Task |
Description |
For Instructions |
---|---|---|
Run ASET from the command line |
Protects the system at the ASET level that you specify. Views the execution log to see the changes. | |
Run ASET in batch mode at regular intervals |
Sets up a cron job to ensure that ASET protects the system. | |
Stop running ASET in batch mode |
Removes the ASET cron job. | |
Store ASET reports on a server |
Collects ASET reports from clients for monitoring in a central location. |
To set the variables in ASET, see ASET Environment Variables. To configure ASET, see Configuring ASET.
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map).
Run ASET interactively by using the aset command.
# /usr/aset/aset -l level -d pathname |
Specifies the level of security. Valid values are low, medium, or high. The default setting is low. For detailed information about security levels, see ASET Security Levels.
Specifies the working directory for ASET. The default is /usr/aset.
Verify that ASET is running by viewing the ASET execution log that is displayed on the screen.
The execution log message identifies which tasks are being run.
In the following example, ASET is run at low security with the default working directory.
# /usr/aset/aset -l low ======= ASET Execution Log ======= ASET running at security level low Machine = jupiter; Current time = 0111_09:26 aset: Using /usr/aset as working directory Executing task list ... firewall env sysconf usrgrp tune cklist eeprom All tasks executed. Some background tasks may still be running. Run /usr/aset/util/taskstat to check their status: /usr/aset/util/taskstat [aset_dir] where aset_dir is ASET's operating directory,currently=/usr/aset. When the tasks complete, the reports can be found in: /usr/aset/reports/latest/*.rpt You can view them by: more /usr/aset/reports/latest/*.rpt |
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map).
If necessary, set up the time when you want ASET to run periodically.
You should have ASET run when system demand is light. The PERIODIC_SCHEDULE environment variable in the /usr/aset/asetenv file is used to set up the time for ASET to run periodically. By default, the time is set for every day at midnight.
If you want to set up a different time, edit the PERIODIC_SCHEDULE variable in the /usr/aset/asetenv file. For detailed information about setting the PERIODIC_SCHEDULE variable, see PERIODIC_SCHEDULE Environment Variable.
Add an entry to the crontab file by using the aset command.
# /usr/aset/aset -p |
The -p option inserts a line in the crontab file that starts ASET running at the time determined by the PERIODIC_SCHEDULE environment variable in the /usr/aset/asetenv file.
Display the crontab entry to verify when ASET is scheduled to run.
# crontab -l root |
Assume the Primary Administrator role, or become superuser.
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
Edit the crontab file.
# crontab -e root |
Delete the ASET entry.
Save the changes and exit.
Display the crontab entry to verify that the ASET entry is deleted.
# crontab -l root |
Assume the Primary Administrator role, or become superuser.
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
Set up a directory on the server:
Change to the /usr/aset directory.
mars# cd /usr/aset |
Create a rptdir directory.
mars# mkdir rptdir |
Change to the rptdir directory, and create a client_rpt directory.
This step creates a client_rpt subdirectory for a client. Repeat this step for each client whose reports you need to collect.
mars# cd rptdir mars# mkdir client_rpt |
In the following example, the directory all_reports, and the subdirectories pluto_rpt and neptune_rpt are created.
mars# cd /usr/aset mars# mkdir all_reports mars# cd all_reports mars# mkdir pluto_rpt mars# mkdir neptune_rpt |
Add the client_rpt directories to the /etc/dfs/dfstab file.
The directories should have read and write options.
For example, the following entries in the dfstab file are shared with read and write permissions.
share -F nfs -o rw=pluto /usr/aset/all_reports/pluto_rpt share -F nfs -o rw=neptune /usr/aset/all_reports/neptune_rpt |
Make the resources in the dfstab file available to the clients.
# shareall |
On each client, mount the client subdirectory from the server at the mount point, /usr/aset/masters/reports.
# mount server:/usr/aset/client_rpt /usr/aset/masters/reports |
Edit the /etc/vfstab file to mount the directory automatically at boot time.
The following sample entry in /etc/vfstab on neptune lists the directory to be mounted from mars, /usr/aset/all_reports/neptune_rpt, and the mount point on neptune, /usr/aset/reports. At boot time, the directories that are listed in vfstab are automatically mounted.
mars:/usr/aset/all_reports/neptune.rpt /usr/aset/reports nfs - yes hard |