Vulnerability and Patch Management Pack User Guide.pdf

HP ProLiant Essentials Vulnerability and Patch Management Pack

User Guide

Part number: 367562-003

Third edition: February 2006

Legal notices

Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212,

Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S.

Government under vendor’s standard commercial license.

The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express

warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP

shall not be liable for technical or editorial errors or omissions contained herein.

Microsoft, Windows, and Windows NT are U.S. registered trademarks of Microsoft Corporation. Windows Server 2003 is a U.S. trademark of

Microsoft Corporation. Adobe and Acrobat are trademarks of Adobe Systems Incorporated. Linux is a U.S. registered trademark of Linus

Torvalds. STAT is a registered trademark of Harris Corporation.

Part number: 367562-003

Third edition: February 2006

Contents

About this guide

Where to go for additional help ................................................................................................................ 6

Website.................................................................................................................................................. 6

HP contact information ............................................................................................................................. 6

Introduction

The Vulnerability and Patch Management Pack process ................................................................................ 8

Infrastructure ........................................................................................................................................... 8

Shared server configuration.................................................................................................................. 9

Distributed server configuration........................................................................................................... 11

The Vulnerability and Patch Management Pack interface ............................................................................. 13

Requirements

Vulnerability and Patch Management Pack ................................................................................................ 15

HP Systems Insight Manager ................................................................................................................... 16

VPM Acquisition Utility (optional) ............................................................................................................. 17

Target systems ....................................................................................................................................... 17

Installation and configuration

Installation location ................................................................................................................................ 18

Configuring Microsoft Internet Information Services .................................................................................... 18

Installing the Vulnerability and Patch Management Pack ............................................................................. 18

Installing from the Management CD..................................................................................................... 19

Installing from the VPM download website ........................................................................................... 26

Installed Vulnerability and Patch Management Pack components ............................................................. 26

Vulnerability and Patch Management Pack upgrades............................................................................. 28

Installing the VPM Acquisition Utility (optional) ...................................................................................... 28

Post-installation configuration................................................................................................................... 32

Establishing security .......................................................................................................................... 33

Modifying the Vulnerability and Patch Management Pack settings ........................................................... 33

Configuring Vulnerability and Patch Management Pack acquisition for Red Hat Enterprise Linux.................. 34

Acquiring Vulnerability and Patch Management Pack updates ................................................................ 35

Licensing

Free licenses.......................................................................................................................................... 42

Licensing within the Vulnerability and Patch Management Pack....................................................................42

Licensing using the HP SIM License Manager............................................................................................. 43

Adding licenses ................................................................................................................................ 43

Applying licenses to selected systems................................................................................................... 44

Vulnerability scanning

Provided scan definitions ........................................................................................................................ 45

Scanning for vulnerabilities ..................................................................................................................... 45

Viewing, modifying, or canceling a scheduled task ...............................................................................48

Viewing vulnerability scan results ............................................................................................................. 49

Vulnerability scan results guidelines ..................................................................................................... 49

Viewing vulnerability scan results by scan name.................................................................................... 49

Viewing scan results by system ........................................................................................................... 50

Customizing vulnerability scan definitions ................................................................................................. 51

Deleting a customized vulnerability scan ................................................................................................... 52

Deleting vulnerability scan results ............................................................................................................. 53

Deleting scan results by scan name ..................................................................................................... 53

Deleting scan results by system ........................................................................................................... 54

Contents 3

Deploying patches and fixes

Important information about patches and fixes ........................................................................................... 55

Deploying patches and fixes based on a vulnerability scan ......................................................................... 56

Deploying patches without a vulnerability scan .......................................................................................... 58

Viewing the patch repository ................................................................................................................... 61

Viewing the patch reboot status ............................................................................................................... 62

Viewing patch installation status .............................................................................................................. 64

Viewing patch installation status by patch ............................................................................................ 64

Viewing patch installation status by search filter .................................................................................... 65

Viewing patch installation status by system ........................................................................................... 66

Viewing the patches installed by the Vulnerability and Patch Management Pack........................................ 66

Validating installed patches..................................................................................................................... 68

Deploying the VPM Patch Agent .............................................................................................................. 70

Removing patches .................................................................................................................................. 73

Troubleshooting

Vulnerability and Patch Management Pack installation and configuration ...................................................... 75

Viewing Vulnerability and Patch Management Pack installation logs ........................................................ 75

Vulnerability and Patch Management Pack installation updates MDAC and MSDE .................................... 75

An error occurs when installing MSDE files from a Remote Desktop session .............................................. 75

Vulnerability and Patch Management Pack installation fails with “There Are No Configuration Files” error ... 75

“Harris STAT Scanner WSI Requires IWAM and IUSR” error occurs during Vulnerability and

Patch Management Pack installation............................................................................................... 76

Installation fails with “Product RMS not installed: Service RMS error. The specified service does not

exist as an installed service (0x424)” ............................................................................................. 76

Vulnerability and Patch Management Pack installation fails .................................................................... 76

Cannot modify VPM acquisition settings to acquire updates from a local repository ................................... 77

Required open ports .......................................................................................................................... 77

Modifying firewall configuration settings .............................................................................................. 77

Configuring a DNS server .................................................................................................................. 78

All target systems do not have the same administrator credentials............................................................ 78

Multiple VPM servers ......................................................................................................................... 78

Administrator credentials have been changed....................................................................................... 78

Changing the IIS IWAM user name and password ................................................................................ 78

The IIS Certificate has expired and the Vulnerability and Patch Management Pack connection must

be reconfigured to use an HTTP connection ..................................................................................... 79

Uninstalling the Vulnerability and Patch Management Pack..................................................................... 80

Reinstalling the Vulnerability and Patch Management Pack ..................................................................... 81

Radia uses installation account instead of local account ......................................................................... 81

Vulnerability scans ................................................................................................................................. 82

The Vulnerability and Patch Management Pack cannot access target systems ............................................ 82

Scan reports cannot be viewed ........................................................................................................... 83

A scan was submitted but never started................................................................................................ 83

Scan results are inaccurate because of overlapping tasks ....................................................................... 84

Current patch information is not displayed in scan reports ......................................................................84

Patches and configuration fixes................................................................................................................ 84

VPM Patch Agent install fails .............................................................................................................. 84

A patch acquisition was started, but no patches are seen ....................................................................... 85

HTTP 300 errors received during patch acquisition................................................................................ 85

Patches appear in a scan report, but are not successfully deployed ......................................................... 85

Patch installation status reports are not current or do not match information displayed in scan reports .......... 86

Other tools report that a Windows system is patched, but the Vulnerability and Patch Management

Pack reports patches needed ......................................................................................................... 86

Patch source for vendor patches is Microsoft* or Red Hat*..................................................................... 86

Multiple events listed in HP SIM for patch deployments ..........................................................................86

Harris update error listed in the HP SIM event log ................................................................................. 86

Radia internal error listed in the HP SIM event log ................................................................................. 86

“Abuse of Service” error occurs when attempting to acquire Red Hat patches ........................................... 86

Contents 4

Validate Installed Patches event does not complete ................................................................................ 86

HP SIM integration ................................................................................................................................. 87

Vulnerability and Patch Management Pack menus do not appear in the HP SIM console after installation ..... 87

Vulnerability and Patch Management Pack provided scan definitions

Using the Change VPM Credentials Utility

Backing up and restoring the Vulnerability and Patch Management Pack

Introduction ...................................................................................................................................... 91

Component backup ........................................................................................................................... 91

Component restoration ...................................................................................................................... 91

Vulnerability and Patch Management Pack events

Scan events...................................................................................................................................... 92

Patch and fix events .......................................................................................................................... 93

Acquisition events ............................................................................................................................. 94

Miscellaneous events ......................................................................................................................... 95

Index

Contents 5

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: