1.\" Copyright (c) 1989, 1990, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" From: @(#)mtree.8 8.2 (Berkeley) 12/11/93
| 1.\" Copyright (c) 1989, 1990, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" From: @(#)mtree.8 8.2 (Berkeley) 12/11/93
|
48.Op Fl K Ar keywords 49.Ek 50.Bk -words 51.Op Fl k Ar keywords 52.Ek 53.Bk -words 54.Op Fl p Ar path 55.Ek 56.Bk -words 57.Op Fl s Ar seed 58.Ek 59.Bk -words 60.Op Fl X Ar exclude-list 61.Ek 62.Sh DESCRIPTION 63The 64.Nm 65utility compares the file hierarchy rooted in the current directory against a 66specification read from the standard input. 67Messages are written to the standard output for any files whose 68characteristics do not match the specifications, or which are 69missing from either the file hierarchy or the specification. 70.Pp 71The options are as follows: 72.Bl -tag -width flag 73.It Fl L 74Follow all symbolic links in the file hierarchy. 75.It Fl P 76Don't follow symbolic links in the file hierarchy, instead consider 77the symbolic link itself in any comparisons. This is the default. 78.It Fl U 79Modify the owner, group, permissions, and modification time of existing 80files to match the specification and create any missing directories or 81symbolic links. 82User, group and permissions must all be specified for missing directories 83to be created. 84Corrected mismatches are not considered errors. 85.It Fl c 86Print a specification for the file hierarchy to the standard output. 87.It Fl d 88Ignore everything except directory type files. 89.It Fl e 90Don't complain about files that are in the file hierarchy, but not in the 91specification. 92.It Fl i 93Indent the output 4 spaces each time a directory level is descended when 94create a specification with the 95.Fl c 96option. 97This does not affect either the /set statements or the comment before each 98directory. 99It does however affect the comment before the close of each directory. 100.It Fl n 101Do not emit pathname comments when creating a specification. Normally 102a comment is emitted before each directory and before the close of that 103directory when using the 104.Fl c 105option. 106.It Fl q 107Quiet mode. Do not complain when a 108.Dq missing 109directory cannot be created because it already exists. 110This occurs when the directory is a symbolic link. 111.It Fl r 112Remove any files in the file hierarchy that are not described in the 113specification. 114.It Fl u 115Same as 116.Fl U 117except a status of 2 is returned if the file hierarchy did not match 118the specification. 119.It Fl x 120Don't descend below mount points in the file hierarchy. 121.It Fl f Ar file 122Read the specification from 123.Ar file , 124instead of from the standard input.
| 51.Op Fl K Ar keywords 52.Ek 53.Bk -words 54.Op Fl k Ar keywords 55.Ek 56.Bk -words 57.Op Fl p Ar path 58.Ek 59.Bk -words 60.Op Fl s Ar seed 61.Ek 62.Bk -words 63.Op Fl X Ar exclude-list 64.Ek 65.Sh DESCRIPTION 66The 67.Nm 68utility compares the file hierarchy rooted in the current directory against a 69specification read from the standard input. 70Messages are written to the standard output for any files whose 71characteristics do not match the specifications, or which are 72missing from either the file hierarchy or the specification. 73.Pp 74The options are as follows: 75.Bl -tag -width flag 76.It Fl L 77Follow all symbolic links in the file hierarchy. 78.It Fl P 79Don't follow symbolic links in the file hierarchy, instead consider 80the symbolic link itself in any comparisons. This is the default. 81.It Fl U 82Modify the owner, group, permissions, and modification time of existing 83files to match the specification and create any missing directories or 84symbolic links. 85User, group and permissions must all be specified for missing directories 86to be created. 87Corrected mismatches are not considered errors. 88.It Fl c 89Print a specification for the file hierarchy to the standard output. 90.It Fl d 91Ignore everything except directory type files. 92.It Fl e 93Don't complain about files that are in the file hierarchy, but not in the 94specification. 95.It Fl i 96Indent the output 4 spaces each time a directory level is descended when 97create a specification with the 98.Fl c 99option. 100This does not affect either the /set statements or the comment before each 101directory. 102It does however affect the comment before the close of each directory. 103.It Fl n 104Do not emit pathname comments when creating a specification. Normally 105a comment is emitted before each directory and before the close of that 106directory when using the 107.Fl c 108option. 109.It Fl q 110Quiet mode. Do not complain when a 111.Dq missing 112directory cannot be created because it already exists. 113This occurs when the directory is a symbolic link. 114.It Fl r 115Remove any files in the file hierarchy that are not described in the 116specification. 117.It Fl u 118Same as 119.Fl U 120except a status of 2 is returned if the file hierarchy did not match 121the specification. 122.It Fl x 123Don't descend below mount points in the file hierarchy. 124.It Fl f Ar file 125Read the specification from 126.Ar file , 127instead of from the standard input.
|
125.It Fl K Ar keywords 126Add the specified (whitespace or comma separated) 127.Ar keywords 128to the current set of keywords. 129.It Fl k Ar keywords 130Use the ``type'' keyword plus the specified (whitespace or comma separated) 131.Ar keywords 132instead of the current set of keywords. 133.It Fl p Ar path 134Use the file hierarchy rooted in 135.Ar path , 136instead of the current directory. 137.It Fl s Ar seed 138Display a single checksum to the standard error output that represents all 139of the files for which the keyword 140.Cm cksum 141was specified. 142The checksum is seeded with the specified value. 143.It Fl X Ar exclude-list 144The specified file contains 145.Xr fnmatch 3 146patterns matching files to be excluded from 147the specification, one to a line. 148If the pattern contains a 149.Ql \&/ 150character, it will be matched against entire pathnames (relative to 151the starting directory); otherwise, 152it will be matched against basenames only. No comments are allowed in 153the 154.Ar exclude-list 155file. 156.El 157.Pp 158Specifications are mostly composed of ``keywords'', i.e. strings 159that specify values relating to files. 160No keywords have default values, and if a keyword has no value set, no 161checks based on it are performed. 162.Pp 163Currently supported keywords are as follows: 164.Bl -tag -width Cm 165.It Cm cksum 166The checksum of the file using the default algorithm specified by 167the 168.Xr cksum 1 169utility. 170.It Cm flags 171The file flags as a symbolic name. See 172.Xr chflags 1 173for information on these names. If no flags are to be set the string 174.Dq none 175may be used to override the current default. 176.It Cm ignore 177Ignore any file hierarchy below this file. 178.It Cm gid 179The file group as a numeric value. 180.It Cm gname 181The file group as a symbolic name. 182.It Cm md5digest 183The MD5 message digest of the file. 184.It Cm sha1digest 185The 186.Tn FIPS 187160-1 188.Pq Dq Tn SHA-1 189message digest of the file. 190.It Cm ripemd160digest 191The 192.Tn RIPEMD160 193message digest of the file. 194.It Cm mode 195The current file's permissions as a numeric (octal) or symbolic 196value. 197.It Cm nlink 198The number of hard links the file is expected to have. 199.It Cm nochange 200Make sure this file or directory exists but otherwise ignore all attributes. 201.It Cm uid 202The file owner as a numeric value. 203.It Cm uname 204The file owner as a symbolic name. 205.It Cm size 206The size, in bytes, of the file. 207.It Cm link 208The file the symbolic link is expected to reference. 209.It Cm time 210The last modification time of the file. 211.It Cm type 212The type of the file; may be set to any one of the following: 213.Pp 214.Bl -tag -width Cm -compact 215.It Cm block 216block special device 217.It Cm char 218character special device 219.It Cm dir 220directory 221.It Cm fifo 222fifo 223.It Cm file 224regular file 225.It Cm link 226symbolic link 227.It Cm socket 228socket 229.El 230.El 231.Pp 232The default set of keywords are 233.Cm flags , 234.Cm gid , 235.Cm mode , 236.Cm nlink , 237.Cm size , 238.Cm link , 239.Cm time , 240and 241.Cm uid . 242.Pp 243There are four types of lines in a specification. 244.Pp 245The first type of line sets a global value for a keyword, and consists of 246the string ``/set'' followed by whitespace, followed by sets of keyword/value 247pairs, separated by whitespace. 248Keyword/value pairs consist of a keyword, followed by an equals sign 249(``=''), followed by a value, without whitespace characters. 250Once a keyword has been set, its value remains unchanged until either 251reset or unset. 252.Pp 253The second type of line unsets keywords and consists of the string 254``/unset'', followed by whitespace, followed by one or more keywords, 255separated by whitespace. 256.Pp 257The third type of line is a file specification and consists of a file 258name, followed by whitespace, followed by zero or more whitespace 259separated keyword/value pairs. 260The file name may be preceded by whitespace characters. 261The file name may contain any of the standard file name matching 262characters (``['', ``]'', ``?'' or ``*''), in which case files 263in the hierarchy will be associated with the first pattern that 264they match. 265.Pp 266Each of the keyword/value pairs consist of a keyword, followed by an 267equals sign (``=''), followed by the keyword's value, without 268whitespace characters. 269These values override, without changing, the global value of the 270corresponding keyword. 271.Pp 272All paths are relative. 273Specifying a directory will cause subsequent files to be searched 274for in that directory hierarchy. 275Which brings us to the last type of line in a specification: a line 276containing only the string 277.Dq Pa ..\& 278causes the current directory 279path to ascend one level. 280.Pp 281Empty lines and lines whose first non-whitespace character is a hash 282mark (``#'') are ignored. 283.Pp 284The 285.Nm 286utility exits with a status of 0 on success, 1 if any error occurred, 287and 2 if the file hierarchy did not match the specification. 288A status of 2 is converted to a status of 0 if the 289.Fl U 290option is used. 291.Sh EXAMPLES 292To detect system binaries that have been ``trojan horsed'', it is recommended 293that 294.Nm 295.Fl K 296.Cm sha1digest 297be run on the file systems, and a copy of the results stored on a different 298machine, or, at least, in encrypted form. 299The output file itself should be digested using the 300.Xr md5 1 301utility. 302Then, periodically, 303.Nm 304and 305.Xr md5 1 306should be run against the on-line specifications. 307While it is possible for the bad guys to change the on-line specifications 308to conform to their modified binaries, it is believed to be 309impractical for them to create a modified specification which has 310the same MD5 digest as the original. 311.Pp 312The 313.Fl d 314and 315.Fl u 316options can be used in combination to create directory hierarchies 317for distributions and other such things; the files in 318.Pa /etc/mtree 319were used to create almost all directories in this 320.Fx 321distribution. 322.Sh FILES 323.Bl -tag -width /etc/mtree -compact 324.It Pa /etc/mtree 325system specification directory 326.El 327.Sh DIAGNOSTICS 328.Ex -std 329.Sh SEE ALSO 330.Xr chflags 1 , 331.Xr chgrp 1 , 332.Xr chmod 1 , 333.Xr cksum 1 , 334.Xr md5 1 , 335.Xr stat 2 , 336.Xr fts 3 , 337.Xr md5 3 , 338.Xr chown 8 339.Sh HISTORY 340The 341.Nm 342utility appeared in 343.Bx 4.3 Reno . 344The 345.Tn MD5 346digest capability was added in 347.Fx 2.1 , 348in response to the widespread use of programs which can spoof 349.Xr cksum 1 . 350The 351.Tn SHA-1 352and 353.Tn RIPEMD160 354digests were added in 355.Fx 4.0 , 356as new attacks have demonstrated weaknesses in 357.Tn MD5 . 358Support for file flags was added in 359.Fx 4.0 , 360and mostly comes from 361.Nx .
| 138.It Fl K Ar keywords 139Add the specified (whitespace or comma separated) 140.Ar keywords 141to the current set of keywords. 142.It Fl k Ar keywords 143Use the ``type'' keyword plus the specified (whitespace or comma separated) 144.Ar keywords 145instead of the current set of keywords. 146.It Fl p Ar path 147Use the file hierarchy rooted in 148.Ar path , 149instead of the current directory. 150.It Fl s Ar seed 151Display a single checksum to the standard error output that represents all 152of the files for which the keyword 153.Cm cksum 154was specified. 155The checksum is seeded with the specified value. 156.It Fl X Ar exclude-list 157The specified file contains 158.Xr fnmatch 3 159patterns matching files to be excluded from 160the specification, one to a line. 161If the pattern contains a 162.Ql \&/ 163character, it will be matched against entire pathnames (relative to 164the starting directory); otherwise, 165it will be matched against basenames only. No comments are allowed in 166the 167.Ar exclude-list 168file. 169.El 170.Pp 171Specifications are mostly composed of ``keywords'', i.e. strings 172that specify values relating to files. 173No keywords have default values, and if a keyword has no value set, no 174checks based on it are performed. 175.Pp 176Currently supported keywords are as follows: 177.Bl -tag -width Cm 178.It Cm cksum 179The checksum of the file using the default algorithm specified by 180the 181.Xr cksum 1 182utility. 183.It Cm flags 184The file flags as a symbolic name. See 185.Xr chflags 1 186for information on these names. If no flags are to be set the string 187.Dq none 188may be used to override the current default. 189.It Cm ignore 190Ignore any file hierarchy below this file. 191.It Cm gid 192The file group as a numeric value. 193.It Cm gname 194The file group as a symbolic name. 195.It Cm md5digest 196The MD5 message digest of the file. 197.It Cm sha1digest 198The 199.Tn FIPS 200160-1 201.Pq Dq Tn SHA-1 202message digest of the file. 203.It Cm ripemd160digest 204The 205.Tn RIPEMD160 206message digest of the file. 207.It Cm mode 208The current file's permissions as a numeric (octal) or symbolic 209value. 210.It Cm nlink 211The number of hard links the file is expected to have. 212.It Cm nochange 213Make sure this file or directory exists but otherwise ignore all attributes. 214.It Cm uid 215The file owner as a numeric value. 216.It Cm uname 217The file owner as a symbolic name. 218.It Cm size 219The size, in bytes, of the file. 220.It Cm link 221The file the symbolic link is expected to reference. 222.It Cm time 223The last modification time of the file. 224.It Cm type 225The type of the file; may be set to any one of the following: 226.Pp 227.Bl -tag -width Cm -compact 228.It Cm block 229block special device 230.It Cm char 231character special device 232.It Cm dir 233directory 234.It Cm fifo 235fifo 236.It Cm file 237regular file 238.It Cm link 239symbolic link 240.It Cm socket 241socket 242.El 243.El 244.Pp 245The default set of keywords are 246.Cm flags , 247.Cm gid , 248.Cm mode , 249.Cm nlink , 250.Cm size , 251.Cm link , 252.Cm time , 253and 254.Cm uid . 255.Pp 256There are four types of lines in a specification. 257.Pp 258The first type of line sets a global value for a keyword, and consists of 259the string ``/set'' followed by whitespace, followed by sets of keyword/value 260pairs, separated by whitespace. 261Keyword/value pairs consist of a keyword, followed by an equals sign 262(``=''), followed by a value, without whitespace characters. 263Once a keyword has been set, its value remains unchanged until either 264reset or unset. 265.Pp 266The second type of line unsets keywords and consists of the string 267``/unset'', followed by whitespace, followed by one or more keywords, 268separated by whitespace. 269.Pp 270The third type of line is a file specification and consists of a file 271name, followed by whitespace, followed by zero or more whitespace 272separated keyword/value pairs. 273The file name may be preceded by whitespace characters. 274The file name may contain any of the standard file name matching 275characters (``['', ``]'', ``?'' or ``*''), in which case files 276in the hierarchy will be associated with the first pattern that 277they match. 278.Pp 279Each of the keyword/value pairs consist of a keyword, followed by an 280equals sign (``=''), followed by the keyword's value, without 281whitespace characters. 282These values override, without changing, the global value of the 283corresponding keyword. 284.Pp 285All paths are relative. 286Specifying a directory will cause subsequent files to be searched 287for in that directory hierarchy. 288Which brings us to the last type of line in a specification: a line 289containing only the string 290.Dq Pa ..\& 291causes the current directory 292path to ascend one level. 293.Pp 294Empty lines and lines whose first non-whitespace character is a hash 295mark (``#'') are ignored. 296.Pp 297The 298.Nm 299utility exits with a status of 0 on success, 1 if any error occurred, 300and 2 if the file hierarchy did not match the specification. 301A status of 2 is converted to a status of 0 if the 302.Fl U 303option is used. 304.Sh EXAMPLES 305To detect system binaries that have been ``trojan horsed'', it is recommended 306that 307.Nm 308.Fl K 309.Cm sha1digest 310be run on the file systems, and a copy of the results stored on a different 311machine, or, at least, in encrypted form. 312The output file itself should be digested using the 313.Xr md5 1 314utility. 315Then, periodically, 316.Nm 317and 318.Xr md5 1 319should be run against the on-line specifications. 320While it is possible for the bad guys to change the on-line specifications 321to conform to their modified binaries, it is believed to be 322impractical for them to create a modified specification which has 323the same MD5 digest as the original. 324.Pp 325The 326.Fl d 327and 328.Fl u 329options can be used in combination to create directory hierarchies 330for distributions and other such things; the files in 331.Pa /etc/mtree 332were used to create almost all directories in this 333.Fx 334distribution. 335.Sh FILES 336.Bl -tag -width /etc/mtree -compact 337.It Pa /etc/mtree 338system specification directory 339.El 340.Sh DIAGNOSTICS 341.Ex -std 342.Sh SEE ALSO 343.Xr chflags 1 , 344.Xr chgrp 1 , 345.Xr chmod 1 , 346.Xr cksum 1 , 347.Xr md5 1 , 348.Xr stat 2 , 349.Xr fts 3 , 350.Xr md5 3 , 351.Xr chown 8 352.Sh HISTORY 353The 354.Nm 355utility appeared in 356.Bx 4.3 Reno . 357The 358.Tn MD5 359digest capability was added in 360.Fx 2.1 , 361in response to the widespread use of programs which can spoof 362.Xr cksum 1 . 363The 364.Tn SHA-1 365and 366.Tn RIPEMD160 367digests were added in 368.Fx 4.0 , 369as new attacks have demonstrated weaknesses in 370.Tn MD5 . 371Support for file flags was added in 372.Fx 4.0 , 373and mostly comes from 374.Nx .
|