In default mode, a BART report checks all the files installed on the system, with the exception of modified directory timestamps (dirmtime):
CHECK all IGNORE dirmtime
If you supply a rules file, then the global directives of CHECK all and IGNORE dirmtime, in that order, are automatically prepended to the rules file.
The following exit values are returned:
Success
Nonfatal error when processing files, such as permission problems
Fatal error, such as an invalid command-line option
The reporting mechanism provides two types of output: verbose and programmatic:
Verbose output is the default output and is localized and presented on multiple lines. Verbose output is internationalized and is human-readable. When the bart compare command compares two system manifests, a list of file differences is generated.
The structure of the output is as follows:
filename attribute control:control-val test:test-val
Name of the file that differs between the control manifest and the test manifest.
Name of the file attribute that differs between the manifests that are compared. The control-val precedes the test-val. When discrepancies for multiple attributes occur in the same file, each difference is noted on a separate line.
Following is an example of attribute differences for the /etc/passwd file. The output indicates that the size, mtime, and contents attributes have changed.
/etc/passwd: size control:74 test:81 mtime control:3c165879 test:3c165979 contents control:daca28ae0de97afd7a6b91fde8d57afa test:84b2b32c4165887355317207b48a6ec7
Programmatic output is generated with the –p option to the bart compare command. This output is suitable for programmatic manipulation.
The structure of the output is as follows:
filename attribute control-val test-val [attribute control-val test-val]*
Same as the filename attribute in the default format
A description of the file attributes that differ between the control and test manifests for each file
For a list of attributes that are supported by the bart command, see BART Rules File Attributes.
For more information, see the bart(1M) man page.