NAME
bastille_drift — system configuration drift analyzer
SYNOPSIS
Path (Linux):
/usr/sbin
Path (HP-UX):
/opt/sec_mgmt/bastille/bin
bastille_drift
[--from_baseline
[baseline]]
bastille_drift
[--save_baseline
[baseline]]
bastille_drift
DESCRIPTION
bastille_drift
is a program for creating Bastille-configuration baselines and
comparing the current state of the system to a saved baseline.
This enables the user to see what, if any, changes had occurred relative to
a saved baseline.
Note:
When first run successfully, Bastille automatically saves a baseline
in the default location (see
FILES
below).
Here are the different operations for
bastille_drift:
bastille_drift
[--from_baseline
[baseline]]
Compare system state to specified (or default) baseline.
bastille_drift
[--save_baseline
[baseline]]
Establish or update specified (or default) baseline.
bastille_drift
Compare system state to default baseline.
DIAGNOSTICS
The following are diagnostics for
bastille_drift:
No Baseline exists with which to compare current state.
The default or specified baseline file doesn't exist.
Either save a baseline to the named location, if you'd specified one,
or save a baseline to the default location.
Note:
bastille
will save a baseline to the default location
on its first successful run.
Attempt to establish system state not successful.
bastille_drift
ran
bastille --assessnobrowser
to establish system state, but the operation did not succeed.
The
bastille_drift
error log should contain enough detail to give the user sufficient
information to prevent reoccurrence.
Note that
bastille_drift
only detects a state change with regard to a configuration option
manipulated Bastille, at the same granularity as that covered by the
original Bastille question.
Also, in a number of cases the input config will differ from the
saved baseline.
This is normal, and most often involved either
manual-action-required questions, questions that don't affect the system
state, or cases where no change was requested of Bastille,
but
bastille
was able to detect and baseline the initial state of the system.
Also, note that
bastille
baselines detect the configured state of the system. If only Bastille, SMH,
or SAM are used to configure the system, those will, usually coincide with
the dynamic state of the affected processes as well.
In some cases, especially in the case of a manual file edit or configuration
change,
bastille_drift
may note a state different than the daemon.
Example:
A user changed
inetd.conf,
but forgot to run
inetd -c
to ask
inetd
to reread its configuration file.
If you need to be certain that the dynamic state matches the configured one,
reboot the system.
DEPENDENCIES
Perl version 5.8.0 or greater,
but 5.8.8 or greater is recommended for best performance.
FILES
- /var/opt/sec_mgmt/bastille/baselines (HP-UX)
- /etc/Bastille/baselines (Linux)
Default location for baselines if path not specified.
- /var/opt/sec_mgmt/bastille/baselines/default_baseline (HP-UX)
Default location for baseline if file not specified.
This is also where Bastille stores an initial baseline here on its
first successful run.
- /var/opt/sec_mgmt/bastille/log/Assessment/Drift.txt (HP-UX)
Location of drift report/diff resulting from assessment.
