JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
man pages section 4: File Formats     Oracle Solaris 10 1/13 Information Library
search filter icon
search icon

Document Information

Preface

Introduction

File Formats

addresses(4)

admin(4)

alias(4)

aliases(4)

a.out(4)

asetenv(4)

asetmasters(4)

au(4)

audit_class(4)

audit_control(4)

audit_data(4)

audit_event(4)

audit.log(4)

audit_user(4)

auth_attr(4)

autofs(4)

bart_manifest(4)

bart_rules(4)

bootparams(4)

cardbus(4)

cdtoc(4)

cklist.high(4)

cklist.low(4)

cklist.med(4)

clustertoc(4)

compver(4)

contents(4)

contract(4)

copyright(4)

core(4)

crypt.conf(4)

crypto_certs(4)

dacf.conf(4)

dat.conf(4)

defaultdomain(4)

default_fs(4)

defaultrouter(4)

depend(4)

device_allocate(4)

device_maps(4)

devices(4)

devid_cache(4)

dfstab(4)

dhcp_inittab(4)

dhcp_network(4)

dhcpsvc.conf(4)

dhcptab(4)

dialups(4)

dir(4)

dir_ufs(4)

d_passwd(4)

driver.conf(4)

dumpdates(4)

environ(4)

ethers(4)

exec_attr(4)

fbtab(4)

fd(4)

flash_archive(4)

format.dat(4)

forward(4)

fs(4)

fspec(4)

fstypes(4)

ftp(4)

ftpaccess(4)

ftpconversions(4)

ftpgroups(4)

ftphosts(4)

ftpservers(4)

ftpusers(4)

fx_dptbl(4)

gateways(4)

geniconvtbl(4)

group(4)

gsscred.conf(4)

hba.conf(4)

holidays(4)

hosts(4)

hosts.equiv(4)

ib(4)

idnkit.pc(4)

ike.config(4)

ike.preshared(4)

inetd.conf(4)

inet_type(4)

init.d(4)

inittab(4)

ipaddrsel.conf(4)

ipf(4)

ipf.conf(4)

ipnat(4)

ipnat.conf(4)

ipnodes(4)

ippool(4)

ippool.conf(4)

isa(4)

issue(4)

kadm5.acl(4)

kdc.conf(4)

keytables(4)

krb5.conf(4)

label_encodings(4)

ldapfilter.conf(4)

ldapsearchprefs.conf(4)

ldaptemplates.conf(4)

llc2(4)

logadm.conf(4)

logindevperm(4)

loginlog(4)

lutab(4)

magic(4)

md.cf(4)

mddb.cf(4)

mdi_ib_cache(4)

mdi_scsi_vhci_cache(4)

md.tab(4)

mech(4)

meddb(4)

mipagent.conf(4)

mnttab(4)

mod_ipp(4)

mpapi.conf(4)

named.conf(4)

ncad_addr(4)

nca.if(4)

ncakmod.conf(4)

ncalogd.conf(4)

ncaport.conf(4)

ndpd.conf(4)

netconfig(4)

netgroup(4)

netid(4)

netmasks(4)

netrc(4)

networks(4)

nfs(4)

nfslog.conf(4)

nfssec.conf(4)

nisfiles(4)

NIS+LDAPmapping(4)

NISLDAPmapping(4)

nodename(4)

nologin(4)

note(4)

notrouter(4)

nscd.conf(4)

nss(4)

nsswitch.conf(4)

order(4)

ott(4)

packagetoc(4)

packingrules(4)

pam.conf(4)

passwd(4)

pathalias(4)

path_to_inst(4)

pci(4)

pcie(4)

pdo.conf(4)

phones(4)

pkginfo(4)

pkgmap(4)

platform(4)

plot(4B)

policy.conf(4)

power.conf(4)

pref(4)

printers(4)

printers.conf(4)

priv_names(4)

proc(4)

process(4)

prof_attr(4)

profile(4)

project(4)

protocols(4)

prototype(4)

pseudo(4)

publickey(4)

qop(4)

queuedefs(4)

rcmscript(4)

registration_profile(4)

remote(4)

resolv.conf(4)

rhosts(4)

rmmount.conf(4)

rmtab(4)

rndc.conf(4)

rpc(4)

rpc.nisd(4)

rpld.conf(4)

rt_dptbl(4)

sasl_appname.conf(4)

sbus(4)

sccsfile(4)

scsi(4)

securenets(4)

sel_config(4)

sendmail(4)

sendmail.cf(4)

service_bundle(4)

service_provider.conf(4)

services(4)

shadow(4)

sharetab(4)

shells(4)

slp.conf(4)

slpd.reg(4)

snapshot_cache(4)

snmp.conf(4)

snmp_config(4)

snmpd.conf(4)

snmptrapd.conf(4)

snmp_variables(4)

sock2path(4)

space(4)

ssh_config(4)

sshd_config(4)

submit.cf(4)

sulog(4)

synclist(4)

sysbus(4)

sysidcfg(4)

syslog.conf(4)

system(4)

telnetrc(4)

term(4)

terminfo(4)

TIMEZONE(4)

timezone(4)

tnf_kernel_probes(4)

TrustedExtensionsPolicy(4)

ts_dptbl(4)

ttydefs(4)

ttysrch(4)

tune.high(4)

tune.low(4)

tune.med(4)

ufsdump(4)

uid_aliases(4)

updaters(4)

user_attr(4)

utmp(4)

utmpx(4)

variables(4)

vfstab(4)

vold.conf(4)

volume-config(4)

volume-defaults(4)

volume-request(4)

wanboot.conf(4)

warn.conf(4)

wtmp(4)

wtmpx(4)

xferlog(4)

ypfiles(4)

yppasswdd(4)

ypserv(4)

zoneinfo(4)

asetmasters

, tune.low

, tune.med

, tune.high

, uid_aliases

, cklist.low

, cklist.med

, cklist.high

- ASET master files

Synopsis

/usr/aset/masters/tune.low
/usr/aset/masters/tune.med
/usr/aset/masters/tune.high
/usr/aset/masters/uid_aliases
/usr/aset/masters/cklist.low
/usr/aset/masters/cklist.med
/usr/aset/masters/cklist.high

Description

The /usr/aset/masters directory contains several files used by the Automated Security Enhancement Tool (ASET). /usr/aset is the default operating directory for ASET. An alternative working directory can be specified by the administrators through the aset -d command or the ASETDIR environment variable. See aset(1M).

These files are provided by default to meet the need of most environments. The administrators, however, can edit these files to meet their specific needs. The format and usage of these files are described below.

All the master files allow comments and blank lines to improve readability. Comment lines must start with a leading "#" character.

tune.low
tune.med
tune.high

These files are used by the tune task (see aset(1M)) to restrict the permission settings for system objects. Each file is used by ASET at the security level indicated by the suffix. Each entry in the files is of the form:

pathname mode owner group type

where

pathname

is the full pathname

mode

is the permission setting

owner

is the owner of the object

group

is the group of the object

type

is the type of the object It can be symlink for a symbolic link, directory for a directory, or file for everything else.

Regular shell wildcard ("*", "?", ...) characters can be used in the pathname for multiple references. See sh(1). The mode is a five-digit number that represents the permission setting. Note that this setting represents a least restrictive value. If the current setting is already more restrictive than the specified value, ASET does not loosen the permission settings.

For example, if mode is 00777, the permission will not be changed, since it is always less restrictive than the current setting.

Names must be used for owner and group instead of numeric ID's. ? can be used as a “don't care” character in place of owner, group, and type to prevent ASET from changing the existing values of these parameters.

uid_alias

This file allows user ID's to be shared by multiple user accounts. Normally, ASET discourages such sharing for accountability reason and reports user ID's that are shared. The administrators can, however, define permissible sharing by adding entries to the file. Each entry is of the form:

uid=alias1=alias2=alias3= ...

where

uid

is the shared user id

alias?

is the user accounts sharing the user ID

For example, if sync and daemon share the user ID 1, the corresponding entry is:

1=sync=daemon
cklist.low
cklist.med
cklist.high

These files are used by the cklist task (see aset(1M)), and are created the first time the task is run at the low, medium, and high levels. When the cklist task is run, it compares the specified directory's contents with the appropriate cklist.level file and reports any discrepancies.

Examples

Example 1 Examples of Valid Entries for the tune.low, tune.med, and tune.high Files

The following is an example of valid entries for the tune.low, tune.med, and tune.high files:

/bin 00777   root staffsymlink
/etc 02755   root staffdirectory
/dev/sd*  00640  rootoperatorfile

See Also

aset(1M), asetenv(4)

ASET Administrator Manual