIM Directory that holds all clients' files generated from SWA within HP SIM. Files are kept in user and job-specific subdirectories. This directory might require significant space to support clients' analysis, catalog, inventory, and report files. /var/opt/swa/HPSIM/user User-specific directory used by SWA when running under HP SIM. /var/opt/swa/swa.log Default log file. download.contents Lists all files downloaded from HP to the swcache. It is located in the swcache directory.
swa-clean(1M) NAME swa-clean: swa -- Remove files created by SWA SYNOPSIS swa clean {swcache|usercache|all} [-p] [-q [q[q]]] [-v[v]] [[-option] -?] [-x option=[value|-?]] [-X option_file] DESCRIPTION The swa clean command allows the user to remove software and files cached by Software Assistant (SWA). As SWA is used to report on systems and download software, objects are cached on disk for later use. There are two caches.
Extended Options The extended options may be specified in different ways: on the command line using the -x option, in an option file specified using the -X option, or in one of the configuration files /etc/ opt/swa/swa.conf (system wide) or $HOME/.swa.conf (user-specific). The /etc/opt/swa/ swa.conf.template file provides example syntax for a configuration or -X file. If the same option is given in multiple locations, the following order is prioritized from highest to lowest: 1.
-x swcache=/var/opt/swa/cache Usage: Basic Applicable caches: swcache, all This is the directory where SWA stores downloaded patches before putting them into a depot. The default location is only writable by root, so this directory needs to be changed for a non-root user to be able to download software. Opening up permissions on the default location is not recommended. -x user_dir=~/.
swa clean swcache To preview the removal of all cached downloaded software in the default location: swa clean swcache -p To remove all cached inventory, catalog, analysis, and downloaded software in specified locations: swa clean all -x user_dir=~/myusercache -x swcache=/my/cache AUTHOR swa was developed by HP. FILES Many of the following files have characteristics that may be modified by extended options, including the location and name.
to support clients' analysis, catalog, inventory, and report files. /var/opt/swa/HPSIM/user User-specific directory used by SWA when running under HP SIM. /var/opt/swa/swa.log Default log file. download.contents Lists all files downloaded from HP to the swcache. It is located in the swcache directory. readBeforeInstall.txt Lists special installation instructions and dependencies for the patches in the depot. It is located in the depot directory. SwaReport.
swa-get(1M) NAME swa-get: swa -- Download software from HP to resolve issues and make a depot SYNOPSIS swa get [-p] -t target_depot [-q [q[q]]] [-v[v]] [[-option] -?] [-x option=[value|-?]] [-X option_file] DESCRIPTION The swa get command uses the results file generated by the analyze step of swa report to download the necessary software from HP. Write access to the swcache directory is required for this step; see swa-report(1M). The downloaded software is then packaged in a depot.
-x option=value Sets the extended option to a value. See the Extended Options definitions below. -x option=-? Describes the legal values for this option. -X option_file Gets the extended options from option_file. For a description and examples of syntax for this file, see the /etc/opt/swa/swa.conf.template file.
-x crl_check=true Usage: Advanced When set to true, SWA will require the Certificate Revocation List (CRL) to be updated and checked for the trusted Certificate Authority (CA) certificate being used to validate the remote server. In the unlikely event that the private certificate of the server pointed to by the catalog_source option is suspected of being compromised, its certificate will be revoked, and added to a list of revoked certificates by the CA.
In SWA versions C.02.80 and later, you may use the string %url to represent the web locations SWA uses to complete any download. SWA will substitute URL destinations for the %url target string as it works. Since the example swa get command does not use the %url target string, SWA appends the URL destination to the end of the command, which becomes the script argument. The following procedure is to be run on the system to be analyzed. 1.
-x http_proxy=${proxy} Usage: Advanced Proxy host and port (with optional HTTP basic authentication username and password) for accessing content using the HTTP protocol. No proxy information is specified by default. The following format is used: service://[user:password@]proxy-server:port For example: http_proxy=http://web-proxy.mycompany.com:8088 The HTTP protocol is the default protocol used to download certificate revocation lists. See the crl_url option for more details.
The HTTPS protocol is used for catalog download, the HTTP protocol is used to download the CRL, and the FTP protocol is used for patch download. The proxy= option controls the default for all three proxies. See the https_proxy option, the http_proxy option, and the ftp_proxy option for more details. -x swcache=/var/opt/swa/cache Usage: Basic This is the directory where SWA stores downloaded patches before putting them into a depot.
RETURN VALUE swa get returns the following values: 0 Success 1 Error 2 Warning EXAMPLES These example commands assume your default configuration file contains your ITRC login information. The syntax will be: hp_id = hp_pw = To display swa get usage information: swa get -? To display usage and list all swa get extended options: swa get -x -? To run swa get using the options specified in the file ./myconfig: swa get -X .
$HOME/.swa/ignore Use this file to specify issues for analyzers to ignore. It is possible to use more than one ignore file by using the extended option ignore_file. $HOME/.swa/report/ swa_report.html The comprehensive report written by swa report and swa step report. $HOME/.swa/swa.log Default alternative log file if you don't have permissions to write to /var/opt/swa/swa.log. /etc/opt/swa/swa.conf The system-wide SWA configuration file. /etc/opt/swa/ swa.conf.
swa-report(1M) NAME swa-report: swa -- Report software and security issues, and resolutions SYNOPSIS swa report [-a analyzer] [-r stdout_report_type] [-s inventory_source] [-q [q[q]]] [-v[v]] [[-option] -?] [-x option=[value|-?]] [-X option_file] DESCRIPTION The swa report command inventories and analyzes a host system or depots used for full-system installation, such as the installation depot on an OE DVD.
recommended patch at or above the specified patch. PATCH=patchID[,patchID]* Given a specific patch, SWA indicates whether that patch is required for your system or not. HP recommends the CHAIN analyzer to report a patches' relevance to your system, since it will report the most recent, stable patch in the chain of superseded patches. If the -a option is not specified, the QPK, SEC, and PCW analyzers are used. See also the -x analyzers extended option.
Extended Options The extended options may be specified in different ways: on the command line using the -x option, in an option file specified using the -X option, or in one of the configuration files /etc/opt/swa/swa.conf (system wide) or $HOME/.swa.conf (user-specific). The /etc/opt/swa/swa.conf.template file provides example syntax for a configuration or -X file. If the same option is given in multiple locations, the following order is prioritized from highest to lowest: 1.
required, SWA selects the HP recommended patch at or above the specified patch. PATCH=patchID[,patchID]* Given a specific patch, SWA indicates whether that patch is required for your system or not. HP recommends the CHAIN analyzer to report a patches' relevance to your system, since it will report the most recent, stable patch in the chain of superseded patches. Note: This option is equivalent to -a but is suitable for use within an extended options file (-X) or configuration file.
The CRL must be signed by the same certificate chain that signed the host certificate being checked. Checking the CRL requires regular downloads from the CA, which can lengthen the SWA run time. If you do not wish to validate a revocation list, set this to false. -x crl_url=http://crl.verisign.com/RSASecureServer.crl Usage: Advanced The URL of the CRL. See the crl_check option for more information.
2. 3. Review the recommended actions and issues. Download patches using the gateway system and make a depot on the local system: # swa get -t target_depot -x download_cmd='/usr/local/bin/myGetScript.sh' where myGetScript.sh could be #! /usr/bin/sh URL=”$1” ssh user@gateway 'wget —O — \'$URL\' ' 4. Continue with the patch installation procedure.
The use of ${proxy} for this option value is substituted with the value of the proxy option (which is not set by default). -x http_proxy=${proxy} Usage: Advanced Proxy host and port (with optional HTTP basic authentication username and password) for accessing content using the HTTP protocol. No proxy information is specified by default. The following format is used: service://[user:password@]proxy-server:port For example: http_proxy=http://web-proxy.mycompany.
ssh://[user@]hostname[:full-path-to-depot] SSH specification to system or depot, uses SSH to contact host and local swlist of the system or depot. The inventory information is cached for later access in a cache directory within the user_dir. Naming of the inventory files is based on the hostname and path-to-depot as specified (for example, using the fully qualified domain name of a host will be cached separately from using the node name, even for the same machine).
5 Adds very verbose INFO messages. -x proxy= Usage: Basic Proxy host and port (with optional HTTP basic authentication username and password) for accessing content using the relevant protocol. No proxy information is specified by default. The following format is used: service://[user:password@]proxy-server:port For example: proxy=http://web-proxy.mycompany.
-x user_dir=~/.swa Usage: Basic The directory where SWA stores catalog, inventory, analysis, ignore, and report files. The default location is a subdirectory (.swa) of the user's home directory. This can be changed, for example, to allow archival of previous interim artifacts in a date-specific directory or off-host. Several other options default to a directory relative to this directory, so changing this option allows all of those locations to stay in sync relative to a common root.
To display swa report usage information: swa report -? To display usage and list all swa report extended options: swa report -x -? To run swa report using the options specified in the file ./myconfig: swa report -X .
$HOME/.swa/cache/ swa_analysis.xml The analysis of the inventory file and the catalog file created with swa report or swa step analyze. $HOME/.swa/cache/swa_inventory_n.xml The inventory of installed software created by swa inventory or swa step inventory. $HOME/.swa/ignore Use this file to specify issues for analyzers to ignore. It is possible to use more than one ignore file by using the extended option ignore_file. $HOME/.swa/ignore Use this file to specify issues for analyzers to ignore.
www.hp.com/go/swa. Follow HP-UX_Docs on Twitter for documentation links and news from HP-UX Information Development.
swa-step(1M) NAME swa-step: swa -- Advanced control over the execution of swa report and swa get steps.
time specifying a different set of analyzers and a different analysis file. swa step report Given the results of swa step analyze, a summary of recommended actions are written to standard output and comprehensive results are written to the report subdirectory of the directory specified by the user_dir extended option (the default filename isswa_report.html). Example use case: run swa step report multiple times, each time specifying a different standard output report format.
PCW installed, active patches with critical warnings PW installed, active patches with warnings (a superset of PCW) QPK latest quality pack SEC security bulletins that may apply CHAIN=patchID[,patchID]* given a specific patch, SWA indicates whether that patch is required for your system or not. If the patch is required, SWA selects the HP recommended patch at or above the specified patch.
target_depot will be created. If the depot already exists, you must specify the advanced option -x allow_existing_depot=true and understand its implications. (See also the -x allow_existing_depot option in Extended Options). -q The verbosity level is decreased by one each time -q is specified. (See also the -x verbosity option.) -v The verbosity level is increased by one each time -v is specified. (See also the -x verbosity option.) -? Displays general usage.
true Target depot can exist. false Target depot must be created. -x analysis_file=${user_dir}/cache/swa_analysis.xml Usage: Basic Applicable steps: analyze, report, download, depot Specify the file containing the raw analysis results, including a list of software that should be downloaded from Hewlett-Packard in order to address the issues found by the analysis.
gets updated daily from HP's website. In this case, the downloaded catalog is used, but will be updated every time SWA checks the catalog's age. Note: There are two special values, 0 and -1. The value of 0 forces an update. The value of -1 means the file will not be updated, regardless of age. -x catalog=${user_dir}/cache/swa_catalog.
The URL of the CRL. See the crl_check option for more information. If you are behind a proxy server, you will need to configure the proxy information for the protocol being used to download the CRL. -x download_cmd= Usage: Intermediate Applicable steps: catalog, download The download_cmd extended option can be used to override the default SWA download commands, and therefore the protocols SWA uses to download the catalog and patch files. The command is enclosed in single quotes (').
-x html_report=${user_dir}/report/swa_report.html Usage: Basic Applicable steps: report This option specifies the file containing the HTML-formatted report generated by the swa report command. This is a single file with internal hyperlinks. The HTML report may be printed to standard output using the stdout_report_type option. You may use ${user_dir} at the beginning of this option. It will be replaced with the value of the user_dir option (which defaults to $HOME/.swa).
If a user first runs SWA and this file does not exist, a template file is created that contains instructions on how to use this file. Upon creation, if a ~/.spc_ignore file exists, it is translated into the SWA format and appended to the template. You may use ${user_dir} at the beginning of this option. It will be replaced with the value of the user_dir option (which defaults to $HOME/.swa).
machine). The refresh of the cached inventory for each inventory_source is determined by the inventory_max_age option. The following option specifications are examples: System specification: -x inventory_source=ssh://user@host.example.com Depot specification: -x inventory_source=ssh://host.example.com/var/spool/sw Inventory file specification: -x inventory_source=file:///home/user/local_inventory.
If a username and password are specified as authentication credentials to your proxy server, HTTP basic authentication is used, which is a clear-text protocol (that is, your password might be visible to others on your network). Also, credentials specified on the command-line are visible to other local users, and access to credentials stored in extended option files are determined by their permissions. If your proxy server requires another type of authentication, see the -x download_cmd option.
This option specifies the directory where SWA stores catalog, inventory, analysis, ignore, and report files. The default location is a subdirectory (.swa) of the user's home directory. This can be changed, for example, to allow the archival of previous interim artifacts in a date-specific directory or off-host. Several other options default to a directory relative to this directory, so changing this option allows all of those locations to stay in sync relative to a common root.
swa step -? To display usage and list all swa step extended options: swa step -x -? To run swa step using the options specified in the file ./myconfig: swa step -X .
swa step download -p To download software that does not exist in the swcache or in the target depot: swa step download -t /target/depot -x allow_existing_depot=true To download software specified in an analysis file that is in a specified location, and put the results into a specified swcache location: swa step download -x analysis_file=~/myanalysis.
not running. HP SIM must be running when configHPSIM is run. /opt/swa/share/man Manpages. /var/opt/swa/cache The default directory for downloading software before it is packaged in a depot. This directory can be set with the extended option swcache. Note that this directory can consume a significant amount of disk space. /var/opt/swa/HPSIM Directory that holds all clients' files generated from SWA within HP SIM. Files are kept in user and job-specific subdirectories.
A Support and other resources Contacting HP Before you contact HP Be sure to have the following information available before you contact HP: • Technical support registration number (if applicable) • Service agreement ID (SAID) • Product serial number • Product model name and number • Product identification number • Applicable error message • Add-on boards or hardware • Third-party hardware or software • Operating system type and revision level HP contact information For the name of the nea
Related information Documents • HP-UX Software Assistant Administration Guide • HP-UX Software Assistant Reference • HP-UX Software Assistant Frequently Asked Questions • Patch Management User Guide for HP-UX 11.
Table 2 Typographic Conventions (continued) Typeface Usage Examples File name Files and directories /dev/dsk/c0t0d0 Computer output Text a program displays Please select a boot option User input Text you type 15.1.54.117 Variable Variables to be replaced by a name or value IP Address Listing File contents cfg "HP-UX b.11.23 Default" { } Screen An example display Seconds left until autoboot - 0 AUTOBOOTING... [ ] The contents are command options.
Glossary A analysis A comparison of the inventory and the catalog to determine the recommended actions and applicable patches for installation. analyzer An option of the swa report and swa step analyze commands used to specify the type of analyses to run. Available analyzers are: CRIT, PCW, PW, QPK, SEC, CHAIN, and PATCH. If no analyzers are specified, the QPK, SEC, and PCS analyses are performed. B bulletin See security bulletin.
R report A summary of actions to take based on the analysis. S-T security bulletin The mechanism used by Hewlett-Packard to announce the presence of potential security issues and lists actions recommended to resolve the issue. Security Patch Check (SPC) An HP-UX command that analyzes the security bulletin compliance of a system. Most of the functionality of SPC is superseded by HP-UX Software Assistant. Full support of SPC will end on 11/01/08.
