Man Pages

---

Back to Software Index  Manpage Top Level

Name

Synopsis

Description

The asetenv file is located in /usr/aset, the default operating directory of the Automated Security Enhancement Tool (ASET). An alternative working directory can be specified by the administrators through the aset -d command or the ASETDIR environment variable. See aset(1M) . asetenv contains definitions of environment variables for ASET.

There are 2 sections in this file. The first section is labeled User Configurable Parameters. It contains, as the label indicates, environment variables that the administrators can modify to customize ASET behavior to suit their specific needs. The second section is labeled ASET Internal Environment Variables and should not be changed. The configurable parameters are explained as follows:

TASK

This variable defines the list of tasks that aset will execute the next time it runs. The available tasks are:

tune

Tighten system files.

usrgrp

Check user/group.

sysconf

Check system configuration file.

env

Check environment.

cklist

Compare system files checklist.

eeprom

Check eeprom(1M) parameters.

firewall

Disable forwarding of IP packets.

CKLISTPATH_LOW

CKLISTPATH_MED

CKLISTPATH_HIGH

These variables define the list of directories to be used by aset to create a checklist file at the low, medium, and high security levels, respectively. Attributes of all the files in the directories defined by these variables will be checked periodically and any changes will be reported by aset. Checks performed on these directories are not recursive. aset only checks directories explicitly listed in these variables and does not check subdirectories of them.

YPCHECK

This variable is a boolean parameter. It specifies whether aset should extend checking (when applicable) on system tables to their NIS equivalents or not. The value true enables it while the value false disables it.

UID_ALIASES

This variable specifies an alias file for user ID sharing. Normally, aset warns about multiple user accounts sharing the same user ID because it is not advisable for accountability reason. Exceptions can be created using an alias file. User ID sharing allowed by the alias file will not be reported by aset. See asetmasters(4) for the format of the alias file.

PERIODIC_SCHEDULE

This variable specifies the schedule for periodic execution of ASET. It uses the format of crontab(1) entries. Briefly speaking, the variable is assigned a string of the following format:

Setting this variable does

not activate the periodic schedule of ASET. To execute ASET periodically, aset(1M) must be run with the -p option. See aset(1M) . For example, if PERIODIC_SCHEDULE is set to the following, and aset(1M) was started with the -p option, aset will run at 12:00 midnight every day:

0 0 * * *

Examples

The following is a sample asetenv file, showing the settings of the ASET configurable parameters:

CKLISTPATH_LOW=/etc:/
CKLISTPATH_MED=$CHECKLISTPATH_LOW:/usr/bin:/usr/ucb
CKLISTPATH_HIGH=$CHECKLISTPATH_MED:/usr/lib:/usr/sbin
YPCHECK=false
UID_ALIASES=/usr/aset/masters/uid_aliases
PERIODIC_SCHEDULE="0 0 * * *"
TASKS="env sysconf usrgrp"

When aset -p is run with this file, aset is executed at midnight of every day. The / and /etc directories are checked at the low security level; the /, /etc, /usr/bin, and /usr/ucb directories are checked at the medium security level; and the /, /etc, /usr/bin, /usr/lib, and /usr/sbin directories are checked at the high security level. Checking of NIS system files is disabled. The /usr/aset/masters/uid_aliases file specifies the used IDs available for sharing. The env, sysconf, and usrgrp tasks will be performed, checking the environment variables, various system tables, and the local passwd and group files.

See Also

ASET Administrator Manual

Table of Contents

• Name
• Synopsis
• Description
• Examples
• See Also