HPE Community
Operating System - HP-UX
1836455 Members
2544 Online
110101 Solutions
New Discussion

Re: Corrupt security catalog

 
Anders Blomkvist
Advisor

‎11-14-2002 01:26 AM

‎11-14-2002 01:26 AM

Corrupt security catalog

I am trying to use the security patch check utility and I manually download the security catalog from ftp.itrc.hp.com before running the tool with the -c option. But every time the tool complains about corrupt catalog:
Corrupt catalog. Invalid format version at line 3.

Line 3 in the catalog looks like this:
0.91 # catalog format version

What is wrong? My SPC version is B.01.01
0 Kudos
Reply
12 REPLIES 12
Alex Glennie
Honored Contributor

‎11-14-2002 02:13 AM

‎11-14-2002 02:13 AM

Re: Corrupt security catalog

I think you may have some form of corruption, try downloading the patch catalog again from :

ftp://ftp.itrc.hp.com/export/patches/

I've just tried and it works for me or post if you can, your copy of security_catalog ...what it's size ?


0 Kudos
Reply
Stefan Farrelly
Honored Contributor

‎11-14-2002 02:26 AM

‎11-14-2002 02:26 AM

Re: Corrupt security catalog

Ive just run SPC and it downloaded the latest catalog and worked fine. Size of the security_catalog was 1064202.
Im from Palmerston North, New Zealand, but somehow ended up in London...
0 Kudos
Reply
Anders Blomkvist
Advisor

‎11-14-2002 03:58 AM

‎11-14-2002 03:58 AM

Re: Corrupt security catalog

My size is 1064202 bytes, just like yours. I've tried to download this file numerous times using both binary and ascii transfer without success. I've downloaded the gzipped version as well as the unzipped one, I've downloaded it from a HP-UX system and from a Windows system and then transferred it to the HP-UX machine. No luck. I'm starting to think that Im missing some patch required for this tool to run.
0 Kudos
Reply
Anders Blomkvist
Advisor

‎11-14-2002 04:07 AM

‎11-14-2002 04:07 AM

Re: Corrupt security catalog

I do get the following warnings when running spc:
Use of uninitialized value in split at /opt/sec_mgmt/spc/bin/security_patch_check.pl line 482, chunk 1.
Use of uninitialized value in pattern match (m//) at /opt/sec_mgmt/spc/bin/security_patch_check.pl line 488, chunk 1.
Use of uninitialized value in numeric gt (>) at /opt/sec_mgmt/spc/bin/security_patch_check.pl line 488, chunk 1.
Use of uninitialized value in split at /opt/sec_mgmt/spc/bin/security_patch_check.pl line 493, chunk 1.
Use of uninitialized value in pattern match (m//) at /opt/sec_mgmt/spc/bin/security_patch_check.pl line 499, chunk 1.

Could this be related? I found a similar case in the SPC FAQ/releasenote and there it was patch related.
0 Kudos
Reply
Darrell Allen
Honored Contributor

‎11-14-2002 05:48 AM

‎11-14-2002 05:48 AM

Re: Corrupt security catalog

Have you tried running security_patch_check with the "-r" option so that it will do the retrieval itself?

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
0 Kudos
Reply
Alex Glennie
Honored Contributor

‎11-14-2002 06:09 AM

‎11-14-2002 06:09 AM

Re: Corrupt security catalog

Note the error relates to the file security_patch_check.pl , what size is yours mine = 59741 .... I'm pretty certain this is available on the ftp site to .... just a thought ......
0 Kudos
Reply
Stefan Farrelly
Honored Contributor

‎11-14-2002 06:15 AM

‎11-14-2002 06:15 AM

Re: Corrupt security catalog

I think SPC requires a certain version of perl. Were using 5.6.1.E - make sure in your path it is searching for this perl binary not another one as HP-UX often comes with perl (older version) in /usr/contrib/bin which is not the one you want (you want the one in /opt/perl/bin)
Im from Palmerston North, New Zealand, but somehow ended up in London...
0 Kudos
Reply
Anders Blomkvist
Advisor

‎11-14-2002 06:21 AM

‎11-14-2002 06:21 AM

Re: Corrupt security catalog

Yes I've tried to run it with the -r option but that doesn't work because of our firewall.
The size of the .pl file is correct - the same as yours and yes,
I have made sure that the perl version found is the latest (5.6.1). I will try to install SPC on another system to check how it behaves there.
0 Kudos
Reply
Keith Buck
Respected Contributor

‎11-14-2002 09:44 AM

‎11-14-2002 09:44 AM

Re: Corrupt security catalog

Anders,

Yes, those warnings are related to the problem. Some things to try to debug:

1. as you suggested, try running on a different machine. You can also try using the -h option to analyze this machine from the remote machine (if you get it running on the other one)

2. swlist | grep -i perl
to see exactly which version of Perl is installed. SPC should only require 5.00503, but it's only been tested with the official versions from software.hp.com.

3. line 479 of security_patch_check.pl reads
my $read_input = ;

insert another line right after that like so:

print "$read_input\n";

It appears that the data is not being properly read in from the catalog. If you can also post the first 4 lines of your catalog, that would be helpful.

4. In case you have multiple versions of perl, you can try

/opt/perl/bin/perl -wT /opt/sec_mgmt/spc/bin/security_patch_chec.pl

directly.

I have seen a problem somewhat similar to this, but it magically went away one day and we never found the cause. In that case, running once with -r and then again with -c seemed to workaround the problem.

Let us know how it goes. Thanks

-Keith
0 Kudos
Reply
Keith Buck
Respected Contributor

‎11-14-2002 09:50 AM

‎11-14-2002 09:50 AM

Re: Corrupt security catalog

Also, as far as your firewall is concerned, security patch check has a few ways to get through firewalls.

If you set

export PASSIVE_FTP=1

then it will get through most stateful firewalls that allow outgoing traffic.

If you have a web proxy, you can set

export ftp_proxy=http://myproxy.corp.com:8088

and possibly (untested, as I don't have access to such a firewall):

export ftp_proxy=http://username:password@myproxy.corp.com:8088

If none of these work, then how did you get the catalog on the PC? (separate network?)

-Keith
0 Kudos
Reply
Anders Blomkvist
Advisor

‎11-15-2002 01:11 AM

‎11-15-2002 01:11 AM

Re: Corrupt security catalog

Solved it. SPC does not like using the -c parameter to use a catalog in another directory than the current one. My original command was:
/opt/sec_mgmt/spc/bin/security_patch_check -c /var/opt/sec_mgmt/spc

This fails. When I copied the catalog from /var/opt/sec_mgmt/spc to /opt/sec_mgmt/spc/bin and ran the tool it worked. I then made a softlink from the catalog under /var/opt.. to /opt/sec_mgmt/spc/bin/security_catalog and this works as well.
0 Kudos
Reply
Keith Buck
Respected Contributor

‎11-15-2002 08:29 AM

‎11-15-2002 08:29 AM

Re: Corrupt security catalog

Ahh...now I see the problem. There are two minor bugs in Security Patch Check (thanks for finding them), but they're not what you think.

The -c option is meant to take the filename. If you specify a directory (like /var/opt/sec_mgmt/spc), you get the errors about a corrupt catalog. (the catalog is supposed to be a file...a directory looks like a corrupt catalog.)

So, Security Patch Check ought to:

1. Complain about an error before line 3.

2. check to make sure that the security catalog is a file before trying to read it.

Thanks! I'll go fix that...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.