- -x analysis_file=${user_dir}/cache/swa_analysis.xml
Usage: Basic
The file containing the raw
analysis results, including a list of software that should be downloaded
from Hewlett-Packard in order to address the issues found by the analysis.
Use this option to save the results from a specific analysis, and
later reuse those results in order to download the corresponding software
from HP. If you do not use the default location when the analysis
file is created (swa report creates this
file), be sure to specify that location when the analysis file is
later used (swa get uses this file).
Possible values include any absolute or relative path name with
appropriate permissions.
The use of ${user_dir} at the beginning of
this option value is substituted with the value of the user_dir option (which defaults to $HOME/.swa).
- -x analyzers=QPK SEC PCW
Usage: Basic
Specifies a space-separated
list (appropriately quoted for your shell if applicable) of analyzers
to be used. Each analyzer represents a different type of analysis
that swa can perform. The supported analyzers follow in two lists
(generic and specific).
- Generic analyzers:
- CRIT
patches that fix critical problems
- PCW
patches with critical warnings
- PW
patches with warnings (a superset of PCW)
- QPK
latest quality pack
- SEC
security bulletins that may apply
- Specific analyzers:
- CHAIN={patchID[,patchID]*}
include patch or recommended successor
- PATCH={patchID[,patchID]*}
include specific patch.
Note: Use of CHAIN is generally preferred.
Note: This option is equivalent to -a but is suitable for use within an extended options file
(-X) or configuration file.
- -x catalog_max_age=24
Usage: Intermediate
Specifies the age,
in hours, of the locally-cached copy of the HP software catalog before
a new local copy should be obtained. If the local file becomes too
old (based on the timestamp in the file), SWA tries to obtain a copy
of the catalog from the catalog_source location.
It is possible that the remote catalog is also too old (as determined
by the timestamp in the file). For example, suppose catalog_max_age=2 and catalog_source specifies a location that
gets updated daily from HP's website. In this case, the downloaded
catalog is used, but will be updated every time SWA checks the catalog's
age.
Note: There are two special values, 0 and -1. The value of 0 signifies to always update the file. The value of -1 signifies to never update the file, regardless of age.
- -x catalog=${user_dir}/cache/swa_catalog.xml
Usage: Intermediate
The file containing
a locally-cached copy of the catalog of available HP software and
published security bulletins.
Possible values include any absolute or relative path name with
appropriate permissions.
The use of ${user_dir} at the beginning of
this option value is substituted with the value of the user_dir option (which defaults to $HOME/.swa).
- -x catalog_source=https://ftp.itrc.hp.com/wpsl/bin/doc.pl/
screen=wpslDownloadPatch/swa_catalog.xml.gz?PatchName= /export/patches/swa_catalog.xml.gz
Usage:
Intermediate
A space-separated list of URLs (appropriately quoted for your
shell if applicable) that controls the remote location and service
to obtain the remote HP software catalog. The catalog contains a list
of all potential issues, relevant software product updates and patches
that address many issues, along with descriptions of manual actions
that address some issues. HP frequently updates this catalog as new
issues become known and as new actions are recommended.
The following format is used to specify URLs:
service://[user:password@]hostname.domainname:port
Where service is one of the following
methods for obtaining the remote catalog from HP:
- https
Secure/authenticated HTTP
- http
Unauthenticated HTTP
- ftp
Unauthenticated FTP
Note: The following are alternative, though
less-secure, unauthenticated paths to the standard HP catalog file:
http://ftp.itrc.hp.com/wpsl/bin/doc.pl/screen=wpslDownloadPatch/ swa_catalog.xml.gz?PatchName=/export/patches/swa_catalog.xml.gz
ftp://ftp.itrc.hp.com/export/patches/swa_catalog.xml.gz
- -x crl_check=true
Usage: Advanced
When set to true, SWA will require the Certificate Revocation List (CRL) to be updated
and checked for the trusted Certificate Authority (CA) certificate
being used to validate the remote server.
In the unlikely event that the private certificate of the server
pointed to by the catalog_source option is suspected
of being compromised, its certificate will be revoked, and added to
a list of revoked certificates by the CA. See the catalog_source option.
The CRL must be signed by the same certificate chain that signed
the host certificate being checked. Checking the CRL requires regular
downloads from the CA, which can lengthen the SWA run time. If you
do not wish to validate a revocation list, set this to false.
- -x crl_url=http://crl.verisign.com/RSASecureServer.crl
Usage: Advanced
The URL of the CRL. See
the crl_check option for more information. If you
are behind a proxy server, then you will need to configure the proxy
information for the protocol being used to download the CRL.
- -x download_cmd=
Usage: Intermediate
Specifies a command
that can download a URL from the Internet. The command is enclosed
in single quotes ('). This option is useful in cases where a system
does not have a direct connection to the Internet, but can execute
a command that can download a URL from the Internet (for example,
by using a gateway machine).
Using this option overrides many options which are used by the
internal SWA download functionality, including proxy and CRL configuration.
This command should take one option that is supplied by SWA
(the URL of a file to download), and outputs that file to its standard
output. If the actual command in your environment behaves differently,
it can be wrapped by a shell script in order to provide the interface
that SWA needs.
The command needs to support the protocol specified by the catalog_source option (default HTTPS) for catalog retrieval
and FTP for patch retrieval. See the catalog_source option.
Note: Externally used commands are not necessarily
supported by HP, but can give considerable flexibility for your environment.
For example, some external commands can authenticate using Windows NT®-based domain passwords to
a Microsoft® web proxy, which
is not directly supported by SWA.
The following command is an example:
swa report -x download_cmd='ssh user@system curl'
This command uses SSH (see ssh(1)) to run the curl command on a gateway system. The curl command
is an open source tool that ships with several Linux distributions. curl may be configured, either using a configuration file
on the gateway system or by command-line parameters specified as part
of the download_cmd option.
- -x ftp_proxy=${proxy}
Usage: Advanced
Proxy host and port (with
optional HTTP basic authentication username and password) for accessing
content using the FTP protocol. No proxy information is specified
by default.
The following format is used:
service://[user:password@]proxy-server:port
For example: ftp_proxy=http://web-proxy.mycompany.com:8088
The FTP protocol is used for patch download. Integrity of the
patches is checked using MD5 secure hashes in the catalog, for which
the HTTPS protocol is recommended. See the https_proxy option and the catalog_source option for details.
The use of ${proxy} for this option value
is substituted with the value of the proxy option
(which is not set by default).
- -x html_report=${user_dir}/report/swa_report.html
Usage: Basic
The file containing the HTML-formatted
report that is generated by the swa report command.
This is a single file with internal hyperlinks. The HTML report may
be printed to standard output using the stdout_report_type option.
The use of ${user_dir} at the beginning of
this option value is substituted with the value of the user_dir option (which defaults to $HOME/.swa).
- -x https_proxy=${proxy}
Usage: Advanced
Proxy host and port (with
optional HTTP basic authentication username and password) for accessing
content using the HTTPS protocol. No proxy information is specified
by default.
The following format is used:
service://[user:password@]proxy-server:port
For example: https_proxy=http://web-proxy.mycompany.com:8088
If username and password are specified as authentication credentials
to your proxy server, HTTP basic authentication is used, which is
a clear-text protocol, (that is, your password may be visible to others
on your network). Also, credentials specified on the command-line
are visible to other local users, and access to credentials stored
in extended option files are determined by their permissions. If your
proxy server requires another type of authentication, see the -x download_cmd option.
The use of ${proxy} for this option value
is substituted with the value of the proxy option
(which is not set by default).
- -x http_proxy=${proxy}
Usage: Advanced
Proxy host and port (with
optional HTTP basic authentication username and password) for accessing
content using the HTTP protocol. No proxy information is specified
by default.
The following format is used:
service://[user:password@]proxy-server:port
For example: http_proxy=http://web-proxy.mycompany.com:8088
The HTTP protocol is the default protocol used to download certificate
revocation lists. See the crl_url option for more
details.
The use of ${proxy} for this option value
is substituted with the value of the proxy option
(which is not set by default).
- -x ignore_file=${user_dir}/ignore
Usage: Basic
Files containing regular
expressions, indicating which issues to ignore. Each issue is matched
by a regular expression (see regexp(5)), and is ignored by the analysis.
That is, whether or not the host or depot being analyzed have the
identified issue, that issue will not appear on the report. In addition,
software will not be selected for download to address the issue. The
software may still be selected to address a different issue.
When a user first runs SWA, if this file does not exist, a template
file is created, which contains instructions on how to use this file.
Upon creation, if a ~/.spc_ignore file exists,
it is translated into the SWA format and appended to the template.
The use of ${user_dir} at the beginning of
this option value is substituted with the value of the user_dir option (which defaults to $HOME/.swa).
- -x inventory_max_age=24
Usage: Intermediate
Specifies the age,
in hours, of the cached copy of the inventory contents of a given
system. If the inventory becomes too old (based on the timestamp stored
in the file), SWA will inventory the host system/depot again.
Note: There are two special values, 0 and -1. The value of 0 signifies to always update the file. The value of -1 signifies to never update the file, regardless of age.
- -x inventory_source=localhost
Usage: Basic
Note: This
release supports only one system, depot (limited use cases), or inventory
file for analysis per invocation of SWA. This option is useful for
analyzing a remote system without installing SWA on that system.
Specify one of the following: a host system or depot to be inventoried,
analyzed, and reported on; or an existing inventory file to be analyzed
and reported on.
Specify source as a URL using one of the following formats:
- hostname
System specification, uses unauthenticated swlist protocol to gather the host inventory.
- [hostname:]full-path-to-depot
Depot specification, also uses swlist protocol (limited use cases).
- ssh://[user@]hostname[:full-path-to-depot]
SSH specification to system or depot, uses SSH to
contact host and local swlist of the system or
depot.
The inventory information is cached for later access
in a cache directory within the user_dir. Naming
of the inventory files is based on the hostname and path-to-depot
as specified (for example, using the fully qualified domain name of
a host will be cached separately from using the node name, even for
the same machine). Refresh of the cached inventory for each inventory_source is determined by the inventory_max_age option.
Note: This option is equivalent to -s but is suitable for use within an extended options file
(-X) or configuration file.
- [file://]full-path-to-inventory-file]
Inventory file specification, must be a local file.
If an argument is specified in such a way that it could be interpreted
as either a system name or a file name, it will be assumed to be a
system name. For example, if foo is the argument,
then it will be interpreted as a system named foo. Alternatively, if ./foo is the argument, then
it will be interpreted as an inventory file named foo residing in the current directory.
If an inventory file name is not specified, the inventory information
is cached for later access in a cache directory within the user_dir. Naming of these cached inventory files is based
on the hostname and path-to-depot as specified (e.g. using the fully
qualified domain name of a host will be cached separately from using
the node name, even for the same machine). Refresh of the cached inventory
for each inventory_source is determined
by the inventory_max_age option.
The following option specifications are examples:
System specification:
-x inventory_source=ssh://user@host.example.com
Depot specification:
-x inventory_source=ssh://host.example.com/var/spool/sw
Inventory file specification:
-x inventory_source=file:///home/user/local_inventory.xml
Note: This option is equivalent to -s but is suitable for use within an extended options file
(-X) or configuration file.
- -x logfile=/var/opt/swa/swa.log
Usage: Basic
This is the path to the log
file for this command. Each time SWA is run, this file will grow larger.
This can be changed, for example, to a month-specific location for
easier archiving, off-host backup, and rotation.
- -x log_verbosity=4
Usage: Basic
Specifies the level of message
verbosity in the log file (See also -x verbosity). Legal values are:
- 0
Only ERROR messages and the starting and ending BANNER
messages.
- 1
Adds WARNING messages.
- 2
Adds NOTE messages.
- 3
Adds INFO messages (informational messages preceded
by the '*' character).
- 4
Adds verbose INFO messages; this is the default.
- 5
Adds very verbose INFO messages.
- -x proxy=
Usage: Basic
Proxy host and port (with
optional HTTP basic authentication username and password) for accessing
content using the relevant protocol. No proxy information is specified
by default.
The following format is used:
service://[user:password@]proxy-server:port
For example: proxy=http://web-proxy.mycompany.com:8088
If username and password are specified as authentication credentials
to your proxy server, HTTP basic authentication is used, which is
a clear-text protocol, (that is, your password may be visible to others
on your network). Also, credentials specified on the command-line
are visible to other local users, and access to credentials stored
in extended option files are determined by their permissions. If your
proxy server requires another type of authentication, see the -x download_cmd option. This option is used as the default
for the other proxy settings.
The HTTPS protocol is used for catalog download, the HTTP protocol
is used to download the CRL, and the FTP protocol is used for patch
download. The proxy= option controls the default
for all three proxies. See the https_proxy option,
the http_proxy option, and the ftp_proxy option for more details.
- -x report_when_no_issues=true
Usage: Intermediate
Controls whether SWA
will produce a report to standard output when there are no issues
and/or actions. This is useful, for example, in a cron job where you
want email sent to you only if there is an issue found.
- true
A standard output report is always produced.
- false
A standard output report is only produced if there
are issues and/or actions.
Hint: To check for error status, use the exit code of the command
and check the logfile for details.
- -x ssh_options=
Usage: Intermediate
Options to be passed
to ssh. Multiple options may, be included as a space-delimited list.
For example, if you are using SWA in a cronjob, you may want to specify '-o BatchMode=yes' to return immediately upon failure,
rather than prompting for a password.
See ssh_config(5) for additional options.
- -x stdout_report_type=action
Usage: Basic
Type of report to display
on standard output. This is useful for controlling what type of output
you would like to see. Legal values are:
- action
Summary of recommended actions
- issue
Summary of identified issues
- detail
Recommended actions with issue justification
- html
Comprehensive HTML report
- none
No report
- -x user_dir=~/.swa
Usage: Basic
The directory where SWA stores
catalog, inventory, analysis, ignore, and report files. The default
location is a subdirectory (.swa) of the user's
home directory. This can be changed, for example, to allow archival
of previous interim artifacts in a date-specific directory or off-host.
Several other options default to a directory relative to this directory,
so changing this option allows all of those locations to stay in synch
relative to a common root.
- -x verbosity=3
Usage: Basic
Specifies the level of standard
error verboseness:
- 0
Only ERROR messages and the starting and ending BANNER
messages.
- 1
Adds WARNING messages.
- 2
Adds NOTE messages.
- 3
Adds INFO messages (informational messages preceded
by the '*' character); this is the default.
- 4
Adds verbose INFO messages.
- 5
Adds very verbose INFO messages.
Note: The -v option is
equivalent to increasing verbosity by 1 (for example, from 3 to 4)
and the -q option is equivalent to decreasing verbosity
by 1. The -v and -q options
can be used more than once.
Printable version
