unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Page:
Section:
Apropos / Subsearch:
optional field

asetenv(4)                       File Formats                       asetenv(4)



NAME
       asetenv - ASET environment file

SYNOPSIS
       /usr/aset/asetenv

DESCRIPTION
       The asetenv file is located in  /usr/aset, the default operating direc-
       tory of the Automated Security Enhancement Tool (ASET).  An alternative
       working  directory  can  be specified by the administrators through the
       aset -d command or the  ASETDIR environment  variable.   See  aset(1M).
       asetenv contains definitions of environment variables for ASET.

       There  are  2  sections in this file. The first section is labeled User
       Configurable Parameters. It contains, as the label indicates,  environ-
       ment  variables  that  the  administrators can modify to customize ASET
       behavior to suit their specific needs. The second  section  is  labeled
       ASET  Internal  Environment  Variables  and should not be changed.  The
       configurable parameters are explained as follows:

       TASK                    This variable defines the list  of  tasks  that
                               aset  will  execute  the next time it runs. The
                               available tasks are:

                               tune            Tighten system files.




                               usrgrp          Check user/group.



                               sysconf         Check   system    configuration
                                               file.



                               env             Check environment.



                               cklist          Compare system files checklist.



                               eeprom          Check eeprom(1M) parameters.



                               firewall        Disable  forwarding of IP pack-
                                               ets.





       CKLISTPATH_LOW          These variables define the list of  directories
       CKLISTPATH_MED          to be used by  aset to create a  checklist file
       "small and bold">>CKLISTPAaTtH_HhIeGHlow, medium, and high security  levels,
                               respectively.  Attributes  of  all the files in
                               the directories defined by these variables will
                               be checked periodically and any changes will be
                               reported by  aset.  Checks performed  on  these
                               directories are not recursive. aset only checks
                               directories explicitly listed  in  these  vari-
                               ables  and  does  not  check  subdirectories of
                               them.





       YPCHECK                 This variable is a boolean parameter. It speci-
                               fies  whether aset should extend checking (when
                               applicable)  on  system  tables  to  their  NIS
                               equivalents  or not. The value  true enables it
                               while the value  false disables it.



       UID_ALIASES             This variable specifies an alias file for  user
                               ID  sharing.  Normally, aset warns about multi-
                               ple user accounts  sharing  the  same  user  ID
                               because  it is not advisable for accountability
                               reason.  Exceptions can  be  created  using  an
                               alias  file.  User  ID  sharing  allowed by the
                               alias file will not be reported  by  aset.  See
                               asetmasters(4)  for  the  format  of  the alias
                               file.



       PERIODIC_SCHEDULE       This variable specifies the schedule for  peri-
                               odic  execution  of ASET. It uses the format of
                               crontab(1) entries. Briefly speaking, the vari-
                               able is assigned a string of the following for-
                               mat:


                               minutes hours day-of-month month day-of-week




                               Setting this variable does   not  activate  the
                               periodic  schedule  of  ASET.  To  execute ASET
                               periodically, aset(1M) must be run with the  -p
                               option.  See  aset(1M).   For example, if PERI-
                               ODIC_SCHEDULE is  set  to  the  following,  and
                               aset(1M)  was started with the -p option,  aset
                               will run at 12:00 midnight every day:


                               0 0 * * *





EXAMPLES
       Example 1: Sample asetenv file showing the settings of the ASET config-
       urable parameters

       The  following  is  a  sample asetenv file, showing the settings of the
       ASET configurable parameters:

       CKLISTPATH_LOW=/etc:/
       CKLISTPATH_MED=$CHECKLISTPATH_LOW:/usr/bin:/usr/ucb
       CKLISTPATH_HIGH=$CHECKLISTPATH_MED:/usr/lib:/usr/sbin
       YPCHECK=false
       UID_ALIASES=/usr/aset/masters/uid_aliases
       PERIODIC_SCHEDULE="0 0 * * *"
       TASKS="env sysconf usrgrp"


       When  aset -p is run with this file, aset is executed  at  midnight  of
       every  day. The / and  /etc directories are checked at the low security
       level; the /, /etc, /usr/bin, and /usr/ucb directories are  checked  at
       the   medium  security  level; and the /, /etc, /usr/bin, /usr/lib, and
       /usr/sbin directories are checked at the  high security level. Checking
       of NIS system files is disabled. The /usr/aset/masters/uid_aliases file
       specifies the used IDs available for sharing.  The  env,  sysconf,  and
       usrgrp  tasks  will  be  performed, checking the environment variables,
       various system tables, and the local  passwd and group files.

SEE ALSO
       crontab(1), aset(1M), asetmasters(4)

       ASET Administrator Manual



SunOS 5.10                        13 Sep 1991                       asetenv(4)