bart(8) 맨 페이지 - 윈디하나의 솔라나라


맨 페이지 이름


System Administration Commands                                         bart(8)

       bart - file integrity scanner and reporter

       /usr/bin/bart create [ -n] [-R root_directory]
            [-r rules_file | -] [-a md5|sha1|sha256|sha384|sha512]

       /usr/bin/bart create [-n] [-R root_directory] -I
            [-a md5|sha1|sha256|sha384|sha512] [file_name]...

       /usr/bin/bart compare [-i attribute ] [-p]
            [-r rules_file | -] control-manifest test-manifest

       bart(8) is a rule-based file integrity scanning and reporting tool that
       uses cryptographic-strength  checksums  and  file  system  metadata  to
       report changes.

       The bart utility performs two basic functions:

       bart create

           The  manifest  generator tool takes a file-level snapshot of a sys‐
           tem. The output is a catalog of file attributes referred  to  as  a
           manifest. See bart_manifest(5).

           You  can specify that the list of files be cataloged in three ways.
           Use bart create with no options, specify the files by name  on  the
           command  line,  or create a rules file with directives that specify
           which the files to monitor. See bart_rules(5).

           By default, the manifest generator catalogs all attributes  of  all
           files in the root (/) file system. Other file systems are cataloged
           only if they are of the same type as the root file system, and  the
           path to them does not cross any other type of file system.

           For  example, if /, /var, and /var/share are separate ZFS file sys‐
           tems, with /var mounted on / and /var/share mounted on  /var,  then
           all  three  file systems are cataloged. However, /tmp, also mounted
           on /, would not be cataloged because it is a TMPFS file system.

       bart compare

           The report tool compares two manifests. The output  is  a  list  of
           per-file  attribute discrepancies. These discrepancies are the dif‐
           ferences between two manifests: a control manifest and a test mani‐

           A  discrepancy  is a change to any attribute for a given file cata‐
           loged by both manifests. A new file or a deleted file in a manifest
           is reported as a discrepancy.

           The  reporting  mechanism provides two types of output: verbose and
           programmatic. Verbose output is localized and presented on multiple
           lines,  while  programmatic output is more easily parsable by other
           programs. See OUTPUT.

           By default, the report tool generates verbose output where all dis‐
           crepancies  are  reported  except for modified directory timestamps
           (dirmtime attribute).

           To ensure consistent and accurate comparison results, control-mani‐
           fest  and  test-manifest must be built with the same rules file and
           the rules file needs to be used during 'compare' operation.

       Use the rules file to ignore specified files or subtrees when you  gen‐
       erate  a manifest or compare two manifests. Users can compare manifests
       from different perspectives by re-running the bart compare command with
       different rules files. See bart_rules(5) and bart_manifest(5).

       You  can also specify the files to track and the types of discrepancies
       to flag by means of a rules file, bart_rules.

       The following options are supported:

       -i attribute ...

           Specify  the  file  attributes  to  be  ignored  globally.  Specify
           attributes as a comma separated list.

           This  option  produces  the  same  behavior  as  supplying the file
           attributes to a global  IGNORE  keyword  in  the  rules  file.  See

       -I [file_name...]

           Specify  the input list of files. The file list can be specified at
           the command line or read from standard input.


           Prevent computation of content signatures for all regular files  in
           the file list.


           Display manifest comparison output in "programmatic mode," which is
           suitable for programmatic parsing. The output is not localized.

       -r rules_file

           Use rules_file to specify which files and directories  to  catalog,
           and  to  define  which  file  attribute  discrepancies  to flag. If
           rules_file is -, then the rules are read from standard  input.  See
           bart_rules(5) for the definition of the syntax.

       -R root_directory

           Specify the root directory for the manifest. All paths specified by
           the rules, and all paths reported in the manifest, are relative  to

           Note -

             The  root  file system of any non-global zones must not be refer‐
             enced with the -R option. Doing so might damage the global zone's
             file  system,  might  compromise the security of the global zone,
             and might damage the non-global zone's file system. See zones(7).

       -a [ hash ]

           Specify the cryptographic digest algorithm to use for the  hash  of
           the  file  contents:  md5, sha1, sha256, sha384, and sha512 are the
           currently supported values. If -a is not specified, sha256 is  used
           and  a  Version  1.1  manifest is created that indicates which hash
           algorithm is used. If md5 is specified then a Version 1.0  manifest
           is created.

       bart  allows  quoting  of  operands. This is particularly important for
       white-space appearing in subtree and subtree modifier specifications.

       The following operands are supported:

       control-manifest    Specify the manifest created by bart create on  the
                           control system.

       test-manifest       Specify  the manifest created by bart create on the
                           test system.

       The bart create and bart compare commands write output to standard out‐
       put, and write error messages to standard error.

       The  bart  create  command  generates a system manifest. See bart_mani‐

       When the bart compare command compares two system manifests, it  gener‐
       ates  a  list of file differences. By default, the comparison output is
       localized. However, if the -p option is specified, the output is gener‐
       ated in a form that is suitable for programmatic manipulation.

   Default Format
         attribute control:xxxx test:yyyy


           Name  of  the  file that differs between control-manifest and test-
           manifest. For file names that contain embedded whitespace  or  new‐
           line characters, see bart_manifest(5).


           The  name  of the file attribute that differs between the manifests
           that are compared. xxxx is the attribute value  from  control-mani‐
           fest, and yyyy is the attribute value from test-manifest. When dis‐
           crepancies for multiple attributes occur for the  same  file,  each
           difference is noted on a separate line.

           The following attributes are supported:

           acl         ACL  attributes  for  the  file.  For  a  file with ACL
                       attributes, this field contains the output from  aclto‐

           all         All attributes.

           contents    Checksum  value  of  the  file.  This attribute is only
                       specified for regular files. If you  turn  off  context
                       checking  or if checksums cannot be computed, the value
                       of this field is -.

           dest        Destination of a symbolic link.

           devnode     Value of the device node. This attribute is for charac‐
                       ter device files and block device files only.

           dirmtime    Modification  time in seconds since 00:00:00 UTC, Janu‐
                       ary 1, 1970 for directories.

           gid         Numerical group ID of the owner of this entry.

           lnmtime     Creation time for links.

           mode        Octal number that represents  the  permissions  of  the

           mtime       Modification  time in seconds since 00:00:00 UTC, Janu‐
                       ary 1, 1970 for files.

           size        File size in bytes.

           type        Type of file.

           uid         Numerical user ID of the owner of this entry.

       The following default output shows the attribute  differences  for  the
       /etc/passwd  file.  The output indicates that the size, mtime, and con‐
       tents attributes have changed.

           size  control:74  test:81
           mtime  control:3c165879  test:3c165979
           contents  control:daca28ae0de97afd7a6b91fde8d57afa

   Programmatic Format
         filename attribute control-val test-val [attribute control-val test-val]*


           Same as filename in the default format.

       attribute control-val test-val

           A description of the file attributes that differ between  the  con‐
           trol  and  test  manifests  for  each file. Each entry includes the
           attribute value from each manifest. See  bart_manifest(5)  for  the
           definition of the attributes.

       Each  line  of  the programmatic output describes all attribute differ‐
       ences for a single file.

       The following programmatic output shows the attribute  differences  for
       the  /etc/passwd  file.  The output indicates that the size, mtime, and
       contents attributes have changed.

         /etc/passwd size 74 81 mtime 3c165879 3c165979
         contents daca28ae0de97afd7a6b91fde8d57afa 84b2b32c4165887355317207b48a6ec7

   Manifest Generator
       The manifest generator returns the following exit values:

       0     Success

       1     Non-fatal error when processing files;  for  example,  permission

       >1    Fatal error; for example, invalid command-line options

   Report Tool
       The report tool returns the following exit values:

       0     No discrepancies reported

       1     Discrepancies found

       >1    Fatal error executing comparison

       Example 1 Creating a Default Manifest Without Computing Checksums

       The  following  command line creates a default manifest, which consists
       of all files in the / file system. The -n option  prevents  computation
       of checksums, which causes the manifest to be generated more quickly.

         bart create -n

       Example 2 Creating a Manifest for a Specified Subtree

       The  following  command line creates a manifest that contains all files
       in the /home/nickiso subtree.

         bart create -R /home/nickiso

       Example 3 Creating a Manifest by Using Standard Input

       The following command line uses output from the find(1) command to gen‐
       erate  the  list  of  files to be cataloged. The find output is used as
       input to the bart create command that specifies the -I option.

         find /home/nickiso -print | bart create -I

       Example 4 Creating a Manifest by Using a Rules File

       The following command line uses a rules file,  rules,  to  specify  the
       files  to  be cataloged. The rules file needs to be specified when com‐
       paring the manifests for consistent and accurate results  (see  example

         bart create -r rules

       Example 5 Comparing Two Manifests and Generating Programmatic Output

       The  following  command line compares two manifests and produces output
       suitable for parsing by a program.

         bart compare -p manifest1 manifest2

       Example 6 Comparing Two Manifests and Specifying Attributes to Ignore

       The following command line compares two manifests. The  dirmtime,  lnm‐
       time, and mtime attributes are not compared.

         bart compare -i dirmtime,lnmtime,mtime manifest1 manifest2

       Example 7 Comparing Two Manifests by Using a Rules File

       The  following  command  line  uses a rules file, rules, to compare two

         bart compare -r rules manifest1 manifest2

       The MD5 & SHA-1 algorithms are currently considered  weak  for  crypto‐
       graphic  use.  These  algorithms  should be used only for compatibility
       with legacy manifest data. Manifests should be updated to use  a  SHA-2
       family checksum when possible (sha256, sha384, or sha512).

       See attributes(7) for descriptions of the following attributes:

       tab()  box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
       TRIBUTE VALUE _ Availabilitysecurity/bart _ Interface  StabilityCommit‐

       cksum(1),    digest(1),   find(1),   bart_manifest(5),   bart_rules(5),

       The file attributes of certain  system  libraries  can  be  temporarily
       altered  by the system as it boots. To avoid triggering false warnings,
       you should compare manifests only if they were both  created  with  the
       system  in the same state; that is, if both were created in single-user
       or both in multi-user.

       Support for Version 1.1 manifests, SHA checksums, and the -a option was
       added in Oracle Solaris 11.0.0.

       The bart command was added in Solaris 10 3/05.

Oracle Solaris 11.4               21 Jun 2021                          bart(8)
맨 페이지 내용의 저작권은 맨 페이지 작성자에게 있습니다.