How to Customize a Manifest

You can customize a manifest in one of the following ways:

• By specifying a subtree

  Specifying an individual subtree is an efficient way to monitor changes to selected, important files, such as all files in the /etc directory.

• By specifying a file name

  Specifying a file name is an efficient way of monitoring particularly sensitive files, such as the files that configure and run a database application.

• By using a rules file

  By using a rules file to create and compare manifests gives you the flexibility to specify multiple attributes for more than one file or subtree. From the command line, you can specify a global attribute definition that applies to all files in a manifest or report. From a rules file, you can specify attributes that do not apply globally.

Before You Begin

You must assume the root role. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .

1. Determine which files to catalog and monitor.
2. Create a custom manifest by using one of the following options:

   • By specifying a subtree:

     # bart create -R subtree

   • By specifying a file name or file names:

     # bart create -I filename...

     For example:

     # bart create -I /etc/system /etc/passwd /etc/shadow

   • By using a rules file:

     # bart create -r rules-file

3. Examine the contents of the manifest.
4. (Optional)Save the manifest in a protected directory for future use.

   For an example, see Step 3 in How to Create a Control Manifest.

   ---

   Tip  - If you used a rules file, save the rules file with the manifest. For a useful comparison, you must run the comparison with the rules file.

   ---