Running ASET
This section describes how to run ASET either interactively or periodically.
Running ASET Interactively
You can run ASET interactively from the command line any time you want to monitor system security; use the /usr/aset/aset command. Table 115 lists the options to the aset command.
-p
Use the following steps to run ASET interactively.
1. |
Become superuser. |
2. |
Type /usr/aset/aset -l low | med | high [-d
pathname] and press Return. You use the -d pathname option to specify the ASET working directory if it is located somewhere else than the default /usr/aset directory. |
3. |
Review the ASET execution log that is displayed on the screen. |
4. |
Type /usr/aset/util/taskstat and press Return to verify that all tasks running in background are completed. |
5. |
When tasks are completed, review the contents of the reports in the /usr/aset/reports/latest directory. |
The following example runs ASET at low security with the default working directory. Notice that if you run the aset command with no arguments, the default is to run at low security level.
# /usr/aset/aset ======= ASET Execution Log ======= ASET running at security level low Machine = castle; Current time = 1015_13:45 aset: Using /usr/aset as working directory Downgrading security level: Previous level = high; Current level = low Executing task list ... firewall env sysconf usrgrp tune cklist eeprom All tasks executed. Some background tasks may still be running. Run /usr/aset/util/taskstat to check their status: /usr/aset/util/taskstat [aset_dir] where aset_dir is ASET's operating directory,currently=/usr/aset. When the tasks complete, the reports can be found in: /usr/aset/reports/latest/*.rpt You can view them by: more /usr/aset/reports/latest/*.rpt # /usr/aset/util/taskstat Checking ASET tasks status ... Task firewall is done. The following tasks are done: firewall The following tasks are not done: env sysconf usrgrp tune cklist eeprom # cd /usr/aset/reports/latest # ls env.rpt firewall.rpt taskstatus usrgrp.rpt execution.log sysconf.rpt tune.rpt # more env.rpt *** Begin Enviroment Check *** Warning! umask set to umask 022 in /etc/profile - not recommended. chmod: WARNING: can't access /tmp/tmppath.24379 Ambiguous output redirect Can't open /tmp/tmppath.24379 Can't open /tmp/tmppath.24379 Can't open /tmp/tmppath.24379 Can't open /tmp/tmppath.24379 Can't open /tmp/tmppath.24379 cat: cannot open /tmp/tmppath.24379 *** End Enviroment Check *** # more firewall.rpt *** Begin Firewall Task *** Beginning firewall.restore... Restored ip_forwarding to previous value - 0. Restored /usr/sbin/in.routed. firewall.restore completed. # more sysconf.rpt Beginning sysconf.restore... Restoring /etc/inetd.conf. Saved existing file in /etc/inetd.conf.asetbak. Restoring /etc/aliases. Saved existing file in /etc/aliases.asetbak. sysconf.restore completed. *** Begin System Scripts Check *** *** End System Scripts Check *** # more tune.rpt *** Begin Tune Task *** Beginning tune.restore... (This may take a while.) # more usrgrp.rpt Beginning usrgrp.restore... Restoring /etc/passwd. Saved existing file in /etc/passwd.asetbak. Restoring /etc/group. Saved existing file in /etc/group.asetbak. Restoring /etc/shadow. Saved existing file in /etc/shadow.asetback. usrgrp.restore completed. *** Begin User And Group Checking *** Checking /etc/passwd ... Checking /etc/shadow ... Warning! Shadow file, line 17, no password: rob:::::::: ... end user check. Checking /etc/group ... ... end group check. *** End User And Group Checking ***
Running ASET Periodically
To run ASET periodically, first you edit the PERIODIC_SCHEDULE variable in the /usr/aset/asetenv file, then you run the aset -p command, which adds an ASET entry to the crontab file.
NOTE
Schedule ASET to run when system demand is light. The default setting for the PERIODIC_SCHEDULE environment variable is to run ASET every 24 hours at midnight.
Use the following steps to run ASET periodically.
1. |
Become superuser. |
2. |
Review the settings in the /usr/aset/asetenv file for the PERIODIC_SCHEDULE environment variable, and modify them as appropriate. |
3. |
Type /usr/aset/aset -p and press Return. The -p (periodic) option edits the crontab file, using the values from the asetenv file. |
4. |
Type crontab -l root and press Return to verify that the crontab entry for ASET has been added. |
The following example uses the default values for PERIODIC_SCHEDULE from the asetenv file to schedule when ASET will run.
# crontab -l root #ident "@(#)root 1.19 98/07/06 SMI" /* SVr4.0 1.1.3.1 */ # # The root crontab should be used to perform accounting data collection. # # The rtc command is run to adjust the real time clock if and when # daylight savings time changes. # 10 3 * * 0,4 /etc/cron.d/logchecker 10 3 * * 0 /usr/lib/newsyslog 15 3 * * 0 /usr/lib/fs/nfs/nfsfind 1 2 * * * [ -x /usr/sbin/rtc ] && /usr/sbin/rtc -c > /dev/null 2>&1 30 3 * * * [ -x /usr/lib/gss/gsscred_clean ] && /usr/lib/gss/gsscred_clean #
castle% su Password: # /usr/aset/aset -p ======= ASET Execution Log ======= ASET running at security level low Machine = castle; Current time = 1015_14:22 aset: Using /usr/aset as working directory ASET execution scheduled through cron. # crontab -l root #ident "@(#)root 1.19 98/07/06 SMI" /* SVr4.0 1.1.3.1 */ # # The root crontab should be used to perform accounting data collection. # # The rtc command is run to adjust the real time clock if and when # daylight savings time changes. # 10 3 * * 0,4 /etc/cron.d/logchecker 10 3 * * 0 /usr/lib/newsyslog 15 3 * * 0 /usr/lib/fs/nfs/nfsfind 1 2 * * * [ -x /usr/sbin/rtc ] && /usr/sbin/rtc -c > /dev/null 2>&1 30 3 * * * [ -x /usr/lib/gss/gsscred_clean ] && /usr/lib/gss/gsscred_clean 0 0 * * * /usr/aset/aset -d /usr/aset #
Stopping Running ASET Periodically
If you want to stop running ASET from crontab, edit the crontab file to remove the ASET entry.
Use the following steps to stop running ASET periodically.
1. |
Become superuser. |
2. | |
3. |
Delete the ASET entry. |
4. |
Save the changes and close the file. |
5. |
Type crontab -l root and press Return to verify that the ASET entry is deleted. |
Collecting Reports on a Server
You can collect reports from a number of client systems into a directory on the server to make comparing ASET reports easier.
Use the following steps to collect reports on a server.
1. |
Become superuser. |
2. |
Type cd /usr/aset and press Return. |
3. |
Type mkdir
rptdir and press Return to create a report directory. |
4. |
Type cd
rptdir and press Return. |
5. |
Type mkdir
client-rpt and press Return for each client system for which you want to collect reports. |
6. |
Edit the /etc/dfs/dfstab file and add the client-rpt directories with read/write options. share -F nfs -o rw=client-hostname /usr/aset/rptdir/client-rpt
|
7. |
Type shareall and press Return. |
8. |
On each client, become superuser. |
9. |
Type mount server:/usr/aset/rptdir/client-rpt
/usr/aset/reports and press Return. The file system is mounted |
10. |
On each client, also add a line to the /etc/vfstab file on the mount point /usr/aset/reports. The next time the system is booted, the reports are automatically mounted. |
NOTE
 | You may want to use the automounter to decrease the amount of manual mounting. Refer to Part 3, Automounter and WebNFS Services, for more information. |
The following example collects ASET reports from the client seachild on the server castle.
castle% su Password: castle# cd /usr/aset castle# mkdir all_reports castle# cd all_reports castle# mkdir seachild_rpt castle# vi /etc/dfs/dfstab share -F dfs -o rw=seachild /usr/aset/all_reports/seachild_rpt ZZ (Writes changes and quites vi) castle# shareall castle#
On the client, seachild.
seachild% su Password: seachild# mount castle:/usr/aset/all_reports/seachild_rpt /usr/aset/reports seachild# vi /etc/vfstab castle:/usr/aset/all_reports/seachild_rpt /usr/aset/reports nfs - yes hard ZZ (Writes changes and quites vi) seachild#