test

Sun Management Center Change Manager 1.0 Administration Guide

Using Audit Software

The Change Manager provides users with the ability to validate the contents of deployed software stacks. Stack validation is accomplished by comparing the contents of a managed host's file systems over time with those of a "known good," or baseline, configuration. The audit features are implemented by using the bart(1MCM) command.

The audit rules file enables you to track files and directories on managed hosts that are installed with a software stack. The audit tool enables you to determine which files were added to and deleted from managed hosts. You can also use the audit rules file to specify which file attribute changes you want to flag.

When an audit rules file is applied to one or more managed hosts configured with the same software stack, the results should be nearly identical. Note that the properties of some files might change legitimately across installed machines (/etc/nodename). Other files should not have properties that change (/usr/bin/ls). The author of the audit rules file must ensure that only relevant files are members of the stack definition.

The state of a file is described by the associated file attributes, such as file size, creation date, modification date, and access control list (ACL). The state of a file is optionally described by a cryptographic checksum of the files contents and most of the values retrieved by the stat(2) system call.

The description of a software stack yields a list of files and associated attributes in a manifest. The manifests represent the software stacks on each managed host. Pairs of manifests can be compared to yield a manifest comparison report, which lists file-by-file differences.

Review the comparison report to determine whether the two manifests are "similar enough."' Also, the review can determine whether the stack has changed so much as to no longer be valid.

Use the audit tool to perform a file-level check of the software contents of a managed host. The Change Manager compares a baseline manifest against manifests generated for each managed host selected. The baseline manifest represents a baseline state of the managed host, which might match the original state of the software stack.