1.\" Copyright (c) 1989, 1990, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. --- 12 unchanged lines hidden (view full) --- 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" From: @(#)mtree.8 8.2 (Berkeley) 12/11/93 |
29.\" $FreeBSD: head/usr.sbin/mtree/mtree.8 144295 2005-03-29 11:44:17Z tobez $ |
30.\" 31.Dd January 11, 2004 32.Dt MTREE 8 33.Os 34.Sh NAME 35.Nm mtree 36.Nd map a directory hierarchy 37.Sh SYNOPSIS --- 161 unchanged lines hidden (view full) --- 199.It Cm md5digest 200The MD5 message digest of the file. 201.It Cm sha1digest 202The 203.Tn FIPS 204160-1 205.Pq Dq Tn SHA-1 206message digest of the file. |
207.It Cm sha256digest 208The 209.Tn FIPS 210180-2 211.Pq Dq Tn SHA-256 212message digest of the file. |
213.It Cm ripemd160digest 214The 215.Tn RIPEMD160 216message digest of the file. 217.It Cm mode 218The current file's permissions as a numeric (octal) or symbolic 219value. 220.It Cm nlink --- 97 unchanged lines hidden (view full) --- 318.El 319.Sh EXIT STATUS 320.Ex -std 321.Sh EXAMPLES 322To detect system binaries that have been ``trojan horsed'', it is recommended 323that 324.Nm 325.Fl K |
326.Cm sha256digest |
327be run on the file systems, and a copy of the results stored on a different 328machine, or, at least, in encrypted form. 329The output file itself should be digested using the |
330.Xr sha256 1 |
331utility. 332Then, periodically, 333.Nm 334and |
335.Xr sha256 1 |
336should be run against the on-line specifications. 337While it is possible for the bad guys to change the on-line specifications 338to conform to their modified binaries, it is believed to be 339impractical for them to create a modified specification which has |
340the same SHA-256 digest as the original. |
341.Pp 342The 343.Fl d 344and 345.Fl u 346options can be used in combination to create directory hierarchies 347for distributions and other such things; the files in 348.Pa /etc/mtree --- 24 unchanged lines hidden (view full) --- 373The 374.Tn SHA-1 375and 376.Tn RIPEMD160 377digests were added in 378.Fx 4.0 , 379as new attacks have demonstrated weaknesses in 380.Tn MD5 . |
381The 382.Tn SHA-256 383digest was added in 384.Fx 6.0 . |
385Support for file flags was added in 386.Fx 4.0 , 387and mostly comes from 388.Nx . |