By using a rules file, you can customize a BART manifest for particular files and file attributes of interest. By using different rules files on default BART manifests, you can run different comparisons for the same manifests.
Before You Begin
You must assume the root role. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .
# bart create -r myrules1-file > control-manifest
For an example, see Step 3 in How to Create a Control Manifest.
# bart create -r myrules1-file > test-manifest
# bart compare -r myrules1-file control-manifest test-manifest > bart.report
The following rules file directs the bart create command to list all attributes of the files in the /usr/bin directory. In addition, the rules file directs the bart compare command to report only size and content changes in the same directory.
# Check size and content changes in the /usr/bin directory. # This rules file only checks size and content changes. # See rules file example. IGNORE all CHECK size contents /usr/bin
Create a control manifest with the rules file that you created.
# bart create -r usrbinrules.txt > usr_bin.control-manifest.121013
Prepare an identical manifest whenever you want to monitor changes to the /usr/bin directory.
# bart create -r usrbinrules.txt > usr_bin.test-manifest.121113
Compare the manifests by using the same rules file.
# bart compare -r usrbinrules.txt usr_bin.control-manifest.121013 \ usr_bin.test-manifest.121113
Examine the output of the bart compare command.
/usr/bin/gunzip: add /usr/bin/ypcat: delete
The preceding output indicates that the /usr/bin/ypcat file was deleted, and the /usr/bin/gunzip file was added.