All report files generated from ASET tasks are stored in subdirectories under the /usr/aset/reports directory. This section describes the structure of the /usr/aset/reports directory and provides guidelines on managing the report files.
ASET puts the report files in subdirectories that are named to reflect the time and date when the reports are generated. This structure enables you to keep an orderly set of records documenting the system status as it varies between ASET executions. You can monitor and compare the reports to determine the soundness of your system security.
The /usr/aset/reports directory contains a subdirectory named latest that is a symbolic link to the most recent set of reports generated by ASET.
The following example shows contents of the /usr/aset/reports directory with two subdirectories and the latest directory.
# ls -l /usr/aset/reports
total 6
drwxrwxrwx 2 root other 512 Oct 15 09:30 1015_09:29
drwxrwxrwx 2 root other 512 Oct 15 09:41 1015_09:41
lrwxrwxrwx 1 root other 28 Oct 15 09:41 latest ->
/usr/aset/reports/1015_09:41
#
The subdirectory name indicates the date and time the reports were generated, in the following format.
monthdate_hour:minute
where month, date, hour, and minute are all two-digit numbers. For example, 1015_09:41 represents October 15 at 9:41 a.m.
Each of the report subdirectories contains a collection of reports generated from one execution of ASET. To look at the latest reports that ASET has generated, you can always review the reports in the /usr/aset/reports/latest directory. The following example shows the contents of the /usr/aset/reports/latest directory.
# ls -l /usr/aset/reports/latest
total 14
-rw-rw-rw- 1 root other 383 Oct 15 09:41 env.rpt
-rw-rw-rw- 1 root other 622 Oct 15 09:41 execution.log
-rw-rw-rw- 1 root other 306 Oct 15 09:41 firewall.rpt
-rw-rw-rw- 1 root other 631 Oct 15 09:41 sysconf.rpt
-rw-rw-rw- 1 root other 84 Oct 15 09:41 taskstatus
-rw-rw-rw- 1 root other 114 Oct 15 09:41 tune.rpt
-rw-rw-rw- 1 root other 256 Oct 15 09:41 usrgrp.rpt
castle#
NOTE
Because ASET was not run at the highest security level, this listing does not contain the cklist.rpt and eeprom.rpt reports.
Each report is named after the task that generates it. The complete list of reports is shown in Table 112 along with the task that generates the report.
Report | Task |
---|---|
cklist.rpt | System files checklist (cklist). |
eeprom.rpt | EEPROM check (eeprom). |
env.rpt | Environment check (env). |
execution.log | Messages displayed by the taskstat command. |
firewall.rpt | Firewall setup (firewall). |
sysconf.rpt | System configuration files check (sysconf). |
taskstatus | Messages displayed by the taskstat command on the status of the tasks. |
tune.rpt | System file permissions tuning (tune). |
usrgrp.rpt | User/group checks (usrgrp). |
Within each report file, messages are bracketed by a beginning and ending banner line. Sometimes a task terminates prematurely—for example, when a component of ASET is accidentally removed or damaged. In most cases, the report file contains a message near the end that indicates the reason for the premature exit.
The following example of the usrgrp.rpt file reports that user rob has no password in the /etc/shadow file.
castle# more /usr/aset/reports/latest/usrgrp.rpt
*** Begin User And Group Checking ***
Checking /etc/passwd ...
Checking /etc/shadow ...
Warning! Shadow file, line 17, no password:
rob::::::::
... end user check.
Checking /etc/group ...
... end group check.
*** End User And Group Checking ***
#
After you run ASET the first time or when you reconfigure it, you should examine the report files closely.
Reconfiguration includes modifying the asetenv file or the master files in the masters subdirectory, or changing the security level at which ASET operates. The reports record any errors introduced when you reconfigured. By watching the reports closely, you can diagnose and solve problems as they arise.
You should routinely monitor the report files to check for security breaches. You can use the diff command to compare reports.
18.226.34.25