Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX Software Assistant Administration Guide: HP-UX 11i Systems > Appendix C SWA Manpages

swa(1M)
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

NAME

swa — HP-UX Software Assistant

SYNOPSIS

swa [[-x] -?]

swa report [-a analyzer] [-r stdout_report_type] [-s inventory_source] [-q [q[q]]] [-v[v]] [[-option] -?] [-x option=[value|-?]] [-X option_file]

swa get [-p] -t target_depot [-q [q[q]]] [-v[v]] [[-option] -?] [-x option=[value|-?]] [-X option_file]

swa step {inventory|catalog|analyze |report|download |depot} [step_options] [-q [q[q]]] [-v[v]] [[-option] -?] [-x option=[value|-?]] [-X option_file]

swa clean {swcache|usercache |all} [-p] [-q [q[q]]] [-v[v]] [[-option] -?] [-x option=[value|-?]] [-X option_file]

DESCRIPTION

HP-UX Software Assistant (SWA) can analyze a system (and some types of depots) for patch warnings, critical defects, security bulletins, missing Quality Pack patch bundle, and user-specified patches and patch chains. SWA uses an HP-supplied catalog file to analyze a system and generate reports. From this analysis, swa get can download patches and build a Software Distributor (SD-UX) depot which will fix many of the issues in the report. SWA also recommends additional actions in the report which you need to take care of manually. SWA combines most of the abilities of Security Patch Check (SPC) and all of the abilities of the HP IT Resource Center (ITRC) Patch Assessment Tool into a single solution that runs locally on HP-UX systems. SWA can analyze software installed on HP-UX systems or present within (some types of) depots. SWA is divided into two bundles, SwAssistant (which contains security_patch_check and swa), and SwMgmtMin. The SwAssistant bundle must be installed to get full functionality, whereas the SwMgmtMin bundle only allows you to inventory systems and remove files created by SWA. The contents of the SwAssistant bundle has a dependency on Java™, Perl, and the contents of the SwMgmtMin bundle.

After SWA analyzes which issues are relevant to the software on the system or in the depot, it determines the recommended resolution for each issue by providing text and HTML reports. The "action" and "issue" reports are available in text format (printed to standard output). The "detail" report is available in HTML and text formats. See swa-report(1M) for more details about this functionality.

The reports include recommendations that may or may not involve patching. When the recommended solution includes patches, SWA can download them and construct a depot which may be used as an installation source. See swa-get(1M) for more details about this functionality.

Advanced users can also control the individual steps performed by swa report (inventory, catalog, analyze, and report) and swa get (download and depot). See swa-step(1M) for more details about this functionality.

As you use SWA to report on systems and download software, objects will be cached on your disk for later use.

To recapture disk space used by objects that SWA cached, see swa-clean(1M).

Options

swa recognizes the following option:

[-x] -?

Display usage information. If the -x option is specified, then display usage and list all swa extended options for all major modes.

The swa command has four major modes of operation which are listed in order of typical usage and described in individual manpages:

report

Generate reports on issues and recommended actions. See swa-report(1M). A given system or depot is inventoried and analyzed against a catalog of HP software and known security issues, and a report is generated.

get

Download software and create a depot. See swa-get(1M). Software identified by swa report is downloaded from HP, and added to a depot. Depending upon options, either a new depot is created, or an existing depot is added to.

step

Perform an individual step of the swa report or swa get command, both of which are actually composed of multiple steps (advanced usage). See swa-step(1M).

clean

Remove software and files cached by SWA. See swa-clean(1M).

Security Considerations

The analysis that swa performs relies on the integrity of the inventory to determine the appropriate patches to install on the system. It is important that all protocols used to transmit the inventory data are integrity protected and that the host used to generate the inventory data is accurately represented. For example, use of swlist for gathering an inventory of a remote system uses a clear-text, unauthenticated protocol that does not protect the integrity of the data. Using Secure Shell to gather an inventory of a remote system uses an integrity protected (and encrypted) protocol. Even when using Secure Shell, the analysis still relies on the source of the data (the remote host) to accurately represent the software contents installed on that system.

Software download (swa get or swa step download) relies on the integrity of the analysis file to ensure the integrity of patches before unpacking them. The analysis file gets MD5 checksum information directly from the catalog. Therefore it is important that all transmissions of the catalog and/or analysis file are integrity protected and that file permissions do not allow unnecessary modification.

Depot creation (swa get or swa step depot) relies on the integrity of the patches within the swcache directory. Therefore, after unpacking the patches, it is important that all subsequent transmissions of the patches are integrity protected and that file permissions do not allow unauthorized modification. Deploying software using Software Distributor (using the swinstall command) has security properties that are documented in the Software Distributor Administration Guide.

RETURN VALUE

swa returns the following values:

0

Success completion

1

Error

2

Warning

EXAMPLES

To display swa usage information:

swa -?

To display usage and list all swa extended options for all major modes:

swa -x -?

To inventory the local system, analyze it against an HP-supplied catalog (of known software and issues) for newer Quality Pack patch bundles, security issues, and critical patch warnings, and then generate a default standard output "action" report:

swa report

To create a report for security issues (SEC) for a remote system inventory gathered with Secure Shell, and running ssh in batchmode to avoid being prompted for user input:

swa report -a SEC -s ssh://user@remotesystem \ -x ssh_options='-o batchmode=yes'

To create a detailed report for remotesystem, limited in scope to Quality Pack patch bundle analysis (QPK) and patches with critical warnings (PCW). This example uses the swlist networking protocol, which is not integrity protected:

swa report -a QPK -a PCW -s remotesystem -r detail

To do the same task as the previous example, using the extended option equivalents (which can be specified on the command line, in a user or system configuration file, or in an extended options file):

swa report -x analyzers='QPK PCW' -x inventory_source=remotesystem \ -x stdout_report_type=detail

To generate a report and place the analysis results in the ~/firstanalysis.xml file (for later use by swa get):

swa report -x analysis_file=~/firstanalysis.xml

To generate a report, updating the catalog of HP software if it is more than 48 hours old:

swa report -x catalog_max_age=48

To generate a report using a specified catalog of HP software without updating that catalog:

swa report -x catalog=~/mycatalog.xml -x catalog_max_age=-1

To generate a report always updating the catalog of HP software:

swa report -x catalog_max_age=0

To get patches from HP that are recommended in the default analysis file (that is, from the previous swa report command) and place the results into the new depot, mydepot:

swa get -t mydepot

To add newly recommended patches into the existing depot, mydepot, only downloading patches from HP that are neither in mydepot nor previously downloaded:

swa get -t mydepot -x allow_existing_depot=true

To preview which patches need to be downloaded from HP and added to an existing depot without actually doing the work, and with increased verbosity:

swa get -p -v -t mydepot -x allow_existing_depot=true

To remove all cached inventory, catalog, and analysis information in the default location:

swa clean usercache

To remove all cached downloaded software in the default location:

swa clean swcache

To preview the removal of all cached downloaded software in the default location:

swa clean swcache -p

To remove all cached inventory, catalog, analysis, and downloaded software in specified locations:

swa clean all -x user_dir=~/myusercache -x swcache=/my/cache

AUTHOR

swa was developed by HP.

FILES

/etc/opt/swa/swa.conf

System-wide Software Assistant configuration file.

/etc/opt/swa/swa.conf.template

Template file that documents each -x option.

$HOME/.swa.conf

Per-user Software Assistant configuration file.

/var/opt/swa/swa.log

Default log file location for root users. For users without write permissions to the default log location, a swa.log file is created under the directory specified by the user_dir extended option.

download.contents

Lists all files downloaded from HP stored within the swcache, a directory specified by the swcache extended option.

readBeforeInstall.txt

Lists special installation instructions and other dependencies for the patches in the depot. Located in the root directory of the target depot.

ignore

Lists issue IDs to be ignored (for example, they are completed or not applicable). Supports comments and regular expressions. See regexp(5).

SEE ALSO

swa-clean(1M), swa-get(1M), swa-report(1M), swa-step(1M).

HP-UX Software Assistant System Administration Guide and HP-UX Software Assistant Release Notes at http://docs.hp.com.



Appendix C SWA Manpages
  		 


swa-clean  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2007–2008 Hewlett-Packard Development Company, L.P.