Running ASET (Task Map)

Task	Description	For Instructions
Run ASET from the command line	Protects the system at the ASET level that you specify. Views the execution log to see the changes.	How to Run ASET Interactively
Run ASET in batch mode at regular intervals	Sets up a cron job to ensure that ASET protects the system.	How to Run ASET Periodically
Stop running ASET in batch mode	Removes the ASET cron job.	How to Stop Running ASET Periodically
Store ASET reports on a server	Collects ASET reports from clients for monitoring in a central location.	How to Collect ASET Reports on a Server

To set the variables in ASET, see ASET Environment Variables. To configure ASET, see Configuring ASET.

How to Run ASET Interactively

Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map).
Run ASET interactively by using the aset command.
```
# /usr/aset/aset -l level -d pathname
```
level

Specifies the level of security. Valid values are low, medium, or high. The default setting is low. For detailed information about security levels, see ASET Security Levels.

pathname

Specifies the working directory for ASET. The default is /usr/aset.
Verify that ASET is running by viewing the ASET execution log that is displayed on the screen.
The execution log message identifies which tasks are being run.

Example 7-1 Running ASET Interactively

In the following example, ASET is run at low security with the default working directory.

# /usr/aset/aset -l low
======= ASET Execution Log =======
 
ASET running at security level low
 
Machine = jupiter; Current time = 0111_09:26
 
aset: Using /usr/aset as working directory
 
Executing task list ...
    firewall
    env
    sysconf
    usrgrp
    tune
    cklist
    eeprom
 
All tasks executed. Some background tasks may still be running.
 
Run /usr/aset/util/taskstat to check their status:
 /usr/aset/util/taskstat [aset_dir]
 
where aset_dir is ASET's operating
directory,currently=/usr/aset.
 
When the tasks complete, the reports can be found in:
 /usr/aset/reports/latest/*.rpt
 
You can view them by:
 more /usr/aset/reports/latest/*.rpt

How to Run ASET Periodically

Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map).
If necessary, set up the time when you want ASET to run periodically.
You should have ASET run when system demand is light. The PERIODIC_SCHEDULE environment variable in the /usr/aset/asetenv file is used to set up the time for ASET to run periodically. By default, the time is set for every day at midnight.
If you want to set up a different time, edit the PERIODIC_SCHEDULE variable in the /usr/aset/asetenv file. For detailed information about setting the PERIODIC_SCHEDULE variable, see PERIODIC_SCHEDULE Environment Variable.
Add an entry to the crontab file by using the aset command.
```
# /usr/aset/aset -p
```
The -p option inserts a line in the crontab file that starts ASET running at the time determined by the PERIODIC_SCHEDULE environment variable in the /usr/aset/asetenv file.
Display the crontab entry to verify when ASET is scheduled to run.
```
# crontab -l root
```

How to Stop Running ASET Periodically

Assume the Primary Administrator role, or become superuser.
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
Edit the crontab file.
```
# crontab -e root
```
Delete the ASET entry.
Save the changes and exit.
Display the crontab entry to verify that the ASET entry is deleted.
```
# crontab -l root
```

How to Collect ASET Reports on a Server

Assume the Primary Administrator role, or become superuser.
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
Set up a directory on the server:
1. Change to the /usr/aset directory.
```
mars# cd /usr/aset
```
2. Create a rptdir directory.
```
mars# mkdir rptdir
```
3. Change to the rptdir directory, and create a client_rpt directory.
  This step creates a client_rpt subdirectory for a client. Repeat this step for each client whose reports you need to collect.
```
mars# cd rptdir
mars# mkdir client_rpt
```
  In the following example, the directory all_reports, and the subdirectories pluto_rpt and neptune_rpt are created.
```
mars# cd /usr/aset
mars# mkdir all_reports
mars# cd all_reports
mars# mkdir pluto_rpt
mars# mkdir neptune_rpt
```
Add the client_rpt directories to the /etc/dfs/dfstab file.
The directories should have read and write options.
For example, the following entries in the dfstab file are shared with read and write permissions.
```
share -F nfs -o rw=pluto /usr/aset/all_reports/pluto_rpt
share -F nfs -o rw=neptune /usr/aset/all_reports/neptune_rpt
```
Make the resources in the dfstab file available to the clients.
```
# shareall
```
On each client, mount the client subdirectory from the server at the mount point, /usr/aset/masters/reports.
```
# mount server:/usr/aset/client_rpt /usr/aset/masters/reports
```
Edit the /etc/vfstab file to mount the directory automatically at boot time.
The following sample entry in /etc/vfstab on neptune lists the directory to be mounted from mars, /usr/aset/all_reports/neptune_rpt, and the mount point on neptune, /usr/aset/reports. At boot time, the directories that are listed in vfstab are automatically mounted.
```
mars:/usr/aset/all_reports/neptune.rpt /usr/aset/reports nfs - yes hard
```

Skip Navigation Links
Exit Print View
	System Administration Guide: Security Services Oracle Solaris 10 8/11 Information Library