|
|
United States-English | |
|
|
 |
|
HP-UX Software Assistant Administration Guide: HP-UX 11i Systems > Chapter 5 Networking Options
Using SWA in Secure Network Environments |
|
|
SWA is able to adapt to a secure network environment where one or more of the default protocols SWA uses are blocked. When customizing SWA for your environment, you must keep security concerns in mind. When SWA runs an analysis of a system, it relies on the integrity of the catalog file and the inventory file. The integrity of the catalog file and the analysis file controls the security properties of SWA. Depot creation relies on the integrity of the patches within the swcache directory. The validity of the catalog file is of primary importance, since it contains all the data for identifying issues, recommending solutions, and downloading and verifying content. Because the integrity of SWA files must be maintained, use either a secure shell (ssh) connection or media when accessing a remote system for the inventory, catalog, analysis, and swcache files. The basic way to specify a proxy host and port is with the extended option proxy. You can optionally specify a basic HTTP authentication user name and password pair. You can use the proxy extended option with the commands swa get, swa report, swa step catalog, and swa step download. By default, no proxy information is specified. For more information, see the SWA manpages. There are protocol-specific extended options (ftp_proxy, https_proxy, and http_proxy) and environment variables (ftp_proxy, https_proxy, and http_proxy). You cannot use the general proxy extended option, such as proxy=http://web-proxy.mycompany.com:8088, as an environment variable. For information on the various ways to set SWA extended options, see “Extended Options”. For information on SWA errors related to proxies, see Appendix B. The download_cmd extended option can be used to override the default SWA download commands, and therefore the protocols SWA uses to download the catalog and patch files. The command specified with this option must:
Programs like wget, curl, and Perl's GET can be used to pass the contents of a URL to standard output. These commands may provide support for different types of proxies or can be used with ssh to work with a gateway server. The GET command provides basic functionality. The wget and curl commands provide extended functionality and are provided with HP-UX 11i Internet Express (see www.hp.com/go/internetexpress). All three of these commands are available for operating systems other than HP-UX, such as Linux and Windows. Example: Use SWA With a GatewayIf you would like to use SWA without direct internet access, you can use the download_cmd extended option and a gateway server to access the catalog and patch files. This gateway can be a non-HP-UX system that has any of the aforementioned commands functional on it. The /opt/perl/bin/GET command satisfies the download_cmd extended option requirements listed above. The following procedure is to be run on the system to be analyzed.
For more information on download_cmd, see swa-get(1M), swa-report(1M), and swa-step(1M). If you must run SWA on a system that does not have Internet access, you can obtain the catalog and patches using a system connected to the Internet, and then transfer the downloaded files to the protected system using media or ssh. Required patches will have to be manually requested and downloaded from the ITRC at http://itrc.hp.com. You can run SWA without any network access whatsoever by using media to transfer the files from the system connected to the Internet. You can also print the system's Action report and carry it to a system with Internet access when downloading patches. Example: Using SWA Without Internet Access
For more information, see the Security Considerations section of swa(1M). |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 Printable version |
|
|
|
|
|
|||||||||||||||
|
|||||||||||||||
