[unix-history] / usr.sbin / mtree / mtree.8

.\" Copyright (c) 1989, 1990 The Regents of the University of California.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\"    must display the following acknowledgement:
.\"	This product includes software developed by the University of
.\"	California, Berkeley and its contributors.
.\" 4. Neither the name of the University nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"     @(#)mtree.8	5.11 (Berkeley) 12/11/91
.\"
.Dd December 11, 1991
.Dt MTREE 8
.Os
.Sh NAME
.Nm mtree
.Nd map a directory hierarchy
.Sh SYNOPSIS
.Nm mtree
.Op Fl cderux
.Op Fl f Ar spec
.Op Fl K Ar keywords
.Op Fl k Ar keywords
.Op Fl p Ar path
.Op Fl s Ar seed
.Sh DESCRIPTION
The utility
.Nm mtree
compares the file hierarchy rooted in the current directory against a
specification read from the standard input.
Messages are written to the standard output for any files whose
characteristics do not match the specification's, or which are
missing from either the file hierarchy or the specification.
.Pp
The options are as follows:
.Bl -tag -width flag
.It Fl c
Print a specification for the file hierarchy to the standard output.
.It Fl d
Ignore everything except directory type files.
.It Fl e
Don't complain about files that are in the file hierarchy, but not in the
specification.
.It Fl f
Read the specification from
.Ar file  ,
instead of from the standard input.
.It Fl K
Add the specified (whitespace or comma separated) keywords to the current
set of keywords.
.It Fl k
Use the ``type'' keyword plus the specified (whitespace or comma separated)
keywords instead of the current set of keywords.
.It Fl p
Use the file hierarchy rooted in
.Ar path  ,
instead of the current directory.
.It Fl r
Remove any files in the file hierarchy that are not described in the
specification.
.It Fl s
Display a single checksum to the standard error output that represents all
of the files for which the keyword
.Cm cksum
was specified.
The checksum is seeded with the specified value.
.It Fl u
Modify the owner, group, and permissions of existing files to match
the specification and create any missing directories.
User, group, and permissions must all be specified for missing directories
to be created.
.It Fl x
Don't descend below mount points in the file hierarchy.
.El
.Pp
Specifications are mostly composed of ``keywords'', i.e. strings that
that specify values relating to files.
No keywords have default values, and if a keyword has no value set, no
checks based on it are performed.
.Pp
Currently supported keywords are as follows:
.Bl -tag -width Cm
.It Cm cksum
The checksum of the file using the default algorithm specified by
the
.Xr cksum 1
utility.
.It Cm ignore
Ignore any file hierarchy below this file.
.It Cm gid
The file group as a numeric value.
.It Cm gname
The file group as a symbolic name.
.It Cm mode
The current file's permissions as a numeric (octal) or symbolic
value.
.It Cm nlink
The number of hard links the file is expected to have.
.It Cm uid
The file owner as a numeric value.
.It Cm uname
The file group as a symbolic name.
.It Cm size
The size, in bytes, of the file.
.It Cm link
The file the symbolic link is expected to reference.
.It Cm time
The last modification time of the file.
.It Cm type
The type of the file; may be set to any one of the following:
.sp
.Bl -tag -width Cm -compact
.It Cm block
block special device
.It Cm char
character special device
.It Cm dir
directory
.It Cm fifo
fifo
.It Cm file
regular file
.It Cm link
symbolic link
.It Cm socket
socket
.El
.El
.Pp
The default set of keywords are
.Cm gid ,
.Cm mode ,
.Cm nlink ,
.Cm size ,
.Cm slink ,
.Cm time ,
and
.Cm uid .
.Pp
There are four types of lines in a specification.
.Pp
The first type of line sets a global value for a keyword, and consists of
the string ``/set'' followed by whitespace, followed by sets of keyword/value
pairs, separated by whitespace.
Keyword/value pairs consist of a keyword, followed by an equals sign
(``=''), followed by a value, without whitespace characters.
Once a keyword has been set, its value remains unchanged until either
reset or unset.
.Pp
The second type of line unsets keywords and consists of the string
``/unset'', followed by whitespace, followed by one or more keywords,
separated by whitespace.
.Pp
The third type of line is a file specification and consists of a file
name, followed by whitespace, followed by zero or more whitespace
separated keyword/value pairs.
The file name may be preceded by whitespace characters.
The file name may contain any of the standard file name matching
characters (``['', ``]'', ``?'' or ``*''), in which case files
in the hierarchy will be associated with the first pattern that
they match.
.Pp
Each of the keyword/value pairs consist of a keyword, followed by an
equals sign (``=''), followed by the keyword's value, without
whitespace characters.
These values override, without changing, the global value of the
corresponding keyword.
.Pp
All paths are relative.
Specifying a directory will cause subsequent files to be searched
for in that directory hierarchy.
Which brings us to the last type of line in a specification: a line
containing only the string
.Dq Nm \&..
causes the current directory
path to ascend one level.
.Pp
Empty lines and lines whose first non-whitespace character is a hash
mark (``#'') are ignored.
.Pp
The
.Nm mtree
utility exits with a status of 0 on success, 1 if any error occurred,
and 2 if the file hierarchy did not match the specification.
.Sh EXAMPLES
To detect system binaries that have been ``trojan horsed'', it is recommended
that
.Nm mtree
be run on the file systems, and a copy of the results stored on a different
machine, or, at least, in encrypted form.
The seed for the
.Fl s
option should not be an obvious value and the final checksum should not be
stored on-line under any circumstances!
Then, periodically,
.Nm mtree
should be run against the on-line specifications and the final checksum
compared with the previous value.
While it is possible for the bad guys to change the on-line specifications
to conform to their modified binaries, it shouldn't be possible for them
to make it produce the same final checksum value.
If the final checksum value changes, the off-line copies of the specification
can be used to detect which of the binaries have actually been modified.
.Pp
The
.Fl d
and
.Fl u
options can be used in combination to create directory hierarchies
for distributions and other such things.
.Sh FILES
.Bl -tag -width /etc/mtree -compact
.It Pa /etc/mtree
system specification directory
.El
.Sh SEE ALSO
.Xr chmod 1 ,
.Xr chown 1 ,
.Xr chgrp 1 ,
.Xr cksum 1 ,
.Xr stat 2 ,
.Xr fts 3 ,
.Sh HISTORY
The
.Nm mtree
utility appeared in
.Bx 4.3 Reno .
Commit	Line	Data
4e97a0eb NW	1	.\" Copyright (c) 1989, 1990 The Regents of the University of California.
	2	.\" All rights reserved.
	3	.\"
	4	.\" Redistribution and use in source and binary forms, with or without
	5	.\" modification, are permitted provided that the following conditions
	6	.\" are met:
	7	.\" 1. Redistributions of source code must retain the above copyright
	8	.\" notice, this list of conditions and the following disclaimer.
	9	.\" 2. Redistributions in binary form must reproduce the above copyright
	10	.\" notice, this list of conditions and the following disclaimer in the
	11	.\" documentation and/or other materials provided with the distribution.
	12	.\" 3. All advertising materials mentioning features or use of this software
	13	.\" must display the following acknowledgement:
	14	.\" This product includes software developed by the University of
	15	.\" California, Berkeley and its contributors.
	16	.\" 4. Neither the name of the University nor the names of its contributors
	17	.\" may be used to endorse or promote products derived from this software
	18	.\" without specific prior written permission.
	19	.\"
	20	.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
	21	.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	22	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	23	.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
	24	.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	25	.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	26	.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	27	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	28	.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	29	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	30	.\" SUCH DAMAGE.
	31	.\"
	32	.\" @(#)mtree.8 5.11 (Berkeley) 12/11/91
	33	.\"
	34	.Dd December 11, 1991
	35	.Dt MTREE 8
	36	.Os
	37	.Sh NAME
	38	.Nm mtree
	39	.Nd map a directory hierarchy
	40	.Sh SYNOPSIS
	41	.Nm mtree
	42	.Op Fl cderux
	43	.Op Fl f Ar spec
	44	.Op Fl K Ar keywords
	45	.Op Fl k Ar keywords
	46	.Op Fl p Ar path
	47	.Op Fl s Ar seed
	48	.Sh DESCRIPTION
	49	The utility
	50	.Nm mtree
	51	compares the file hierarchy rooted in the current directory against a
	52	specification read from the standard input.
	53	Messages are written to the standard output for any files whose
	54	characteristics do not match the specification's, or which are
	55	missing from either the file hierarchy or the specification.
	56	.Pp
	57	The options are as follows:
	58	.Bl -tag -width flag
	59	.It Fl c
	60	Print a specification for the file hierarchy to the standard output.
	61	.It Fl d
	62	Ignore everything except directory type files.
	63	.It Fl e
	64	Don't complain about files that are in the file hierarchy, but not in the
65	specification.
66	.It Fl f
67	Read the specification from
68	.Ar file ,
69	instead of from the standard input.
70	.It Fl K
71	Add the specified (whitespace or comma separated) keywords to the current
72	set of keywords.
73	.It Fl k
74	Use the ``type'' keyword plus the specified (whitespace or comma separated)
75	keywords instead of the current set of keywords.
76	.It Fl p
77	Use the file hierarchy rooted in
78	.Ar path ,
79	instead of the current directory.
80	.It Fl r
81	Remove any files in the file hierarchy that are not described in the
82	specification.
83	.It Fl s
84	Display a single checksum to the standard error output that represents all
85	of the files for which the keyword
86	.Cm cksum
87	was specified.
88	The checksum is seeded with the specified value.
89	.It Fl u
90	Modify the owner, group, and permissions of existing files to match
91	the specification and create any missing directories.
92	User, group, and permissions must all be specified for missing directories
93	to be created.
94	.It Fl x
95	Don't descend below mount points in the file hierarchy.
96	.El
97	.Pp
98	Specifications are mostly composed of ``keywords'', i.e. strings that
99	that specify values relating to files.
100	No keywords have default values, and if a keyword has no value set, no
101	checks based on it are performed.
102	.Pp
103	Currently supported keywords are as follows:
104	.Bl -tag -width Cm
105	.It Cm cksum
106	The checksum of the file using the default algorithm specified by
107	the
108	.Xr cksum 1
109	utility.
110	.It Cm ignore
111	Ignore any file hierarchy below this file.
112	.It Cm gid
113	The file group as a numeric value.
114	.It Cm gname
115	The file group as a symbolic name.
116	.It Cm mode
117	The current file's permissions as a numeric (octal) or symbolic
118	value.
119	.It Cm nlink
120	The number of hard links the file is expected to have.
121	.It Cm uid
122	The file owner as a numeric value.
123	.It Cm uname
124	The file group as a symbolic name.
125	.It Cm size
126	The size, in bytes, of the file.
127	.It Cm link
128	The file the symbolic link is expected to reference.
129	.It Cm time
130	The last modification time of the file.
131	.It Cm type
132	The type of the file; may be set to any one of the following:
133	.sp
134	.Bl -tag -width Cm -compact
135	.It Cm block
136	block special device
137	.It Cm char
138	character special device
139	.It Cm dir
140	directory
141	.It Cm fifo
142	fifo
143	.It Cm file
144	regular file
145	.It Cm link
146	symbolic link
147	.It Cm socket
148	socket
149	.El
150	.El
151	.Pp
152	The default set of keywords are
153	.Cm gid ,
154	.Cm mode ,
155	.Cm nlink ,
156	.Cm size ,
157	.Cm slink ,
158	.Cm time ,
159	and
160	.Cm uid .
161	.Pp
162	There are four types of lines in a specification.
163	.Pp
164	The first type of line sets a global value for a keyword, and consists of
165	the string ``/set'' followed by whitespace, followed by sets of keyword/value
166	pairs, separated by whitespace.
167	Keyword/value pairs consist of a keyword, followed by an equals sign
168	(``=''), followed by a value, without whitespace characters.
169	Once a keyword has been set, its value remains unchanged until either
170	reset or unset.
171	.Pp
172	The second type of line unsets keywords and consists of the string
173	``/unset'', followed by whitespace, followed by one or more keywords,
174	separated by whitespace.
175	.Pp
176	The third type of line is a file specification and consists of a file
177	name, followed by whitespace, followed by zero or more whitespace
178	separated keyword/value pairs.
179	The file name may be preceded by whitespace characters.
180	The file name may contain any of the standard file name matching
181	characters (``['', ``]'', ``?'' or ``*''), in which case files
182	in the hierarchy will be associated with the first pattern that
183	they match.
184	.Pp
185	Each of the keyword/value pairs consist of a keyword, followed by an
186	equals sign (``=''), followed by the keyword's value, without
187	whitespace characters.
188	These values override, without changing, the global value of the
189	corresponding keyword.
190	.Pp
191	All paths are relative.
192	Specifying a directory will cause subsequent files to be searched
193	for in that directory hierarchy.
194	Which brings us to the last type of line in a specification: a line
195	containing only the string
196	.Dq Nm \&..
197	causes the current directory
198	path to ascend one level.
199	.Pp
200	Empty lines and lines whose first non-whitespace character is a hash
201	mark (``#'') are ignored.
202	.Pp
203	The
204	.Nm mtree
205	utility exits with a status of 0 on success, 1 if any error occurred,
206	and 2 if the file hierarchy did not match the specification.
207	.Sh EXAMPLES
208	To detect system binaries that have been ``trojan horsed'', it is recommended
209	that
210	.Nm mtree
211	be run on the file systems, and a copy of the results stored on a different
212	machine, or, at least, in encrypted form.
213	The seed for the
214	.Fl s
215	option should not be an obvious value and the final checksum should not be
216	stored on-line under any circumstances!
217	Then, periodically,
218	.Nm mtree
219	should be run against the on-line specifications and the final checksum
220	compared with the previous value.
221	While it is possible for the bad guys to change the on-line specifications
222	to conform to their modified binaries, it shouldn't be possible for them
223	to make it produce the same final checksum value.
224	If the final checksum value changes, the off-line copies of the specification
225	can be used to detect which of the binaries have actually been modified.
226	.Pp
227	The
228	.Fl d
229	and
230	.Fl u
231	options can be used in combination to create directory hierarchies
232	for distributions and other such things.
233	.Sh FILES
234	.Bl -tag -width /etc/mtree -compact
235	.It Pa /etc/mtree
236	system specification directory
237	.El
238	.Sh SEE ALSO
239	.Xr chmod 1 ,
240	.Xr chown 1 ,
241	.Xr chgrp 1 ,
242	.Xr cksum 1 ,
243	.Xr stat 2 ,
244	.Xr fts 3 ,
245	.Sh HISTORY
246	The
247	.Nm mtree
248	utility appeared in
249	.Bx 4.3 Reno .