ASET Reports
All report files generated from ASET tasks are in subdirectories under the /usr/aset/reports directory. This section describes the structure of the /usr/aset/reports directory, and provides guidelines on managing the report files.
ASET places the report files in subdirectories that are named to reflect the time and date when the reports are generated. This enables you to keep an orderly trail of records documenting the system status as it varies between ASET executions. You can monitor and compare these reports to determine the soundness of your system's security.
Figure 54-1 shows an example of the reports directory structure.
Figure 54-1 reports Directory Structure
Two report subdirectories are shown in this example:
-
0124_01:00
-
0125_01:00
The subdirectory names indicate the date and time the reports were generated. Each report subdirectory name has the following format:
monthdate_hour:minute
where month, date, hour, and minute are all two-digit numbers. For example, 0125_01:00 represents January 25, at 1 a.m.
Each of the two report subdirectories contains a collection of reports generated from one execution of ASET.
The directory latest is a symbolic link that always points to the subdirectory that contains the latest reports. Therefore, to look at the latest reports that ASET has generated, you can go to the /usr/aset/reports/latest directory. There is a report file in this directory for each task that ASET performed during its most recent execution.
Format of Report Files
Each report file is named after the task that generates it. See Table 54-1 for a list of tasks and their reports.
Table 54-1 ASET Tasks and Resulting Reports|
Tasks |
Report |
|---|---|
|
System file permissions tuning (tune) |
tune.rpt |
|
System files checklist (cklist) |
cklist.rpt |
|
User/group checks (usrgrp) |
usrgrp.rpt |
|
System configuration files check (sysconf) |
sysconf.rpt |
|
Environment check (env) |
env.rpt |
|
eeprom check (eeprom) |
eeprom.rpt |
|
Firewall setup (firewall) |
firewall.rpt |
Within each report file, messages are bracketed by a beginning and an ending banner line. Sometimes a task terminates prematurely; for example, when a component of ASET is accidently removed or damaged. In most cases, the report file will contain a message near the end that indicates the reason for the premature exit.
The following is a sample report file, usrgrp.rpt.
*** Begin User and Group Checking *** Checking /etc/passwd ... Warning! Password file, line 10, no passwd :sync::1:1::/:/bin/sync ..end user check; starting group check ... Checking /etc/group... *** End User And group Checking *** |
Examining Report Files
After initially running or reconfiguring ASET, you should examine the report files closely. (Reconfiguration includes modifying the asetenv file or the master files in the masters subdirectory, or changing the security level at which ASET operates.) The reports record any errors introduced when you reconfigured. By watching the reports closely, you can react to, and solve, problems as they arise.
Comparing Report Files
After you monitor the report files for a period during which there are no configuration changes or system updates, you may find that the content of the reports begin to stabilize and that it contains little, if any, unexpected information. You can use the diff utility to compare reports.
- © 2010, Oracle Corporation and/or its affiliates