svcadm(1M)을 검색하려면 섹션에서 1M 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
bart(8)
System Administration Commands bart(8)
NAME
bart - file integrity scanner and reporter
SYNOPSIS
/usr/bin/bart create [ -n] [-R root_directory]
[-r rules_file | -] [-a md5|sha1|sha256|sha384|sha512]
/usr/bin/bart create [-n] [-R root_directory] -I
[-a md5|sha1|sha256|sha384|sha512] [file_name]...
/usr/bin/bart compare [-i attribute ] [-p]
[-r rules_file | -] control-manifest test-manifest
DESCRIPTION
bart(8) is a rule-based file integrity scanning and reporting tool that
uses cryptographic-strength checksums and file system metadata to
report changes.
The bart utility performs two basic functions:
bart create
The manifest generator tool takes a file-level snapshot of a sys‐
tem. The output is a catalog of file attributes referred to as a
manifest. See bart_manifest(5).
You can specify that the list of files be cataloged in three ways.
Use bart create with no options, specify the files by name on the
command line, or create a rules file with directives that specify
which the files to monitor. See bart_rules(5).
By default, the manifest generator catalogs all attributes of all
files in the root (/) file system. Other file systems are cataloged
only if they are of the same type as the root file system, and the
path to them does not cross any other type of file system.
For example, if /, /var, and /var/share are separate ZFS file sys‐
tems, with /var mounted on / and /var/share mounted on /var, then
all three file systems are cataloged. However, /tmp, also mounted
on /, would not be cataloged because it is a TMPFS file system.
bart compare
The report tool compares two manifests. The output is a list of
per-file attribute discrepancies. These discrepancies are the dif‐
ferences between two manifests: a control manifest and a test mani‐
fest.
A discrepancy is a change to any attribute for a given file cata‐
loged by both manifests. A new file or a deleted file in a manifest
is reported as a discrepancy.
The reporting mechanism provides two types of output: verbose and
programmatic. Verbose output is localized and presented on multiple
lines, while programmatic output is more easily parsable by other
programs. See OUTPUT.
By default, the report tool generates verbose output where all dis‐
crepancies are reported except for modified directory timestamps
(dirmtime attribute).
To ensure consistent and accurate comparison results, control-mani‐
fest and test-manifest must be built with the same rules file and
the rules file needs to be used during 'compare' operation.
Use the rules file to ignore specified files or subtrees when you gen‐
erate a manifest or compare two manifests. Users can compare manifests
from different perspectives by re-running the bart compare command with
different rules files. See bart_rules(5) and bart_manifest(5).
You can also specify the files to track and the types of discrepancies
to flag by means of a rules file, bart_rules.
OPTIONS
The following options are supported:
-i attribute ...
Specify the file attributes to be ignored globally. Specify
attributes as a comma separated list.
This option produces the same behavior as supplying the file
attributes to a global IGNORE keyword in the rules file. See
bart_rules(5).
-I [file_name...]
Specify the input list of files. The file list can be specified at
the command line or read from standard input.
-n
Prevent computation of content signatures for all regular files in
the file list.
-p
Display manifest comparison output in "programmatic mode," which is
suitable for programmatic parsing. The output is not localized.
-r rules_file
Use rules_file to specify which files and directories to catalog,
and to define which file attribute discrepancies to flag. If
rules_file is -, then the rules are read from standard input. See
bart_rules(5) for the definition of the syntax.
-R root_directory
Specify the root directory for the manifest. All paths specified by
the rules, and all paths reported in the manifest, are relative to
root_directory.
Note -
The root file system of any non-global zones must not be refer‐
enced with the -R option. Doing so might damage the global zone's
file system, might compromise the security of the global zone,
and might damage the non-global zone's file system. See zones(7).
-a [ hash ]
Specify the cryptographic digest algorithm to use for the hash of
the file contents: md5, sha1, sha256, sha384, and sha512 are the
currently supported values. If -a is not specified, sha256 is used
and a Version 1.1 manifest is created that indicates which hash
algorithm is used. If md5 is specified then a Version 1.0 manifest
is created.
OPERANDS
bart allows quoting of operands. This is particularly important for
white-space appearing in subtree and subtree modifier specifications.
The following operands are supported:
control-manifest Specify the manifest created by bart create on the
control system.
test-manifest Specify the manifest created by bart create on the
test system.
OUTPUT
The bart create and bart compare commands write output to standard out‐
put, and write error messages to standard error.
The bart create command generates a system manifest. See bart_mani‐
fest(5).
When the bart compare command compares two system manifests, it gener‐
ates a list of file differences. By default, the comparison output is
localized. However, if the -p option is specified, the output is gener‐
ated in a form that is suitable for programmatic manipulation.
Default Format
filename
attribute control:xxxx test:yyyy
filename
Name of the file that differs between control-manifest and test-
manifest. For file names that contain embedded whitespace or new‐
line characters, see bart_manifest(5).
attribute
The name of the file attribute that differs between the manifests
that are compared. xxxx is the attribute value from control-mani‐
fest, and yyyy is the attribute value from test-manifest. When dis‐
crepancies for multiple attributes occur for the same file, each
difference is noted on a separate line.
The following attributes are supported:
acl ACL attributes for the file. For a file with ACL
attributes, this field contains the output from aclto‐
text().
all All attributes.
contents Checksum value of the file. This attribute is only
specified for regular files. If you turn off context
checking or if checksums cannot be computed, the value
of this field is -.
dest Destination of a symbolic link.
devnode Value of the device node. This attribute is for charac‐
ter device files and block device files only.
dirmtime Modification time in seconds since 00:00:00 UTC, Janu‐
ary 1, 1970 for directories.
gid Numerical group ID of the owner of this entry.
lnmtime Creation time for links.
mode Octal number that represents the permissions of the
file.
mtime Modification time in seconds since 00:00:00 UTC, Janu‐
ary 1, 1970 for files.
size File size in bytes.
type Type of file.
uid Numerical user ID of the owner of this entry.
The following default output shows the attribute differences for the
/etc/passwd file. The output indicates that the size, mtime, and con‐
tents attributes have changed.
/etc/passwd:
size control:74 test:81
mtime control:3c165879 test:3c165979
contents control:daca28ae0de97afd7a6b91fde8d57afa
test:84b2b32c4165887355317207b48a6ec7
Programmatic Format
filename attribute control-val test-val [attribute control-val test-val]*
filename
Same as filename in the default format.
attribute control-val test-val
A description of the file attributes that differ between the con‐
trol and test manifests for each file. Each entry includes the
attribute value from each manifest. See bart_manifest(5) for the
definition of the attributes.
Each line of the programmatic output describes all attribute differ‐
ences for a single file.
The following programmatic output shows the attribute differences for
the /etc/passwd file. The output indicates that the size, mtime, and
contents attributes have changed.
/etc/passwd size 74 81 mtime 3c165879 3c165979
contents daca28ae0de97afd7a6b91fde8d57afa 84b2b32c4165887355317207b48a6ec7
EXIT STATUS
Manifest Generator
The manifest generator returns the following exit values:
0 Success
1 Non-fatal error when processing files; for example, permission
problems
>1 Fatal error; for example, invalid command-line options
Report Tool
The report tool returns the following exit values:
0 No discrepancies reported
1 Discrepancies found
>1 Fatal error executing comparison
EXAMPLES
Example 1 Creating a Default Manifest Without Computing Checksums
The following command line creates a default manifest, which consists
of all files in the / file system. The -n option prevents computation
of checksums, which causes the manifest to be generated more quickly.
bart create -n
Example 2 Creating a Manifest for a Specified Subtree
The following command line creates a manifest that contains all files
in the /home/nickiso subtree.
bart create -R /home/nickiso
Example 3 Creating a Manifest by Using Standard Input
The following command line uses output from the find(1) command to gen‐
erate the list of files to be cataloged. The find output is used as
input to the bart create command that specifies the -I option.
find /home/nickiso -print | bart create -I
Example 4 Creating a Manifest by Using a Rules File
The following command line uses a rules file, rules, to specify the
files to be cataloged. The rules file needs to be specified when com‐
paring the manifests for consistent and accurate results (see example
7).
bart create -r rules
Example 5 Comparing Two Manifests and Generating Programmatic Output
The following command line compares two manifests and produces output
suitable for parsing by a program.
bart compare -p manifest1 manifest2
Example 6 Comparing Two Manifests and Specifying Attributes to Ignore
The following command line compares two manifests. The dirmtime, lnm‐
time, and mtime attributes are not compared.
bart compare -i dirmtime,lnmtime,mtime manifest1 manifest2
Example 7 Comparing Two Manifests by Using a Rules File
The following command line uses a rules file, rules, to compare two
manifests.
bart compare -r rules manifest1 manifest2
SECURITY
The MD5 & SHA-1 algorithms are currently considered weak for crypto‐
graphic use. These algorithms should be used only for compatibility
with legacy manifest data. Manifests should be updated to use a SHA-2
family checksum when possible (sha256, sha384, or sha512).
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
TRIBUTE VALUE _ Availabilitysecurity/bart _ Interface StabilityCommit‐
ted
SEE ALSO
cksum(1), digest(1), find(1), bart_manifest(5), bart_rules(5),
attributes(7)
NOTES
The file attributes of certain system libraries can be temporarily
altered by the system as it boots. To avoid triggering false warnings,
you should compare manifests only if they were both created with the
system in the same state; that is, if both were created in single-user
or both in multi-user.
HISTORY
Support for Version 1.1 manifests, SHA checksums, and the -a option was
added in Oracle Solaris 11.0.0.
The bart command was added in Solaris 10 3/05.
Oracle Solaris 11.4 21 Jun 2021 bart(8)