HPE Community
Operating System - HP-UX
1833433 Members
3026 Online
110052 Solutions
New Discussion

Re: software assistant - I'm impressed!

 
Doug O'Leary
Honored Contributor

‎02-09-2009 01:40 PM

‎02-09-2009 01:40 PM

software assistant - I'm impressed!

Hey;

I have to say that I'm quite impressed with the software assistant. Using a couple of home grown scripts, I am able to run the security analysis and download patches for over 80 pa-risc and ia64 systems covering 11.11, 11.23, and 11.31. All of this takes less than 2 hours.

I dump the html reports to a specific directory on our web server so the client can examine them individually. I also download and process the patches into OS specific patch depots which can then be installed when downtime gets scheduled.

The source datafile is a simple listing of target host and os. For example:

host1 11.11
host2 11.23
host3 11.31

The run_swa script is very short. Minus comments, it is as follows:

PATH=/bin:/usr/bin:/sbin:/usr/sbin:/opt/swa/bin
ftp_proxy=http://ih.proxy.myco.com:8000
http_proxy=http://ih.proxy.myco.com:8000
https_proxy=http://ih.proxy.myco.com:8000
export PATH ftp_proxy http_proxy https_proxy

Report_dir=/opt/hpws/apache/htdocs/security
Hosts="${Report_dir}/hosts"
Anal_dir=/ignite/Patches/swa_analysis

grep -v ^# ${Hosts} | while read h o
do
echo "##############################################"
echo $h
echo "##############################################"
swa report -s ssh://root@${h} \
-x html_report=${Report_dir}/${h}_report.html \
-x analysis_file=${Anal_dir}/${h}_anal.xml \
-x ssh_options='-o batchmode=yes'
done

That script assumes ssh/public key authentication access to root. At some point, I'll consider using a null passphrased key locked down to the specific commands; however, looking at the ssh log, that might not be so easy.

As you can see, the reports are dumped into an html directory and the analysis files are dumped to another directory for use in the get_swa_patches script.

get_swa_patches is equally as short. Again, minus comments:

PATH=/bin:/usr/bin:/sbin:/usr/sbin:/opt/swa/bin
ftp_proxy=http://ih.proxy.myco.com:8000
http_proxy=http://ih.proxy.myco.com:8000
https_proxy=http://ih.proxy.myco.com:8000
export PATH ftp_proxy http_proxy https_proxy

Report_dir=/opt/hpws/apache/htdocs/security
Hosts="${Report_dir}/hosts"
Anal_dir=/ignite/Patches/swa_analysis
Dtstamp=$(date +"%y%m%d")

grep -v ^# ${Hosts} | while read h o
do
Depot=/ignite/Patches/${o}/${Dtstamp}_swa_patches
swa get -t ${Depot} -x analysis_file=${Anal_dir}/${h}_anal.xml \
-x allow_existing_depot=true -x swcache=/ignite/tmp
done

As I said, two hours tops to run a full patch/security analysis on over 80 systems. Now, of course, I've got more work than I can handle fixing all the issues, but that goes with the job.

Good job, HP; I'm impressed!

Doug O'Leary

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
0 Kudos
Reply
2 REPLIES 2
Bob E Campbell
Honored Contributor

‎02-11-2009 01:16 PM

‎02-11-2009 01:16 PM

Re: software assistant - I'm impressed!

Thanks for the kind words Doug! The team was very happy to read it. We chose a command line interface to enable scripting, and it sounds like a good call ;-)

Folks can find the latest version with our initial integration into HP SIM at https://www.hp.com/go/swa.
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎02-11-2009 05:31 PM

‎02-11-2009 05:31 PM

Re: software assistant - I'm impressed!

Hi Doug:

> Bob: We chose a command line interface to enable scripting

I would expect/hope so. After all, this _IS_ UNIX and textual interfaces make for tremedoous synergy as Doug has shown. If this were that "other" OS with its point-and-click mentality then I would expect otherwise.

Oh, and yes, the SWA product is indeed one fine product!

Regards!

...JRF...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.