Solaris Advanced System Administrator's Guide, Second Edition:Using Automated Security Enhancement Tool (ASET)

ASET Execution Log

ASET generates an execution log whether it runs interactively or in the background. By default, ASET generates the log file on standard output. The execution log confirms that ASET ran at the designated time. It also contains any execution error messages. The -n option of the aset command directs the log to be delivered by electronic mail to a designated user. For a complete list of ASET options, refer to the aset(1M) manual page.

The following example shows an execution log running at low-level security:

castle% su
Password:
# /usr/aset/aset -l low
======= ASET Execution Log =======

ASET running at security level low

Machine = castle; Current time = 1015_09:29

aset: Using /usr/aset as working directory

Executing task list ...
        firewall
        env
        sysconf
        usrgrp
        tune
        cklist
        eeprom

All tasks executed. Some background tasks may still be running.

Run /usr/aset/util/taskstat to check their status:
   /usr/aset/util/taskstat   [aset_dir]

where aset_dir is ASET's operating directory,currently=/usr/aset.

When the tasks complete, the reports can be found in:
  /usr/aset/reports/latest/*.rpt
You can view them by:
  more /usr/aset/reports/latest/*.rpt
#

The log first shows the system and the time that ASET was run. Then it lists each task as it is started.

ASET invokes a background process for each of the tasks. The task is listed in the execution log when it starts. The log does not indicate when the task has been completed. To check the status of the background tasks, type /usr/aset/util/taskstat and press Return.

The following example shows that four tasks--firewall, env, sysconf, and usrgrp--have been completed, and that three tasks--tune, cklist, and eeprom--are not finished:

# /usr/aset/util/taskstat

Checking ASET tasks status ...
Task firewall is done.
Task env is done.
Task sysconf is done.
Task usrgrp is done.

The following tasks are done:
        firewall
        env
        sysconf
        usrgrp

The following tasks are not done:
        tune
        cklist
        eeprom
#

ASET Reports

All report files generated from ASET tasks are stored in subdirectories under the /usr/aset/reports directory. This section describes the structure of the /usr/aset/reports directory and provides guidelines on managing the report files.

ASET puts the report files in subdirectories that are named to reflect the time and date when the reports are generated. This structure enables you to keep an orderly set of records documenting the system status as it varies between ASET executions. You can monitor and compare the reports to determine the soundness of your system security.

The /usr/aset/reports directory contains a subdirectory named latest that is a symbolic link to the most recent set of reports generated by ASET.

The following example shows contents of the /usr/aset/reports directory with two subdirectories and the latest directory:

# ls -l /usr/aset/reports
total 6
drwxrwxrwx   2 root     other        512 Oct 15 09:30 1015_09:29
drwxrwxrwx   2 root     other        512 Oct 15 09:41 1015_09:41
lrwxrwxrwx   1 root     other        28 Oct 15 09:41 latest ->
                                     /usr/aset/reports/1015_09:41
#

The subdirectory name indicates the date and time the reports were generated, in the format:

<monthdate_hour>:<minute>

where <month>, <date>, <hour>, and <minute> are all two-digit numbers. For example, 1015_09:41 represents October 15 at 9:41 a.m.

Each of the report subdirectories contains a collection of reports generated from one execution of ASET. To look at the latest reports that ASET has generated, you can always review the reports in the /usr/aset/reports/latest directory. The following example shows the contents of the /usr/aset/reports/latest directory:

# ls -l /usr/aset/reports/latest
total 14
-rw-rw-rw-   1 root     other        383 Oct 15 09:41 env.rpt
-rw-rw-rw-   1 root     other        622 Oct 15 09:41 execution.log
-rw-rw-rw-   1 root     other        306 Oct 15 09:41 firewall.rpt
-rw-rw-rw-   1 root     other        631 Oct 15 09:41 sysconf.rpt
-rw-rw-rw-   1 root     other         84 Oct 15 09:41 taskstatus
-rw-rw-rw-   1 root     other        114 Oct 15 09:41 tune.rpt
-rw-rw-rw-   1 root     other        256 Oct 15 09:41 usrgrp.rpt
castle#

NOTE: Because ASET was not run at the highest security level, this listing does not contain the cklist.rpt and eeprom.rpt reports.

Each report is named after the task that generates it. The complete list of reports is shown in Table 20-2 along with the task that generates the report.

**Table 20-2** ASET Reports and Tasks

Report	Task
`cklist.rpt`	System files checklist (cklist)
`eeprom.rpt`	eeprom check (eeprom)
`env.rpt`	Environment check (env)
`execution.log`	Contains messages displayed by the `taskstat` command
`firewall.rpt`	Firewall setup (firewall)
`sysconf.rpt`	System configuration files check (sysconf)
`taskstatus`	Contains messages displayed by the `taskstat` command on the status of the tasks
`tune.rpt`	System file permissions tuning (tune)
`usrgrp.rpt`	User/group checks (usrgrp)

Format of Report Files

Within each report file, messages are bracketed by a beginning and ending banner line. Sometimes a task terminates prematurely--for example, when a component of ASET is accidentally removed or damaged. In most cases, the report file contains a message near the end that indicates the reason for the premature exit.

The following example of the usrgrp.rpt file reports that user rob has no password in the /etc/shadow file:

castle# more /usr/aset/reports/latest/usrgrp.rpt

*** Begin User And Group Checking ***

Checking /etc/passwd ...

Checking /etc/shadow ...

Warning!  Shadow file, line 17, no password:
        rob::::::::

... end user check.

Checking /etc/group ...

... end group check.

*** End User And Group Checking ***
#

Table of Contents