HPE Community
Operating System - HP-UX
1833365 Members
3263 Online
110052 Solutions
New Discussion

security patch check question

 
kholikt
Super Advisor

‎03-30-2005 02:03 AM

‎03-30-2005 02:03 AM

security patch check question

I have installed and run security patch check tool. Some of the vulnerability required manual action like changing permission of file. I just wondering after I fix the permission if I re-run security patch check script again the same vulnerability will appear. Is there any way that I can notify security patch check tool this warning can be ignore or fixed.
abc
0 Kudos
Reply
4 REPLIES 4
Pete Randall
Outstanding Contributor

‎03-30-2005 02:18 AM

‎03-30-2005 02:18 AM

Re: security patch check question

If you've fixed the permissions, the tool should not complain about it anymore.


Pete

Pete
0 Kudos
Reply
Theodore Pardike
Advisor

‎03-31-2005 12:53 AM

‎03-31-2005 12:53 AM

Re: security patch check question

I have found that you need to make an entry in .spc_ignore for these types of warnings to be ignored in the future.

Ted
0 Kudos
Reply
Keith Buck
Respected Contributor

‎10-26-2005 05:24 AM

‎10-26-2005 05:24 AM

Re: security patch check question

Security Patch Check will warn about world-writeable directories in your search path because it may compromise the use of the tool. These can be eliminated by fixing the permissions of those directories.

Security Patch Check will also refer to bulletins with manual actions. For this, use of the .spc_ignore file is required, since Security Patch Check cannot automatically detect the fix (especially when run remotely)

-Keith
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎10-26-2005 07:21 AM

‎10-26-2005 07:21 AM

Re: security patch check question

AS mentioned, you need to create and edit a .spc_ignore file in your $HOME for root. Here is an example:

111r2 # very old Ignite issue
188r1 # Java 1.4.2.04 Java Web Start (1.0.1.01 or higher for HP-UX 11.x)
205r1 # TCP sequence numbers (implemented in nddconf)
231 # Visualize Conference (Xwindows) not applicable
239r1 # swacl for swinstall (allow/deny remote access to patch info)
150 # swacl -l host (removes remote probing of installed patches)
246r5 # sendmail.cf
253r8 # sendmail.cf
281r9 # sendmail.cf
304 # shar TMPDIR procedure + PHCO_30544
1047 # disable webadmin in /etc/rc.config.d
1099 # check downloads with MD5 checksums
280r1 # JSSE (not used)
235 # Remove old Java (n/a)
226 # Upgrade to latest (Java1.5)
1087 # Upgrade to latest (Java1.5)
267 # Remove old Java (n/a)
268 # Remove old Java (n/a)
295r2 # Remove old Java (n/a)
1044 # latest Java 1.5
187r1 # latest Java 1.5
1100 # Latest Java 1.5
1123 # Latest Apache suite (with Tomcat)
1137r1 # tcp/ip Remote Denial of Service / ip_pmtu_strategy=0
1138 # Radia mgmt (not used)

So the ID number is the first field and the rest are commants. Once I look at the manual actions required (and perform if necessary), I add the bulletin number to this file. From then on, the acknowledged warnings are then ignored and you can get a clean scan.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.