Skip Navigation Links | |
Exit Print View | |
System Administration Guide: Security Services Oracle Solaris 10 8/11 Information Library |
1. Security Services (Overview)
Part II System, File, and Device Security
2. Managing Machine Security (Overview)
3. Controlling Access to Systems (Tasks)
4. Controlling Access to Devices (Tasks)
5. Using the Basic Audit Reporting Tool (Tasks)
6. Controlling Access to Files (Tasks)
7. Using the Automated Security Enhancement Tool (Tasks)
Automated Security Enhancement Tool (ASET)
System Files Permissions Tuning
System Configuration Files Check
Example of an ASET Execution Log File
ASET Environment File (asetenv)
Modifying the Environment File (asetenv)
Choosing Which Tasks to Run: TASKS
Specifying Directories for System Files Checks Task: CKLISTPATH
Scheduling ASET Execution: PERIODIC_SCHEDULE
Specifying an Aliases File: UID_ALIASES
Extending Checks to NIS+ Tables: YPCHECK
Restoring System Files Modified by ASET
Network Operation With the NFS System
Providing a Global Configuration for Each Security Level
ASETSECLEVEL Environment Variable
PERIODIC_SCHEDULE Environment Variable
UID_ALIASES Environment Variable
CKLISTPATH_level Environment Variables
Part III Roles, Rights Profiles, and Privileges
8. Using Roles and Privileges (Overview)
9. Using Role-Based Access Control (Tasks)
10. Role-Based Access Control (Reference)
Part IV Cryptographic Services
13. Oracle Solaris Cryptographic Framework (Overview)
14. Oracle Solaris Cryptographic Framework (Tasks)
15. Oracle Solaris Key Management Framework
Part V Authentication Services and Secure Communication
16. Using Authentication Services (Tasks)
19. Using Oracle Solaris Secure Shell (Tasks)
20. Oracle Solaris Secure Shell (Reference)
21. Introduction to the Kerberos Service
22. Planning for the Kerberos Service
23. Configuring the Kerberos Service (Tasks)
24. Kerberos Error Messages and Troubleshooting
25. Administering Kerberos Principals and Policies (Tasks)
26. Using Kerberos Applications (Tasks)
27. The Kerberos Service (Reference)
Part VII Oracle Solaris Auditing
28. Oracle Solaris Auditing (Overview)
29. Planning for Oracle Solaris Auditing
30. Managing Oracle Solaris Auditing (Tasks)
|
To set the variables in ASET, see ASET Environment Variables. To configure ASET, see Configuring ASET.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map).
# /usr/aset/aset -l level -d pathname
Specifies the level of security. Valid values are low, medium, or high. The default setting is low. For detailed information about security levels, see ASET Security Levels.
Specifies the working directory for ASET. The default is /usr/aset.
The execution log message identifies which tasks are being run.
Example 7-1 Running ASET Interactively
In the following example, ASET is run at low security with the default working directory.
# /usr/aset/aset -l low ======= ASET Execution Log ======= ASET running at security level low Machine = jupiter; Current time = 0111_09:26 aset: Using /usr/aset as working directory Executing task list ... firewall env sysconf usrgrp tune cklist eeprom All tasks executed. Some background tasks may still be running. Run /usr/aset/util/taskstat to check their status: /usr/aset/util/taskstat [aset_dir] where aset_dir is ASET's operating directory,currently=/usr/aset. When the tasks complete, the reports can be found in: /usr/aset/reports/latest/*.rpt You can view them by: more /usr/aset/reports/latest/*.rpt
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map).
You should have ASET run when system demand is light. The PERIODIC_SCHEDULE environment variable in the /usr/aset/asetenv file is used to set up the time for ASET to run periodically. By default, the time is set for every day at midnight.
If you want to set up a different time, edit the PERIODIC_SCHEDULE variable in the /usr/aset/asetenv file. For detailed information about setting the PERIODIC_SCHEDULE variable, see PERIODIC_SCHEDULE Environment Variable.
# /usr/aset/aset -p
The -p option inserts a line in the crontab file that starts ASET running at the time determined by the PERIODIC_SCHEDULE environment variable in the /usr/aset/asetenv file.
# crontab -l root
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
# crontab -e root
# crontab -l root
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
mars# cd /usr/aset
mars# mkdir rptdir
This step creates a client_rpt subdirectory for a client. Repeat this step for each client whose reports you need to collect.
mars# cd rptdir mars# mkdir client_rpt
In the following example, the directory all_reports, and the subdirectories pluto_rpt and neptune_rpt are created.
mars# cd /usr/aset mars# mkdir all_reports mars# cd all_reports mars# mkdir pluto_rpt mars# mkdir neptune_rpt
The directories should have read and write options.
For example, the following entries in the dfstab file are shared with read and write permissions.
share -F nfs -o rw=pluto /usr/aset/all_reports/pluto_rpt share -F nfs -o rw=neptune /usr/aset/all_reports/neptune_rpt
# shareall
# mount server:/usr/aset/client_rpt /usr/aset/masters/reports
The following sample entry in /etc/vfstab on neptune lists the directory to be mounted from mars, /usr/aset/all_reports/neptune_rpt, and the mount point on neptune, /usr/aset/reports. At boot time, the directories that are listed in vfstab are automatically mounted.
mars:/usr/aset/all_reports/neptune.rpt /usr/aset/reports nfs - yes hard