HP-UX Reference (11i v2 07/12) - 1M System Administration Commands N-Z (vol 4)
s
swa-step(1M) swa-step(1M)
the downloaded software into a depot. Depending on the extended options used, a new depot is
created or an existing depot is added to. Example use case: If a depot server system does not have
Internet access, use swa step download to get software on your intranet. Then copy the
software to the swcache directory on your depot server and use
swa step depot to unpack the
downloaded software and create your depot.
Security Considerations
The analysis that
swa step performs relies on the integrity of the inventory to determine the appropri-
ate patches to install on the system. It is important that all protocols used to transmit the inventory data
are integrity protected and that the host used to generate the inventory data is accurately represented.
For example, use of swlist for gathering an inventory of a remote system uses a clear-text, unauthenti-
cated protocol that does not protect the integrity of the data. Using Secure Shell to gather an inventory of
a remote system uses an integrity protected (and encrypted) protocol. Even when using Secure Shell, the
analysis still relies on the source of the data (the remote host) to accurately represent the software contents
installed on that system.
Software download (swa step download
) relies on the integrity of the analysis file to ensure the
integrity of patches before unpacking them. The analysis file gets MD5 checksum information directly from
the catalog. Therefore it is important that all transmissions of the catalog and/or analysis file are integrity
protected and that file permissions do not allow unnecessary modification.
Depot creation (
swa step depot) relies on the integrity of the patches within the
swcache directory.
Therefore, after unpacking the patches, it is important that all subsequent transmissions of the patches are
integrity protected and that file permissions do not allow unauthorized modification. Deploying software
using Software Distributor (using the
swinstall command) has security properties that are documented
in the Software Distributor Administration Guide.
Options
swa step recognizes the following options:
-a analyzer
Specifies an analyzer to use. Each analyzer represents a different type of analysis that
swa can
perform. You may specify multiple
-a options. The supported analyzers are as follows:
CRIT patches that fix critical problems
PCW patches with critical warnings
PW patches with warnings (a superset of PCW)
QPK latest quality pack
SEC security bulletins that may apply
CHAIN=patchID[,patchID]* include patch or recommended successor
PATCH=patchID[,patchID]* include specific patch.
Note: Use of CHAIN is generally preferred.
If the -a option is not specified, the QPK, SEC, and
PCW analyzers are used. See also the
-x analyzers extended option.
-p Runs this command in preview mode.
-r stdout_report_type
Specifies the type of report to display to standard output. Legal values are as follows:
action (Default) Summary of recommended actions
issue Summary of identified issues
detail Recommended actions with issue justification
html Comprehensive report in HTML format
none No report is generated on standard output
-s inventory_source
Specify one system or depot to be inventoried, analyzed and reported on. If this option is not
specified, the local system is inventoried, analyzed and reported on. Supports Secure Shell
(recommended for remote connections) and swlist (legacy) protocols for gathering inventory
398 Hewlett-Packard Company − 2 − HP-UX 11i Version 2: December 2007 Update