|
Hopefully, this page is exactly what you are looking for, but if not, you can always find further assistance on Unix/Linux Forum!
File Formats asetmasters(4)
NAME
asetmasters, tune.low, tune.med, tune.high, uid_aliases,
cklist.low, cklist.med, cklist.high - ASET master files
SYNOPSIS
/usr/aset/masters/tune.low
/usr/aset/masters/tune.med
/usr/aset/masters/tune.high
/usr/aset/masters/uid_aliases
/usr/aset/masters/cklist.low
/usr/aset/masters/cklist.med
/usr/aset/masters/cklist.high
DESCRIPTION
The /usr/aset/masters directory contains several files used
by the Automated Security Enhancement Tool (ASET). /usr/aset
is the default operating directory for ASET. An alternative
working directory can be specified by the administrators
through the aset -d command or the ASETDIR environment vari-
able. See aset(1M).
These files are provided by default to meet the need of most
environments. The administrators, however, can edit these
files to meet their specific needs. The format and usage of
these files are described below.
All the master files allow comments and blank lines to
improve readability. Comment lines must start with a lead-
ing "#" character.
tune.low These files are used by the tune task (see
tune.med aset(1M)) to restrict the permission set-
tune.high tings for system objects. Each file is used
by ASET at the security level indicated by
the suffix. Each entry in the files is of
the form:
pathname mode owner group type
where
SunOS 5.10 Last change: 13 Sep 1991 1
File Formats asetmasters(4)
pathname is the full pathname
mode is the permission setting
owner is the owner of the object
group is the group of the object
type is the type of the object It
can be symlink for a sym-
bolic link, directory for a
directory, or file for
everything else.
Regular shell wildcard ("*", "?", ...) char-
acters can be used in the pathname for mul-
tiple references. See sh(1). The mode is a
five-digit number that represents the per-
mission setting. Note that this setting
represents a least restrictive value. If the
current setting is already more restrictive
than the specified value, ASET does not
loosen the permission settings.
For example, if mode is 00777, the permis-
sion will not be changed, since it is always
less restrictive than the current setting.
Names must be used for owner and group
instead of numeric ID's. ? can be used as a
"don't care" character in place of owner,
group, and type to prevent ASET from chang-
ing the existing values of these parameters.
uid_alias This file allows user ID's to be shared by
multiple user accounts. Normally, ASET
discourages such sharing for accountability
reason and reports user ID's that are
shared. The administrators can, however,
SunOS 5.10 Last change: 13 Sep 1991 2
File Formats asetmasters(4)
define permissible sharing by adding entries
to the file. Each entry is of the form:
uid=alias1=alias2=alias3= ...
where
uid is the shared user id
alias? is the user accounts sharing
the user ID
For example, if sync and daemon share the
user ID 1, the corresponding entry is:
1=sync=daemon
cklist.low These files are used by the cklist task (see
cklist.med aset(1M)), and are created the first time
cklist.high the task is run at the low, medium, and high
levels. When the cklist task is run, it com-
pares the specified directory's contents
with the appropriate cklist.level file and
reports any discrepancies.
EXAMPLES
Example 1: Examples of Valid Entries for the tune.low,
tune.med, and tune.high Files
The following is an example of valid entries for the
tune.low, tune.med, and tune.high files:
/bin 00777 root staffsymlink
SunOS 5.10 Last change: 13 Sep 1991 3
File Formats asetmasters(4)
/etc 02755 root staffdirectory
/dev/sd* 00640 rootoperatorfile
SEE ALSO
aset(1M), asetenv(4)
ASET Administrator Manual
SunOS 5.10 Last change: 13 Sep 1991 4
Man(1) output converted with
man2html and wrapped by fishsponge
This page was generated on Wed Sep 12 21:37:26 GMT 2007
|
Your favourite pages:
No pages logged yet.
Trying to save cookie... Top 10 most popular pages:
sqlite3 man page (5334 hits)
(openSUSE 10.2)
svn man page (5208 hits)
(FreeBSD 6.2)
adv_cap_autoneg man page (4870 hits)
(Solaris 10 11_06)
CPAN man page (4607 hits)
(Suse Linux 10.1)
ssh man page (4342 hits)
(Suse Linux 10.1)
ssh-socks5-proxy-connect man page (2877 hits)
(Solaris 10 11_06)
netcat man page (2717 hits)
(Suse Linux 10.1)
pprosetup man page (2488 hits)
(Solaris 10 11_06)
startproc man page (2471 hits)
(Suse Linux 10.1)
signal man page (2408 hits)
(Suse Linux 10.1)
|
Man Pages 
