Collecting Reports on a Server

You can collect reports from a number of client systems into a directory on the server to make comparing ASET reports easier.

To collect reports on a server:

1.  Become superuser.

2.  Type cd /usr/aset and press Return.

3.  Type mkdir <rptdir> and press Return to create a report directory.

4.  Type cd <rptdir> and press Return.

5.  Type mkdir <client_rpt> and press Return for each client system you want to collect reports for.

6.  Edit the /etc/dfs/dfstab file and add the <client_rpt> directories with read/write options:

share -F nfs -o rw=<client-hostname>/usr/aset/<rptdir>/<client_rpt>

7.  Type shareall and press Return.

8.  On each client, become superuser.

9.  Type mount <server>:/usr/aset/<rptdir>/<client_rpt> /usr/aset/reports and press Return. The file system is mounted

10.  On each client, also add a line to the /etc/vfstab file on the mount point /usr/aset/reports. The next time the system is booted, the reports are automatically mounted.

The following example collects ASET reports from the client seachild on the server castle:

castle% su
Password:
castle# cd /usr/aset
castle# mkdir all_reports
castle# cd all_reports
castle# mkdir seachild_rpt
castle# vi /etc/dfs/dfstab
share -F dfs -o rw=seachild /usr/aset/all_reports/seachild_rpt
ZZ
castle# shareall

On the client, seachild:

seachild% su
Password:
seachild# mount castle:/usr/aset/all_reports/seachild_rpt /usr/aset/
reports
seachild# vi /etc/vfstab
castle:/usr/aset/all_reports/seachild_rpt /usr/aset/reports nfs -
yes hard
ZZ
seachild#

Restoring System Files Modified by ASET

When ASET is executed for the first time, it saves and archives the original system files in the /usr/aset/archive directory. You can use the /usr/aset/aset.restore utility to reinstate these files. If ASET is currently scheduled for periodic execution, it also removes the line from the crontab entry.

Any changes made to system files are lost when you run aset.restore.

Use the aset.restore utility:

•  When you want to remove ASET changes and restore the original system. If you want to deactivate ASET permanently, you can remove it from cron scheduling if the aset command has been added to root's crontab.

•  After a brief period of experimenting with ASET, to restore the original system state.

•  When some major functionality is not working properly and you suspect that ASET may be causing the problem.

To restore system files modified by ASET:

1.  Become superuser.

2.  Type /usr/aset/aset.restore and press Return. Informational messages are displayed while the script is restoring system files to their original state.

3.  If there is an ASET crontab entry, you are prompted to ask if you want to remove it. Type y and press Return to remove the entry.

The following example restores system files to their pre-ASET state:

# /usr/aset/aset.restore

aset.restore: beginning restoration ...

Executing /usr/aset/tasks/firewall.restore

Beginning firewall.restore...

firewall.restore failed:

/usr/sbin/in.routed.asetoriginal not found.

Executing /usr/aset/tasks/sysconf.restore

Beginning sysconf.restore...

Restoring /etc/inetd.conf. Saved existing file in /etc/inetd.conf.asetbak.

Restoring /etc/aliases. Saved existing file in /etc/aliases.asetbak.

sysconf.restore completed.

Executing /usr/aset/tasks/tune.restore

Beginning tune.restore...
(This may take a while.)

tune.restore completed.

Executing /usr/aset/tasks/usrgrp.restore

Beginning usrgrp.restore...

Restoring /etc/passwd. Saved existing file in /etc/passwd.asetbak.

Restoring /etc/group. Saved existing file in /etc/group.asetbak.

Restoring /etc/shadow. Saved existing file in /etc/shadow.asetback.

usrgrp.restore completed.

Descheduling ASET from crontab file...
The following is the ASET schedule entry to be deleted:
1 2 * * * [ -x /usr/sbin/rtc ] && /usr/sbin/rtc -c > /dev/null 2>&10 0
* * * /usr/aset/aset  -d /usr/aset
Proceed to deschedule: (y/n) y

Resetting security level from low to null.

aset.restore: restoration completed.
#

Note that the firewall restore was not successful in this example.

The aset.restore script does not remove files from the /usr/aset/reports and the /usr/aset/archive directories. If you want to reclaim that file system space, you may want to delete the contents of these directories.