| |
| | asetenv - ASET environment file |
SYNOPSIS
| |
The asetenv file is located in /usr/aset, the
default operating directory of the Automated Security Enhancement Tool (ASET).
An alternative working directory can be specified by the administrators
through the aset -d command or the ASETDIR environment variable. See aset(1M). asetenv contains definitions of environment variables for ASET.
There are 2 sections in this file. The first section is labeled User Configurable Parameters. It contains, as the label indicates,
environment variables that the administrators can modify to customize ASET
behavior to suit their specific needs. The second section is labeled ASET Internal Environment Variables and should not be changed.
The configurable parameters are explained as follows:
-
TASK
- This variable defines the list of tasks
that aset will execute the next time it runs. The available
tasks are:
-
tune
- Tighten system files.
-
usrgrp
- Check
user/group.
-
sysconf
- Check
system configuration file.
-
env
- Check environment.
-
cklist
- Compare
system files checklist.
-
eeprom
- Check eeprom(1M) parameters.
-
firewall
- Disable
forwarding of IP packets.
-
CKLISTPATH_LOW
-
CKLISTPATH_MED
-
CKLISTPATH_HIGH
- These variables define the list of directories to be used by aset to create a checklist file at
the low, medium,
and high security levels, respectively. Attributes
of all the files in the directories defined by these variables will be checked
periodically and any changes will be reported by aset.
Checks performed on these directories are not recursive. aset
only checks directories explicitly listed in these variables and does not
check subdirectories of them.
-
YPCHECK
- This variable is a boolean parameter. It specifies whether aset should extend checking (when applicable) on system tables
to their NIS equivalents or not. The value true enables
it while the value false disables it.
-
UID_ALIASES
- This variable specifies an alias file for user ID sharing.
Normally, aset warns about multiple user accounts sharing
the same user ID because it is not advisable for accountability reason.
Exceptions can be created using an alias file. User ID sharing allowed by
the alias file will not be reported by aset. See asetmasters(4) for the format of the alias
file.
-
PERIODIC_SCHEDULE
- This variable specifies the schedule for periodic execution
of ASET. It uses the format of crontab(1)
entries. Briefly speaking, the variable is assigned a string of the following
format:
| |
minutes hours day-of-month month day-of-week
|
Setting this variable does not activate
the periodic schedule of ASET. To execute ASET periodically, aset(1M) must be run with the -p
option. See aset(1M).
For example, if PERIODIC_SCHEDULE
is set to the following, and aset(1M)
was started with the -p option, aset
will run at 12:00 midnight every day:
|
| | Example 1. Sample asetenv file showing
the settings of the ASET configurable parameters
| |
The following is a sample asetenv file, showing
the settings of the ASET configurable parameters:
| |
CKLISTPATH_LOW=/etc:/
CKLISTPATH_MED=$CHECKLISTPATH_LOW:/usr/bin:/usr/ucb
CKLISTPATH_HIGH=$CHECKLISTPATH_MED:/usr/lib:/usr/sbin
YPCHECK=false
UID_ALIASES=/usr/aset/masters/uid_aliases
PERIODIC_SCHEDULE="0 0 * * *"
TASKS="env sysconf usrgrp"
|
When aset -p is run with this
file, aset is executed at midnight of every day. The / and /etc directories are checked at the low security level; the /, /etc, /usr/bin, and /usr/ucb
directories are checked at the medium security
level; and the /, /etc, /usr/bin, /usr/lib, and /usr/sbin directories are checked at the high
security level. Checking of NIS system files is disabled. The /usr/aset/masters/uid_aliases file specifies the used IDs available
for sharing. The env, sysconf, and usrgrp tasks will be performed, checking the environment variables,
various system tables, and the local passwd and group files.
|
|
| |
