- ASET environment file
The asetenv file is located in /usr/aset, the default operating directory of the Automated Security Enhancement Tool (ASET). An alternative working directory can be specified by the administrators through the aset -d command or the ASETDIR environment variable. See aset(1M). asetenv contains definitions of environment variables for ASET.
There are 2 sections in this file. The first section is labeled User Configurable Parameters. It contains, as the label indicates, environment variables that the administrators can modify to customize ASET behavior to suit their specific needs. The second section is labeled ASET Internal Environment Variables and should not be changed. The configurable parameters are explained as follows:
This variable defines the list of tasks that aset will execute the next time it runs. The available tasks are:
Tighten system files.
Check system configuration file.
Compare system files checklist.
Check eeprom(1M) parameters.
Disable forwarding of IP packets.
These variables define the list of directories to be used by aset to create a checklist file at the low, medium, and high security levels, respectively. Attributes of all the files in the directories defined by these variables will be checked periodically and any changes will be reported by aset. Checks performed on these directories are not recursive. aset only checks directories explicitly listed in these variables and does not check subdirectories of them.
This variable is a boolean parameter. It specifies whether aset should extend checking (when applicable) on system tables to their NIS equivalents or not. The value true enables it while the value false disables it.
This variable specifies an alias file for user ID sharing. Normally, aset warns about multiple user accounts sharing the same user ID because it is not advisable for accountability reason. Exceptions can be created using an alias file. User ID sharing allowed by the alias file will not be reported by aset. See asetmasters(4) for the format of the alias file.
This variable specifies the schedule for periodic execution of ASET. It uses the format of crontab(1) entries. Briefly speaking, the variable is assigned a string of the following format:
minutes hours day-of-month month day-of-week
Setting this variable does not activate the periodic schedule of ASET. To execute ASET periodically, aset(1M) must be run with the -p option. See aset(1M). For example, if PERIODIC_SCHEDULE is set to the following, and aset(1M) was started with the -p option, aset will run at 12:00 midnight every day:
0 0 * * *
Example 1 Sample asetenv file showing the settings of the ASET configurable parameters
The following is a sample asetenv file, showing the settings of the ASET configurable parameters:
CKLISTPATH_LOW=/etc:/ CKLISTPATH_MED=$CHECKLISTPATH_LOW:/usr/bin:/usr/ucb CKLISTPATH_HIGH=$CHECKLISTPATH_MED:/usr/lib:/usr/sbin YPCHECK=false UID_ALIASES=/usr/aset/masters/uid_aliases PERIODIC_SCHEDULE="0 0 * * *" TASKS="env sysconf usrgrp"
When aset -p is run with this file, aset is executed at midnight of every day. The / and /etc directories are checked at the low security level; the /, /etc, /usr/bin, and /usr/ucb directories are checked at the medium security level; and the /, /etc, /usr/bin, /usr/lib, and /usr/sbin directories are checked at the high security level. Checking of NIS system files is disabled. The /usr/aset/masters/uid_aliases file specifies the used IDs available for sharing. The env, sysconf, and usrgrp tasks will be performed, checking the environment variables, various system tables, and the local passwd and group files.
ASET Administrator Manual