NAME
pdfck — compare Product Description File to File System
SYNOPSIS
pdfck
[-n]
[-r
alternate_root]
PDF
DESCRIPTION
pdfck
is a program that compares the file descriptions in a
PDF
(Product Description File) to the actual files on the file system.
It is intended as a tool to audit the file system
and detect corruption and/or tampering.
Differences found are reported in the format described in the
pdfdiff(1M)
manual entry.
(Size growth
(-p
option) is not reported.)
For a detailed explanation of the
PDF
fields see
pdf(4).
The command
pdfck -r /pseudoroot /system/AL_CORE/pdf
is roughly equivalent to
mkpdf -r /pseudoroot /system/AL_CORE/pdf - | \
pdfdiff /system/AL_CORE/pdf -
Options
pdfck
recognizes the following options:
- -n
Compare numerical representation of user id
uid
and group id
gid
of each file, instead of the usual text representation.
If owner or group is recorded in the
PDF
as a name, look the name up in the
/etc/passwd
or
/etc/group
file, respectively, to find the id number.
- -r alternate_root
alternate_root
is a string that is prefixed to each pathname in the prototype
when the filesystem is being searched for that file.
Default is
NULL.
EXAMPLES
The following output indicates tampering with
/usr/bin/cat:
/usr/bin/cat: mode(-r-xr-xr-x -> -r-sr-xr-x)(became suid), size(27724 -> 10345),
checksum(1665 -> 398)
WARNING
Use of PDFs is discouraged since this functionality is obsolete and is being
replaced with Software Distributor (see
sd(4)).
FILES
- /system/fileset_name/pdf
Product Description File of fileset called
fileset_name.