ASET Reports

All report files generated from ASET tasks are stored in subdirectories under the /usr/aset/reports directory. This section describes the structure of the /usr/aset/reports directory and provides guidelines on managing the report files.

ASET puts the report files in subdirectories that are named to reflect the time and date when the reports are generated. This structure enables you to keep an orderly set of records documenting the system status as it varies between ASET executions. You can monitor and compare the reports to determine the soundness of your system security.

The /usr/aset/reports directory contains a subdirectory named latest that is a symbolic link to the most recent set of reports generated by ASET.

The following example shows contents of the /usr/aset/reports directory with two subdirectories and the latest directory.

# ls -l /usr/aset/reports
total 6
drwxrwxrwx   2 root     other        512 Oct 15 09:30 1015_09:29
drwxrwxrwx   2 root     other        512 Oct 15 09:41 1015_09:41
lrwxrwxrwx   1 root     other         28 Oct 15 09:41 latest ->
 /usr/aset/reports/1015_09:41
#

The subdirectory name indicates the date and time the reports were generated, in the following format.

						monthdate_hour:minute
					

where month, date, hour, and minute are all two-digit numbers. For example, 1015_09:41 represents October 15 at 9:41 a.m.

Each of the report subdirectories contains a collection of reports generated from one execution of ASET. To look at the latest reports that ASET has generated, you can always review the reports in the /usr/aset/reports/latest directory. The following example shows the contents of the /usr/aset/reports/latest directory.

# ls -l /usr/aset/reports/latest
total 14
-rw-rw-rw-   1 root     other        383 Oct 15 09:41 env.rpt
-rw-rw-rw-   1 root     other        622 Oct 15 09:41 execution.log
-rw-rw-rw-   1 root     other        306 Oct 15 09:41 firewall.rpt
-rw-rw-rw-   1 root     other        631 Oct 15 09:41 sysconf.rpt
-rw-rw-rw-   1 root     other         84 Oct 15 09:41 taskstatus
-rw-rw-rw-   1 root     other        114 Oct 15 09:41 tune.rpt
-rw-rw-rw-   1 root     other        256 Oct 15 09:41 usrgrp.rpt
castle#

Each report is named after the task that generates it. The complete list of reports is shown in Table 112 along with the task that generates the report.

Format of Report Files

Within each report file, messages are bracketed by a beginning and ending banner line. Sometimes a task terminates prematurely—for example, when a component of ASET is accidentally removed or damaged. In most cases, the report file contains a message near the end that indicates the reason for the premature exit.

The following example of the usrgrp.rpt file reports that user rob has no password in the /etc/shadow file.

castle# more /usr/aset/reports/latest/usrgrp.rpt

*** Begin User And Group Checking ***

Checking /etc/passwd ...

Checking /etc/shadow ...

Warning!  Shadow file, line 17, no password:
        rob::::::::

... end user check.

Checking /etc/group ...

... end group check.

*** End User And Group Checking ***
#

Examining and Comparing Report Files

After you run ASET the first time or when you reconfigure it, you should examine the report files closely.

Reconfiguration includes modifying the asetenv file or the master files in the masters subdirectory, or changing the security level at which ASET operates. The reports record any errors introduced when you reconfigured. By watching the reports closely, you can diagnose and solve problems as they arise.

You should routinely monitor the report files to check for security breaches. You can use the diff command to compare reports.