System Administration Commands bart(1M)
NAME
bart - basic audit reporting tool
SYNOPSIS
/usr/bin/bart create [ -n] [-R rootdirectory]
[-r rulesfile -]
/usr/bin/bart create [-n] [-R rootdirectory] -I
[filename]...
/usr/bin/bart compare [-i attribute ] [-p]
[-r rulesfile -] control-manifest test-manifest
DESCRIPTION
bart(1M) is a tool that performs a file-level check of the
software contents of a system.
You can also specify the files to track and the types of
discrepancies to flag by means of a rules file, bartrules.
See bartrules(4).
The bart utility performs two basic functions:
bart create The manifest generator tool takes a file-
level snapshot of a system. The output is a
catalog of file attributes referred to as a
manifest. See bartmanifest(4).
You can specify that the list of files be
cataloged in three ways. Use bart create
with no options, specify the files by name
on the command line, or create a rules file
with directives that specify which the files
to monitor. See bartrules(4).
By default, the manifest generator catalogs
all attributes of all files in the root (/)
file system. File systems mounted on the
root file system are cataloged only if they
are of the same type as the root file sys-
tem.
For example, /, /usr, and /opt are separate
UFS file systems. /usr and /opt are mounted
on /. Therefore, all three file systems are
cataloged. However, /tmp, also mounted on /,
is not cataloged because it is a TMPFS file
SunOS 5.11 Last change: 26 Oct 2005 1
System Administration Commands bart(1M)
system. Mounted CD-ROMs are not cataloged
since they are HSFS file systems.
bart compare The report tool compares two manifests. The
output is a list of per-file attribute
discrepancies. These discrepancies are the
differences between two manifests: a control
manifest and a test manifest.
A discrepancy is a change to any attribute
for a given file cataloged by both mani-
fests. A new file or a deleted file in a
manifest is reported as a discrepancy.
The reporting mechanism provides two types
of output: verbose and programmatic. Verbose
output is localized and presented on multi-
ple lines, while programmatic output is more
easily parsable by other programs. See OUT-
PUT.
By default, the report tool generates ver-
bose output where all discrepancies are
reported except for modified directory
timestamps (dirmtime attribute).
To ensure consistent and accurate comparison
results, control-manifest and test-manifest
must be built with the same rules file.
Use the rules file to ignore specified files or subtrees
when you generate a manifest or compare two manifests. Users
can compare manifests from different perspectives by re-
running the bart compare command with different rules files.
OPTIONS
The following options are supported:
-i attribute ... Specify the file attributes to be
ignored globally. Specify attributes as
a comma separated list.
This option produces the same behavior
as supplying the file attributes to a
global IGNORE keyword in the rules
file. See bartrules(4).
SunOS 5.11 Last change: 26 Oct 2005 2
System Administration Commands bart(1M)
-I [filename...] Specify the input list of files. The
file list can be specified at the com-
mand line or read from standard input.
-n Prevent computation of content signa-
tures for all regular files in the file
list.
-p Display manifest comparison output in
``programmatic mode,'' which is suit-
able for programmatic parsing. The out-
put is not localized.
-r rulesfile Use rulesfile to specify which files
and directories to catalog, and to
define which file attribute discrepan-
cies to flag. If rulesfile is -, then
the rules are read from standard input.
See bartrules(4) for the definition of
the syntax.
-R rootdirectory Specify the root directory for the man-
ifest. All paths specified by the
rules, and all paths reported in the
manifest, are relative to
rootdirectory.
Note -
The root file system of any non-
global zones must not be referenced
with the -R option. Doing so might
damage the global zone's file system,
might compromise the security of the
global zone, and might damage the
non-global zone's file system. See
zones(5).
OPERANDS
bart allows quoting of operands. This is particularly impor-
tant for white-space appearing in subtree and subtree modif-
ier specifications.
The following operands are supported:
SunOS 5.11 Last change: 26 Oct 2005 3
System Administration Commands bart(1M)
control-manifest Specify the manifest created by bart
create on the control system.
test-manifest Specify the manifest created by bart
create on the test system.
OUTPUT
The bart create and bart compare commands write output to
standard output, and write error messages to standard error.
The bart create command generates a system manifest. See
bartmanifest(4).
When the bart compare command compares two system manifests,
it generates a list of file differences. By default, the
comparison output is localized. However, if the -p option is
specified, the output is generated in a form that is suit-
able for programmatic manipulation.
Default Format
filename
attribute control:xxxx test:yyyy
filename Name of the file that differs between control-
manifest and test-manifest. For file names that
contain embedded whitespace or newline charac-
ters, see bartmanifest(4).
attribute The name of the file attribute that differs
between the manifests that are compared. xxxx
is the attribute value from control-manifest,
and yyyy is the attribute value from test-
manifest. When discrepancies for multiple
attributes occur for the same file, each
difference is noted on a separate line.
The following attributes are supported:
acl ACL attributes for the file. For a
file with ACL attributes, this
field contains the output from
acltotext().
SunOS 5.11 Last change: 26 Oct 2005 4
System Administration Commands bart(1M)
all All attributes.
contents Checksum value of the file. This
attribute is only specified for
regular files. If you turn off con-
text checking or if checksums can-
not be computed, the value of this
field is -.
dest Destination of a symbolic link.
devnode Value of the device node. This
attribute is for character device
files and block device files only.
dirmtime Modification time in seconds since
00:00:00 UTC, January 1, 1970 for
directories.
gid Numerical group ID of the owner of
this entry.
lnmtime Creation time for links.
mode Octal number that represents the
permissions of the file.
mtime Modification time in seconds since
00:00:00 UTC, January 1, 1970 for
files.
size File size in bytes.
type Type of file.
uid Numerical user ID of the owner of
this entry.
SunOS 5.11 Last change: 26 Oct 2005 5
System Administration Commands bart(1M)
The following default output shows the attribute differences
for the /etc/passwd file. The output indicates that the
size, mtime, and contents attributes have changed.
/etc/passwd:
size control:74 test:81
mtime control:3c165879 test:3c165979
contents control:daca28ae0de97afd7a6b91fde8d57afa
test:84b2b32c4165887355317207b48a6ec7
Programmatic Format
filename attribute control-val test-val [attribute control-val test-val]*
filename
Same as filename in the default format.
attribute control-val test-val
A description of the file attributes that differ between
the control and test manifests for each file. Each entry
includes the attribute value from each manifest. See
bartmanifest(4) for the definition of the attributes.
Each line of the programmatic output describes all attribute
differences for a single file.
The following programmatic output shows the attribute
differences for the /etc/passwd file. The output indicates
that the size, mtime, and contents attributes have changed.
/etc/passwd size 74 81 mtime 3c165879 3c165979
contents daca28ae0de97afd7a6b91fde8d57afa 84b2b32c4165887355317207b48a6ec7
EXIT STATUS
Manifest Generator
The manifest generator returns the following exit values:
0 Success
SunOS 5.11 Last change: 26 Oct 2005 6
System Administration Commands bart(1M)
1 Non-fatal error when processing files; for example,
permission problems
>1 Fatal error; for example, invalid command-line options
Report Tool
The report tool returns the following exit values:
0 No discrepancies reported
1 Discrepancies found
>1 Fatal error executing comparison
EXAMPLES
Example 1 Creating a Default Manifest Without Computing
Checksums
The following command line creates a default manifest, which
consists of all files in the / file system. The -n option
prevents computation of checksums, which causes the manifest
to be generated more quickly.
bart create -n
Example 2 Creating a Manifest for a Specified Subtree
The following command line creates a manifest that contains
all files in the /home/nickiso subtree.
bart create -R /home/nickiso
Example 3 Creating a Manifest by Using Standard Input
The following command line uses output from the find(1) com-
mand to generate the list of files to be cataloged. The find
output is used as input to the bart create command that
specifies the -I option.
SunOS 5.11 Last change: 26 Oct 2005 7
System Administration Commands bart(1M)
find /home/nickiso -print bart create -I
Example 4 Creating a Manifest by Using a Rules File
The following command line uses a rules file, rules, to
specify the files to be cataloged.
bart create -r rules
Example 5 Comparing Two Manifests and Generating Program-
matic Output
The following command line compares two manifests and pro-
duces output suitable for parsing by a program.
bart compare -p manifest1 manifest2
Example 6 Comparing Two Manifests and Specifying Attributes
to Ignore
The following command line compares two manifests. The dirm-
time, lnmtime, and mtime attributes are not compared.
bart compare -i dirmtime,lnmtime,mtime manifest1 manifest2
Example 7 Comparing Two Manifests by Using a Rules File
The following command line uses a rules file, rules, to com-
pare two manifests.
bart compare -r rules manifest1 manifest2
ATRIBUTES
SunOS 5.11 Last change: 26 Oct 2005 8
System Administration Commands bart(1M)
See attributes(5) for descriptions of the following attri-
butes:
ATRIBUTE TYPE ATRIBUTE VALUE
Availability SUNWbart
Interface Stability Evolving
SEE ALSO
cksum(1), digest(1), find(1), bartmanifest(4),
bartrules(4), attributes(5)
NOTES
The file attributes of certain system libraries can be tem-
porarily altered by the system as it boots. To avoid
triggering false warnings, you should compare manifests only
if they were both created with the system in the same state;
that is, if both were created in single-user or both in
multi-user.
SunOS 5.11 Last change: 26 Oct 2005 9
|
