| Skip Navigation Links | |
| Exit Print View | |
|
System Administration Guide: Security Services Oracle Solaris 10 8/11 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
System Administration Guide: Security Services Oracle Solaris 10 8/11 Information Library |
1. Security Services (Overview)
Part II System, File, and Device Security
2. Managing Machine Security (Overview)
3. Controlling Access to Systems (Tasks)
4. Controlling Access to Devices (Tasks)
5. Using the Basic Audit Reporting Tool (Tasks)
Basic Audit Reporting Tool (Overview)
How to Compare Manifests for the Same System Over Time
How to Compare Manifests From Different Systems
How to Customize a BART Report by Specifying File Attributes
How to Customize a BART Report by Using a Rules File
6. Controlling Access to Files (Tasks)
7. Using the Automated Security Enhancement Tool (Tasks)
Part III Roles, Rights Profiles, and Privileges
8. Using Roles and Privileges (Overview)
9. Using Role-Based Access Control (Tasks)
10. Role-Based Access Control (Reference)
Part IV Cryptographic Services
13. Oracle Solaris Cryptographic Framework (Overview)
14. Oracle Solaris Cryptographic Framework (Tasks)
15. Oracle Solaris Key Management Framework
Part V Authentication Services and Secure Communication
16. Using Authentication Services (Tasks)
19. Using Oracle Solaris Secure Shell (Tasks)
20. Oracle Solaris Secure Shell (Reference)
21. Introduction to the Kerberos Service
22. Planning for the Kerberos Service
23. Configuring the Kerberos Service (Tasks)
24. Kerberos Error Messages and Troubleshooting
25. Administering Kerberos Principals and Policies (Tasks)
26. Using Kerberos Applications (Tasks)
27. The Kerberos Service (Reference)
Part VII Oracle Solaris Auditing
28. Oracle Solaris Auditing (Overview)
29. Planning for Oracle Solaris Auditing
30. Managing Oracle Solaris Auditing (Tasks)
This section includes the following reference information:
This section describes the format of files that BART uses and creates.
Each manifest file entry is a single line, depending on the file type. Each entry begins with fname, which is the name of the file. To prevent parsing problems that are caused by special characters embedded in file names, the file names are encoded. For more information, see BART Rules File Format.
Subsequent fields represent the following file attributes:
Type of file with the following possible values:
B for a block device node
C for a character device node
D for a directory
F for a file
L for a symbolic link
P for a pipe
S for a socket
File size in bytes.
Octal number that represents the permissions of the file.
ACL attributes for the file. For a file with ACL attributes, this contains the output from acltotext().
Numerical user ID of the owner of this entry.
Numerical group ID of the owner of this entry.
Last modification time, in seconds, since 00:00:00 UTC, January 1, 1970, for directories.
Last modification time, in seconds, since 00:00:00 UTC, January 1, 1970, for links.
Last modification time, in seconds, since 00:00:00 UTC January 1, 1970, for files.
Checksum value of the file. This attribute is only specified for regular files. If you turn off context checking, or if checksums cannot be computed, the value of this field is –.
Destination of a symbolic link.
Value of the device node. This attribute is for character device files and block device files only.
For more information about BART manifests, see the bart_manifest(4) man page.
The input files to the bart command are text files. These files consist of lines that specify which files are to be included in the manifest and which file attributes are to be included the report. The same input file can be used across both pieces of BART functionality. Lines that begin with #, blank lines, and lines that contain white space are ignored by the tool.
The input files have three types of directives:
Subtree directive, with optional pattern matching modifiers
CHECK directive
IGNORE directive
Example 5-8 Rules File Format
<Global CHECK/IGNORE Directives> <subtree1> [pattern1..] <IGNORE/CHECK Directives for subtree1> <subtree2> [pattern2..] <subtree3> [pattern3..] <subtree4> [pattern4..] <IGNORE/CHECK Directives for subtree2, subtree3, subtree4>
Note - All directives are read in order, with later directives possibly overriding earlier directives.
There is one subtree directive per line. The directive must begin with an absolute pathname, followed by zero or more pattern matching statements.
The bart command uses CHECK and IGNORE statements to define which attributes to track or ignore. Each attribute has an associated keyword.
The attribute keywords are as follows:
acl
all
contents
dest
devnode
dirmtime
gid
lnmtime
mode
mtime
size
type
uid
The all keyword refers to all file attributes.
The rules file specification language that BART uses is the standard UNIX quoting syntax for representing nonstandard file names. Embedded tab, space, newline, or special characters are encoded in their octal forms to enable the tool to read file names. This nonuniform quoting syntax prevents certain file names, such as those containing an embedded carriage return, from being processed correctly in a command pipeline. The rules specification language allows the expression of complex file name filtering criteria that would be difficult and inefficient to describe by using shell syntax alone.
For more information about the BART rules file or the quoting syntax used by BART, see the bart_rules(4) man page.
In default mode, the bart compare command, as shown in the following example, checks all the files installed on the system, with the exception of modified directory timestamps (dirmtime):
CHECK all IGNORE dirmtime
If you supply a rules file, then the global directives of CHECK all and IGNORE dirmtime, in that order, are automatically prepended to the rules file.
The following exit values are returned:
Success
Nonfatal error when processing files, such as permission problems
Fatal error, such as an invalid command-line option
The reporting mechanism provides two types of output: verbose and programmatic:
Verbose output is the default output and is localized and presented on multiple lines. Verbose output is internationalized and is human-readable. When the bart compare command compares two system manifests, a list of file differences is generated.
For example:
filename attribute control:xxxx test:yyyy
Name of the file that differs between the control manifest and the test manifest.
Name of the file attribute that differs between the manifests that are compared. xxxx is the attribute value from the control manifest, and yyyy is the attribute value from the test manifest. When discrepancies for multiple attributes occur in the same file, each difference is noted on a separate line.
Following is an example of the default output for the bart compare command. The attribute differences are for the /etc/passwd file. The output indicates that the size, mtime, and contents attributes have changed.
/etc/passwd: size control:74 test:81 mtime control:3c165879 test:3c165979 contents control:daca28ae0de97afd7a6b91fde8d57afa test:84b2b32c4165887355317207b48a6ec7
Programmatic output is generated if you use the -p option when you run the bart compare command. This output is generated in a form that is suitable for programmatic manipulation. Programmatic output can be easily parsed by other programs and is designed to be used as input for other tools.
For example:
filename attribute control-val test-val [attribute control-val test-val]*
Same as the filename attribute in the default format
A description of the file attributes that differ between the control and test manifests for each file
For a list of attributes that are supported by the bart command, see Rules File Attributes.
For more information about BART, see the bart(1M) man page.
|