Previous Table of Contents Next


PERIODIC_SCHEDULE Variable

The value of the PERIODIC_SCHEDULE variable that you set in the asetenv file follows the same format as the crontab file. You specify the variable values as a string of five fields enclosed in double quotation marks, each field separated by a space:

"<minutes> <hours> <day-of-month> <month> <day-of-week>"

Table 20-4 explains the values used for the PERIODIC_SCHEDULE variable.

Table 20-4 PERIODIC_SCHEDULE Variable Values

Variable Value
<minutes> Specifies start time in number of minutes after the hour, by using values from 0
through 59.
<hours> Specifies the start time hour, by using values from 0 through 23.
<day-of-month> Specifies the day of the month when ASET should be run, by using values from 1
through 31.
<month> Specifies the month of the year when ASET should be run, by using values from 1
through 12.
<day-of-week> Specifies the day of the week when ASET should be run, by using values from 0 through 6. In this scheme, Sunday is day 0.

The following rules apply:

  For any field, you can specify a list of values, each delimited by a comma.
  You can specify a value as a number or as a range (a pair of numbers joined by a hyphen). A range states that the ASET tasks should be executed for every time included in the range.
  You can specify an asterisk (*) as the value of any field. An asterisk specifies all possible values of the field, inclusive.

The default entry for PERIODIC_SCHEDULE executes ASET daily at midnight.

TASKS Variable

The TASKS variable in the asetenv file lists the tasks that ASET performs. The default is to list all seven tasks:

  firewall
  env
  sysconf
  usrgrp
  tune
  cklist
  eeprom

If you want to skip any of the tasks, simply remove the task from the list. To add a task, edit the asetenv file and include the task name in the quoted string following the TASK environment variable, using a space as the separator.

UID_ALIASES Variable

The UID_ALIASES variable in the asetenv file specifies which aliases file to use. If present, ASET consults this file for a list of permitted multiple aliases. The format is:

UID_ALIASES=<pathname>

where <pathname> is the full pathname of the aliases file.

The default is the uid_aliases file in the /usr/aset/masters directory.

YPCHECK Variable

The YPCHECK variable in the asetenv file extends the task of checking system tables to include NIS or NIS+ tables. The variable accepts a Boolean value, which can be set to either true or false. The default is false, confining checking to local system tables. To extend checking, edit the asetenv file and change the value for the variable to true.

CKLISTPATH_level Variable

The three checklist path variables list the directories to be checked by the checklist task.

The values for the checklist path environment variables are similar to those of shell path variables. They are a list of directory names separated by colons (:). You use an equal sign (=) to connect the variable name to its value.

Running ASET

This section describes how to run ASET either interactively or periodically.

Running ASET Interactively

You can run ASET interactively from the command line any time you want to monitor system security by using the /usr/aset/aset command.Table 20-5 lists the options to the aset command.

Table 20-5 Options to the aset Command

Option Description
-p Schedule aset to be executed periodically. This command adds an entry for aset to the /etc/crontab file. The option uses the value from the PERIODIC_SCHEDULE environment variable in the /usr/aset/asetenv file to define the time for execution.
-d <aset_dir> Specify a working directory other than the default /usr/aset for ASET. ASET is installed by default in /usr/aset, which is the root directory of all ASET utilities and data files. If another directory is to be used as the ASET working directory, you can either define it with the -d option from the command line or by setting the ASETDIR environment variable before running aset. The command line option, if specified, overwrites the environment variable.
-l <sec_level> Specify a security level (low, medium, or high) for aset to operate at. The default level is low. You can also specify the level by setting the ASETSECLEVEL environment variable before running aset. The command line option, if specified, overwrites the environment variable.
-n <user@host> Notify <user> at system <host>. Send the output of aset to the user through email. If the option is not specified, the output is sent to the standard output. Note that this information is not the ASET report, but rather is an execution log that includes any error messages.
-u <userlist_file> Specify a file containing a list of users for ASET to perform environment checks on. By default, ASET only checks for root. userlist_file is an ASCII text file. Each entry in the file is a line that contains only one username (login name).


Previous Table of Contents Next