System Administration Guide: Security Services

ProcedureHow to Compare Manifests From a Different System With the Manifest of a Control System

You can run system to system comparisons, thereby enabling you to quickly determine whether there are any file-level differences between a baseline system and the other systems. For example, if you have installed a particular version of the Solaris software on a baseline system, and you want to know whether other systems have identical packages installed, you can create manifests for those systems and then compare the test manifests with the control manifest. This type of comparison will list any discrepancies in the file contents for each test system that you compare with the control system.

  1. Assume the Primary Administrator role, or become superuser.

    The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

  2. After installing the Solaris software, create a control manifest.

    # bart create options > control-manifest
  3. Save the control manifest.

  4. On the test system, use the same bart options to create a manifest, and redirect the output to a file.

    # bart create options > test1-manifest

    Choose a distinct and meaningful name for the test manifest.

  5. Save the test manifest to a central location on the system until you are ready to compare manifests.

  6. When you want to compare manifests, copy the control manifest to the location of the test manifest. Or, copy the test manifest to the control system.

    For example:

    # cp control-manifest /net/test-server/bart/manifests

    If the test system is not an NFS-mounted system, use FTP or some other reliable means to copy the control manifest to the test system.

  7. Compare the control manifest with the test manifest and redirect the output to a file.

    # bart compare control-manifest test1-manifest >
  8. Examine the BART report for oddities.

  9. Repeat Step 4 through Step 9 for each test manifest that you want to compare with the control manifest.

    Use the same bart options for each test system.

Example 6–6 Comparing Manifests From Different Systems With the Manifest of a Control System

This example describes how to monitor changes to the contents of the /usr/bin directory by comparing a control manifest with a test manifest from a different system.

The previous output indicates that the group ID of the su file in the /usr/bin directory is not the same as that of the control system. This information can be helpful in determining whether a different version of the software was installed on the test system or if possibly someone has tampered with the file.