Consider the following rule file for use with the Basic Audit Reporting Tool (BART).
CHECK all
IGNORE dirmtime/etc/security
/etc/notices
IGNORE contents
/export/home
IGNORE mtime size contents
/var
CHECK
You are using BART to detect inappropriate changes to the file system.
Identify the two correct statements describing the attributes recorded.
A.
/var/dhcp Attribute: size uid gid mode acl
B.
/etc/hosts Attributes: size uid gid mode acl intime dest
C.
/var/spool/mqueue Attribute: size uid gid mode acl dirmtime
D.
/etc/security/exec_attr Attribute: size uid mode acl mtime devnode
E.
/export/home/kate/.profile Attributes: uid gid mode acl dirmtime
F.
/export/home/rick/.profile Attributes: size uid gid mode acl mtime contents
Explanation:
D: According to line /etc/security
F: According to line /export/home
Not E: According to line IGNORE dirmtime
Note: In default mode, the bart compare command, as shown in the following example, checks all the files
installed on the system, with the exception of modified directory timestamps (dirmtime):
CHECK all
IGNORE dirmtime
Note 2: The Basic Audit Reporting Tool (BART) feature of Oracle Solaris enables you to comprehensively
validate systems by performing file-level checks of a system over time. By creating BART manifests, you can
easily and reliably gather information about the components of the software stack that is installed on deployed
systems.
BART is a useful tool for integrity management on one system or on a network of systems.