Solaris BART (Basic Auditing and Reporting Tool)
BART (Basic Auditing and Reporting Tool) provides the ability to determine file-level changes at a granular level within the Solaris 10 operating system. This is achieved via the creation of 2 manifest files (a control-manifest and test-manifest), each manifest catalogs the attributes of each file and then a comparison is run between the files and the subsequent discrepancies displayed. The option of a rules files is also supplied allowing the administrator to define which files, folders and attributes are to be cataloged and compared.
Configuring BART requires:
1. BART Installation
2. Creation of a rules file
3. Generating a control-manifest file
4. Generating a test-manifest file
5. Comparison of the control-manifest and test-manifest files.
BART is installed via the installation of the SUNWbart binary. This binary is normally found within the Solaris Installation CD.
pkgadd -i SUNWbart
Once the BART binary is installed it is also worth creating a BART directory in order to store your BART files.
Creation of a Rules File
The rules file will define which attributes and files are cataloged and compared against. Create a file within /bart named bart.rules.
Below is an example based on specifying the contents and time attributes for files within the /etc directly.
CHECK contents mtime
Generating a control-manifest file
bart create -r /bart/bart.rules > /bart/bart.manifest
Generating a test-manifest file
bart create -r /bart/bart.rules > /bart/bart.manifest-`date ‘+%d%m%Y’`
Comparison of the control-manifest and test-manifest files.
Compare the 2 manifest files.
bart compare -r /bart/bart.rules -p /bart/bart.manifest /bart/bart.manifest-`date ‘+%d%m%Y’`