Patch Name: PHSS_11560 Patch Description: s700_800 10.09 10.16 VirtualVault syslogd options patch Creation Date: 97/06/27 Post Date: 97/07/04 Hardware Platforms - OS Releases: s700: 10.09 10.16 s800: 10.09 10.16 Products: VirtualVault Transaction Server A.01.00 US/Canada Release VirtualVault Transaction Server A.01.00 International Release VirtualVault Transaction Server A.01.01 US/Canada Release VirtualVault Transaction Server A.01.01 International Release Filesets: VaultTS.VAULT-CORE-CMN,A.01.00,A.01.01 Automatic Reboot?: Yes Status: General Release Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHSS_11560 Symptoms: PHSS_11560: Patch PHSS_10786 has explicit prerequisite checking in the checkinstall script. PHSS_10786: This patch replaces the previous patch, PHSS_10373, which enabled enhancements made to the underlying HP-UX CMW operating system. PHSS_10373: Controlled access enhancements have been added to components of the HP-UX CMW in the areas of syslogd, Xdmcp and the X Window server operation. This patch, PHSS_10373, enables the VirtualVault Transaction Server A.01.00 and A.01.01 to utilize the enhancements made to the underlying HP-UX CMW operating system. Defect Description: PHSS_11560: Patch PHSS_10786 has explicit prerequisite checking in the checkinstall script. If the prerequisite is superseded, PHSS_10786 could not be installed. PHSS_10786: Performs the same actions as PHSS_10373 with two additions: * If it exists, the xdm entry in /etc/inittab on systems without a graphics device is set to "off". * File attributes for files modified by the patch installation/removal are restored upon patch installation/removal completion. PHSS_10373: Enhancements were made to the HP-UX CMW operating system in three areas: syslogd(1M) - Because of the nature of syslogd(1M) and the way that it uses UDP for communication, it was possible to forward to a VirtualVault Transaction Server the syslogd console messages from either the SYSTEM INSIDE or SYSTEM OUTSIDE network. An enhanced syslogd has been created which does not bind to and listen for requests on a UDP socket, thus preventing the acceptance of remote logging requests. This feature has been made available via a '-n' flag during syslogd startup. This patch automatically alters the syslogd startup script, /sbin/init.d/syslogd, to invoke syslogd with a '-n' flag. Xdmcp - xdm(1X) listens on 2 ports, one for the xdmcp protocol (UDP 177) and another on a TCP port for the xdmcp chooser capability. The chooser port is not fixed and is automatically assigned at the time the listen call is made. Both the xdmcp and chooser ports can be disabled in xdmcp by placing the following resource in the xdm resource file (/usr/lib/X11/xdm/xdm-config) : *requestPort: 0 This patch automatically sets this xdm resource. NOTE: VirtualVault will not manage remote X terminal session(s). X terminal sessions that were managed by VirtualVault prior to PHSS_10373 installation must subsequently be managed by another host on the inside network. X server - A feature has been added to the X Window server that will prevent it from opening tcp sockets. This feature can be enabled via a flag, '-ni', upon X server invocation. This patch automatically alters the X window server startup line in /usr/lib/X11/xdm/Xservers to invoke the X server with a '-ni' flag. SR: 4701348623 4701348649 4701348656 4701359844 Patch Files: /opt/vaultTS/bin/patch_phss11560 what(1) Output: /opt/vaultTS/bin/patch_phss11560: None cksum(1) Output: 3307686257 7882 /opt/vaultTS/bin/patch_phss11560 Patch Conflicts: None Patch Dependencies: s700: 10.09 10.16: PHCO_10387 PHSS_10383 s800: 10.09 10.16: PHCO_10387 PHSS_10383 Hardware Dependencies: None Other Dependencies: None Supersedes: PHSS_10373 PHSS_10786 Equivalent Patches: None Patch Package Size: 70 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHSS_11560 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHSS_11560.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHSS_11560.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHSS_11560. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHSS_11560.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHSS_11560.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: Disregard the above installation instructions. They are automatically generated and are not specific to the VirtualVault environment. The correct procedure for installing the VirtualVault syslogd options patch (PHSS_11560) is as follows : (Remember that PHSS_10383 and PHCO_10387 MUST be installed previous to installation of this patch!) 1. Backup your system before installing a patch. 2. Login as root; open an xterm window at the SYSTEM level. 3. Copy the patch to the /patches directory. Create /patches using: mkdir -p /patches 4. Move to the /patches directory and unshar the patch: cd /patches sh PHSS_11560 5. Run swinstall to install the patch: swinstall -x match_target=true \ -x autoreboot=true -s /patches/PHSS_11560.depot