1.\" Copyright (c) 1989, 1990, 1993
2.\" The Regents of the University of California. All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\" notice, this list of conditions and the following disclaimer.
--- 12 unchanged lines hidden (view full) ---
21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26.\" SUCH DAMAGE.
27.\"
28.\" From: @(#)mtree.8 8.2 (Berkeley) 12/11/93
29.\" $FreeBSD: head/usr.sbin/mtree/mtree.8 144295 2005-03-29 11:44:17Z tobez $
30.\"
31.Dd January 11, 2004
32.Dt MTREE 8
33.Os
34.Sh NAME
35.Nm mtree
36.Nd map a directory hierarchy
37.Sh SYNOPSIS
--- 161 unchanged lines hidden (view full) ---
199.It Cm md5digest
200The MD5 message digest of the file.
201.It Cm sha1digest
202The
203.Tn FIPS
204160-1
205.Pq Dq Tn SHA-1
206message digest of the file.
207.It Cm sha256digest
208The
209.Tn FIPS
210180-2
211.Pq Dq Tn SHA-256
212message digest of the file.
213.It Cm ripemd160digest
214The
215.Tn RIPEMD160
216message digest of the file.
217.It Cm mode
218The current file's permissions as a numeric (octal) or symbolic
219value.
220.It Cm nlink
--- 97 unchanged lines hidden (view full) ---
318.El
319.Sh EXIT STATUS
320.Ex -std
321.Sh EXAMPLES
322To detect system binaries that have been ``trojan horsed'', it is recommended
323that
324.Nm
325.Fl K
326.Cm sha256digest
327be run on the file systems, and a copy of the results stored on a different
328machine, or, at least, in encrypted form.
329The output file itself should be digested using the
330.Xr sha256 1
331utility.
332Then, periodically,
333.Nm
334and
335.Xr sha256 1
336should be run against the on-line specifications.
337While it is possible for the bad guys to change the on-line specifications
338to conform to their modified binaries, it is believed to be
339impractical for them to create a modified specification which has
340the same SHA-256 digest as the original.
341.Pp
342The
343.Fl d
344and
345.Fl u
346options can be used in combination to create directory hierarchies
347for distributions and other such things; the files in
348.Pa /etc/mtree
--- 24 unchanged lines hidden (view full) ---
373The
374.Tn SHA-1
375and
376.Tn RIPEMD160
377digests were added in
378.Fx 4.0 ,
379as new attacks have demonstrated weaknesses in
380.Tn MD5 .
381The
382.Tn SHA-256
383digest was added in
384.Fx 6.0 .
385Support for file flags was added in
386.Fx 4.0 ,
387and mostly comes from
388.Nx .
2.\" The Regents of the University of California. All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\" notice, this list of conditions and the following disclaimer.
--- 12 unchanged lines hidden (view full) ---
21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26.\" SUCH DAMAGE.
27.\"
28.\" From: @(#)mtree.8 8.2 (Berkeley) 12/11/93
29.\" $FreeBSD: head/usr.sbin/mtree/mtree.8 144295 2005-03-29 11:44:17Z tobez $
30.\"
31.Dd January 11, 2004
32.Dt MTREE 8
33.Os
34.Sh NAME
35.Nm mtree
36.Nd map a directory hierarchy
37.Sh SYNOPSIS
--- 161 unchanged lines hidden (view full) ---
199.It Cm md5digest
200The MD5 message digest of the file.
201.It Cm sha1digest
202The
203.Tn FIPS
204160-1
205.Pq Dq Tn SHA-1
206message digest of the file.
207.It Cm sha256digest
208The
209.Tn FIPS
210180-2
211.Pq Dq Tn SHA-256
212message digest of the file.
213.It Cm ripemd160digest
214The
215.Tn RIPEMD160
216message digest of the file.
217.It Cm mode
218The current file's permissions as a numeric (octal) or symbolic
219value.
220.It Cm nlink
--- 97 unchanged lines hidden (view full) ---
318.El
319.Sh EXIT STATUS
320.Ex -std
321.Sh EXAMPLES
322To detect system binaries that have been ``trojan horsed'', it is recommended
323that
324.Nm
325.Fl K
326.Cm sha256digest
327be run on the file systems, and a copy of the results stored on a different
328machine, or, at least, in encrypted form.
329The output file itself should be digested using the
330.Xr sha256 1
331utility.
332Then, periodically,
333.Nm
334and
335.Xr sha256 1
336should be run against the on-line specifications.
337While it is possible for the bad guys to change the on-line specifications
338to conform to their modified binaries, it is believed to be
339impractical for them to create a modified specification which has
340the same SHA-256 digest as the original.
341.Pp
342The
343.Fl d
344and
345.Fl u
346options can be used in combination to create directory hierarchies
347for distributions and other such things; the files in
348.Pa /etc/mtree
--- 24 unchanged lines hidden (view full) ---
373The
374.Tn SHA-1
375and
376.Tn RIPEMD160
377digests were added in
378.Fx 4.0 ,
379as new attacks have demonstrated weaknesses in
380.Tn MD5 .
381The
382.Tn SHA-256
383digest was added in
384.Fx 6.0 .
385Support for file flags was added in
386.Fx 4.0 ,
387and mostly comes from
388.Nx .