pdfck(1M)
NAME
pdfck − compare Product Description File to File System
SYNOPSIS
pdfck [−n] alternate_root] PDF
DESCRIPTION
pdfck is a program that compares the file descriptions in a PDF (Product Description File) to the actual files on the file system. It is intended as a tool to audit the file system and detect corruption and/or tampering. Differences found are reported in the format described in pdfdiff(1M). (Size growth (−p option) is not reported.) For a detailed explanation of the PDF fields see pdf(4). The command
pdfck -r /pseudoroot /system/UX_CORE/pdf
is roughly equivalent to
mkpdf -r /pseudoroot /system/UX_CORE/pdf − | pdfdiff /system/UX_CORE/pdf −
Options
pdfck recognizes the following options:
−n Compare numerical representation of user id uid and group id gid of each file, instead of the usual text representation. If owner or group is recorded in the PDF as a name, look the name up in the /etc/passwd or /etc/group file, respectively, to find the id number.
−r alternate_root alternate_root is a string that is prefixed to each pathname in the prototype when the filesystem is being searched for that file. Default is NULL.
EXAMPLES
The following output indicates tampering with /bin/cat:
/bin/cat: mode(-r-xr-xr-x -> -r-sr-xr-x)(became suid), size(27724 -> 10345),
checksum(1665 -> 398)
FILES
/system/fileset_name/pdf
SEE ALSO
mkpdf(1M), pdfdiff(1M), pdf(4).
Hewlett-Packard Company — HP-UX Release 8.05: June 1991