|Previous||Table of Contents||Next|
The value of the PERIODIC_SCHEDULE variable that you set in the asetenv file follows the same format as the crontab file. You specify the variable values as a string of five fields enclosed in double quotation marks, each field separated by a space:
"<minutes> <hours> <day-of-month> <month> <day-of-week>"
Table 20-4 explains the values used for the PERIODIC_SCHEDULE variable.
|<minutes>||Specifies start time in number of minutes after the hour, by using values from 0|
|<hours>||Specifies the start time hour, by using values from 0 through 23.|
|<day-of-month>||Specifies the day of the month when ASET should be run, by using values from 1|
|<month>||Specifies the month of the year when ASET should be run, by using values from 1|
|<day-of-week>||Specifies the day of the week when ASET should be run, by using values from 0 through 6. In this scheme, Sunday is day 0.|
The following rules apply:
The default entry for PERIODIC_SCHEDULE executes ASET daily at midnight.
The TASKS variable in the asetenv file lists the tasks that ASET performs. The default is to list all seven tasks:
If you want to skip any of the tasks, simply remove the task from the list. To add a task, edit the asetenv file and include the task name in the quoted string following the TASK environment variable, using a space as the separator.
The UID_ALIASES variable in the asetenv file specifies which aliases file to use. If present, ASET consults this file for a list of permitted multiple aliases. The format is:
where <pathname> is the full pathname of the aliases file.
The default is the uid_aliases file in the /usr/aset/masters directory.
The YPCHECK variable in the asetenv file extends the task of checking system tables to include NIS or NIS+ tables. The variable accepts a Boolean value, which can be set to either true or false. The default is false, confining checking to local system tables. To extend checking, edit the asetenv file and change the value for the variable to true.
The three checklist path variables list the directories to be checked by the checklist task.
The values for the checklist path environment variables are similar to those of shell path variables. They are a list of directory names separated by colons (:). You use an equal sign (=) to connect the variable name to its value.
This section describes how to run ASET either interactively or periodically.
You can run ASET interactively from the command line any time you want to monitor system security by using the /usr/aset/aset command.Table 20-5 lists the options to the aset command.
|-p||Schedule aset to be executed periodically. This command adds an entry for aset to the /etc/crontab file. The option uses the value from the PERIODIC_SCHEDULE environment variable in the /usr/aset/asetenv file to define the time for execution.|
|-d <aset_dir>||Specify a working directory other than the default /usr/aset for ASET. ASET is installed by default in /usr/aset, which is the root directory of all ASET utilities and data files. If another directory is to be used as the ASET working directory, you can either define it with the -d option from the command line or by setting the ASETDIR environment variable before running aset. The command line option, if specified, overwrites the environment variable.|
|-l <sec_level>||Specify a security level (low, medium, or high) for aset to operate at. The default level is low. You can also specify the level by setting the ASETSECLEVEL environment variable before running aset. The command line option, if specified, overwrites the environment variable.|
|-n <user@host>||Notify <user> at system <host>. Send the output of aset to the user through email. If the option is not specified, the output is sent to the standard output. Note that this information is not the ASET report, but rather is an execution log that includes any error messages.|
|-u <userlist_file>||Specify a file containing a list of users for ASET to perform environment checks on. By default, ASET only checks for root. userlist_file is an ASCII text file. Each entry in the file is a line that contains only one username (login name).|
|Previous||Table of Contents||Next|