ASET maintains three tune files. The entry format in all three tune files are described in the table below.
Table 24-4 Tune File Entry Format
Entry |
Description |
---|---|
pathname |
The full path name of the file |
mode |
A five-digit number that represents the permission setting |
owner |
The owner of the file |
group |
The group owner of the file |
type |
The type of the file |
The following rules apply:
You can use regular shell wildcard characters, such as an asterisk (*) and a question mark (?), in the path name for multiple references. See sh(1) for more information.
mode represents the least restrictive value. If the current setting is already more restrictive than the specified value, ASET does not loosen the permission settings. For example, if the specified value is 00777, the permission will remain unchanged, because 00777 is always less restrictive than whatever the current setting is.
This is how ASET handles mode setting, unless the security level is being downgraded or you are removing ASET. When you decrease the security level from what it was for the previous execution, or when you want to restore the system files to the state they were in before ASET was first executed, ASET recognizes what you are doing and decreases the protection level.
You must use names for owner and group instead of numeric IDs.
You can use a question mark (?) in place of owner, group, and type to prevent ASET from changing the existing values of these parameters.
type can be symlink (symbolic link), directory, or file (everything else).
Higher security level tune files reset file permissions to be at least as restrictive as they are at lower levels. Also, at higher levels, additional files are added to the list.
A file can match more than one tune file entry. For example, etc/passwd matches etc/pass* and /etc/* entries.
Where two entries have different permissions, the file permission is set to the most restrictive value. In the following example, the permission of /etc/passwd will be set to 00755, which is the more restrictive of 00755 and 00770.
/etc/pass* 00755 ? ? file /etc/* 00770 ? ? file |
If two entries have different owner or group designations, the last entry takes precedence. The following example shows the first few lines of the tune.low file.
/ 02755 root root directory /bin 00777 root bin symlink /sbin 02775 root sys directory /usr/sbin 02775 root bin directory /etc 02755 root sys directory /etc/chroot 00777 bin bin symlink |