bastille_drift(1M)bastille_drift(1M)NAMEbastille_drift - system configuration drift analyzer
SYNOPSIS
Path (Linux): /usr/sbin
Path (HP-UX): /opt/sec_mgmt/bastille/bin
bastille_drift [ --from_baseline [ baseline ] ]
bastille_drift [ --save_baseline [ baseline ] ]
bastille_driftDESCRIPTIONbastille_drift is a program for creating Bastille-configuration base‐
lines and comparing the current state of the system to a saved base‐
line. This enables the user to see what, if any, changes had occurred
relative to a saved baseline.
Note: When first run successfully, Bastille automatically saves a base‐
line in the default location (see FILES below).
Here are the different operations for bastille_drift:
bastille_drift [ --from_baseline [ baseline ] ]
Compare system state to specified (or default) baseline.
bastille_drift [ --save_baseline [ baseline ] ]
Establish or update specified (or default) baseline.
bastille_drift
Compare system state to default baseline.
DIAGNOSTICS
The following are diagnostics for bastille_drift:
No Baseline exists with which to compare current state.
The default or specified baseline file doesn't exist. Either
save a baseline to the named location, if you'd specified one,
or save a baseline to the default location.
Note: bastille will save a baseline to the default location on
its first successful run.
Attempt to establish system state not successful.
bastille_drift ran bastille --assessnobrowser to establish sys‐
tem state, but the operation did not succeed. The
bastille_drift error log should contain enough detail to give
the user sufficient information to prevent reoccurrence.
Note that bastille_drift only detects a state change with regard
to a configuration option manipulated Bastille, at the same
granularity as that covered by the original Bastille question.
Also, in a number of cases the input config will differ from the
saved baseline. This is normal, and most often involved either
manual-action-required questions, questions that don't affect
the system state, or cases where no change was requested of
Bastille, but bastille was able to detect and baseline the ini‐
tial state of the system.
Also, note that bastille baselines detect the configured state
of the system. If only Bastille, SMH, or SAM are used to con‐
figure the system, those will, usually coincide with the dynamic
state of the affected processes as well. In some cases, espe‐
cially in the case of a manual file edit or configuration
change, bastille_drift may note a state different than the dae‐
mon.
EXAMPLE: a user changed inetd.conf, but forgot to run inetd -c
to ask inetd to reread its configuration file.
If you need to be certain that the dynamic state matches the
configured one, reboot the system.
DEPENDENCIES
Perl version 5.8.0 or greater, but we recommend 5.8.8 or greater for
best performance.
FILES
/var/opt/sec_mgmt/bastille/baselines (HP-UX)
/etc/Bastille/baselines (Linux)
Default location for baselines if path not specified
/var/opt/sec_mgmt/bastille/baselines/default_baseline (HP-UX)
Default location for baseline if file not specified. This is
also where Bastille stores an initial baseline here on its first
successful run.
/var/opt/sec_mgmt/bastille/log/Assessment/Drift.txt (HP-UX)
Location of drift report/diff resulting from assessment
SEE ALSOperl(1), bastille(1M).
$Date: 2007/06/14 22:10:10 $ bastille_drift(1M)