HP-UX Reference (11i v2 07/12) - 1M System Administration Commands N-Z (vol 4)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

371

372

373

374

375

376

377

378

379

380

swa(1M) swa(1M)

step Perform an individual step of the

swa report or swa get command, both of which are

actually composed of multiple steps (advanced usage). See swa-step(1M).

clean Remove software and ﬁles cached by SWA. See swa-clean(1M).

Security Considerations

The analysis that

swa performs relies on the integrity of the inventory to determine the appropriate

patches to install on the system. It is important that all protocols used to transmit the inventory data are

integrity protected and that the host used to generate the inventory data is accurately represented. For

example, use of swlist for gathering an inventory of a remote system uses a clear-text, unauthenticated

protocol that does not protect the integrity of the data. Using Secure Shell to gather an inventory of a

remote system uses an integrity protected (and encrypted) protocol. Even when using Secure Shell, the

analysis still relies on the source of the data (the remote host) to accurately represent the software contents

installed on that system.

Software download (swa get

or swa step download

) relies on the integrity of the analysis ﬁle to

ensure the integrity of patches before unpacking them. The analysis ﬁle gets MD5 checksum information

directly from the catalog. Therefore it is important that all transmissions of the catalog and/or analysis ﬁle

are integrity protected and that ﬁle permissions do not allow unnecessary modiﬁcation.

Depot creation (

swa get or swa step depot

) relies on the integrity of the patches within the

swcache directory. Therefore, after unpacking the patches, it is important that all subsequent transmis-

sions of the patches are integrity protected and that ﬁle permissions do not allow unauthorized

modiﬁcation. Deploying software using Software Distributor (using the swinstall command) has secu-

rity properties that are documented in the Software Distributor Administration Guide.

RETURN VALUE

swa returns the following values:

0 Success completion

1 Error

2 Warning

EXAMPLES

To display swa usage information:

swa -?

To display usage and list all swa extended options for all major modes:

swa -x -?

To inventory the local system, analyze it against an HP-supplied catalog (of known software and issues) for

newer Quality Pack patch bundles, security issues, and critical patch warnings, and then generate a default

standard output "action" report:

swa report

To create a report for security issues (SEC) for a remote system inventory gathered with Secure Shell, and

running ssh in batchmode to avoid being prompted for user input:

swa report -a SEC -s ssh://user@remotesystem \

-x ssh_options=’-o batchmode=yes’

To create a detailed report for remotesystem , limited in scope to Quality Pack patch bundle analysis

(QPK) and patches with critical warnings (PCW). This example uses the swlist networking protocol,

which is not integrity protected:

swa report -a QPK -a PCW -s remotesystem -r detail

To do the same task as the previous example, using the extended option equivalents (which can be speciﬁed

on the command line, in a user or system conﬁguration ﬁle, or in an extended options ﬁle):

swa report -x analyzers=’QPK PCW’ -x inventory_source=remotesystem \

-x stdout_report_type=detail

To generate a report and place the analysis results in the ˜/firstanalysis.xml ﬁle (for later use by

swa get):

swa report -x analysis_file=˜/firstanalysis.xml

376 Hewlett-Packard Company − 2 − HP-UX 11i Version 2: December 2007 Update