- -x analysis_file=${user_dir}/cache/swa_analysis.xml
Usage: Basic
The file containing the raw analysis results, including a
list of software that should be downloaded from
Hewlett-Packard in order to address
the issues found by the analysis.
Use this option to save the results from a specific analysis,
and later reuse those results in order to download the corresponding
software from HP.
If you do not use the default location when the
analysis file is created
(swa report
creates this file), be sure to specify
that location when the analysis file is later used
(swa get
uses this file).
Possible values include any absolute or
relative pathname with appropriate permissions.
The use of
${user_dir}
at the beginning of this option value is substituted with the
value of the
user_dir
option (which defaults to
$HOME/.swa).
- -x analyzers=QPK SEC PCW
Usage: Basic
Specifies a space-separated list (appropriately quoted for your shell if applicable) of analyzers to
be used.
Each analyzer represents a different
type of analysis that swa can perform.
The supported analyzers follow in two lists (generic and specific).
- Generic analyzers:
- CRIT
patches that fix critical problems
- PCW
patches with critical warnings
- PW
patches with warnings (a superset of
PCW)
- QPK
latest quality pack
- SEC
security bulletins that may apply
- Specific analyzers:
- CHAIN={patchID[,patchID]*}
include patch or recommended successor
- PATCH={patchID[,patchID]*}
include specific patch.
Note:
Use of
CHAIN
is generally preferred.
Note:
This option is equivalent to
-a
but is suitable for use within an extended options file
(-X)
or configuration file.
- -x catalog_max_age=24
Usage: Intermediate
Specifies the age, in hours, of the
locally-cached copy of the HP software catalog
before a new local copy should be obtained.
If the local file becomes too old (based on the timestamp
in the file), SWA tries to obtain a copy of the catalog from the
catalog_source
location.
It is possible that the remote catalog is also too old (as determined by
the timestamp in the file).
For example, suppose
catalog_max_age=2
and
catalog_source
specifies a location that gets updated daily from HP's website.
In this case, the downloaded catalog is used,
but will be updated every time SWA checks the catalog's
age.
Note:
There are two special values,
0
and
-1.
The value of
0
signifies to always update the file.
The value of
-1
signifies to never update the file, regardless of age.
- -x catalog=${user_dir}/cache/swa_catalog.xml
Usage: Intermediate
The file containing a locally-cached copy
of the catalog of available HP software and
published security bulletins.
Possible values include any absolute or
relative pathname with appropriate permissions.
The use of
${user_dir}
at the beginning of this option value is substituted with the
value of the
user_dir
option (which defaults to
$HOME/.swa).
- -x catalog_source=https://ftp.itrc.hp.com/wpsl/bin/doc.pl/
screen=wpslDownloadPatch/swa_catalog.xml.gz?PatchName=
/export/patches/swa_catalog.xml.gz
Usage: Intermediate
A space-separated list of URLs (appropriately quoted for your shell if applicable) that controls
the remote location and service to obtain the remote HP software catalog.
The catalog contains a list of all potential issues, relevant
software product updates and patches that
address many issues, along with descriptions
of manual actions that address some issues.
HP frequently updates this catalog as new
issues become known and as new actions are recommended.
The following format is used to specify URLs:
service://[user:password@]hostname.domainname:port
Where
service
is one of the following methods for obtaining the remote catalog
from HP:
- https
Secure/authenticated HTTP
- http
Unauthenticated HTTP
- ftp
Unauthenticated FTP
Note:
The following are alternative, though
less-secure, unauthenticated paths to the standard HP
catalog file:
http://ftp.itrc.hp.com/wpsl/bin/doc.pl/screen=wpslDownloadPatch/
swa_catalog.xml.gz?PatchName=/export/patches/swa_catalog.xml.gz
ftp://ftp.itrc.hp.com/export/patches/swa_catalog.xml.gz
- -x crl_check=true
Usage: Advanced
When set to
true,
SWA will require the
Certificate Revocation List (CRL) to be updated and
checked for the trusted Certificate
Authority (CA) certificate being used to validate
the remote server.
In the unlikely event that the private certificate of the server pointed to by the
catalog_source
option is suspected of being compromised, its certificate
will be revoked, and added to a list of revoked certificates by the CA.
See the
catalog_source
option.
The CRL must be signed by the same certificate chain that signed the host
certificate being checked.
Checking the CRL requires regular downloads from the CA, which
can lengthen the SWA run time.
If you do not wish to validate a revocation list, set this to
false.
- -x crl_url=http://crl.verisign.com/RSASecureServer.crl
Usage: Advanced
The URL of the CRL.
See the
crl_check
option for more information.
If you are behind a proxy server, then you will need to configure the
proxy information for the protocol being used to download the CRL.
- -x download_cmd=
Usage: Intermediate
Specifies a command that can download a URL from the Internet.
The command is enclosed in single quotes (').
This option is useful in cases where a
system does not have a direct connection to the
Internet, but can execute a command that can download
a URL from the Internet (for example, by using a gateway machine).
Using this option overrides many options which are used by
the internal SWA download functionality, including
proxy and CRL configuration.
This command should take one option that is supplied
by SWA (the URL of a file to download), and outputs
that file to its standard output.
If the actual command in
your environment behaves differently, it can be
wrapped by a shell script in order to provide the
interface that SWA needs.
The command needs to support the protocol specified by the
catalog_source
option
(default HTTPS) for catalog retrieval and FTP for patch retrieval.
See the
catalog_source
option.
Note:
Externally used commands are not necessarily supported by HP,
but can give considerable flexibility for your environment.
For example,
some external commands can authenticate using
Windows NT®-based
domain passwords to a
Microsoft®
web proxy, which is not directly supported by SWA.
The following command is an example:
swa report -x download_cmd='ssh user@system curl'
This command uses SSH
(see
ssh(1))
to run the
curl
command on a gateway system.
The
curl
command is an open source
tool that ships with several Linux distributions.
curl
may be configured, either using
a configuration file on the gateway system or by command-line
parameters specified as part of the
download_cmd
option.
- -x ftp_proxy=${proxy}
Usage: Advanced
Proxy host and port (with optional HTTP
basic authentication username and password) for accessing content
using the FTP protocol.
No proxy information is specified by default.
The following format is used:
service://[user:password@]proxy-server:port
For example:
ftp_proxy=http://web-proxy.mycompany.com:8088
The FTP protocol is used for patch download.
Integrity of the patches
is checked using MD5 secure hashes in the catalog,
for which the HTTPS protocol is recommended.
See the
https_proxy
option and the
catalog_source
option for details.
The use of
${proxy}
for this option value is substituted with the value of the
proxy
option (which is not set by default).
- -x html_report=${user_dir}/report/swa_report.html
Usage: Basic
The file containing the HTML-formatted report
that is generated by the
swa report
command.
This is a single file with internal hyperlinks.
The HTML report may be printed to standard output using the
stdout_report_type
option.
The use of
${user_dir}
at the beginning of this option value is substituted with the
value of the
user_dir
option (which defaults to
$HOME/.swa).
- -x https_proxy=${proxy}
Usage: Advanced
Proxy host and port (with optional HTTP
basic authentication username and password) for accessing content
using the HTTPS protocol.
No proxy information is specified by default.
The following format is used:
service://[user:password@]proxy-server:port
For example:
https_proxy=http://web-proxy.mycompany.com:8088
If username and password are specified
as authentication credentials to your proxy server, HTTP basic authentication is used,
which is a clear-text protocol, (that is, your password may be visible to
others on your network).
Also, credentials specified on the command-line
are visible to other local users, and access to credentials stored in extended option
files are determined by their permissions.
If your proxy server requires another
type of authentication, see the
-x download_cmd
option.
The use of
${proxy}
for this option value is substituted with the value of the
proxy
option (which is not set by default).
- -x http_proxy=${proxy}
Usage: Advanced
Proxy host and port (with optional HTTP
basic authentication username and password) for accessing content
using the HTTP protocol.
No proxy information is specified by default.
The following format is used:
service://[user:password@]proxy-server:port
For example:
http_proxy=http://web-proxy.mycompany.com:8088
The HTTP protocol is the default protocol used to download certificate
revocation lists.
See the
crl_url
option for more details.
The use of
${proxy}
for this option value is substituted with the value of the
proxy
option (which is not set by default).
- -x ignore_file=${user_dir}/ignore
Usage: Basic
Files containing regular expressions,
indicating which issues to ignore.
Each issue is matched by a regular expression (see
regexp(5)),
and is ignored by the analysis.
That is, whether or not the host or depot being analyzed
have the identified issue, that issue will not appear on the report.
In addition, software will not be selected for download to address the issue.
The software may still be selected to address a different issue.
When a user first runs SWA, if this file does not exist,
a template file is created,
which contains instructions on how to use this file.
Upon creation, if a
~/.spc_ignore
file exists, it is translated into the SWA format and
appended to the template.
The use of
${user_dir}
at the beginning of this option value is substituted with the
value of the
user_dir
option (which defaults to
$HOME/.swa).
- -x inventory_max_age=24
Usage: Intermediate
Specifies the age, in hours, of the
cached copy of the inventory contents of a given system.
If the inventory becomes too old (based
on the timestamp stored in the file), SWA will inventory
the host system/depot again.
Note:
There are two special values,
0
and
-1.
The value of
0
signifies to always update the file.
The value of
-1
signifies to never update the file, regardless of age.
- -x inventory_source=localhost
Usage: Basic
Note:
This release
supports only one system or depot (limited use cases) for analysis per invocation of SWA.
This option is useful for analyzing a remote system without installing
SWA on that system.
Specify one host system or depot to be inventoried, analyzed, and reported on.
Specify host system and/or depot as a URL using one of the following formats:
- hostname
system specification, uses unauthenticated swlist protocol to gather the host inventory
- [hostname:]path-to-depot
depot specification, also uses swlist protocol (limited use cases)
- ssh://[user@]hostname[:path-to-depot]
ssh specification to system or depot,
uses ssh to contact host and local swlist of the system or depot.
The inventory information is cached for later access in a cache directory within the
user_dir.
Naming of the inventory files is based on the hostname and
path-to-depot as specified (for example, using the fully qualified domain name of a
host will be cached separately from using the nodename, even for the same machine).
Refresh of the cached inventory for each inventory_source is determined by the
inventory_max_age
option.
Note:
This option is equivalent to
-s
but is suitable for use within an extended
options file
(-X)
or configuration file.
- -x logfile=/var/opt/swa/swa.log
Usage: Basic
This is the path to the log file for this command.
Each time SWA is run, this file will grow larger.
This can be changed, for example, to a month-specific location for easier archiving,
off-host backup, and rotation.
- -x log_verbosity=4
Usage: Basic
Specifies the level of message verbosity in the log file
(See also
-x verbosity).
Legal values are:
- 0
Only ERROR messages and the starting and ending BANNER messages.
- 1
Adds WARNING messages.
- 2
Adds NOTE messages.
- 3
Adds INFO messages (informational messages preceded by the '*' character).
- 4
Adds verbose INFO messages; this is the default.
- 5
Adds very verbose INFO messages.
- -x proxy=
Usage: Basic
Proxy host and port (with optional HTTP
basic authentication username and password) for accessing content
using the relevant protocol.
No proxy information is specified by default.
The following format is used:
service://[user:password@]proxy-server:port
For example:
proxy=http://web-proxy.mycompany.com:8088
If username and password are specified
as authentication credentials to your proxy server, HTTP basic authentication is used,
which is a clear-text protocol, (that is, your password may be visible to
others on your network).
Also, credentials specified on the command-line
are visible to other local users, and access to credentials stored in extended option
files are determined by their permissions.
If your proxy server requires another
type of authentication, see the
-x download_cmd
option.
This
option is used as the default for the other proxy settings.
The HTTPS protocol is used for catalog download, the HTTP protocol is used
to download the CRL, and the FTP protocol is used for patch download.
The
proxy=
option controls the default for all three proxies.
See the
https_proxy
option,
the
http_proxy
option, and the
ftp_proxy
option for more details.
- -x report_when_no_issues=true
Usage: Intermediate
Controls whether SWA will produce a report to standard output
when there are no issues and/or actions.
This is useful, for example,
in a cron job where you want email sent to you only if there is
an issue found.
- true
A standard output report is always produced.
- false
A standard output report is only produced if there are issues and/or actions.
Hint: To check for error status, use the exit code of the command and check
the logfile for details.
- -x ssh_options=
Usage: Intermediate
Options to be passed to ssh.
Multiple options may, be included as a space-delimited list.
For example, if you are using SWA in a cronjob,
you may want to specify
'-o BatchMode=yes'
to return immediately upon failure,
rather than prompting for a password.
See
ssh_config(5)
for additional options.
- -x stdout_report_type=action
Usage: Basic
Type of report to display on standard output.
This is useful for controlling what type of output you would like to see.
Legal values are:
- action
Summary of recommended actions
- issue
Summary of identified issues
- detail
Recommended actions with issue justification
- html
Comprehensive HTML report
- none
No report
- -x user_dir=~/.swa
Usage: Basic
The directory where SWA stores catalog,
inventory, analysis, ignore, and report files.
The default location is a subdirectory
(.swa)
of the user's home directory.
This can be changed,
for example, to allow archival of previous interim
artifacts in a date-specific directory or off-host.
Several other options default to a directory relative to this directory,
so changing this option allows all of those locations to
stay in synch relative to a common root.
- -x verbosity=3
Usage: Basic
Specifies the level of standard error verboseness:
- 0
Only ERROR messages and the starting and ending BANNER messages.
- 1
Adds WARNING messages.
- 2
Adds NOTE messages.
- 3
Adds INFO messages (informational messages preceded by the '*' character); this is the default.
- 4
Adds verbose INFO messages.
- 5
Adds very verbose INFO messages.
Note:
The
-v
option is equivalent to increasing verbosity by 1
(for example, from 3 to 4) and the
-q
option is equivalent to decreasing
verbosity by 1.
The
-v
and
-q
options can be used more than once.