[Semibug] Problem with mtree
Aaron Lopez
vieroninfo at gmail.com
Mon Apr 24 09:27:57 EDT 2023
Hi Jonathan,
I noticed that for /root you used a small "k" meanwhile as a normal user
you used a capital "K". Could that be the issue?
Kind regards,
Aaron
On Mon, Apr 24, 2023 at 10:47 AM Jonathan Drews <jondrews at fastmail.com>
wrote:
> My computer system:
> $ uname -mprsv
> OpenBSD 7.3 GENERIC.MP#1125 amd64 amd64
>
> I have a problem with running mtree as root. I want to make a base file
> for / and all it's subdirectories using the command:
>
> # mtree -ck sha256digest > /root/root24Apr2023.mtree
>
> but I get the following error message:
>
> unknown keyword: sha256digest.
>
> however if I run it as an ordinary user it works fine:
>
> $ mtree -cK sha256digest > homeCleetus3.mtree
>
> look :
> $ cat homeCleetus3.mtree | head
>
> # user: cleetus
> # machine: Leo.my.domain
> # tree: /home/cleetus
> # date: Mon Apr 24 01:07:21 2023
>
> # .
> /set type=file uid=1000 gid=1000 mode=0640 nlink=1
> . type=dir mode=0755 nlink=58 time=1682319490.964620832
> .Xauthority mode=0600 size=450 time=1682149878.454612237 \
>
>
> sha256digest=4372c73e50cf1cc00822db9db1631e4f7ad7f71d9724633ab740b5fcfbb19a71
>
> if I run mtree wlike so:
> # cd /
> # mtree -c /root/root24Apr2023.mtree
>
> it records the files and directories.
>
> What am I doing wrong here? I am creating a base file of directories
> in case of intrusion. If I suspect an intrusion, then I would cd to
> root (/) and run:
>
> mtree -f root24Apr2023.mtree > diffRoot.mtree
>
> and look for any changed files.
>
> FYI I used this tutorial on mtree:
> https://forums.freebsd.org/threads/small-guide-on-using-mtree.61113/
>
>
> --
> Kind regards,
> Jonathan
>
> _______________________________________________
> Semibug mailing list
> Semibug at lists.nycbug.org
> https://lists.nycbug.org:8443/mailman/listinfo/semibug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/semibug/attachments/20230424/861e78d7/attachment.htm>
More information about the Semibug
mailing list