cklist.high man page on SunOS

Man page or keyword search:  
man Server   20652 pages
apropos Keyword Search (all sections)
Output format
SunOS logo
[printable version]

asetmasters(4)			 File Formats			asetmasters(4)

NAME
       asetmasters,  tune.low,	tune.med,  tune.high, uid_aliases, cklist.low,
       cklist.med, cklist.high - ASET master files

SYNOPSIS
       /usr/aset/masters/tune.low

       /usr/aset/masters/tune.med

       /usr/aset/masters/tune.high

       /usr/aset/masters/uid_aliases

       /usr/aset/masters/cklist.low

       /usr/aset/masters/cklist.med

       /usr/aset/masters/cklist.high

DESCRIPTION
       The /usr/aset/masters directory contains	 several  files	 used  by  the
       Automated  Security  Enhancement	 Tool (ASET). /usr/aset is the default
       operating directory for ASET. An alternative working directory  can  be
       specified  by  the  administrators  through  the aset -d command or the
       ASETDIR environment variable. See aset(1M).

       These files are provided by default to meet the need of	most  environ‐
       ments.  The administrators, however, can edit these files to meet their
       specific needs. The format and  usage  of  these	 files	are  described
       below.

       All  the	 master	 files allow comments and blank lines to improve read‐
       ability.	 Comment lines must start with a leading "#" character.

       tune.low	       These files are used by the tune task   (see  aset(1M))
       tune.med	       to restrict the permission settings for system objects.
       tune.high       Each file is used by ASET at the security  level	 indi‐
		       cated  by the suffix. Each entry in the files is of the
		       form:

		       pathname mode owner group type

		       where

		       pathname	       is the full pathname

		       mode	       is the permission setting

		       owner	       is the owner of the object

		       group	       is the group of the object

		       type	       is the type of the  object  It  can  be
				       symlink	for a symbolic link, directory
				       for a directory, or   file  for	every‐
				       thing else.

		       Regular	shell  wildcard ("*", "?", ...) characters can
		       be used in the pathname for multiple  references.   See
		       sh(1).  The mode is a five-digit number that represents
		       the permission setting. Note that this  setting	repre‐
		       sents a least restrictive value. If the current setting
		       is already more restrictive than the  specified	value,
		       ASET does not loosen the permission settings.

		       For example, if	mode is 00777, the permission will not
		       be changed, since it is always  less  restrictive  than
		       the current setting.

		       Names  must  be	used  for  owner and  group instead of
		       numeric ID's.  ? can be used as a "don't care"  charac‐
		       ter  in	place  of   owner, group, and  type to prevent
		       ASET from changing the existing values of these parame‐
		       ters.

       uid_alias       This  file  allows  user	 ID's to be shared by multiple
		       user accounts. Normally, ASET discourages such  sharing
		       for  accountability  reason  and reports user ID's that
		       are shared. The	administrators	can,  however,	define
		       permissible sharing by adding entries to the file. Each
		       entry is of the form:

		       uid=alias1=alias2=alias3= ...

		       where

		       uid	       is the shared user id

		       alias?	       is the user accounts sharing  the  user
				       ID

		       For  example, if	 sync and  daemon share the user ID 1,
		       the corresponding entry is:

		       1=sync=daemon

       cklist.low      These files are used by the cklist task (see aset(1M)),
       cklist.med      and  are	 created the first time the task is run at the
       cklist.high     low, medium, and high levels. When the cklist  task  is
		       run,  it	 compares  the	specified directory's contents
		       with the appropriate cklist.level file and reports  any
		       discrepancies.

EXAMPLES
       Example	1:  Examples  of Valid Entries for the tune.low, tune.med, and
       tune.high Files

       The following  is  an  example  of  valid  entries  for	the  tune.low,
       tune.med, and tune.high files:

       /bin 00777   root staffsymlink
       /etc 02755   root staffdirectory
       /dev/sd*	 00640	rootoperatorfile

SEE ALSO
       aset(1M), asetenv(4)

       ASET Administrator Manual

SunOS 5.10			  13 Sep 1991			asetmasters(4)
[top]

List of man pages available for SunOS

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net