HP-UX Reference (11i v2 07/12) - 1M System Administration Commands N-Z (vol 4)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

391

392

393

394

395

396

397

398

399

400

swa-report(1M) swa-report(1M)

Note: The following are alternative, though less-secure, unauthenticated paths to the standard HP

catalog ﬁle:

http://ftp.itrc.hp.com/wpsl/bin/doc.pl/screen=wpslDownloadPatch/

swa_catalog.xml.gz?PatchName=/export/patches/swa_catalog.xml.gz

ftp://ftp.itrc.hp.com/export/patches/swa_catalog.xml.gz

-x crl_check=true

Usage: Advanced

When set to true, SWA will require the Certiﬁcate Revocation List (CRL) to be updated and checked

for the trusted Certiﬁcate Authority (CA) certiﬁcate being used to validate the remote server.

In the unlikely event that the private certiﬁcate of the server pointed to by the

catalog_source

option is suspected of being compromised, its certiﬁcate will be revoked, and added to a list of revoked

certiﬁcates by the CA. See the

catalog_source option.

The CRL must be signed by the same certiﬁcate chain that signed the host certiﬁcate being checked.

Checking the CRL requires regular downloads from the CA, which can lengthen the SWA run time. If

you do not wish to validate a revocation list, set this to

false.

-x crl_url=http://crl.verisign.com/RSASecureServer.crl

Usage: Advanced

The URL of the CRL. See the crl_check option for more information. If you are behind a proxy

server, then you will need to conﬁgure the proxy information for the protocol being used to download

the CRL.

-x download_cmd=

Usage: Intermediate

Speciﬁes a command that can download a URL from the Internet. The command is enclosed in single

quotes (’). This option is useful in cases where a system does not have a direct connection to the Inter-

net, but can execute a command that can download a URL from the Internet (for example, by using a

gateway machine).

Using this option overrides many options which are used by the internal SWA download functionality,

including proxy and CRL conﬁguration.

This command should take one option that is supplied by SWA (the URL of a ﬁle to download), and

outputs that ﬁle to its standard output. If the actual command in your environment behaves

differently, it can be wrapped by a shell script in order to provide the interface that SWA needs.

The command needs to support the protocol speciﬁed by the catalog_source

option (default

HTTPS) for catalog retrieval and FTP for patch retrieval. See the

catalog_source

option.

Note: Externally used commands are not necessarily supported by HP, but can give considerable

ﬂexibility for your environment. For example, some external commands can authenticate using Win-

dows NT-based domain passwords to a Microsoft web proxy, which is not directly supported by

SWA.

The following command is an example:

swa report -x download_cmd=’ssh user@system curl’

This command uses SSH (see ssh(1)) to run the curl command on a gateway system. The curl

command is an open source tool that ships with several Linux distributions. curl may be conﬁgured,

either using a conﬁguration ﬁle on the gateway system or by command-line parameters speciﬁed as

part of the download_cmd option.

-x ftp_proxy=${proxy}

Usage: Advanced

Proxy host and port (with optional HTTP basic authentication username and password) for accessing

content using the FTP protocol. No proxy information is speciﬁed by default.

The following format is used:

service://[user:password@]proxy-server:port

For example: ftp_proxy=http://web-proxy.mycompany.com:8088

HP-UX 11i Version 2: December 2007 Update − 4 − Hewlett-Packard Company 391