asetenv(4)
NAME
asetenv - ASET environment file
SYNOPSIS
/usr/aset/asetenv
DESCRIPTION
The asetenv file is located in /usr/aset, the default
operating directory of the Automated Security Enhancement
Tool (ASET). An alternative working directory can be speci-
fied by the administrators through the aset -d command or
the ASETDIR environment variable. See aset(1M). asetenv
contains definitions of environment variables for ASET.
There are 2 sections in this file. The first section is
labeled User Configurable Parameters. It contains, as the
label indicates, environment variables that the administra-
tors can modify to customize ASET behavior to suit their
specific needs. The second section is labeled ASET Internal
Environment Variables and should not be changed. The confi-
gurable parameters are explained as follows:
TASK This variable defines the list of tasks that aset
will execute the next time it runs. The available
tasks are:
tune Tighten system files.
usrgrp
Check user/group.
sysconf
Check system configuration file.
env Check environment.
cklist
Compare system files checklist.
eeprom
Check eeprom(1M) parameters.
firewall
Disable forwarding of IP packets.
CKLISTPATH_LOW
CKLISTPATH_MED
CKLISTPATH_HIGH
These variables define the list of directories to be
used by aset to create a checklist file at the low,
medium, and high security levels, respectively. Attri-
butes of all the files in the directories defined by
these variables will be checked periodically and any
changes will be reported by aset. Checks performed
on these directories are not recursive. aset only
checks directories explicitly listed in these vari-
ables and does not check subdirectories of them.
YPCHECK
This variable is a boolean parameter. It specifies
whether aset should extend checking (when applicable)
on system tables to their NIS equivalents or not. The
value true enables it while the value false disables
it.
UID_ALIASES
This variable specifies an alias file for user ID
sharing. Normally, aset warns about multiple user
accounts sharing the same user ID because it is not
advisable for accountability reason. Exceptions can
be created using an alias file. User ID sharing
allowed by the alias file will not be reported by
aset. See asetmasters(4) for the format of the alias
file.
PERIODIC_SCHEDULE
This variable specifies the schedule for periodic exe-
cution of ASET. It uses the format of crontab(1)
entries. Briefly speaking, the variable is assigned a
string of the following format:
minutes hours day-of-month month day-of-week
Setting this variable does not activate the
periodic schedule of ASET. To execute ASET
periodically, aset(1M) must be run with the -p
option. See aset(1M). For example, if
PERIODIC_SCHEDULE is set to the following, and
aset(1M) was started with the -p option, aset
will run at 12:00 midnight every day:
0 0 * * *
EXAMPLES
Example 1: Sample asetenv file showing the settings of the
ASET configurable parameters
The following is a sample asetenv file, showing the settings
of the ASET configurable parameters:
CKLISTPATH_LOW=/etc:/
CKLISTPATH_MED=$CHECKLISTPATH_LOW:/usr/bin:/usr/ucb
CKLISTPATH_HIGH=$CHECKLISTPATH_MED:/usr/lib:/usr/sbin
YPCHECK=false
UID_ALIASES=/usr/aset/masters/uid_aliases
PERIODIC_SCHEDULE="0 0 * * *"
TASKS="env sysconf usrgrp"
When aset -p is run with this file, aset is executed at
midnight of every day. The / and /etc directories are
checked at the low security level; the /, /etc, /usr/bin,
and /usr/ucb directories are checked at the medium security
level; and the /, /etc, /usr/bin, /usr/lib, and /usr/sbin
directories are checked at the high security level. Check-
ing of NIS system files is disabled. The
/usr/aset/masters/uid_aliases file specifies the used IDs
available for sharing. The env, sysconf, and usrgrp tasks
will be performed, checking the environment variables, vari-
ous system tables, and the local passwd and group files.
SEE ALSO
crontab(1), aset(1M), asetmasters(4)
ASET Administrator Manual
Man(1) output converted with
man2html