One of the jobs of a package management system is to keep track of what files belong to what packages. Solaris 9 keeps this information in a single plaintext file, /var/sadm/install/contents, complete with file ownership and permission data. The format is relatively obvious; pkgmap(4) describes most of the bits, and here is another reference. (My Solaris 9 install does not have a contents(4) manpage; I may be missing some package.)

The official Solaris 9 way of poking around in this information is the pkgchk command, sometimes combined with pkginfo. Unfortunately this is often hideously verbose, so lots of people evidently resort to grep et al. Pkgchk can be used for verification in a non-verbose way, so the Solaris equivalent of my check-rpmv script is:

#!/bin/sh
n=/tmp/check.$$
for i in `pkginfo | awk '{print $2}'`; do
  pkgchk $i >$n 2>&1
  if test -s $n; then
    echo $i:
    sed 's/^/    /' <$n
  fi
done
rm -f $n

(Don't use this for system verification after an intrusion at all, since sum(1) checksums are relatively trivially breakable plus the contents file is very easy to manipulate. Sun has integrity checking tools with much better checksums.)

Various other interesting things are floating around /var/sadm, including package descriptions and installation logs.

(I will give pkgchk style points for the -x option; doing the equivalent in RPM is much, much more annoying.)