pdfck - compare Product Description File to File System
pdfck [-n] [-r alternate_root] PDF
pdfck is a program that compares the file descriptions in a PDF
(Product Description File) to the actual files on the file system. It
is intended as a tool to audit the file system and detect corruption
and/or tampering. Differences found are reported in the format
described in the pdfdiff(1M) manual entry. (Size growth (-p option)
is not reported.) For a detailed explanation of the PDF fields see
pdf(4). The command
pdfck -r /pseudoroot /system/AL_CORE/pdf
is roughly equivalent to
mkpdf -r /pseudoroot /system/AL_CORE/pdf - | \
pdfdiff /system/AL_CORE/pdf -
pdfck recognizes the following options:
-n Compare numerical representation of user id
uid and group id gid of each file, instead of
the usual text representation. If owner or
group is recorded in the PDF as a name, look
the name up in the /etc/passwd or /etc/group
file, respectively, to find the id number.
-r alternate_root alternate_root is a string that is prefixed
to each pathname in the prototype when the
filesystem is being searched for that file.
Default is NULL.
The following output indicates tampering with /usr/bin/cat:
/usr/bin/cat: mode(-r-xr-xr-x -> -r-sr-xr-x)(became suid), size(27724 -> 10345),
checksum(1665 -> 398)
Use of PDFs is discouraged since this functionality is obsolete and is
being replaced with Software Distributor (see sd(4)).
/system/fileset_name/pdf Product Description File of fileset
Hewlett-Packard Company - 1 - HP-UX Release 11i: November 2000
mkpdf(1M), pdfdiff(1M), pdf(4).
Hewlett-Packard Company - 2 - HP-UX Release 11i: November 2000