1.\" Copyright (c) 1989, 1990, 1993
2.\" The Regents of the University of California. All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\" notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\" notice, this list of conditions and the following disclaimer in the
11.\" documentation and/or other materials provided with the distribution.
12.\" 3. All advertising materials mentioning features or use of this software
13.\" must display the following acknowledgement:
14.\" This product includes software developed by the University of
15.\" California, Berkeley and its contributors.
16.\" 4. Neither the name of the University nor the names of its contributors
17.\" may be used to endorse or promote products derived from this software
18.\" without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\" From: @(#)mtree.8 8.2 (Berkeley) 12/11/93
| 1.\" Copyright (c) 1989, 1990, 1993
2.\" The Regents of the University of California. All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\" notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\" notice, this list of conditions and the following disclaimer in the
11.\" documentation and/or other materials provided with the distribution.
12.\" 3. All advertising materials mentioning features or use of this software
13.\" must display the following acknowledgement:
14.\" This product includes software developed by the University of
15.\" California, Berkeley and its contributors.
16.\" 4. Neither the name of the University nor the names of its contributors
17.\" may be used to endorse or promote products derived from this software
18.\" without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\" From: @(#)mtree.8 8.2 (Berkeley) 12/11/93
|
48.Op Fl K Ar keywords
49.Ek
50.Bk -words
51.Op Fl k Ar keywords
52.Ek
53.Bk -words
54.Op Fl p Ar path
55.Ek
56.Bk -words
57.Op Fl s Ar seed
58.Ek
59.Bk -words
60.Op Fl X Ar exclude-list
61.Ek
62.Sh DESCRIPTION
63The
64.Nm
65utility compares the file hierarchy rooted in the current directory against a
66specification read from the standard input.
67Messages are written to the standard output for any files whose
68characteristics do not match the specifications, or which are
69missing from either the file hierarchy or the specification.
70.Pp
71The options are as follows:
72.Bl -tag -width flag
73.It Fl L
74Follow all symbolic links in the file hierarchy.
75.It Fl P
76Don't follow symbolic links in the file hierarchy, instead consider
77the symbolic link itself in any comparisons. This is the default.
78.It Fl U
79Modify the owner, group, permissions, and modification time of existing
80files to match the specification and create any missing directories or
81symbolic links.
82User, group and permissions must all be specified for missing directories
83to be created.
84Corrected mismatches are not considered errors.
85.It Fl c
86Print a specification for the file hierarchy to the standard output.
87.It Fl d
88Ignore everything except directory type files.
89.It Fl e
90Don't complain about files that are in the file hierarchy, but not in the
91specification.
92.It Fl i
93Indent the output 4 spaces each time a directory level is descended when
94create a specification with the
95.Fl c
96option.
97This does not affect either the /set statements or the comment before each
98directory.
99It does however affect the comment before the close of each directory.
100.It Fl n
101Do not emit pathname comments when creating a specification. Normally
102a comment is emitted before each directory and before the close of that
103directory when using the
104.Fl c
105option.
106.It Fl q
107Quiet mode. Do not complain when a
108.Dq missing
109directory cannot be created because it already exists.
110This occurs when the directory is a symbolic link.
111.It Fl r
112Remove any files in the file hierarchy that are not described in the
113specification.
114.It Fl u
115Same as
116.Fl U
117except a status of 2 is returned if the file hierarchy did not match
118the specification.
119.It Fl x
120Don't descend below mount points in the file hierarchy.
121.It Fl f Ar file
122Read the specification from
123.Ar file ,
124instead of from the standard input.
| 51.Op Fl K Ar keywords
52.Ek
53.Bk -words
54.Op Fl k Ar keywords
55.Ek
56.Bk -words
57.Op Fl p Ar path
58.Ek
59.Bk -words
60.Op Fl s Ar seed
61.Ek
62.Bk -words
63.Op Fl X Ar exclude-list
64.Ek
65.Sh DESCRIPTION
66The
67.Nm
68utility compares the file hierarchy rooted in the current directory against a
69specification read from the standard input.
70Messages are written to the standard output for any files whose
71characteristics do not match the specifications, or which are
72missing from either the file hierarchy or the specification.
73.Pp
74The options are as follows:
75.Bl -tag -width flag
76.It Fl L
77Follow all symbolic links in the file hierarchy.
78.It Fl P
79Don't follow symbolic links in the file hierarchy, instead consider
80the symbolic link itself in any comparisons. This is the default.
81.It Fl U
82Modify the owner, group, permissions, and modification time of existing
83files to match the specification and create any missing directories or
84symbolic links.
85User, group and permissions must all be specified for missing directories
86to be created.
87Corrected mismatches are not considered errors.
88.It Fl c
89Print a specification for the file hierarchy to the standard output.
90.It Fl d
91Ignore everything except directory type files.
92.It Fl e
93Don't complain about files that are in the file hierarchy, but not in the
94specification.
95.It Fl i
96Indent the output 4 spaces each time a directory level is descended when
97create a specification with the
98.Fl c
99option.
100This does not affect either the /set statements or the comment before each
101directory.
102It does however affect the comment before the close of each directory.
103.It Fl n
104Do not emit pathname comments when creating a specification. Normally
105a comment is emitted before each directory and before the close of that
106directory when using the
107.Fl c
108option.
109.It Fl q
110Quiet mode. Do not complain when a
111.Dq missing
112directory cannot be created because it already exists.
113This occurs when the directory is a symbolic link.
114.It Fl r
115Remove any files in the file hierarchy that are not described in the
116specification.
117.It Fl u
118Same as
119.Fl U
120except a status of 2 is returned if the file hierarchy did not match
121the specification.
122.It Fl x
123Don't descend below mount points in the file hierarchy.
124.It Fl f Ar file
125Read the specification from
126.Ar file ,
127instead of from the standard input.
|
125.It Fl K Ar keywords
126Add the specified (whitespace or comma separated)
127.Ar keywords
128to the current set of keywords.
129.It Fl k Ar keywords
130Use the ``type'' keyword plus the specified (whitespace or comma separated)
131.Ar keywords
132instead of the current set of keywords.
133.It Fl p Ar path
134Use the file hierarchy rooted in
135.Ar path ,
136instead of the current directory.
137.It Fl s Ar seed
138Display a single checksum to the standard error output that represents all
139of the files for which the keyword
140.Cm cksum
141was specified.
142The checksum is seeded with the specified value.
143.It Fl X Ar exclude-list
144The specified file contains
145.Xr fnmatch 3
146patterns matching files to be excluded from
147the specification, one to a line.
148If the pattern contains a
149.Ql \&/
150character, it will be matched against entire pathnames (relative to
151the starting directory); otherwise,
152it will be matched against basenames only. No comments are allowed in
153the
154.Ar exclude-list
155file.
156.El
157.Pp
158Specifications are mostly composed of ``keywords'', i.e. strings
159that specify values relating to files.
160No keywords have default values, and if a keyword has no value set, no
161checks based on it are performed.
162.Pp
163Currently supported keywords are as follows:
164.Bl -tag -width Cm
165.It Cm cksum
166The checksum of the file using the default algorithm specified by
167the
168.Xr cksum 1
169utility.
170.It Cm flags
171The file flags as a symbolic name. See
172.Xr chflags 1
173for information on these names. If no flags are to be set the string
174.Dq none
175may be used to override the current default.
176.It Cm ignore
177Ignore any file hierarchy below this file.
178.It Cm gid
179The file group as a numeric value.
180.It Cm gname
181The file group as a symbolic name.
182.It Cm md5digest
183The MD5 message digest of the file.
184.It Cm sha1digest
185The
186.Tn FIPS
187160-1
188.Pq Dq Tn SHA-1
189message digest of the file.
190.It Cm ripemd160digest
191The
192.Tn RIPEMD160
193message digest of the file.
194.It Cm mode
195The current file's permissions as a numeric (octal) or symbolic
196value.
197.It Cm nlink
198The number of hard links the file is expected to have.
199.It Cm nochange
200Make sure this file or directory exists but otherwise ignore all attributes.
201.It Cm uid
202The file owner as a numeric value.
203.It Cm uname
204The file owner as a symbolic name.
205.It Cm size
206The size, in bytes, of the file.
207.It Cm link
208The file the symbolic link is expected to reference.
209.It Cm time
210The last modification time of the file.
211.It Cm type
212The type of the file; may be set to any one of the following:
213.Pp
214.Bl -tag -width Cm -compact
215.It Cm block
216block special device
217.It Cm char
218character special device
219.It Cm dir
220directory
221.It Cm fifo
222fifo
223.It Cm file
224regular file
225.It Cm link
226symbolic link
227.It Cm socket
228socket
229.El
230.El
231.Pp
232The default set of keywords are
233.Cm flags ,
234.Cm gid ,
235.Cm mode ,
236.Cm nlink ,
237.Cm size ,
238.Cm link ,
239.Cm time ,
240and
241.Cm uid .
242.Pp
243There are four types of lines in a specification.
244.Pp
245The first type of line sets a global value for a keyword, and consists of
246the string ``/set'' followed by whitespace, followed by sets of keyword/value
247pairs, separated by whitespace.
248Keyword/value pairs consist of a keyword, followed by an equals sign
249(``=''), followed by a value, without whitespace characters.
250Once a keyword has been set, its value remains unchanged until either
251reset or unset.
252.Pp
253The second type of line unsets keywords and consists of the string
254``/unset'', followed by whitespace, followed by one or more keywords,
255separated by whitespace.
256.Pp
257The third type of line is a file specification and consists of a file
258name, followed by whitespace, followed by zero or more whitespace
259separated keyword/value pairs.
260The file name may be preceded by whitespace characters.
261The file name may contain any of the standard file name matching
262characters (``['', ``]'', ``?'' or ``*''), in which case files
263in the hierarchy will be associated with the first pattern that
264they match.
265.Pp
266Each of the keyword/value pairs consist of a keyword, followed by an
267equals sign (``=''), followed by the keyword's value, without
268whitespace characters.
269These values override, without changing, the global value of the
270corresponding keyword.
271.Pp
272All paths are relative.
273Specifying a directory will cause subsequent files to be searched
274for in that directory hierarchy.
275Which brings us to the last type of line in a specification: a line
276containing only the string
277.Dq Pa ..\&
278causes the current directory
279path to ascend one level.
280.Pp
281Empty lines and lines whose first non-whitespace character is a hash
282mark (``#'') are ignored.
283.Pp
284The
285.Nm
286utility exits with a status of 0 on success, 1 if any error occurred,
287and 2 if the file hierarchy did not match the specification.
288A status of 2 is converted to a status of 0 if the
289.Fl U
290option is used.
291.Sh EXAMPLES
292To detect system binaries that have been ``trojan horsed'', it is recommended
293that
294.Nm
295.Fl K
296.Cm sha1digest
297be run on the file systems, and a copy of the results stored on a different
298machine, or, at least, in encrypted form.
299The output file itself should be digested using the
300.Xr md5 1
301utility.
302Then, periodically,
303.Nm
304and
305.Xr md5 1
306should be run against the on-line specifications.
307While it is possible for the bad guys to change the on-line specifications
308to conform to their modified binaries, it is believed to be
309impractical for them to create a modified specification which has
310the same MD5 digest as the original.
311.Pp
312The
313.Fl d
314and
315.Fl u
316options can be used in combination to create directory hierarchies
317for distributions and other such things; the files in
318.Pa /etc/mtree
319were used to create almost all directories in this
320.Fx
321distribution.
322.Sh FILES
323.Bl -tag -width /etc/mtree -compact
324.It Pa /etc/mtree
325system specification directory
326.El
327.Sh DIAGNOSTICS
328.Ex -std
329.Sh SEE ALSO
330.Xr chflags 1 ,
331.Xr chgrp 1 ,
332.Xr chmod 1 ,
333.Xr cksum 1 ,
334.Xr md5 1 ,
335.Xr stat 2 ,
336.Xr fts 3 ,
337.Xr md5 3 ,
338.Xr chown 8
339.Sh HISTORY
340The
341.Nm
342utility appeared in
343.Bx 4.3 Reno .
344The
345.Tn MD5
346digest capability was added in
347.Fx 2.1 ,
348in response to the widespread use of programs which can spoof
349.Xr cksum 1 .
350The
351.Tn SHA-1
352and
353.Tn RIPEMD160
354digests were added in
355.Fx 4.0 ,
356as new attacks have demonstrated weaknesses in
357.Tn MD5 .
358Support for file flags was added in
359.Fx 4.0 ,
360and mostly comes from
361.Nx .
| 138.It Fl K Ar keywords
139Add the specified (whitespace or comma separated)
140.Ar keywords
141to the current set of keywords.
142.It Fl k Ar keywords
143Use the ``type'' keyword plus the specified (whitespace or comma separated)
144.Ar keywords
145instead of the current set of keywords.
146.It Fl p Ar path
147Use the file hierarchy rooted in
148.Ar path ,
149instead of the current directory.
150.It Fl s Ar seed
151Display a single checksum to the standard error output that represents all
152of the files for which the keyword
153.Cm cksum
154was specified.
155The checksum is seeded with the specified value.
156.It Fl X Ar exclude-list
157The specified file contains
158.Xr fnmatch 3
159patterns matching files to be excluded from
160the specification, one to a line.
161If the pattern contains a
162.Ql \&/
163character, it will be matched against entire pathnames (relative to
164the starting directory); otherwise,
165it will be matched against basenames only. No comments are allowed in
166the
167.Ar exclude-list
168file.
169.El
170.Pp
171Specifications are mostly composed of ``keywords'', i.e. strings
172that specify values relating to files.
173No keywords have default values, and if a keyword has no value set, no
174checks based on it are performed.
175.Pp
176Currently supported keywords are as follows:
177.Bl -tag -width Cm
178.It Cm cksum
179The checksum of the file using the default algorithm specified by
180the
181.Xr cksum 1
182utility.
183.It Cm flags
184The file flags as a symbolic name. See
185.Xr chflags 1
186for information on these names. If no flags are to be set the string
187.Dq none
188may be used to override the current default.
189.It Cm ignore
190Ignore any file hierarchy below this file.
191.It Cm gid
192The file group as a numeric value.
193.It Cm gname
194The file group as a symbolic name.
195.It Cm md5digest
196The MD5 message digest of the file.
197.It Cm sha1digest
198The
199.Tn FIPS
200160-1
201.Pq Dq Tn SHA-1
202message digest of the file.
203.It Cm ripemd160digest
204The
205.Tn RIPEMD160
206message digest of the file.
207.It Cm mode
208The current file's permissions as a numeric (octal) or symbolic
209value.
210.It Cm nlink
211The number of hard links the file is expected to have.
212.It Cm nochange
213Make sure this file or directory exists but otherwise ignore all attributes.
214.It Cm uid
215The file owner as a numeric value.
216.It Cm uname
217The file owner as a symbolic name.
218.It Cm size
219The size, in bytes, of the file.
220.It Cm link
221The file the symbolic link is expected to reference.
222.It Cm time
223The last modification time of the file.
224.It Cm type
225The type of the file; may be set to any one of the following:
226.Pp
227.Bl -tag -width Cm -compact
228.It Cm block
229block special device
230.It Cm char
231character special device
232.It Cm dir
233directory
234.It Cm fifo
235fifo
236.It Cm file
237regular file
238.It Cm link
239symbolic link
240.It Cm socket
241socket
242.El
243.El
244.Pp
245The default set of keywords are
246.Cm flags ,
247.Cm gid ,
248.Cm mode ,
249.Cm nlink ,
250.Cm size ,
251.Cm link ,
252.Cm time ,
253and
254.Cm uid .
255.Pp
256There are four types of lines in a specification.
257.Pp
258The first type of line sets a global value for a keyword, and consists of
259the string ``/set'' followed by whitespace, followed by sets of keyword/value
260pairs, separated by whitespace.
261Keyword/value pairs consist of a keyword, followed by an equals sign
262(``=''), followed by a value, without whitespace characters.
263Once a keyword has been set, its value remains unchanged until either
264reset or unset.
265.Pp
266The second type of line unsets keywords and consists of the string
267``/unset'', followed by whitespace, followed by one or more keywords,
268separated by whitespace.
269.Pp
270The third type of line is a file specification and consists of a file
271name, followed by whitespace, followed by zero or more whitespace
272separated keyword/value pairs.
273The file name may be preceded by whitespace characters.
274The file name may contain any of the standard file name matching
275characters (``['', ``]'', ``?'' or ``*''), in which case files
276in the hierarchy will be associated with the first pattern that
277they match.
278.Pp
279Each of the keyword/value pairs consist of a keyword, followed by an
280equals sign (``=''), followed by the keyword's value, without
281whitespace characters.
282These values override, without changing, the global value of the
283corresponding keyword.
284.Pp
285All paths are relative.
286Specifying a directory will cause subsequent files to be searched
287for in that directory hierarchy.
288Which brings us to the last type of line in a specification: a line
289containing only the string
290.Dq Pa ..\&
291causes the current directory
292path to ascend one level.
293.Pp
294Empty lines and lines whose first non-whitespace character is a hash
295mark (``#'') are ignored.
296.Pp
297The
298.Nm
299utility exits with a status of 0 on success, 1 if any error occurred,
300and 2 if the file hierarchy did not match the specification.
301A status of 2 is converted to a status of 0 if the
302.Fl U
303option is used.
304.Sh EXAMPLES
305To detect system binaries that have been ``trojan horsed'', it is recommended
306that
307.Nm
308.Fl K
309.Cm sha1digest
310be run on the file systems, and a copy of the results stored on a different
311machine, or, at least, in encrypted form.
312The output file itself should be digested using the
313.Xr md5 1
314utility.
315Then, periodically,
316.Nm
317and
318.Xr md5 1
319should be run against the on-line specifications.
320While it is possible for the bad guys to change the on-line specifications
321to conform to their modified binaries, it is believed to be
322impractical for them to create a modified specification which has
323the same MD5 digest as the original.
324.Pp
325The
326.Fl d
327and
328.Fl u
329options can be used in combination to create directory hierarchies
330for distributions and other such things; the files in
331.Pa /etc/mtree
332were used to create almost all directories in this
333.Fx
334distribution.
335.Sh FILES
336.Bl -tag -width /etc/mtree -compact
337.It Pa /etc/mtree
338system specification directory
339.El
340.Sh DIAGNOSTICS
341.Ex -std
342.Sh SEE ALSO
343.Xr chflags 1 ,
344.Xr chgrp 1 ,
345.Xr chmod 1 ,
346.Xr cksum 1 ,
347.Xr md5 1 ,
348.Xr stat 2 ,
349.Xr fts 3 ,
350.Xr md5 3 ,
351.Xr chown 8
352.Sh HISTORY
353The
354.Nm
355utility appeared in
356.Bx 4.3 Reno .
357The
358.Tn MD5
359digest capability was added in
360.Fx 2.1 ,
361in response to the widespread use of programs which can spoof
362.Xr cksum 1 .
363The
364.Tn SHA-1
365and
366.Tn RIPEMD160
367digests were added in
368.Fx 4.0 ,
369as new attacks have demonstrated weaknesses in
370.Tn MD5 .
371Support for file flags was added in
372.Fx 4.0 ,
373and mostly comes from
374.Nx .
|