ASET consists of seven tasks, each performing specific checks and adjustments to file systems:| Previous | Table of Contents | Next |
THE AUTOMATED SECURITY ENHANCEMENT TOOL (ASET) ENABLES YOU TO MONITOR AND control system security by automatically performing tasks that you would otherwise do manually.
ASET consists of seven tasks, each performing specific checks and adjustments to file systems:
The ASET tasks tighten file permissions, check the contents of critical system files for security weaknesses, and monitor crucial areas. ASET can safeguard a network by applying the basic requirements of a firewall system to a system that serves as a gateway system.
Each task generates a report noting detected security weaknesses and changes the task has made to the system files. When run at the highest security level, ASET tries to modify all system security weaknesses. If it cannot correct a potential security problem, ASET reports the existence of the problem.
ASET uses master files for configuration. Master files, reports, and other files are available in the /usr/aset directory. You can change these files to suit the particular requirements of your site.
The contents of the /usr/aset directory are listed in Table 20-1.
| Files and Directories | Description |
|---|---|
| archives | Directory ASET uses to store archive files. The aset.restore script uses the original files from this directory to restore a system to its pre-ASET state. |
| aset | The ASET shell script. |
| aset.restore | Script used to restore a system to its original condition before ASET was run. It also deschedules ASET if it is scheduled. |
| asetenv | Script that controls and sets ASET environment variables. |
| masters | Directory containing a list of master files that control the three levels of ASET security. |
| reports | Directory ASET uses to store reports. |
| tasks | Directory containing shell scripts and C executables that perform ASET tasks. |
| tmp | Temporary directory. |
| util | Directory containing ASET shell scripts and ELF executable utilities. |
To administer ASET, if you want to change any of the ASET defaults, first you edit the asetenv file. Next, you initiate an ASET session at one of the three levels of security either by using the /user/aset/aset command interactively, or by using the aset command to put an entry into the crontab file to run ASET periodically. Finally, you review the contents of the reports in the /usr/aset/reports directory to monitor and fix any security problems reported by ASET.
CAUTION! ASET tasks are disk-intensive and can interfere with regular system and application activities. To minimize the impact on system performance, schedule ASET to run when system activity level is lowest--for example, once every 24 or 48 hours at midnight or on weekends.
You can set ASET to operate at one of three security levels: low, medium, or high. At each higher level, ASET's file-control functions increase to reduce file access and heighten system security. These functions range from monitoring system security without limiting file access to users to increasingly tightening access permissions until a system is fully secured.
The following list provides more information about the three ASET security levels:
NOTE: ASET does not change the permissions of a file to make it less secure unless you downgrade the security level or intentionally revert the system to the settings that existed before running ASET.
| Previous | Table of Contents | Next |