1bart(1M) System Administration Commands bart(1M)
2
6 bart - basic audit reporting tool
7
9 /usr/bin/bart create [ -n] [-R root_directory]
10 [-r rules_file | -]
11 /usr/bin/bart create [-n] [-R root_directory] -I
14 [file_name]...
15 /usr/bin/bart compare [-i attribute ] [-p]
18 [-r rules_file | -] control-manifest test-manifest
19
22 bart(1M) is a tool that performs a file-level check of the software
23 contents of a system.
24 You can also specify the files to track and the types of discrepancies
27 to flag by means of a rules file, bart_rules. See bart_rules(4).
28 The bart utility performs two basic functions:
31 bart create The manifest generator tool takes a file-level snapshot
33 of a system. The output is a catalog of file attributes
34 referred to as a manifest. See bart_manifest(4).
35 You can specify that the list of files be cataloged in
37 three ways. Use bart create with no options, specify
38 the files by name on the command line, or create a
39 rules file with directives that specify which the files
40 to monitor. See bart_rules(4).
41 By default, the manifest generator catalogs all
43 attributes of all files in the root (/) file system.
44 File systems mounted on the root file system are cata‐
45 loged only if they are of the same type as the root
46 file system.
47 For example, /, /usr, and /opt are separate UFS file
49 systems. /usr and /opt are mounted on /. Therefore, all
50 three file systems are cataloged. However, /tmp, also
51 mounted on /, is not cataloged because it is a TMPFS
52 file system. Mounted CD-ROMs are not cataloged since
53 they are HSFS file systems.
54 bart compare The report tool compares two manifests. The output is a
57 list of per-file attribute discrepancies. These dis‐
58 crepancies are the differences between two manifests: a
59 control manifest and a test manifest.
60 A discrepancy is a change to any attribute for a given
62 file cataloged by both manifests. A new file or a
63 deleted file in a manifest is reported as a discrep‐
64 ancy.
65 The reporting mechanism provides two types of output:
67 verbose and programmatic. Verbose output is localized
68 and presented on multiple lines, while programmatic
69 output is more easily parsable by other programs. See
70 OUTPUT.
71 By default, the report tool generates verbose output
73 where all discrepancies are reported except for modi‐
74 fied directory timestamps (dirmtime attribute).
75 To ensure consistent and accurate comparison results,
77 control-manifest and test-manifest must be built with
78 the same rules file.
79 Use the rules file to ignore specified files or subtrees when you gen‐
83 erate a manifest or compare two manifests. Users can compare manifests
84 from different perspectives by re-running the bart compare command with
85 different rules files.
86
88 The following options are supported:
89 -i attribute ... Specify the file attributes to be ignored glob‐
91 ally. Specify attributes as a comma separated
92 list.
93 This option produces the same behavior as supply‐
95 ing the file attributes to a global IGNORE keyword
96 in the rules file. See bart_rules(4).
97 -I [file_name...] Specify the input list of files. The file list can
100 be specified at the command line or read from
101 standard input.
102 -n Prevent computation of content signatures for all
105 regular files in the file list.
106 -p Display manifest comparison output in ``program‐
109 matic mode,'' which is suitable for programmatic
110 parsing. The output is not localized.
111 -r rules_file Use rules_file to specify which files and directo‐
114 ries to catalog, and to define which file
115 attribute discrepancies to flag. If rules_file is
116 -, then the rules are read from standard input.
117 See bart_rules(4) for the definition of the syn‐
118 tax.
119 -R root_directory Specify the root directory for the manifest. All
122 paths specified by the rules, and all paths
123 reported in the manifest, are relative to
124 root_directory.
125 Note -
127 The root file system of any non-global zones
129 must not be referenced with the -R option. Doing
130 so might damage the global zone's file system,
131 might compromise the security of the global
132 zone, and might damage the non-global zone's
133 file system. See zones(5).
134
137 bart allows quoting of operands. This is particularly important for
138 white-space appearing in subtree and subtree modifier specifications.
139 The following operands are supported:
142 control-manifest Specify the manifest created by bart create on the
144 control system.
145 test-manifest Specify the manifest created by bart create on the
148 test system.
149
152 The bart create and bart compare commands write output to standard out‐
153 put, and write error messages to standard error.
154 The bart create command generates a system manifest. See bart_mani‐
157 fest(4).
158 When the bart compare command compares two system manifests, it gener‐
161 ates a list of file differences. By default, the comparison output is
162 localized. However, if the -p option is specified, the output is gener‐
163 ated in a form that is suitable for programmatic manipulation.
164 Default Format
166 filename
167 attribute control:xxxx test:yyyy
168 filename Name of the file that differs between control-manifest and
172 test-manifest. For file names that contain embedded white‐
173 space or newline characters, see bart_manifest(4).
174 attribute The name of the file attribute that differs between the
177 manifests that are compared. xxxx is the attribute value
178 from control-manifest, and yyyy is the attribute value
179 from test-manifest. When discrepancies for multiple
180 attributes occur for the same file, each difference is
181 noted on a separate line.
182 The following attributes are supported:
184 acl ACL attributes for the file. For a file with
186 ACL attributes, this field contains the output
187 from acltotext().
188 all All attributes.
191 contents Checksum value of the file. This attribute is
194 only specified for regular files. If you turn
195 off context checking or if checksums cannot be
196 computed, the value of this field is -.
197 dest Destination of a symbolic link.
200 devnode Value of the device node. This attribute is
203 for character device files and block device
204 files only.
205 dirmtime Modification time in seconds since 00:00:00
208 UTC, January 1, 1970 for directories.
209 gid Numerical group ID of the owner of this entry.
212 lnmtime Creation time for links.
215 mode Octal number that represents the permissions
218 of the file.
219 mtime Modification time in seconds since 00:00:00
222 UTC, January 1, 1970 for files.
223 size File size in bytes.
226 type Type of file.
229 uid Numerical user ID of the owner of this entry.
232 The following default output shows the attribute differences for the
237 /etc/passwd file. The output indicates that the size, mtime, and con‐
238 tents attributes have changed.
239 /etc/passwd:
241 size control:74 test:81
242 mtime control:3c165879 test:3c165979
243 contents control:daca28ae0de97afd7a6b91fde8d57afa
244 test:84b2b32c4165887355317207b48a6ec7
245 Programmatic Format
249 filename attribute control-val test-val [attribute control-val test-val]*
250 filename
254 Same as filename in the default format.
256 attribute control-val test-val
259 A description of the file attributes that differ between the con‐
261 trol and test manifests for each file. Each entry includes the
262 attribute value from each manifest. See bart_manifest(4) for the
263 definition of the attributes.
264 Each line of the programmatic output describes all attribute differ‐
268 ences for a single file.
269 The following programmatic output shows the attribute differences for
272 the /etc/passwd file. The output indicates that the size, mtime, and
273 contents attributes have changed.
274 /etc/passwd size 74 81 mtime 3c165879 3c165979
276 contents daca28ae0de97afd7a6b91fde8d57afa 84b2b32c4165887355317207b48a6ec7
277
281 Manifest Generator
282 The manifest generator returns the following exit values:
283 0 Success
285 1 Non-fatal error when processing files; for example, permission
288 problems
289 >1 Fatal error; for example, invalid command-line options
292 Report Tool
295 The report tool returns the following exit values:
296 0 No discrepancies reported
298 1 Discrepancies found
301 >1 Fatal error executing comparison
304
307 Example 1 Creating a Default Manifest Without Computing Checksums
308 The following command line creates a default manifest, which consists
311 of all files in the / file system. The -n option prevents computation
312 of checksums, which causes the manifest to be generated more quickly.
313 bart create -n
316 Example 2 Creating a Manifest for a Specified Subtree
320 The following command line creates a manifest that contains all files
323 in the /home/nickiso subtree.
324 bart create -R /home/nickiso
327 Example 3 Creating a Manifest by Using Standard Input
331 The following command line uses output from the find(1) command to gen‐
334 erate the list of files to be cataloged. The find output is used as
335 input to the bart create command that specifies the -I option.
336 find /home/nickiso -print | bart create -I
339 Example 4 Creating a Manifest by Using a Rules File
343 The following command line uses a rules file, rules, to specify the
346 files to be cataloged.
347 bart create -r rules
350 Example 5 Comparing Two Manifests and Generating Programmatic Output
354 The following command line compares two manifests and produces output
357 suitable for parsing by a program.
358 bart compare -p manifest1 manifest2
361 Example 6 Comparing Two Manifests and Specifying Attributes to Ignore
365 The following command line compares two manifests. The dirmtime, lnm‐
368 time, and mtime attributes are not compared.
369 bart compare -i dirmtime,lnmtime,mtime manifest1 manifest2
372 Example 7 Comparing Two Manifests by Using a Rules File
376 The following command line uses a rules file, rules, to compare two
379 manifests.
380 bart compare -r rules manifest1 manifest2
383
387 See attributes(5) for descriptions of the following attributes:
388 ┌─────────────────────────────┬─────────────────────────────┐
393 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
394 ├─────────────────────────────┼─────────────────────────────┤
395 │Availability │SUNWbart │
396 ├─────────────────────────────┼─────────────────────────────┤
397 │Interface Stability │Evolving │
398 └─────────────────────────────┴─────────────────────────────┘
399
401 cksum(1), digest(1), find(1), bart_manifest(4), bart_rules(4),
402 attributes(5)
403
405 The file attributes of certain system libraries can be temporarily
406 altered by the system as it boots. To avoid triggering false warnings,
407 you should compare manifests only if they were both created with the
408 system in the same state; that is, if both were created in single-user
409 or both in multi-user.
410SunOS 5.11 26 Oct 2005 bart(1M)