aset.restore(1M) System Administration Commands aset.restore(1M)NAME
aset.restore - restores system files to their content before ASET is installed
SYNOPSIS
aset.restore [-d aset_dir]
DESCRIPTION
aset.restore restores system files that are affected by the Automated Security Enhancement Tool (ASET) to their pre-ASET content. When ASET
is executed for the first time, it saves and archives the original system files in the /usr/aset/archives directory. The aset.restore
utility reinstates these files. It also deschedules ASET, if it is currently scheduled for periodic execution. See asetenv(4).
If you have made changes to system files after running ASET, these changes are lost when you run aset.restore. If you want to be abso-
lutely sure that you keep the existing system state, it is recommended that you back-up your system before using aset.restore.
You should use aset.restore, under the following circumstances:
You want to remove ASET permanently and restore the original system (if you want to deactivate ASET, you can remove it from schedul-
ing).
You are unfamiliar with ASET and want to experiment with it. You can use aset.restore to restore the original system state.
When some major system functionality is not working properly and you suspect that ASET is causing the problem; you may want to
restore the system to see if the problem persists without ASET.
aset.restore requires root privileges to execute.
OPTIONS
The following options are supported:
-d aset_dir Specify the working directory for ASET. By default, this directory is /usr/aset. With this option the archives directory
will be located under aset_dir.
FILES
/usr/aset/archives archive of system files prior to executing aset
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWast |
+-----------------------------+-----------------------------+
SEE ALSO aset(1M), asetenv(4), attributes(5)
System Administration Guide: Basic Administration
SunOS 5.10 11 Oct 1991 aset.restore(1M)
Check Out this Related Man Page
asetmasters(4) File Formats asetmasters(4)NAME
asetmasters, tune.low, tune.med, tune.high, uid_aliases, cklist.low, cklist.med, cklist.high - ASET master files
SYNOPSIS
/usr/aset/masters/tune.low
/usr/aset/masters/tune.med
/usr/aset/masters/tune.high
/usr/aset/masters/uid_aliases
/usr/aset/masters/cklist.low
/usr/aset/masters/cklist.med
/usr/aset/masters/cklist.high
DESCRIPTION
The /usr/aset/masters directory contains several files used by the Automated Security Enhancement Tool (ASET). /usr/aset is the default
operating directory for ASET. An alternative working directory can be specified by the administrators through the aset -d command or the
ASETDIR environment variable. See aset(1M).
These files are provided by default to meet the need of most environments. The administrators, however, can edit these files to meet their
specific needs. The format and usage of these files are described below.
All the master files allow comments and blank lines to improve readability. Comment lines must start with a leading "#" character.
tune.low These files are used by the tune task (see aset(1M)) to restrict the permission settings for system objects. Each file is
tune.med used by ASET at the security level indicated by the suffix. Each entry in the files is of the form:
tune.high
pathname mode owner group type
where
pathname is the full pathname
mode is the permission setting
owner is the owner of the object
group is the group of the object
type is the type of the object It can be symlink for a symbolic link, directory for a directory, or file for
everything else.
Regular shell wildcard ("*", "?", ...) characters can be used in the pathname for multiple references. See sh(1). The mode
is a five-digit number that represents the permission setting. Note that this setting represents a least restrictive value.
If the current setting is already more restrictive than the specified value, ASET does not loosen the permission settings.
For example, if mode is 00777, the permission will not be changed, since it is always less restrictive than the current
setting.
Names must be used for owner and group instead of numeric ID's. ? can be used as a "don't care" character in place of
owner, group, and type to prevent ASET from changing the existing values of these parameters.
uid_alias This file allows user ID's to be shared by multiple user accounts. Normally, ASET discourages such sharing for accountabil-
ity reason and reports user ID's that are shared. The administrators can, however, define permissible sharing by adding
entries to the file. Each entry is of the form:
uid=alias1=alias2=alias3= ...
where
uid is the shared user id
alias? is the user accounts sharing the user ID
For example, if sync and daemon share the user ID 1, the corresponding entry is:
1=sync=daemon
cklist.low These files are used by the cklist task (see aset(1M)), and are created the first time the task is run at the low, medium,
cklist.med and high levels. When the cklist task is run, it compares the specified directory's contents with the appropriate
cklist.high cklist.level file and reports any discrepancies.
EXAMPLES
Example 1: Examples of Valid Entries for the tune.low, tune.med, and tune.high Files
The following is an example of valid entries for the tune.low, tune.med, and tune.high files:
/bin 00777 root staffsymlink
/etc 02755 root staffdirectory
/dev/sd* 00640 rootoperatorfile
SEE ALSO aset(1M), asetenv(4)
ASET Administrator Manual
SunOS 5.10 13 Sep 1991 asetmasters(4)