Less known Solaris features: BART
Apropos auditing. There is a small but cool tool in Solaris. It solves the problem of “No, i haven´t changed anything on the system”. It´s called BART, the Basic Audit Reporting Tool. It a really simple tool and it´s really easy to use.
Usage
Okay, let´s assume after some days of work you finally configured all components of your new system. Okay, create a nice place to store the output of the bart tool. After this you start bart for the first time to create the first manifest of your system.
# mkdir /bart-files<br />
# bart create -R /etc > /bart-files/etc.control.manifestThe manifest stores all informations about the files. This is the example for the /etc/nsswitch.nisplus:
# cat etc.control.manifest | grep "/nsswitch.nisplus"<br />
/nsswitch.nisplus F 2525 100644 user::rw-,group::r--,mask:r--,other:r-- 473976b5 0 3 79e8fd689a5221d1cd059e5077da71b8Now lets change some files:
# touch /etc/thisisjustatest<br />
# chmod 777 /etc/nsswitch.files<br />
# echo "#just a test" >> /etc/nsswitch.nisplus Okay, enough changes. Let´s create a new manifest of the changed /etc. Pipe it to a different file.
# bart create -R /etc > /bart-files/etc.check20080202.manifestNow we can compare the baseline manifest with the actual manifest.
# cd /bart-files<br />
# bart compare etc.control.manifest etc.check20080202.manifest This command prints all differences between the two manifests and thus the difference between the tow states of the system
/nsswitch.files:<br />
mode control:100644 test:100777<br />
acl control:user::rw-,group::r--,mask:r--,other:r-- test:user::rwx,group::rwx,mask:rwx,other:rwx<br />
/nsswitch.nisplus:<br />
size control:2525 test:2538<br />
mtime control:473976b5 test:47a44862<br />
contents control:79e8fd689a5221d1cd059e5077da71b8 test:3f79176ec352441db11ec8a3d02ef67c<br />
/thisisjustatest:<br />
addAs i wrote before: A really nice tool.
Want to learn more?
For more information about this tool visit Using the Basic Audit Reporting Tool.