Manualshelf

HP Insight Vulnerability and Patch Manager software 6.0 User Guide HP Part Number: 579547-001 Published: January 2010, First Edition

ManualsBrandsHP ManualsSoftwareHP Vulnerability and Patch Management Flexible Server License
18192021222324252627
Linux target systems
TCP/IP network protocol is enabled.
SSH is enabled and listening on the default port 22.
Vulnerability and Patch Manager includes PuTTY SSH client and uses the plink session command and
PSCP secure copy, as well as SFTP secure file transfer commands. Both protocols 1.5 and 2.0 are
supported if they are correctly installed and functioning on the target system. To determine which
protocol is running, telnet to port 22 on the target system, read the return banner, and then press Enter.
SSH-1.5—Only protocol 1.5 is supported.
SSH-1.9—Protocol 1.5 and 2.0 are supported. Protocol 1.5 is attempted first.
SSH-2.0—Only protocol 2.0 is supported, the newest and preferred session protocol.
Scan reports cannot be viewed
If scan reports cannot be viewed in .pdf format because Adobe Acrobat cannot be launched, perform the
following procedure:
1. From Internet Explorer, select ToolsInternet Options.
2. Click the Advanced tab, and then scroll to Security.
3. Clear the Do not save encr ypted pages to disk option, and then click OK.
4. For more information, see http://support.microsoft.com/
default.aspx?scid=kb;en-us;812935&Product=ie600.
A scan was submitted but never started
All target systems scanned by Vulnerability and Patch Manager must have an IP address that appears in the
Systems Insight Manager console. If a scan is requested for a target system with no IP address, the scan
does not run and an internal error is generated. Be sure that all target systems being scanned have IP
addresses that appear in the Systems Insight Manager console.
Scan results are inaccurate because of overlapping tasks
Do not schedule patch acquisition tasks to run while vulnerability scans are running. Patch acquisition tasks
cause vulnerability scans to abort.
When scheduling vulnerability scans and patches, be sure the two processes do not overlap. Allow adequate
time for a vulnerability scan to complete before starting a patch. If a patch deployment runs during a
vulnerability scan, the scan results might be inaccurate or the target systems might reboot during the scan.
Current patch information is not displayed in scan reports
Scan definition updates are available a few days after the release of patches. You might have a patch in
your patch repository that does not appear in your scan results. You can apply the patch without a scan.
The VPM Patch Agent does not apply patches that are not appropriate. With the new patch reports, you
can also use the Validate VPM Patch Agent operation to determine where patches are needed. This operation
applies to patches only. The VPM Patch Agent does not report on non patch security vulnerabilities.
Patches
Patches fail to download with a timeout error
This error can occur when the internet connection speed is low. To work around this issue, do the following:
1. Locate the settings.xml file under \Program Files\HP\Systems Insight
Manager\hpwebadmin\webapps\ROOT\mxportal\VPM\config\ folder.
2. Locate the line <parameter name="timeout" value="xxxxxxx"/>.
3. Increase the timeout value. The timeout value is set in milliseconds
4. Restart Systems Insight Manager service and restart the acquire update task.
Patches 21