[Next] [Previous] [Up] [Top] [Contents]

28.10 Additional Security Features in SunOS 5.X

28.10.2 Automated Security Enhancement Tool

ASET allows you to monitor and restrict access to system files. It can be configured for three security levels: low, medium, and high.

At low level ASET doesn't modify any system files, but reports on potential security weaknesses.

At medium level some system files may be modified to restrict access. This should not affect system services. It will report on security weaknesses and changes performed.

At high level further restrictions are made to provide a secure system. System parameters are changed to provide minimal access. Most system applications should still work normally, but security is considered more important than applications at this level.

At the highest level the checks performed by ASET are:

It checks files such as:

/etc/hosts.equiv for "+" entries
/etc/inetd.conf for tftp, ps, netstat, and rexd entries
/etc/aliases for the decode alias
/etc/default/login for root access via the CONSOLE= entry
/etc/vfstab for world-readable/writable file systems
/etc/dfs/dfstab for files shared without restrictions
/etc/ftpusers at high security places root in this file to disallow access for root
/var/adm/utmp changes world-writable access at high security level
/var/adm/utmpx "
/.rhosts removes this for medium and high security levels

ASET uses the directory /usr/aset for its scripts and reports. Some of the scripts used to control ASET actions are tune.low, tune.medium, and tune.high in the /usr/aset/masters directory, which specify file ownership and permissions.

ASET requires the package SUNWast be installed on the system.

Unix System Administration - 8 AUG 1996
[Next] [Previous] [Up] [Top] [Contents]