1839263 Members
10294 Online
110137 Solutions
New Discussion

Re: Security patches

 
SOLVED
Go to solution
Joe Despres
Advisor

Security patches

This is a multi-part question. I need to setup a patch depot for 10.20, 11.00, and 11.11.

1. Can I set these patches up on a 11.11? And How?

2. Where can I get a master listing of the security patches for all three types.

3. How do I get myself on the mail list for the security patches?

Tanks......

Joe Despres
9 REPLIES 9
harry d brown jr
Honored Contributor

Re: Security patches

Joe,



1. Can I set these patches up on a 11.11? And How?

Yes, you can have an 11.11 system be a depot for 10.20, 11, and up. HOW? I'd start with the 11.11 documentation.

2. Where can I get a master listing of the security patches for all three types.

I'm not aware of such, but I'd be happy if someone has an answer.

3. How do I get myself on the mail list for the security patches?


Go to the maintenance and support
section and at the bottom is an area for notifications.


live free or die
harry
Live Free or Die
erics_1
Honored Contributor

Re: Security patches

Joe,

I'll try and answer your questions one at a time:

1. Can I set these patches up on a 11.11? And How?
->Take a look at TKB document ID KNC063099001 for information on this.

2. Where can I get a master listing of the security patches for all three types.
->From the ITRC, select;
Maintenance and Support
Support Information Digests
At the bottom of the page is a link for 'hp security bulletins archieve'

3. How do I get myself on the mail list for the security patches?
->On the same page, you can 'sign up' for patch notifications... including HPUX security bulletins. Check the boxes that you want notified with information on and hit the 'update subscriptions' button.

Hope this Helps!
Eric
John Diamant
Occasional Advisor

Re: Security patches

You might also want to take a look at
Security Patch Check, which can analyze
an HP-UX 11.0 or 11.11 system for missing
security patches, which you could use to help you construct a depot. Security Patch
Check can be found on Software Depot (http://software.hp.com). The specific URL is: http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6834AA
Anonymous
Not applicable

Re: Security patches

sec-patch-check (spc) requirements:
-HP-UX 11.0, 11.04, or 11iv1.0
-ftp access to the public Internet, either directly or through a proxy server.
-permission to execute Perl and swlist.

We run this once a week and email the output to our sysadmin group.

SPC checks for changes of security patches from ftp://ftp.itrc.hp.com/export/patches/security_catalog.sync

hth, Tom.
Gnananandhan
Frequent Advisor

Re: Security patches

MEDUSA is an software application, Which will help you in finding the security threats in your system. And you can fix them based on the severity level.

Regards,
Gnana A.
If there is a better way to do it, find it !
John Diamant
Occasional Advisor

Re: Security patches

Note that while Security Patch Check
requires the ability to run perl and to have
some kind of network access to obtain updated patch information, it needn't run on the system being analyzed, and downloading the patch information can be done through any means available to you outside of Security Patch Check. You simply point Security Patch Check at the file you downloaded independently (if the download methods Security Patch Check provides don't meet your needs). It's recommended that the patch information be downloaded as frequently as you run Security Patch Check, however, to make sure that the analysis is up to date.
Joe Despres
Advisor

Re: Security patches

The idea of processing a system then sending that info to get analyzed by patch_check is very interesting indeed. I will look into this....
.
.
Thanks all for the replies!. I still need to see a master listing for each version of the OS. But this is a great start!
jherring
Regular Advisor

Re: Security patches

The master list - I can't remember a place that lists all the security patches for each OS.

I do however know they have patch equivalency tables in the 'patch database' on the itrc here. So you can select patch database then patch equiv tables then choose
10.20 -> 11.00
10.20 -> 11.11
11.00 -> 11.11

It will list each patch in one OS and tell you the equivalent patch in the other OS. May not be exactly what you need but it is close.
Hope this helps
Jon
John Diamant
Occasional Advisor
Solution

Re: Security patches

> I still need to see a master listing for
> each version of the OS.

Look here: http://itrc.hp.com/cki/bin/doc.pl/screen=ckiSecurityBulletin/?docId=PATCHMATRIX

The list you're looking for is at the bottom. However, you should be aware that list contains the latest patch with each security fix, meaning that every time a patch with a security fix is superceded (even when it's superceded for non-security reasons), the patch in the matrix is replaced. That works well for getting systems initially up to date, but if you need to minimize patches you apply to production systems, Security Patch Check can analyze and report the minimum set of patches, whereas using the latest patch matrix will result in a larger set of patches than required to close the security holes addressed by patches.