Skip Navigation Links | |
Exit Print View | |
System Administration Guide: Security Services Oracle Solaris 10 8/11 Information Library |
1. Security Services (Overview)
Part II System, File, and Device Security
2. Managing Machine Security (Overview)
3. Controlling Access to Systems (Tasks)
4. Controlling Access to Devices (Tasks)
5. Using the Basic Audit Reporting Tool (Tasks)
6. Controlling Access to Files (Tasks)
7. Using the Automated Security Enhancement Tool (Tasks)
Automated Security Enhancement Tool (ASET)
System Files Permissions Tuning
System Configuration Files Check
Example of an ASET Execution Log File
ASET Environment File (asetenv)
Modifying the Environment File (asetenv)
Choosing Which Tasks to Run: TASKS
Specifying Directories for System Files Checks Task: CKLISTPATH
Scheduling ASET Execution: PERIODIC_SCHEDULE
Specifying an Aliases File: UID_ALIASES
Extending Checks to NIS+ Tables: YPCHECK
Restoring System Files Modified by ASET
Network Operation With the NFS System
Providing a Global Configuration for Each Security Level
ASETSECLEVEL Environment Variable
PERIODIC_SCHEDULE Environment Variable
UID_ALIASES Environment Variable
CKLISTPATH_level Environment Variables
How to Stop Running ASET Periodically
How to Collect ASET Reports on a Server
Part III Roles, Rights Profiles, and Privileges
8. Using Roles and Privileges (Overview)
9. Using Role-Based Access Control (Tasks)
10. Role-Based Access Control (Reference)
Part IV Cryptographic Services
13. Oracle Solaris Cryptographic Framework (Overview)
14. Oracle Solaris Cryptographic Framework (Tasks)
15. Oracle Solaris Key Management Framework
Part V Authentication Services and Secure Communication
16. Using Authentication Services (Tasks)
19. Using Oracle Solaris Secure Shell (Tasks)
20. Oracle Solaris Secure Shell (Reference)
21. Introduction to the Kerberos Service
22. Planning for the Kerberos Service
23. Configuring the Kerberos Service (Tasks)
24. Kerberos Error Messages and Troubleshooting
25. Administering Kerberos Principals and Policies (Tasks)
26. Using Kerberos Applications (Tasks)
27. The Kerberos Service (Reference)
Part VII Oracle Solaris Auditing
28. Oracle Solaris Auditing (Overview)
29. Planning for Oracle Solaris Auditing
30. Managing Oracle Solaris Auditing (Tasks)
This section describes the error messages that are generated by ASET.
ASET failed: no mail program found.
Cause: ASET is directed to send the execution log to a user, but no mail program can be found.
Solution: Install a mail program.
Usage: aset [-n user[@host]] in /bin/mail or /usr/ucb/mail.
Cannot decide current and previous security levels.
Cause: ASET cannot determine what the security levels are for the current and previous invocations.
Solution: Ensure the current security level is set either through the command-line option or the ASETSECLEVEL environment variable. Also, ensure that the last line of ASETDIR/archives/asetseclevel.arch correctly reflects the previous security level. If these values are not set, or if these values are incorrect, enter the correct values.
ASET working directory undefined.
To specify, set ASETDIR environment variable or use command line option -d.
ASET startup unsuccessful.
Cause: The ASET working directory is not defined, or the directory is defined incorrectly. The working directory is the operating directory.
Solution: Use the ASETDIR environment variable or the -d command-line option to correct the error, and restart ASET.
ASET working directory $ASETDIR missing.
ASET startup unsuccessful.
Cause: The ASET working directory is not defined, or the directory is defined incorrectly. The working directory is the operating directory. This problem might be because the ASETDIR variable refers to a nonexistent directory. Or the -d command-line option might refer to a nonexistent directory.
Solution: Ensure that the correct directory, that is, the directory that contains the ASET directory hierarchy, is referred to correctly.
Cannot expand $ASETDIR to full pathname.
Cause: ASET cannot expand the directory name that is given by the ASETDIR variable or the -d command-line option to a full path name.
Solution: Ensure that the directory name is correct. Ensure that the directory refers to an existing directory to which the user has access.
aset: invalid/undefined security level.
To specify, set ASETSECLEVEL environment variable or use command line option -l, with argument= low/med/high.
Cause: The security level is not defined, or the level is defined incorrectly. Only the values low, med, or high are acceptable.
Solution: Use the ASETSECLEVEL variable or the -l command-line option to specify one of the three values.
ASET environment file asetenv not found in $ASETDIR.
ASET startup unsuccessful.
Cause: ASET cannot locate an asetenv file in its working directory.
Solution: Ensure there is an asetenv file in ASET's working directory. For the details about this file, see the asetenv(4) man page.
filename doesn't exist or is not readable.
Cause: The file that is referred to by filename either does not exist or is not readable. This problem can occur when you are using the -u option. The option permits you to specify a file that contains a list of users whom you want to check.
Solution: Ensure that the argument to the -u option exists and that the argument is readable.
ASET task list TASKLIST undefined.
Cause: The ASET task list, which should be defined in the asetenv file, is not defined. This message can mean that your asetenv file is bad.
Solution: Examine your asetenv file. Ensure that the task list is defined in the User Configurable section. Also check other parts of the file to ensure that the file is intact. For the content of a valid asetenv file, see the asetenv(4) man page.
ASET task list $TASKLIST missing.
ASET startup unsuccessful.
Cause: The ASET task list, which should be defined in the asetenv file, is not defined. This message can mean that your asetenv file is bad.
Solution: Examine your asetenv file. Ensure that the task list is defined in the User Configurable section. Also check other parts of the file to ensure that the file is intact. For the content of a valid asetenv file, see the asetenv(4) man page.
Schedule undefined for periodic invocation.
No tasks executed or scheduled. Check asetenv file.
Cause: ASET scheduling is requested by using the -p option, but the environment variable PERIODIC_SCHEDULE is undefined in the asetenv file.
Solution: Check the User Configurable section of the asetenv file to ensure that the variable is defined. Ensure that the variable is in proper format.
Warning! Duplicate ASET execution scheduled.
Check crontab file.
Cause: ASET is scheduled to run more than once. In other words, ASET scheduling is requested while a schedule is already in effect. This message does not necessarily indicate an error if more than one schedule is indeed desired. In this instance, the messages servers only as a warning. If you want more than one schedule, you should use the proper scheduling format with the crontab command. For more information, see the crontab(1) man page.
Solution: Verify, through the crontab command, that the correct schedule is in effect. Ensure that no unnecessary crontab entries for ASET are in place.