HP-UX Reference (11i v2 07/12) - 1M System Administration Commands N-Z (vol 4)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

301

302

303

304

305

306

307

308

309

310

security_patch_check(1M) security_patch_check(1M)

basic authentication), the

download_cmd extended option offers extremely ﬂexible download capabilities,

which are much more powerful than what SPC provides.

EXTERNAL INFLUENCES

Environment Variables

Security Patch Check uses the

HOME environment variable to set default locations for the ignore ﬁle and

the default trust store. If the tool is run by root without

HOME set, Security Patch Check will default to

using

/var/opt/sec_mgmt/spc

. Otherwise, the lack of a valid

HOME will cause Security Patch Check

to terminate with an error.

When

security_patch_check

is run with the

-r option, proxy and trust store conﬁguration vari-

ables should be set and exported in your shell environment.

The

https_proxy , http_proxy ,orftp_proxy variable must indicate a proxy that the script can

use, if your network requires the use of a proxy. SWA will honor these proxy environment variables as

well. Use the appropriate proxy variable based on the protocol you are using to download the security cata-

log.

If you are using the HTTPS protocol, then all the required trust store variables must be conﬁgured.

Review the HTTPS Speciﬁc Conﬁguration subsection above for details concerning the

HTTPS_CA_FILE

HTTPS_CA_DIR , CRLCHECK, and CRLURL trust store environment variables.

The /etc/profile ﬁle must be altered to allow HP Systems Insight Manager to ﬁnd the variables.

Refer to the SECURITY CATALOG RETRIEVAL section above for more information.

RETURN VALUE

security_patch_check

sets its exit status to one of the following values.

0 Indicates successful exit, whether or not missing actions were found.

1 Indicates an error in the command-line arguments.

2 Indicates security_patch_check

received SIGQUIT, SIGINT,orSIGSTOP.

>2 Indicates other function-level run-time errors.

In the case of an error, security_patch_check

prints an error message.

EXAMPLES

Get the latest security patch catalog, and then analyze the local system; print (the default) human-readable

report.

security_patch_check -r

Get the latest security bulletin catalog, and then analyze localhost; write all output including warnings and

errors to ﬁle report (using /usr/bin/sh ). This is useful for using security_patch_check

in a

cron job to execute nightly.

security_patch_check -r > report 2>&1

If you would prefer to have a report mailed to you, then you can use the following (using

/bin/sh). This

will put the standard output and standard error streams together and mail them to the given e-mail

address.

security_patch_check.pl -r 2>&1 | mail user@hostname

Analyze localhost by downloading the latest security bulletin catalog, and take

swlist output from ﬁle

swout_output .

security_patch_check -f swout_output -r

Analyze localhost, print in which security bulletins the recommended patches’ or actions’ chains were men-

tioned, whether the recommended patches or actions require reboot, and their descriptions.

security_patch_check -o brd

Analyze remote host named machineA; give output in machine-parsable format.

security_patch_check -h machineA -m

Analyze depot /patch_depot on machineA along with depot /fileset_depot on machineB.

Assume that the depots are for HP-UX 11.00. security_patch_check takes swlist output from

standard input.

308 Hewlett-Packard Company − 7 − HP-UX 11i Version 2: December 2007 Update