Previous Table of Contents Next

Using Automated Security Enhancement Tool (ASET)

ASET Tasks
ASET Master Files
ASET Security Levels
How ASET Tasks Work
ASET Execution Log
ASET Reports
ASET Master Files
ASET Environment File (asetenv)
Running ASET
Restoring System Files Modified by ASET
ASET Error Messages

THE AUTOMATED SECURITY ENHANCEMENT TOOL (ASET) ENABLES YOU TO MONITOR AND control system security by automatically performing tasks that you would otherwise do manually.

ASET Tasks

ASET consists of seven tasks, each performing specific checks and adjustments to file systems:

  System files permissions verification
  System files checks
  User/group checks
  System configuration files check
  Environment check
  eeprom check
  Firewall setup

The ASET tasks tighten file permissions, check the contents of critical system files for security weaknesses, and monitor crucial areas. ASET can safeguard a network by applying the basic requirements of a firewall system to a system that serves as a gateway system.

Each task generates a report noting detected security weaknesses and changes the task has made to the system files. When run at the highest security level, ASET tries to modify all system security weaknesses. If it cannot correct a potential security problem, ASET reports the existence of the problem.

ASET Master Files

ASET uses master files for configuration. Master files, reports, and other files are available in the /usr/aset directory. You can change these files to suit the particular requirements of your site.

The contents of the /usr/aset directory are listed in Table 20-1.

Table 20-1 Contents of the /usr/aset Directory

Files and Directories Description
archives Directory ASET uses to store archive files. The aset.restore script uses the original files from this directory to restore a system to its pre-ASET state.
aset The ASET shell script.
aset.restore Script used to restore a system to its original condition before ASET was run. It also deschedules ASET if it is scheduled.
asetenv Script that controls and sets ASET environment variables.
masters Directory containing a list of master files that control the three levels of ASET security.
reports Directory ASET uses to store reports.
tasks Directory containing shell scripts and C executables that perform ASET tasks.
tmp Temporary directory.
util Directory containing ASET shell scripts and ELF executable utilities.

To administer ASET, if you want to change any of the ASET defaults, first you edit the asetenv file. Next, you initiate an ASET session at one of the three levels of security either by using the /user/aset/aset command interactively, or by using the aset command to put an entry into the crontab file to run ASET periodically. Finally, you review the contents of the reports in the /usr/aset/reports directory to monitor and fix any security problems reported by ASET.

CAUTION! ASET tasks are disk-intensive and can interfere with regular system and application activities. To minimize the impact on system performance, schedule ASET to run when system activity level is lowest--for example, once every 24 or 48 hours at midnight or on weekends.

ASET Security Levels

You can set ASET to operate at one of three security levels: low, medium, or high. At each higher level, ASET's file-control functions increase to reduce file access and heighten system security. These functions range from monitoring system security without limiting file access to users to increasingly tightening access permissions until a system is fully secured.

The following list provides more information about the three ASET security levels:

  Low security: This level ensures that attributes of system files are set to standard release values. ASET performs several checks and reports potential security weaknesses. At this level, ASET takes no action and does not affect system services.
  Medium security: This level provides adequate security control for most environments. ASET modifies some of the system file settings and parameters, restricting system access to reduce the risks from security attacks. ASET reports security weaknesses and any modification it makes to restrict access. At this level, ASET does not affect system services.
  High security: This level provides a highly secure system. ASET adjusts many system files and parameter settings to minimize access permissions. Most system applications and commands continue to function normally, but at this level, security considerations take precedence over other system behavior.

NOTE:  ASET does not change the permissions of a file to make it less secure unless you downgrade the security level or intentionally revert the system to the settings that existed before running ASET.

Previous Table of Contents Next