topic Re: hp security upgrade in Operating System - HP-UX

hp security upgrade

Donald Thaler — Fri, 13 Nov 2009 12:48:09 GMT

after installing the latest security upgrade using the software assistant and running the depot that was created, i see entries like this in the swagent.log after rebooting. should i be concerned and what would the appropriate action be ??

WARNING: Directory "/" should have group,gid "root,0" but the actual
group,gid is "sys,3".

ls -la shows:
drwxr-xr-x 27 root root 8192 Nov 13 07:34 .

cat etc/passwd
root:FMcSBzV4eX6Ps:0:3::/:/sbin/sh

Re: hp security upgrade

James R. Ferguson — Fri, 13 Nov 2009 13:08:34 GMT

Hi Donald:

The warning is from a 'swverify' step where the actual file or directory permissions and ownership are matched to what a software installation package indicates what should be.

On one of my servers:

# ls -ld /
drwxr-xr-x 20 root root 8192 Oct 10 08:29 /

If your '/' differs, 'chown' it:

# chown root:root /

Regards!

...JRF...

Re: hp security upgrade

Donald Thaler — Fri, 13 Nov 2009 14:06:11 GMT

mine shows the same thing ??

Re: hp security upgrade

James R. Ferguson — Fri, 13 Nov 2009 14:13:19 GMT

Hi (again) Donald:

> mine shows the same thing ??

OK, then I'd ignore the warning. It may have been accurate at one point and was corrected.

Regards!

...JRF...

Re: hp security upgrade

Bob E Campbell — Fri, 13 Nov 2009 23:01:26 GMT

The swverify command checks to see if the ownership of files and directories match what is expected by the product that actually delivered them. The catch here is that every product can claim they own the world.

Look at the swagent.log again an pay attention to what fileset is complaining. Chances are it is not the one that owns root. I am willing to bet there is a delusion of grandeur in the noisy fileset.