ASET Reports
All report files that are generated from ASET tasks are stored in subdirectories under the /usr/aset/reports directory. This section describes the structure of the /usr/aset/reports directory, and provides guidelines on managing the report files.
ASET places the report files in subdirectories that are named to reflect the time and date when the reports are generated. This convention enables you to keep an orderly trail of records that document the system status as the status varies between ASET executions. You can monitor and compare these reports to determine the soundness of your system's security.
The following figure shows an example of the reports directory structure.
Figure 7–1 Structure of the ASET reports Directory
This example shows two report subdirectories.
-
0124_01:00
-
0125_01:00
The subdirectory names indicate the date and time that the reports were generated. Each report subdirectory name has the following format:
monthdate_hour:minute |
month, date, hour, and minute are all two-digit numbers. For example, 0125_01:00 represents January 25, at 1 a.m.
Each of the two report subdirectories contains a collection of reports that are generated from one execution of ASET.
The latest directory is a symbolic link that always points to the subdirectory that contains the latest reports. Therefore, to look at the latest reports that ASET has generated, you can go to the /usr/aset/reports/latest directory. There is a report file in this directory for each task that ASET performed during its most recent execution.
Format of ASET Report Files
Each report file is named after the task that generates the report. The following table lists tasks and their reports.
Table 7–1 ASET Tasks and Resulting Reports|
Tasks |
Report |
|---|---|
|
System files permissions tuning (tune) |
tune.rpt |
|
System files checks (cklist) |
cklist.rpt |
|
User and group checks (usrgrp) |
usrgrp.rpt |
|
System configuration files check (sysconf) |
sysconf.rpt |
|
Environment variables check (env) |
env.rpt |
|
eeprom check (eeprom) |
eeprom.rpt |
|
Firewall setup (firewall) |
firewall.rpt |
Within each report file, messages are bracketed by a beginning and an ending banner line. Sometimes, a task ends prematurely. For example, a task can end prematurely when a component of ASET is accidentally removed or damaged. In such cases, the report file usually contains a message near the end that indicates the reason for the premature termination.
The following is a sample report file, usrgrp.rpt.
*** Begin User and Group Checking *** Checking /etc/passwd ... Warning! Password file, line 10, no passwd :sync::1:1::/:/bin/sync ..end user check; starting group check ... Checking /etc/group... *** End User And group Checking *** |
Examining ASET Report Files
After you initially run or reconfigure ASET, you should examine the report files closely. Reconfiguration includes modifying the asetenv file or the master files in the masters subdirectory, or changing the security level at which ASET operates.
The reports record any errors that were introduced when you reconfigured ASET. By watching the reports closely, you can react to, and solve, problems as the problems arise.
Comparing ASET Report Files
After you monitor the report files for a period during which there are no configuration changes or system updates, you might find that the content of the reports begins to stabilize. When the reports contain little unexpected information, you can use the diff utility to compare reports.
- © 2010, Oracle Corporation and/or its affiliates