Patch Management User Guide for HP-UX 11.x Systems (762796-001, March 2014)
Table Of Contents
- Patch Management User Guide for HP-UX 11.x Systems
- Contents
- 1 HP secure development lifecycle
- 2 HP-UX patches and patch management
- 3 Quick start guide for patching HP-UX systems
- 4 HP-UX patch overview
- 5 Patch management overview
- Patch management life cycle
- HP service contracts
- Patch management and software change management strategies
- Establishing a software change management strategy
- Recommendations for software change management
- Consideration of HP patch rating
- Patch management and software depots
- Proactive patching strategy
- Reactive patching strategy
- Advanced topic: security patching strategy
- Advanced topic: scanning for security patches
- Testing the patches to be installed
- 6 What are standard HP-UX patch bundles?
- 7 Using the HP Support Center
- Obtaining an HPSC user account
- Useful pages on the HPSC
- Find individual patches
- Advanced topic: checking for special installation instructions
- Advanced topic: checking for all patch dependencies
- Standard patch bundles
- Custom patch bundles - run a patch assessment
- Support information digests
- Ask your peers in the forums
- Search knowledge base
- 8 Using software depots for patch management
- Common software distributor commands for patching
- Depot types
- Using depots
- Viewing depots
- Creating and adding to a directory depot
- Registering and unregistering directory depots
- Verifying directory depots
- Removing software from a directory depot
- Removing a directory depot
- Installing patches from a depot
- Custom patch bundles
- 9 Using HP-UX Software Assistant for patch management
- 10 Using Dynamic Root Disk for patch management
- 11 The Patch Assessment Tool
- 12 Support and other resources
- 13 Documentation Feedback
- A Patch usage models
- Glossary
- Index
Questions to ask
If you must deal with a patch that has a warning, consider the following questions in deciding
whether or not to use, or continue to use, the patch:
• Is the system environment susceptible to the problem?
A patch with a warning might not cause problems for every customer. Exposure depends on
the system-use models, and whether you have any of the affected configurations. The previous
screen is a good example of this situation. Unless the system is configured with greater than
32 GB of device swap and meets all the other conditions listed, the patch warning given for
patch PHKL_30065 will have no impact on the system.
• Is a replacement patch available, and, if so, is its HP rating acceptable for the system?
A replacement patch might be available. You can use the HPSC Patch Database to attempt
to locate such a patch. Simply search using the explicit patch ID of the patch that has a
warning. If there is a replacement patch, it will be displayed in the search results page. If a
replacement patch exists, you must take into account its advantages and disadvantages. This
includes consideration of the patch's HP rating. See “HP-UX patch ratings” (page 37).
After answering the previous two questions, you must consider the following questions in order to
develop an appropriate course of action for your situation:
• What is the severity of the problem associated with the patch?
• If the patch is already on the system, has it caused any problems?
• What is your tolerance for down time if a reboot is necessary?
• What is the timing of the next maintenance window?
• What are your company's system administration policies?
As a final point, if you choose to remove a patch with a warning from a system, make sure that
the patch is not contained in any of the depots used for patch installations. For more information
about patch depots, see Chapter 8: “Using software depots for patch management” (page 67).
Advanced topic: finding patches with warnings
HP provides the HP-UX Software Assistant (SWA) tool at no charge. SWA can perform a number
of checks including published security issues, installed patches with warnings, and missing patches
with critical fixes. Once an analysis has been performed, you can use SWA to download any
recommended patches or patch bundles and create a depot ready for installation. For more
information, see Chapter 9: “Using HP-UX Software Assistant for patch management” (page 89).
Backup and recovery
Always perform a backup of the system before making patch-related system changes. You should
have a backup in the event that unacceptable behavior occurs as a result of patching.
This section provides some resources that you can investigate for recovery strategies. It does not
provide the details needed for recovering from patch-related problems.
• Ignite-UX
Ignite is an HP-UX administration toolset that allows the simultaneous installation of HP-UX on
multiple clients, the creation and use of custom installations, the creation of recovery media,
and the remote recovery of clients. For more information, see the Ignite-UX web page at http://
www.hp.com/go/ignite-ux. The make_net_recovery and make_tape_recovery features
of Ignite can be good starting points for investigating recovery tools.
• Data Protector is an HP product that you can use for data protection and disaster recovery.
For more information, see the HP OpenView Storage Data Protector website at http://
h18006.www1.hp.com/products/storage/software/dataprotector/index.html.
Backup and recovery 43