HP-UX Reference (11i v3 07/02) - 1M System Administration Commands N-Z (vol 4)
s
security_patch_check(1M) security_patch_check(1M)
lines, or after action identifiers. A bulletin identifier is in the same format as the "Bull" column in the
human-readable output, with the bulletin number, optionally followed by "r" and the revision number
of the bulletin. If the bulletin is revised, Security Patch Check will notify you again the next time you
download an updated catalog, in case the revision affects you. The default file is
$HOME/.spc_ignore
.
-m Display output in a machine-parsable format. This format contains zero or more recommended-action
records in the format:
action-name:
{<tab>field-name:<tab>field-text
[<tab><tab>more-field-text]... }...
The record is for either a recommended action or patch with warnings (which is present on the target
system). Patches with warnings contain "with Warnings" in their Status field. Recommended security
actions contain a SecBul field.
-m
should not be used with the -o option. Three fields that are
unique to the catalog used by
security_patch_check
will appear. The Min field indicates the
oldest patch in the recommended patch’s chain that resolves the security issue. The MFset field is the
list of ancestor filesets for the oldest patch, and the SecBul field indicates in which security bulletins
the patch’s chain was introduced. There is no guarantee that the same fields will exist for each patch
record, or that the fields will be in a certain order. Notes are suppressed when
-m
is used. Warnings
and errors are written to standard error.
-n Suppress warnings about currently installed patches whose state is neither configured nor available.
A patch which is not in one of these states is misconfigured and should be fixed.
-o [bcdmprs]
Alter the information printed by security_patch_check
in the human-readable patch informa-
tion table. By default, the "#", "Bull", "Cnt", "Recommended", "Spec", "Reboot", "PDep", and "Descrip-
tion" columns appear. The full text of the patch records can be obtained only by running
security_patch_check
with the -m option (instead of the -o option). Ordering of the options
passed to the
-o option is ignored. The table’s columns will be printed in the following order:
#, Recommended, [Bull], [Cnt], [Minimum], [Spec], [Reboot], [PDep], [Description].
"#" indicates the patch’s number within the table.
Note that -o should not be used with -m. -m overrides -o
. The options passed to -o have the fol-
lowing effects:
b Print a "Bull" field and show the highest-numbered security bulletin this recommended action
applies to.
c Print a "Cnt" field to indicate how many bulletins relate to this recommendation. For example:
1st = this is the first and only bulletin, 2nd = this is the 2nd of 2, 3rd = 3rd of three, etc.
d Print a "Description" field and show a description of each recommended action.
m Print a "Minimum" field and show the oldest patch in the chain of patches including the recom-
mended patch, which resolves the security problem.
p Print a "PDep" field and indicate whether each recommended patch has patch dependencies.
r Print a "Reboot" field and indicate whether each recommended patch/action requires a reboot.
s Print a "Spec" field and indicate whether each recommended patch/action has special instructions
associated with it or, in some cases, the nature of the special instructions. For example: "man"
indicates there are manual steps, "upd" indicates there are updates to be applied, "warn" indi-
cates that the patch has warnings, etc.
-q Operate in quiet mode. security_patch_check will print a table or machine-parsable output
only if it determines that there are patches/actions missing from the system (or input data). Warnings
will be printed. Notes will be suppressed.
-qq Operate in very quiet mode. Warnings, which may be critical to system security (that is, patch warn-
ings, world-writable catalogs) are suppressed. -qq implies -q.
-r [url]
Retrieve the latest security bulletin catalog from an HP HTTPS, HTTP, or FTP site, as specified by
url.
328 Hewlett-Packard Company − 3 − HP-UX 11i Version 3: February 2007