asetenv(4) File Formats asetenv(4)
asetenv - ASET environment file
The asetenv file is located in /usr/aset, the default operating direc-
tory of the Automated Security Enhancement Tool (ASET). An alternative
working directory can be specified by the administrators through the
aset -d command or the ASETDIR environment variable. See aset(1M).
asetenv contains definitions of environment variables for ASET.
There are 2 sections in this file. The first section is labeled User
Configurable Parameters. It contains, as the label indicates, environ-
ment variables that the administrators can modify to customize ASET
behavior to suit their specific needs. The second section is labeled
ASET Internal Environment Variables and should not be changed. The
configurable parameters are explained as follows:
TASK This variable defines the list of tasks that
aset will execute the next time it runs. The
available tasks are:
tune Tighten system files.
usrgrp Check user/group.
sysconf Check system configuration
env Check environment.
cklist Compare system files checklist.
eeprom Check eeprom(1M) parameters.
firewall Disable forwarding of IP pack-
CKLISTPATH_LOW These variables define the list of directories
CKLISTPATH_MED to be used by aset to create a checklist file
"small and bold">>CKLISTPAaTtH_HhIeGHlow, medium, and high security levels,
respectively. Attributes of all the files in
the directories defined by these variables will
be checked periodically and any changes will be
reported by aset. Checks performed on these
directories are not recursive. aset only checks
directories explicitly listed in these vari-
ables and does not check subdirectories of
YPCHECK This variable is a boolean parameter. It speci-
fies whether aset should extend checking (when
applicable) on system tables to their NIS
equivalents or not. The value true enables it
while the value false disables it.
UID_ALIASES This variable specifies an alias file for user
ID sharing. Normally, aset warns about multi-
ple user accounts sharing the same user ID
because it is not advisable for accountability
reason. Exceptions can be created using an
alias file. User ID sharing allowed by the
alias file will not be reported by aset. See
asetmasters(4) for the format of the alias
PERIODIC_SCHEDULE This variable specifies the schedule for peri-
odic execution of ASET. It uses the format of
crontab(1) entries. Briefly speaking, the vari-
able is assigned a string of the following for-
minutes hours day-of-month month day-of-week
Setting this variable does not activate the
periodic schedule of ASET. To execute ASET
periodically, aset(1M) must be run with the -p
option. See aset(1M). For example, if PERI-
ODIC_SCHEDULE is set to the following, and
aset(1M) was started with the -p option, aset
will run at 12:00 midnight every day:
0 0 * * *
Example 1: Sample asetenv file showing the settings of the ASET config-
The following is a sample asetenv file, showing the settings of the
ASET configurable parameters:
PERIODIC_SCHEDULE="0 0 * * *"
TASKS="env sysconf usrgrp"
When aset -p is run with this file, aset is executed at midnight of
every day. The / and /etc directories are checked at the low security
level; the /, /etc, /usr/bin, and /usr/ucb directories are checked at
the medium security level; and the /, /etc, /usr/bin, /usr/lib, and
/usr/sbin directories are checked at the high security level. Checking
of NIS system files is disabled. The /usr/aset/masters/uid_aliases file
specifies the used IDs available for sharing. The env, sysconf, and
usrgrp tasks will be performed, checking the environment variables,
various system tables, and the local passwd and group files.
crontab(1), aset(1M), asetmasters(4)
ASET Administrator Manual
SunOS 5.10 13 Sep 1991 asetenv(4)