Sun Microsystems, Inc.
spacerspacer
spacer www.sun.com docs.sun.com |
spacer
black dot
 
 
20.  Using the Automated Security Enhancement Tool (Tasks) Automated Security Enhancement Tool (ASET) ASET File Examples Aliases File  Previous   Contents   Next 
   
 

Running ASET

This section describes how to run ASET either interactively or periodically.

How to Run ASET Interactively

  1. Become superuser.

  2. Run ASET interactively by using the aset command.

    # /usr/aset/aset -l level -d pathname

    level

    Specifies the level of security. Valid values are low, medium, or high. The default setting is low. For detailed information about security levels see "ASET Security Levels".

    pathname

    Specifies the working directory for ASET. The default is /usr/aset.

  3. Verify that ASET is running by viewing the ASET execution log that is displayed on the screen.

    The execution log message identifies which tasks are being run.

Example--Running ASET Interactively

The following example shows ASET being run at low security with the default working directory.

# /usr/aset/aset -l low
======= ASET Execution Log =======
 
ASET running at security level low
 
Machine = jupiter; Current time = 0111_09:26
 
aset: Using /usr/aset as working directory
 
Executing task list ...
	firewall
	env
	sysconf
	usrgrp
	tune
	cklist
	eeprom
 
All tasks executed. Some background tasks may still be running.
 
Run /usr/aset/util/taskstat to check their status:
 /usr/aset/util/taskstat [aset_dir]
 
where aset_dir is ASET's operating
directory,currently=/usr/aset.
 
When the tasks complete, the reports can be found in:
 /usr/aset/reports/latest/*.rpt
 
You can view them by:
 more /usr/aset/reports/latest/*.rpt

How to Run ASET Periodically

  1. Become superuser.

  2. If necessary, set up the time when you want ASET to run periodically.

    You should have ASET run when system demand is light. The PERIODIC_SCHEDULE environment variable in the /usr/aset/asetenv file is used to set up the time for ASET to run periodically. By default, the time is set for every day at midnight.

    If you want to set up a different time, edit the PERIODIC_SCHEDULE variable in the /usr/aset/asetenv file. For detailed information about setting the PERIODIC_SCHEDULE variable see "PERIODIC_SCHEDULE Environment Variable".

  3. Add an entry to the crontab file by using the aset command.

    # /usr/aset/aset -p

    The -p option inserts a line in the crontab file that starts ASET running at the time determined by the PERIODIC_SCHEDULE environment variable in the /usr/aset/asetenv file.

  4. Display the crontab entry to verify when ASET will run.

    # crontab -l root

How to Stop Running ASET Periodically

  1. Become superuser.

  2. Edit the crontab file.

    # crontab -e root
  3. Delete the ASET entry.

  4. Save the changes and exit.

  5. Display the crontab entry to verify that the ASET entry is deleted.

    # crontab -l root

How to Collect ASET Reports on a Server

  1. Become superuser.

  2. Set up a directory on the server:

    1. Change to the /usr/aset directory.

      mars# cd /usr/aset
    2. Create a rptdir directory.

      mars# mkdir rptdir
    3. Change to the rptdir directory, and create a client_rpt directory.

      This creates a subdirectory (client_rpt) for a client. Repeat this step for each client whose reports you need to collect.

      mars# cd rptdir
      mars# mkdir client_rpt

      The following example shows the creation of the directory all_reports, and the subdirectories pluto_rpt and neptune_rpt.

      mars# cd /usr/aset
      mars# mkdir all_reports
      mars# cd all_reports
      mars# mkdir pluto_rpt
      mars# mkdir neptune_rpt
  3. Add the client_rpt directories to the /etc/dfs/dfstab file.

    The directories should have read and write options.

    For example, the following entries in the dfstab file are shared with read and write permissions.

    share -F nfs -o rw=pluto /usr/aset/all_reports/pluto_rpt
    share -F nfs -o rw=neptune /usr/aset/all_reports/neptune_rpt
  4. Make the resources in the dfstab file available to the clients.

    # shareall
  5. On each client, mount the client subdirectory from the server at the mount point, /usr/aset/masters/reports.

    # mount server:/usr/aset/client_rpt /usr/aset/masters/reports
  6. Edit the /etc/vfstab file to mount the directory automatically at boot time.

    The following sample entry in /etc/vfstab on neptune lists the directory to be mounted from mars, /usr/aset/all_reports/neptune_rpt, and the mount point on neptune, /usr/aset/reports. At boot time, the directories that are listed in vfstab are automatically mounted.

    mars:/usr/aset/all_reports/neptune.rpt /usr/aset/reports nfs - yes hard
 
 
 
  Previous   Contents   Next