|Skip Navigation Links|
|Exit Print View|
|Oracle Solaris 11.1 Administration: Security Services Oracle Solaris 11.1 Information Library|
This section describes the format of files that BART uses and creates.
Each manifest file entry is a single line, depending on the file type. Each entry begins with fname, which is the name of the file. To prevent parsing problems that are caused by special characters embedded in file names, the file names are encoded. For more information, see BART Rules File Format.
Subsequent fields represent the following file attributes:
Type of file with the following possible values:
B for a block device node
C for a character device node
D for a directory
F for a file
L for a symbolic link
P for a pipe
S for a socket
File size in bytes.
Octal number that represents the permissions of the file.
ACL attributes for the file. For a file with ACL attributes, this contains the output from acltotext().
Numerical user ID of the owner of this entry.
Numerical group ID of the owner of this entry.
Last modification time, in seconds, since 00:00:00 UTC, January 1, 1970, for directories.
Last modification time, in seconds, since 00:00:00 UTC, January 1, 1970, for links.
Last modification time, in seconds, since 00:00:00 UTC January 1, 1970, for files.
Checksum value of the file. This attribute is only specified for regular files. If you turn off context checking, or if checksums cannot be computed, the value of this field is -.
Destination of a symbolic link.
Value of the device node. This attribute is for character device files and block device files only.
For more information, see the bart_manifest(4) man page.
Rules files are text files that consist of lines that specify which files are to be included in the manifest and which file attributes are to be included in the manifest or the report. Lines that begin with #, blank lines, and lines that contain white space are ignored by the tool.
The input files have three types of directives:
Subtree directive, with optional pattern matching modifiers
Example 6-5 Rules File Format
<Global CHECK/IGNORE Directives> <subtree1> [pattern1..] <IGNORE/CHECK Directives for subtree1> <subtree2> [pattern2..] <subtree3> [pattern3..] <subtree4> [pattern4..] <IGNORE/CHECK Directives for subtree2, subtree3, subtree4>
Note - All directives are read in order. Later directives can override earlier directives.
A subtree directive must begin with an absolute pathname, followed by zero or more pattern matching statements.
The CHECK and IGNORE statements define which file attributes to track or ignore. The metadata that begins each manifest lists the attribute keywords per file type. For an example, see Example 6-1.
The all keyword indicates all file attributes.
The rules file specification language that BART uses is the standard UNIX quoting syntax for representing nonstandard file names. Embedded tab, space, newline, or special characters are encoded in their octal forms to enable the tool to read file names. This nonuniform quoting syntax prevents certain file names, such as those containing an embedded carriage return, from being processed correctly in a command pipeline. The rules specification language allows the expression of complex file name filtering criteria that would be difficult and inefficient to describe by using shell syntax alone.
For more information, see the bart_rules(4) man page.
In default mode, a BART report checks all the files installed on the system, with the exception of modified directory timestamps (dirmtime):
CHECK all IGNORE dirmtime
If you supply a rules file, then the global directives of CHECK all and IGNORE dirmtime, in that order, are automatically prepended to the rules file.
The following exit values are returned:
Nonfatal error when processing files, such as permission problems
Fatal error, such as an invalid command-line option
Verbose output is the default output and is localized and presented on multiple lines. Verbose output is internationalized and is human-readable. When the bart compare command compares two system manifests, a list of file differences is generated.
The structure of the output is as follows:
filename attribute control:control-val test:test-val
Name of the file that differs between the control manifest and the test manifest.
Name of the file attribute that differs between the manifests that are compared. The control-val precedes the test-val. When discrepancies for multiple attributes occur in the same file, each difference is noted on a separate line.
Following is an example of attribute differences for the /etc/passwd file. The output indicates that the size, mtime, and contents attributes have changed.
/etc/passwd: size control:74 test:81 mtime control:3c165879 test:3c165979 contents control:daca28ae0de97afd7a6b91fde8d57afa test:84b2b32c4165887355317207b48a6ec7
The structure of the output is as follows:
filename attribute control-val test-val [attribute control-val test-val]*
Same as the filename attribute in the default format
A description of the file attributes that differ between the control and test manifests for each file
For a list of attributes that are supported by the bart command, see Rules File Attributes.
For more information, see the bart(1M) man page.