How to Customize a Manifest

You must assume the root role. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.

You can customize a manifest in one of the following ways:

• By specifying a subtree

  Specifying an individual subtree is an efficient way to monitor changes to selected, important files, such as all files in the /etc directory.

• By specifying a file name

  Specifying a file name is an efficient way of monitoring particularly sensitive files, such as the files that configure and run a database application.

• By using a rules file

  By using a rules file to create and compare manifests gives you the flexibility to specify multiple attributes for more than one file or subtree. From the command line, you can specify a global attribute definition that applies to all files in a manifest or report. From a rules file, you can specify attributes that do not apply globally.

1. Determine which files to catalog and monitor.
2. Create a custom manifest by using one of the following options:

   • By specifying a subtree:

     # bart create -R subtree

   • By specifying a file name or file names:

     # bart create -I filename...

     For example:

     # bart create -I /etc/system /etc/passwd /etc/shadow

   • By using a rules file:

     # bart create -r rules-file

3. Examine the contents of the manifest.
4. Save the manifest in a protected directory for future use.

   For an example, see Step 3 in How to Create a Control Manifest.

   Tip:

   If you used a rules file, save the rules file with the manifest. For a useful comparison, you must run the comparison with the rules file.