HPE Community
Operating System - HP-UX
1833871 Members
1746 Online
110063 Solutions
New Discussion

patch management

 
SOLVED
Go to solution
L. Younes
Occasional Advisor

‎12-23-2002 07:28 AM

‎12-23-2002 07:28 AM

patch management

Hi everyone;
I saw in a lot of threads here advice on keeping patches up to date; so how do you exactly do that ?

How do you determine what patches apply to your system ?

or do you just download a depot containing all latest and select the option match target.
And in this case Where do you get such a depot ?

Is it necessary to register the maintenance contract of the server on the itrc web site to get valuable info on patches ?

Any Hints for Good practises and management regarding patching an HPUX system ?

For info
we have 11.00 and 11.11 HPUX OSes.

Thanks A lot !
0 Kudos
Reply
3 REPLIES 3
John Poff
Honored Contributor

‎12-23-2002 07:35 AM

‎12-23-2002 07:35 AM

Solution

Re: patch management

Hi,

I think you have all the right ideas. The general patch bundles are a good way to go and seem to be a pretty standard practice out here. You can download them from here:

http://www.software.hp.com/SUPPORT_PLUS/

Also, as you mentioned, you can register your system on the ITRC and get the info on patches as well. Be sure to sign up for the weekly e-mail notification on new patches. I read those every week and I've seen several patches come out for problems that I've been scratching my head over.

Our practice is to patch test and development systems first, wait a month or so to make sure that there are no major problems, and then to patch the production servers with the same patch bundles. We have had great success with that method.

JP
Reply
Martin Johnson
Honored Contributor

‎12-23-2002 07:38 AM

‎12-23-2002 07:38 AM

Re: patch management

I use the Custom Patch Manager from the ITRC. You run a script which collects data about your system. You ftp the resulting file to the ITRC for analysis. The analysis displays the recommended patches which you can then download to your system.

The patches are graded:

1 star - new patch, relatively untested
2 stars - tested patch
3 stars - older patch, tested and widely used

The CPM will also flag problem patches (HP no longer recalls patches, just labels them as problem patches).

HTH
Marty
Reply
Steven E. Protter
Exalted Contributor

‎12-23-2002 08:14 AM

‎12-23-2002 08:14 AM

Re: patch management

Support plus is a great place to start. If you use omniback you may need to get those separeately.

security_patch_check is a good tool for keeping you up to date on security patches. You generally don't want to wait for security patches to be put into bundles, you want them in fast.

At itrc the patch function helps you identify and download patches you need beyond what comes quarterly.

There is a function which I don't understand but have heard referred to in larger shops. People with certain kind of support contracts have patch analysis done regularly by HP which helps them understand what patches they need.

You also want to check the state of previously installed patches.

check_patches may be part of 11.11 or may be an add in. It verfies the state of every installed patches and lets you know if there are errors.

Good luck. Tools mentioned above are available at http://software.hp.com
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.