|Previous||Table of Contents||Next|
ASET generates an execution log whether it runs interactively or in the background. By default, ASET generates the log file on standard output. The execution log confirms that ASET ran at the designated time. It also contains any execution error messages. The -n option of the aset command directs the log to be delivered by electronic mail to a designated user. For a complete list of ASET options, refer to the aset(1M) manual page.
The following example shows an execution log running at low-level security:
castle% su Password: # /usr/aset/aset -l low ======= ASET Execution Log ======= ASET running at security level low Machine = castle; Current time = 1015_09:29 aset: Using /usr/aset as working directory Executing task list ... firewall env sysconf usrgrp tune cklist eeprom All tasks executed. Some background tasks may still be running. Run /usr/aset/util/taskstat to check their status: /usr/aset/util/taskstat [aset_dir] where aset_dir is ASET's operating directory,currently=/usr/aset. When the tasks complete, the reports can be found in: /usr/aset/reports/latest/*.rpt You can view them by: more /usr/aset/reports/latest/*.rpt #
The log first shows the system and the time that ASET was run. Then it lists each task as it is started.
ASET invokes a background process for each of the tasks. The task is listed in the execution log when it starts. The log does not indicate when the task has been completed. To check the status of the background tasks, type /usr/aset/util/taskstat and press Return.
The following example shows that four tasks--firewall, env, sysconf, and usrgrp--have been completed, and that three tasks--tune, cklist, and eeprom--are not finished:
# /usr/aset/util/taskstat Checking ASET tasks status ... Task firewall is done. Task env is done. Task sysconf is done. Task usrgrp is done. The following tasks are done: firewall env sysconf usrgrp The following tasks are not done: tune cklist eeprom #
All report files generated from ASET tasks are stored in subdirectories under the /usr/aset/reports directory. This section describes the structure of the /usr/aset/reports directory and provides guidelines on managing the report files.
ASET puts the report files in subdirectories that are named to reflect the time and date when the reports are generated. This structure enables you to keep an orderly set of records documenting the system status as it varies between ASET executions. You can monitor and compare the reports to determine the soundness of your system security.
The /usr/aset/reports directory contains a subdirectory named latest that is a symbolic link to the most recent set of reports generated by ASET.
The following example shows contents of the /usr/aset/reports directory with two subdirectories and the latest directory:
# ls -l /usr/aset/reports total 6 drwxrwxrwx 2 root other 512 Oct 15 09:30 1015_09:29 drwxrwxrwx 2 root other 512 Oct 15 09:41 1015_09:41 lrwxrwxrwx 1 root other 28 Oct 15 09:41 latest -> /usr/aset/reports/1015_09:41 #
The subdirectory name indicates the date and time the reports were generated, in the format:
where <month>, <date>, <hour>, and <minute> are all two-digit numbers. For example, 1015_09:41 represents October 15 at 9:41 a.m.
Each of the report subdirectories contains a collection of reports generated from one execution of ASET. To look at the latest reports that ASET has generated, you can always review the reports in the /usr/aset/reports/latest directory. The following example shows the contents of the /usr/aset/reports/latest directory:
# ls -l /usr/aset/reports/latest total 14 -rw-rw-rw- 1 root other 383 Oct 15 09:41 env.rpt -rw-rw-rw- 1 root other 622 Oct 15 09:41 execution.log -rw-rw-rw- 1 root other 306 Oct 15 09:41 firewall.rpt -rw-rw-rw- 1 root other 631 Oct 15 09:41 sysconf.rpt -rw-rw-rw- 1 root other 84 Oct 15 09:41 taskstatus -rw-rw-rw- 1 root other 114 Oct 15 09:41 tune.rpt -rw-rw-rw- 1 root other 256 Oct 15 09:41 usrgrp.rpt castle#
NOTE: Because ASET was not run at the highest security level, this listing does not contain the cklist.rpt and eeprom.rpt reports.
Each report is named after the task that generates it. The complete list of reports is shown in Table 20-2 along with the task that generates the report.
|cklist.rpt||System files checklist (cklist)|
|eeprom.rpt||eeprom check (eeprom)|
|env.rpt||Environment check (env)|
|execution.log||Contains messages displayed by the taskstat command|
|firewall.rpt||Firewall setup (firewall)|
|sysconf.rpt||System configuration files check (sysconf)|
|taskstatus||Contains messages displayed by the taskstat command on the status of the tasks|
|tune.rpt||System file permissions tuning (tune)|
|usrgrp.rpt||User/group checks (usrgrp)|
Within each report file, messages are bracketed by a beginning and ending banner line. Sometimes a task terminates prematurely--for example, when a component of ASET is accidentally removed or damaged. In most cases, the report file contains a message near the end that indicates the reason for the premature exit.
The following example of the usrgrp.rpt file reports that user rob has no password in the /etc/shadow file:
castle# more /usr/aset/reports/latest/usrgrp.rpt *** Begin User And Group Checking *** Checking /etc/passwd ... Checking /etc/shadow ... Warning! Shadow file, line 17, no password: rob:::::::: ... end user check. Checking /etc/group ... ... end group check. *** End User And Group Checking *** #
|Previous||Table of Contents||Next|