bart_manifest(4) File Formats bart_manifest(4)
bart_manifest - system audit manifest file
The bart(1M) command generates a manifest that describes the contents
of a managed host. A manifest consists of a header and entries. Each
entry represents a single file. Entries are sorted in ascending order
by file name. Any nonstandard file names, such as those that contain
embedded newline or tab characters, have the special characters quoted
prior to being sorted. See Quoting Syntax.
Lines that begin with ! supply metadata about the manifest. The mani-
fest version line indicates the manifest specification version. The
date line shows the date on which the manifest was created, in date(1)
Some lines are ignored by the manifest comparison tool. Ignored lines
include blank lines, lines that consist only of white space, and com-
ments that begin with #.
In addition to metadata lines, the header contains the format comment
block. This comment block lists the attributes reported for each file
To see the format of a manifest file, see EXAMPLES.
Manifest File Entries
Each manifest file entry is a single line of one of the following
forms, depending on the file type:
fname D size mode acl dirmtime uid gid
fname P size mode acl mtime uid gid
fname S size mode acl mtime uid gid
fname F size mode acl mtime uid gid contents
fname L size mode acl lnmtime uid gid dest
fname B size mode acl mtime uid gid devnode
fname C size mode acl mtime uid gid devnode
The fields of the manifest file entries are described as follows:
fname Name of the file. To prevent parsing
problems that are caused by special
characters embedded in file names, file
names are encoded as described in Quot-
type Type of file.
Possible values for type are as fol-
B Block device node
C Character device node
L Symbolic link
size File size in bytes.
mode Octal number that represents the per-
missions of the file.
acl ACL attributes for the file. For a file
with ACL attributes, this field con-
tains the output from acltotext().
uid Numerical user ID of the owner of this
gid Numerical group ID of the owner of this
dirmtime Modification time in seconds since
00:00:00 UTC, January 1, 1970 for
lnmtime Creation time for links.
mtime Modification time in seconds since
00:00:00 UTC, January 1, 1970 for
contents Checksum value of the file. This
attribute is only specified for regular
files. If you turn off context checking
or if checksums cannot be computed, the
value of this field is -.
dest Destination of a symbolic link.
devnode Value of the device node. This
attribute is for character device files
and block device files only.
The rules file supports a quoting syntax for representing nonstandard
When generating a manifest for file names that embeded <<TAB>>, <<SPACE>>,
or <<NEWLINE>> characters, the special characters are encoded in their
tab() allbox; lw(2.750000i)| lw(2.750000i). Input CharacterQuoted
Character <<SPACE>>\<<SPACE>> <<TAB>>\<<TAB>> <<NEWLINE>>\<<NEWLINE>> ?\? [\[ *\*
Example 1: Sample Manifest File
The following is a sample system manifest file. The file entries are
sorted by the encoded versions of the file names to correctly handle
! Version 1.0
! Mon Feb 11 10:55:30 2002
# fname D size mode acl dirmtime uid gid
# fname P size mode acl mtime uid gid
# fname S size mode acl mtime uid gid
# fname F size mode acl mtime uid gid contents
# fname L size mode acl lnmtime uid gid dest
# fname B size mode acl mtime uid gid devnode
# fname C size mode acl mtime uid gid devnode
/etc D 3584 40755 user::rwx,group::r-x,mask::r-x,other::r-x, 3c6803d7 0 3
/etc/.login F 524 100644 user::rw-,group::r--,mask::r--,other::r--,
3c165878 0 3 27b53d5c3e844af3306f1f12b330b318
/etc/.pwd.lock F 0 100600 user::rw-,group::---,mask::---,other::---,
3c166121 0 0 d41d8cd98f00b204e9800998ecf8427e
/etc/.syslog_door L 20 120777 user::rw-,group::r--,mask::rwx,other::r--,
3c6803d5 0 0 /var/run/syslog_door
/etc/autopush L 16 120777 user::r-x,group::r-x,mask::r-x,other::r-x,
3c165863 0 0 ../sbin/autopush
/etc/cron.d/FIFO P 0 10600 user::rw-,group::---,mask::---,other::---,
3c6803d5 0 0
date(1), bart(1M), bart_rules(4), attributes(5)
SunOS 5.10 9 Sep 2003 bart_manifest(4)