The Solaris 9 system software includes ASET, which helps you monitor and control system security by automatically performing tasks that you would otherwise do manually. ASET performs the following seven tasks, each making specific checks and adjustments to system files and permissions to ensure system security:
Verifies appropriate system file permissions
Verifies system file contents
Checks the consistency and integrity of /etc/passwd and /etc/group entries
Checks the contents of system configuration files
Checks environment files (.profile, .login, .cshrc)
Verifies appropriate eeprom settings
Builds a firewall on a router
The ASET security package provides automated administration tools that let you control and monitor your system’s security. You specify a low, medium, or high security level at which ASET will run. At each higher level, ASET’s file-control functions increase to reduce file access and tighten your system security.
ASET tasks are disk-intensive and can interfere with regular activities. To minimize the impact on system performance, schedule ASET to run when the system activity level is lowest—for example, once every 24 or 48 hours at midnight.
The syntax for the aset command is as follows:
/usr/aset/aset -l <level> -d <pathname>
Options to the aset command are described in Table 16.16.
The following example runs ASET at low security using the default working directory /usr/aset:
# /usr/aset/aset -l low ======= ASET Execution Log ======= ASET running at security level low Machine = holl300s; Current time = 0530_14:03 aset: Using /usr/aset as working directory Executing task list ... firewall env sysconf usrgrp tune cklist eeprom All tasks executed. Some background tasks may still be running. Run /usr/aset/util/taskstat to check their status: /usr/aset/util/taskstat [aset_dir] where aset_dir is ASET's operating directory,currently=/usr/aset. When the tasks complete, the reports can be found in: /usr/aset/reports/latest/*.rpt You can view them by: more /usr/aset/reports/latest/*.rpt #