FILE: Patches.pm

LABEL: spc_run
SHORT_EXP: "Patching known security vulnerabilities is one of the most
important steps in securing a system.  Security Patch Check is
a tool which will analyze the software installed on this system.  It will
report if any relevant security patches have been announced by Hewlett
Packard that are not currently installed on this system.  Bastille has
detected that this tool is installed.  The output of running this tool
will be appended to a file and referenced by Bastille's generated TODO list
so you can apply the necessary patches.

(MANUAL ACTION REQUIRED TO COMPLETE THIS CONFIGURATION,
see TODO list for details)"
LONG_EXP: "Patching known security vulnerabilities is one of the most
important steps in securing a system.  Security Patch Check is
a tool which will analyze the software installed on this system.  When
Security Patch Check runs, it will report several types of
problems.  It will (1) report any patches which are installed on the system
but have had warnings (recalls) issued by HP (2) report any security patches
that have been announced by Hewlett Packard that will fix installed software on
the system, but have not been applied, and (3) report if any currently
installed patches are not in the proper, \"configured\" state.  Security
Patch Check can download an up-to-date catalog from HP with security and
patch-warning information.  It can also work through a proxy-type
firewall.  This tool will only report patches; it will not indicate
manual actions described in HP Security Bulletins/Advisories. 
Also, security patches require vigilance, since new vulnerabilities are
found and fixed on a regular basis.  It is recommended that this tool be
run frequently, such as in a cron job each night (A separate question
will cover this).  It is also recommended that you subscribe to the HP
Security Bulletin mailing list.

The output of running this tool will be appended to Bastille's generated
TODO list so that you can apply the necessary patches.

(MANUAL ACTION REQUIRED TO COMPLETE THIS CONFIGURATION,
see TODO list for details)"
QUESTION: "Should Bastille run Security Patch Check for you?"
DEFAULT_ANSWER: "Y"
NO_CHILD: spc_cron_norun
YES_CHILD: spc_cron_run
SKIP_CHILD: spc_cron_norun
YN_TOGGLE: 1
REQUIRE_DISTRO: HP-UX
REQUIRE_FILE_EXISTS: spc
REG_EXP: "^Y$|^N$"
PROPER_PARENT: Title_Screen

LABEL: spc_cron_run
SHORT_EXP: "Bastille can configure Security Patch Check to run on a daily
basis using the cron scheduling daemon.  Keeping a system secure requires constant
vigilance.  Staying up-to-date on security patches issued by Hewlett Packard is
critical, and Security Patch Check is the easiest way to make sure
this system's security patches are up-to-date.  In addition, a subscription to
HP's security bulletin mailing list is valuable to find the latest security fixes
from HP, including both patched and manual fixes.  Note: this question is
asked whether or not you have Security Patch Check installed so
that Bastille can pre-configure cron to run the tool after you have
installed it.

You may also consider getting notified of all HP security bulletins by
going to http://www.itrc.hp.com and registering for them by clicking on
\"maintenance and support,\" then selecting \"support information
digests.\""
QUESTION: "Should Bastille set up a cron job to run Security Patch Check?"
QUESTION_AUDIT: "Is a cron job to run Security Patch Check set up?"
DEFAULT_ANSWER: "Y"
YN_TOGGLE: 1
NO_CHILD: spc_proxy_yn
YES_CHILD: spc_cron_time
SKIP_CHILD: generalperms_1_1
REQUIRE_FILE_EXISTS: spc
REQUIRE_DISTRO: HP-UX
REG_EXP: "^Y$|^N$"
PROPER_PARENT: spc_run

LABEL: spc_cron_norun
SHORT_EXP: "Bastille can configure Security Patch Check to run daily
using cron.  Keeping a system secure requires constant vigilance.
Staying up-to-date on patches issued by Hewlett Packard is critical, and
Security Patch Check is the easiest way to make sure that this system's
patches are up-to-date.  In addition, a subscription to HP's security
advisory mailing list is valuable to find the latest security fixes
from HP, including both patched and manual fixes.  Note: this question is
asked whether or not you have Security Patch Check installed so
that Bastille can pre-configure cron to run the tool after you have
installed it."
QUESTION: "Should Bastille set up a cron job to run Security Patch Check?"
QUESTION_AUDIT: "Is a cron job to run Security Patch Check set up?"
YN_TOGGLE: 1
DEFAULT_ANSWER: "Y"
NO_CHILD: generalperms_1_1
YES_CHILD: spc_cron_time
SKIP_CHILD: generalperms_1_1
REQUIRE_DISTRO: HP-UX
REG_EXP: "^Y$|^N$"
PROPER_PARENT: spc_run

LABEL: spc_cron_time
SHORT_EXP: "Specify a number between 0 and 23, corresponding to the hour
in your time zone that is most convenient to run Security Patch Check."
LONG_EXP: "Specify a number between 0 and 23, corresponding to the hour
in your time zone that is most convenient to run Security Patch Check. 
For example, if you specify 0, Security Patch Check will run sometime
between 12:00am and 12:59am in your local time zone.  If you specify 23,
Security Patch Check will run some time between 11:00pm and 11:59pm.

See crontab(1)"
QUESTION: "During which hour would you like to schedule Security Patch Check?"
YN_TOGGLE: 0
DEFAULT_ANSWER:
EXPL_ANS: "11"
YES_CHILD: spc_proxy_yn
SKIP_CHILD: generalperms_1_1
REQUIRE_DISTRO: HP-UX
PROPER_PARENT: spc_run
REG_EXP: "^[0-9]$|^1[0-9]$|^2[0-3]$"

LABEL: spc_proxy_yn
SHORT_EXP:  "If this machine is behind a proxy-type
firewall, security patch check needs to be configured to traverse
that firewall.  For example, the proxy might be specified as
\"http://myproxy.mynet.com:8088\"  If this machine can ftp directly to
the Internet without a proxy, answer no to this question."
QUESTION:  "Does this machine require a proxy to ftp to the Internet?"
YN_TOGGLE: 1
DEFAULT_ANSWER: "N"
NO_CHILD: generalperms_1_1
YES_CHILD: spc_proxy
SKIP_CHILD: generalperms_1_1
REQUIRE_DISTRO: HP-UX
PROPER_PARENT: spc_run
REG_EXP: "^Y$|^N$"

LABEL: spc_proxy
SHORT_EXP:  "To use the auto-download feature of Security Patch Check
from behind a proxy type firewall, Security Patch Check needs to be
configured to traverse that firewall.

The URL for the proxy must be in the form

<protocol of firewall>://address:port

For example:
    http://myproxy.mynet.com:8088

A web proxy generally uses the http protocol.  This answer should
correspond closely to settings one would make in a web browser
to point to a proxy server, but use the above syntax.

If you asked Bastille to run Security Patch Check itself and/or in cron,
it will use this proxy value."
QUESTION:  "Please enter the URL for the web proxy."
YN_TOGGLE: 0
DEFAULT_ANSWER:
EXPL_ANS: "http://yourproxy.yournet.com:8088"
NO_CHILD: generalperms_1_1
YES_CHILD: generalperms_1_1
SKIP_CHILD: generalperms_1_1
REQUIRE_DISTRO: HP-UX
PROPER_PARENT: spc_proxy_yn
REG_EXP: "^http:\/\/.+\:.+$"
