Patch-ID# 107767-01 Keywords: security ASET cklist 6 months Synopsis: SunOS 5.6_x86: ASET cklist reports unchanged 6month older files as new Date: Aug/09/99 Solaris Release: 2.6_x86 SunOS Release: 5.6_x86 Unbundled Product: Unbundled Release: Xref: This patch available for SPARC as patch 107766 Topic: SunOS 5.6_x86: ASET cklist reports unchanged 6month older files as new BugId's fixed with this patch: 4202027 Changes incorporated in this version: Relevant Architectures: i386 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/aset/util/nls /usr/aset/util/addcksum /usr/aset/tasks/create_cklist Problem Description: 4202027 ASET cklist task reports unchanged files older than 6months as new Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- A. The time format for the cklist files changes with this patch and they must be regenerated after installing the patch. This can by done by the superuser: 1. Before installing the patch, run aset(1m) at the desired security levels and mark files that are shown modified in the report. 2. Rename the cklist.low, cklist.med, and cklist.high files in /usr/aset/maseter/ to cklist.low.orig, cklist.med.orig, chlist.high.orig 3. Run aset(1m) at the desired level to regenerate the cklist file. B. When the ASET cklist file is regenerated, any changes previously noticed by unpatched ASET will be lost. If it is desired to maintain file modifications in the ASET cklist reports, the following steps can be used: 4. Look at the last pre-patched ASET cklist report and note the files reported modified. 5. Determine which of the reported modified files should be carried forward to new cklist reports. 6. For each of the entries in the new cklist file (/usr/aset/masters/), edit the entry to have the corresponding field value(s) from the saved cklist file. For example: The pre-patch ASET cklist format for /etc/passwd appears below. Note that there are only two date fields: "day" and "time/year". -rw-r--r-- 1 root sys 517 Apr 2 07:56 /etc/passwd 42547 2 The post-patch ASET cklist format for /etc/passwd appears below. Note that there are now three date fields: "day", "time", "year". -rw-r--r-- 1 root sys 517 Apr 2 07:56 1999 /etc/passwd 42547 2 When the ASET cklist determines that there has been a change, the difference is reported thus: < -rw-r--r-- 1 root sys 517 Apr 2 07:56 /etc/passwd 42547 2 --- > -rw-r--r-- 1 root sys 517 May 6 07:44 /etc/passwd 42547 2 After recreating the cklist file, the entry for /etc/passwd is: -rw-r--r-- 1 root sys 517 May 6 07:44 1999 /etc/passwd 42547 2 Using data from the pre-patched cklist file (see above) the entry can by edited to restore the original time stamp to: -rw-r--r-- 1 root sys 517 Apr 2 07:56 1999 /etc/passwd 42547 2 This will cause subsequent cklist reports to indiate that /etc/passwd has been modified.