Manualshelf

HP-UX Software Assistant Administration Guide (5900-3003, March 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Software Assistant (SWA) Software
21222324252627282930
5 Networking options
Using SWA in secure network environments
SWA is able to adapt to a secure network environment where one or more of the default protocols
SWA uses are blocked. When customizing SWA for your environment, you must keep security
concerns in mind.
When SWA runs an analysis of a system, it relies on the integrity of the catalog file and the
inventory file. The integrity of the catalog file and the analysis file controls the security properties
of SWA. Depot creation relies on the integrity of the patches within the swcache directory.
The validity of the catalog file is of primary importance, since it contains all the data for identifying
issues, recommending solutions, and downloading and verifying content.
Because the integrity of SWA files must be maintained, use either a secure shell (ssh) connection
or media when accessing a remote system for the inventory, catalog, analysis, and swcache files.
Using proxy servers with Software Assistant
The basic way to specify a proxy host and port is with the extended option proxy. You can
optionally specify a basic HTTP authentication user name and password pair. You can use the
proxy extended option with the commands swa get, swa report, swa step catalog, and
swa step download. By default, no proxy information is specified. For more information, see
the SWA manpages.
There are protocol-specific extended options (ftp_proxy, https_proxy, and http_proxy)
and environment variables (ftp_proxy, https_proxy, and http_proxy). You cannot use the
general proxy extended option, such as proxy=http://web-proxy.mycompany.com:8088,
as an environment variable.
For information on the various ways to set SWA extended options, see “Extended options
(page 7).
For information on SWA errors related to proxies, see Appendix B (page 45).
Using the download_cmd extended option
The download_cmd extended option can be used to override the default SWA download
commands to download the catalog and patch files. The download_cmd option allows you to
use commands that are not part of the SWA product, as well as a pipeline or user script to allow
download through a third remote system.
The command specified with this option must:
1. Take one argument supplied by SWA: the URL of the file content to download.
2. Output the retrieved file content to standard output.
The download command extended option will always be run with elevated privileges.
External programs like wget, curl, and Perl's GET can be used to pass the contents of a URL to
standard output. These commands may provide support for different types of proxies or can be
used with ssh to work with a gateway server. The GET command provides basic functionality.
The wget and curl commands provide extended functionality and are provided with HP-UX 11i
Internet Express (see www.hp.com/go/internetexpress).
NOTE: The Perl GET utility is not recommended for downloading large objects such as patch
bundles.
Using SWA in secure network environments 23