The Solaris 10 system software includes ASET (Automated Security Enhancement Tool), which helps you monitor and control system security by automatically performing tasks that you would otherwise do manually. ASET performs the following seven tasks, each of which makes specific checks and adjustments to system files and permissions to ensure system security:
The ASET security package provides automated administration tools that let you control and monitor a system's security. You specify a low, medium, or high security level at which ASET runs. At each higher level, ASET's file-control functions increase to reduce file access and tighten system security.
ASET tasks are disk intensive and can interfere with regular activities. To minimize their impact on system performance, you should schedule ASET to run when the system activity level is lowestfor example, once every 24 or 48 hours, at midnight.
The syntax for the aset command is as follows:
/usr/aset/aset -l <level> -d <pathname>
Options to the aset command are described in Table 4.27.
# /usr/aset/aset -l low ======= ASET Execution Log ======= ASET running at security level low Machine = holl300s; Current time = 0530_14:03 aset: Using /usr/aset as working directory Executing task list ... firewall env sysconf usrgrp tune cklist eeprom All tasks executed. Some background tasks may still be running. Run /usr/aset/util/taskstat to check their status: /usr/aset/util/taskstat [aset_dir] where aset_dir is ASET's operating directory,currently=/usr/aset. When the tasks complete, the reports can be found in: /usr/aset/reports/latest/*.rpt You can view them by: more /usr/aset/reports/latest/*.rpt #