Introduction to Solaris basic auditing and reporting tools

Article Title: Introduction to Solaris basic audit and reporting tools. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

BART is a file tracking tool at the file system level. The BART tool enables you to quickly, easily, and reliably obtain information about software components in the system. Using BART can greatly reduce the management cost of the network system. BART can perform the check operation at the file layer of the Target System Software Directory. The utility can be used to collect information about what has been installed in the system. BART also allows you to compare the changes of installed systems and system content over time.

　　1. Introduction to BART

The main difference between BART and existing audit tools is that BART is flexible in tracking and reporting information. Other advantages and usage of BART include:

"Provides an effective and easy way to compile directories at the file layer for systems running Solaris software.

"Use BART to define the file to be monitored, and modify the configuration file if necessary. With this flexibility, You can monitor local custom items and easily and effectively reconfigure the software.

"Ensures that the system runs reliable software.

"Allows you to monitor system changes at the file layer over a period of time to help locate corrupted or abnormal files.

"Helps you solve system performance problems.

　2. Composition of BRAT

The basic audit and reporting tool (BART) consists of two main parts and an optional part.

(1) BART list (Manifest ).

You can use the bart create command to take a snapshot of the system's file layer at a specific time. The output is a list of directories about file and file attributes. This list lists information about all or specific files on the system. It contains information about file attributes, including information about unique identifiers, such as MD5 checksum. The list can be stored and transmitted between the client and the server system. Note: BART does not span the boundaries of the file system, except for file systems of the same type. This constraint makes the output of the bart create Command easier to predict. For example, without parameters, the bart create command is used to compile the directories of all UFS file systems under the root (/) directory.

(2) BART report and Output

The BART report has three outputs: Comparison of Two file lists and a possible difference mark. You can use the bart compare command to compare two file lists: control file list and test file list. These file lists must be rule files with the same file system, options, and creation time. The bart compare Command reports the differences between each row in the two file lists. This difference refers to any difference in the file attributes in the file list. The addition and deletion of entries in the two file lists are also considered different. In the default mode, the bart compare command checks all files installed on the system except the modified directory time mark (dirmtime), as shown in the following example:

CHECK all

IGNORE dirmtime

If the rules file is provided, the global commands CHECK all and IGNORE dirmtime are automatically prefixed to the rules file in the preceding order.

The following exit value is returned for the BART output:

0: Successful

1: non-fatal errors occur when processing files, such as permission issues.

> 1: fatal errors, such as invalid command line options

(3) BART rule file.

The rule file is an optional file used to manage the bart command. It uses or removes some rules. The rule file is used to create a list of custom files and reports. Rule files allow you to use simple syntax to set file categories and what attributes need to be monitored. When you compare the file list, rule files help identify differences. Using Rule files is an effective way to obtain system-specific information. You can run the following tasks in the Rule file:

"Use the bart create command to create a list of all files or specific files on the system.

"Use the bart compare command to generate a report that monitors the specific attributes of the file system.

[1] [2] Next page