HPE Community
Operating System - HP-UX
1834794 Members
2958 Online
110070 Solutions
New Discussion

Re: Security Patch Check

 
Gavin Clarke
Trusted Contributor

‎03-06-2003 12:25 AM

‎03-06-2003 12:25 AM

Security Patch Check

Okay I'm running HPUX 10.20 on this particular machine, trying to install security_patch_check to make my life easier. I've got Perl version 5.005.

My problem is that when I do swinstall -s /mypathtodepot/B6834AA.depot swinstall comes back with:
Currently,there are no products on this source which are compatible with the target. Therefore, no products are shown.

Have I got the wrong depot?
Please give me a clue or two.
0 Kudos
Reply
12 REPLIES 12
Trond Haugen
Honored Contributor

‎03-06-2003 12:43 AM

‎03-06-2003 12:43 AM

Re: Security Patch Check

Works fine for me, but I have 11i. Try a swlist to see if that works. Also depots are tar files so 'tar tvf /mypathtodepot/B6834AA.depot' should list the files.

Regards,
Trond
Regards,
Trond Haugen
LinkedIn
0 Kudos
Reply
Robin Wakefield
Honored Contributor

‎03-06-2003 12:48 AM

‎03-06-2003 12:48 AM

Re: Security Patch Check

Hi,

I understand the security_patch_check is only for 11.x systems.

rgds, Robin
0 Kudos
Reply
Gavin Clarke
Trusted Contributor

‎03-06-2003 12:57 AM

‎03-06-2003 12:57 AM

Re: Security Patch Check

It's useful to know that depots are tar archives, i'm not completely sure how this helps me though?

Ah 11.x eh? Well I thought that may well be the case. I am rather living in the dark ages a bit.

So the best course of action is to upgrade then? Or is there another way?
0 Kudos
Reply
Trond Haugen
Honored Contributor

‎03-06-2003 01:06 AM

‎03-06-2003 01:06 AM

Re: Security Patch Check

Had your depot not downloaded fully tar would have told you. whereas swinstall might not.
I would reccomend updating as support for 10.20 is about to end.

Regards,
Trond
Regards,
Trond Haugen
LinkedIn
0 Kudos
Reply
Gavin Clarke
Trusted Contributor

‎03-06-2003 01:11 AM

‎03-06-2003 01:11 AM

Re: Security Patch Check

Thanks, the depot downloaded well I did a tar tvf to check it.

Upgrading, I'd really like to, at the moment my management don't like the idea of the change, especially as this machine is due to retire in October.
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎03-06-2003 03:04 AM

‎03-06-2003 03:04 AM

Re: Security Patch Check

Support for 10.20 ends in June 2003:
http://www.software.hp.com/RELEASES-MEDIA/history/slide2.html

If you're retiring the machine in October, that only leaves you 4 months to be un-supported. I'd take into consideration the amount of support calls you make and weigh that against the risks involved in upgrading. IMHO: don't upgrade, ride it out, it's not worth the effort for four months.

Pete

Pete
0 Kudos
Reply
Gavin Clarke
Trusted Contributor

‎03-06-2003 03:09 AM

‎03-06-2003 03:09 AM

Re: Security Patch Check

Well we don't tend to use the support centre for much on that machine so I guess we probably will carry on as we are. Thanks for your advice.

I just want to secure it a little better, this is probably because we had a security chap in recently. Perhaps I'm worrying unduly.
0 Kudos
Reply
Cheryl Griffin
Honored Contributor

‎03-06-2003 03:54 AM

‎03-06-2003 03:54 AM

Re: Security Patch Check

security_patch_check tool is supported on 11.00, 11.04, 11i, and future releases of 11i, only. It was not designed for 10.x.

The requirements are found on:
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6834AA
Cheryl
"Downtime is a Crime."
0 Kudos
Reply
Gavin Clarke
Trusted Contributor

‎03-06-2003 06:35 AM

‎03-06-2003 06:35 AM

Re: Security Patch Check

Thankyou, I also have 11.0 machines to look after so I will certainly be using it on those. What would you advise is the best way to make sure (as best I can) that my security patches are up to date on 10.20?
0 Kudos
Reply
Cheryl Griffin
Honored Contributor

‎03-06-2003 06:42 AM

‎03-06-2003 06:42 AM

Re: Security Patch Check

Gavin,
For 10.20 it would be a manual process of keeping up with the Security Bulletins and routinely checking the patch matrix.

Security Bulletins:
ITRC --> Maintenance & Support tab (at the left of screen) --> under Notifications --> Support Information Digests --> select the check box for Security Bulletins Digest. To see archived security digests, scroll to the bottom of the page and follow the link.

Please note that if you subscribe by hitting a checkbox, be sure to hit the UPDATE Subscriptions button at the bottom of the page.


Patch Matrix:
ftp://ftp.itrc.hp.com/export/patches/hp-ux_patch_matrix
Cheryl
"Downtime is a Crime."
0 Kudos
Reply
Cheryl Griffin
Honored Contributor

‎03-06-2003 06:45 AM

‎03-06-2003 06:45 AM

Re: Security Patch Check

And stay on top of issues in general. I use sites such as:
http://www.cert.org/advisories/
http://www.securityfocus.com/search

That way you know to expect a Security Bulletin might be or has been issued.
Cheryl
"Downtime is a Crime."
0 Kudos
Reply
Gavin Clarke
Trusted Contributor

‎03-06-2003 07:08 AM

‎03-06-2003 07:08 AM

Re: Security Patch Check

Thanks for the advice. I do get the security bulletins at the moment and I'm trying my best to keep up with them. I suppose the point is people who use and develop exploits don't stop so the bulletins have to keep up.

I'm a worrier anyway.

Thanks again.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.