Search This Blog

Thursday, March 12, 2009

HP Vulnerability and patch management pack

I knew that HP has "the answer" to the problem of the patch management. However reading the details: http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00267883/c00267883.pdf?jumpid=reg_R1002_USEN
you can see that it covers only Microsoft and Redhat patches.
What about Adobe, Java, other 3rd party software?

The VPM is obviously only for servers.

HP OpenSSH vulnerability

HP OpenSSH (from HP Proliant pack, HP SIM)comes with C:\Program Files\OpenSSH\bin\cygwin1.dll version 1.5.4
This version is vulnerable according to http://www.nessus.org/plugins/index.php?view=single&id=28330.

to fix it download HP IS 3.0 DVD where you will get cygwin1.dll version 1.5.25.
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=ISDVD&jumpid=reg_R1002_USEN

Friday, March 6, 2009

JRE silent install

Here is command for silent install:
jre-6u12-windows-i586-p-s.exe /s /v "/qn IEXPLORER=1 REBOOT=ReallySuppress JAVAUPDATE=0 WEBSTARTICON=0 /L %temp%\setup.log"

the package itself can be downloaded from http://java.sun.com/javase/downloads/index.jsp

IE should not be open during install.

Tuesday, March 3, 2009

Scheduled tasks in Windows 2003

I was trying to replace local server administrator to less powerful account in the Sceduled Task definition. But it took some time to set the right properly. Please refer to the following article:

http://www.instant-registry-fixes.org/resolve-error-message-0x80070005-access-is-denied/

to sum up: you can use local account to run as for the task. This account should not be local administrators. Give apropriate rights to the data folders and read/execute to binary folder. Using Local security setting (admin tool) add logon locally and as as a batch. If your script is cmd, add permission to cmd.exe to be exceuted for this account.