BART creates two main files, a manifest and a comparison file, or report. An optional rules file enables you to customize the manifest and report.
A manifest is a file-level snapshot of a system at a particular time. The manifest contains information about attributes of files, which can include some uniquely identifying information, such as a checksum. Options to the bart create command can target specific files and directories. A rules file can provide more fine-grained filtering, as described in BART Rules File.
You can create a manifest of a system immediately after an initial Oracle Solaris installation. You can also create a manifest after configuring a system to meet your site's security policy. This type of control manifest provides you with a baseline for later comparisons.
A baseline manifest can be used to track file integrity on the same system over time. It can also be used as a basis for comparison with other systems. For example, you could take a snapshot of other systems on your network and then compare those manifests with the baseline manifest. Reported file discrepancies indicate what you need to do to synchronize the other systems with the baseline system.
For the format of a manifest, see BART Manifest File Format. To create a manifest, use the bart create command, as described in How to Create a Control Manifest.
A BART report lists per-file discrepancies between two manifests. A discrepancy is a change to any attribute for a given file that is cataloged for both manifests. Additions or deletions of file entries are also considered discrepancies.
For a useful comparison, the two manifests must target the same file systems. You must also create and compare the manifests with the same options and rules file.
For the format of a report, see BART Reporting. To create a report, use the bart compare command, as described in How to Compare Manifests for the Same System Over Time.
A BART rules file is a file that you create to filter or target particular files and file attributes for inclusion or exclusion. You then use this file when creating BART manifests and reports. When you compare manifests, the rules file aids in flagging discrepancies between the manifests.
Using a rules file to monitor specific files and file attributes on a system requires planning. Before you create a rules file, decide which files and file attributes to monitor on the system.
As a result of user error, a rules file can also contain syntax errors and other ambiguous information. If a rules file has errors, these errors are also reported.
For the format of a rules file, see BART Rules File Format and the bart_rules(4) man page. To create a rules file, see How to Customize a BART Report by Using a Rules File.