unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Page:
Section:
Apropos / Subsearch:
optional field

asetmasters(4)                   File Formats                   asetmasters(4)



NAME
       asetmasters,  tune.low,  tune.med,  tune.high, uid_aliases, cklist.low,
       cklist.med, cklist.high - ASET master files

SYNOPSIS
       /usr/aset/masters/tune.low

       /usr/aset/masters/tune.med

       /usr/aset/masters/tune.high

       /usr/aset/masters/uid_aliases

       /usr/aset/masters/cklist.low

       /usr/aset/masters/cklist.med

       /usr/aset/masters/cklist.high

DESCRIPTION
       The /usr/aset/masters directory contains  several  files  used  by  the
       Automated  Security  Enhancement  Tool (ASET). /usr/aset is the default
       operating directory for ASET. An alternative working directory  can  be
       specified  by  the  administrators  through  the aset -d command or the
       ASETDIR environment variable. See aset(1M).

       These files are provided by default to meet the need of  most  environ-
       ments.  The administrators, however, can edit these files to meet their
       specific needs. The format and  usage  of  these  files  are  described
       below.

       All  the  master  files allow comments and blank lines to improve read-
       ability.  Comment lines must start with a leading "#" character.

       tune.low        These files are used by the tune task   (see  aset(1M))
       tune.med        to restrict the permission settings for system objects.
       tune.high       Each file is used by ASET at the security  level  indi-
                       cated  by the suffix. Each entry in the files is of the
                       form:


                       pathname mode owner group type



                       where


                       pathname        is the full pathname






                       mode            is the permission setting



                       owner           is the owner of the object



                       group           is the group of the object



                       type            is the type of the  object  It  can  be
                                       symlink  for a symbolic link, directory
                                       for a directory, or   file  for  every-
                                       thing else.


                       Regular  shell  wildcard ("*", "?", ...) characters can
                       be used in the pathname for multiple  references.   See
                       sh(1).  The mode is a five-digit number that represents
                       the permission setting. Note that this  setting  repre-
                       sents a least restrictive value. If the current setting
                       is already more restrictive than the  specified  value,
                       ASET does not loosen the permission settings.

                       For example, if  mode is 00777, the permission will not
                       be changed, since it is always  less  restrictive  than
                       the current setting.

                       Names  must  be  used  for  owner and  group instead of
                       numeric ID's.  ? can be used as a "don't care"  charac-
                       ter  in  place  of   owner, group, and  type to prevent
                       ASET from changing the existing values of these parame-
                       ters.


       uid_alias       This  file  allows  user  ID's to be shared by multiple
                       user accounts. Normally, ASET discourages such  sharing
                       for  accountability  reason  and reports user ID's that
                       are shared. The  administrators  can,  however,  define
                       permissible sharing by adding entries to the file. Each
                       entry is of the form:


                       uid=alias1=alias2=alias3= ...




                       where

                       uid             is the shared user id




                       alias?          is the user accounts sharing  the  user
                                       ID




                       For  example, if  sync and  daemon share the user ID 1,
                       the corresponding entry is:


                       1=sync=daemon





       cklist.low      These files are used by the cklist task (see aset(1M)),
       cklist.med      and  are  created the first time the task is run at the
       cklist.high     low, medium, and high levels. When the cklist  task  is
                       run,  it  compares  the  specified directory's contents
                       with the appropriate cklist.level file and reports  any
                       discrepancies.





EXAMPLES
       Example  1:  Examples  of Valid Entries for the tune.low, tune.med, and
       tune.high Files

       The following  is  an  example  of  valid  entries  for  the  tune.low,
       tune.med, and tune.high files:

       /bin 00777   root staffsymlink
       /etc 02755   root staffdirectory
       /dev/sd*  00640  rootoperatorfile


SEE ALSO
       aset(1M), asetenv(4)

       ASET Administrator Manual




SunOS 5.10                        13 Sep 1991                   asetmasters(4)