BART_MANIFEST(4) File Formats and Configurations BART_MANIFEST(4)


NAME


bart_manifest - system audit manifest file

DESCRIPTION


The bart(1M) command generates a manifest that describes the contents of
a managed host. A manifest consists of a header and entries. Each entry
represents a single file. Entries are sorted in ascending order by file
name. Any nonstandard file names, such as those that contain embedded
newline or tab characters, have the special characters quoted prior to
being sorted. See Quoting Syntax.


Lines that begin with ! supply metadata about the manifest. The manifest
version line indicates the manifest specification version. The date line
shows the date on which the manifest was created, in date(1) form.


Some lines are ignored by the manifest comparison tool. Ignored lines
include blank lines, lines that consist only of white space, and comments
that begin with #.


In addition to metadata lines, the header contains the format comment
block. This comment block lists the attributes reported for each file
type.


To see the format of a manifest file, see EXAMPLES.

Manifest File Entries


Each manifest file entry is a single line of one of the following forms,
depending on the file type:

fname D size mode acl dirmtime uid gid
fname P size mode acl mtime uid gid
fname S size mode acl mtime uid gid
fname F size mode acl mtime uid gid contents
fname L size mode acl lnmtime uid gid dest
fname B size mode acl mtime uid gid devnode
fname C size mode acl mtime uid gid devnode


The fields of the manifest file entries are described as follows:

fname
Name of the file. To prevent parsing problems that are caused
by special characters embedded in file names, file names are
encoded as described in Quoting Syntax.


type
Type of file.

Possible values for type are as follows:

B
Block device node


C
Character device node


D
Directory


F
File


L
Symbolic link


P
Pipe


S
Socket


size
File size in bytes.


mode
Octal number that represents the permissions of the file.


acl
ACL attributes for the file. For a file with ACL attributes,
this field contains the output from acltotext().


uid
Numerical user ID of the owner of this entry.


gid
Numerical group ID of the owner of this entry.


dirmtime
Modification time in seconds since 00:00:00 UTC, January 1,
1970 for directories.


lnmtime
Creation time for links.


mtime
Modification time in seconds since 00:00:00 UTC, January 1,
1970 for files.


contents
Checksum value of the file. This attribute is only specified
for regular files. If you turn off context checking or if
checksums cannot be computed, the value of this field is -.


dest
Destination of a symbolic link.


devnode
Value of the device node. This attribute is for character
device files and block device files only.


Quoting Syntax


The rules file supports a quoting syntax for representing nonstandard
file names.


When generating a manifest for file names that embeded TAB, SPACE, or
NEWLINE characters, the special characters are encoded in their octal
forms.


+----------------+------------------+
|Input Character | Quoted Character |
+----------------+------------------+
|SPACE | \SPACE |
+----------------+------------------+
|TAB | \TAB |
+----------------+------------------+
|NEWLINE | \NEWLINE |
+----------------+------------------+
|? | \? |
+----------------+------------------+
|[ | \[ |
+----------------+------------------+
|* | \* |
+----------------+------------------+

EXAMPLES


Example 1: Sample Manifest File




The following is a sample system manifest file. The file entries are
sorted by the encoded versions of the file names to correctly handle
special characters.


! Version 1.0
! Mon Feb 11 10:55:30 2002
# Format:
# fname D size mode acl dirmtime uid gid
# fname P size mode acl mtime uid gid
# fname S size mode acl mtime uid gid
# fname F size mode acl mtime uid gid contents
# fname L size mode acl lnmtime uid gid dest
# fname B size mode acl mtime uid gid devnode
# fname C size mode acl mtime uid gid devnode
/etc D 3584 40755 user::rwx,group::r-x,mask::r-x,other::r-x,
3c6803d7 0 3
/etc/.login F 524 100644 user::rw-,group::r--,mask::r--,other::r--,
3c165878 0 3 27b53d5c3e844af3306f1f12b330b318
/etc/.pwd.lock F 0 100600 user::rw-,group::---,mask::---,other::---,
3c166121 0 0 d41d8cd98f00b204e9800998ecf8427e
/etc/.syslog_door L 20 120777 user::rw-,group::r--,mask::
rwx,other::r--,3c6803d5 0 0 /var/run/syslog_door
/etc/autopush L 16 120777 user::r-x,group::r-x,mask::r-x,other::r-x,
3c165863 0 0 ../sbin/autopush
/etc/cron.d/FIFO P 0 10600 user::rw-,group::---,mask::---,other::---,
3c6803d5 0 0


SEE ALSO


date(1), bart(1M), bart_rules(4), attributes(5)


September 9, 2003 BART_MANIFEST(4)