System Administration Guide: Security Services

ProcedureHow to Customize a BART Report by Using a Rules File

This procedure is also optional and explains how to customize a BART report by using a rules file as input to the bart compare command. By using a rules file, you can customize a BART report, which allows you the flexibility of specifying multiple attributes for more than one file or subtree. You can run different comparisons for the same manifests by using different rules files.

  1. Assume the Primary Administrator role, or become superuser.

    The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

  2. Determine which files and file attributes you want to monitor.

  3. Use a text editor to create a rules file with the appropriate directives.

  4. After installing the Solaris software, create a control manifest by using the rules file you created.

    # bart create -r rules-file > control-manifest
  5. Create a test manifest that is prepared identically to the control manifest.

    # bart create -r rules-file > test-manifest
  6. Compare the control manifest with the test manifest by using the same rules file.

    # bart compare -r rules-file control-manifest test-manifest >
  7. Examine the BART report for oddities.

Example 5–7 Customizing a BART Report by Using a Rules File

The following rules file includes directives for both the bart create and the bart compare commands. The rules file directs the bart create command to list information about the contents of the /usr/bin directory. In addition, the rules file directs the bart compare command to track only size and content changes in the same directory.

# Check size and content changes in the /usr/bin directory.
# This rules file only checks size and content changes.
# See rules file example.

CHECK size contents

In the preceding output, the bart compare command reported a discrepancy in the /usr/bin directory. This output indicates that /usr/bin/ypcat file was deleted, and the /usr/bin/gunzip file was added.