<div dir="ltr"><div>Hi Jonathan,</div><div><br></div><div>did you get this working in the end? It seems very interesting so it would be nice to know if you did progress with mtree. I would like to try it out sooner or later. I originally read about it at <a href="https://docs.freebsd.org/en/books/handbook/security/#security-ids">https://docs.freebsd.org/en/books/handbook/security/#security-ids</a> but never got to try it out. I just happened to come across this other link as well: <a href="https://calomel.org/ids_mtree.html">https://calomel.org/ids_mtree.html</a> in which the author wrote a small shell script to implement a small IDS with mtree.<br></div><div><br></div><div>Aaron<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Apr 24, 2023 at 4:51 PM Jonathan Drews <<a href="mailto:jondrews@fastmail.com">jondrews@fastmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Aaron:<br>
<br>
That is a typing mistake. I did use mtree -cK sha256digest > in both root and a normal user.<br>
<br>
On Mon, Apr 24, 2023, at 07:27, Aaron Lopez wrote:<br>
> Hi Jonathan,<br>
> <br>
> I noticed that for /root you used a small "k" meanwhile as a normal user you used a capital "K". Could that be the issue?<br>
> <br>
> Kind regards,<br>
> Aaron<br>
> <br>
> On Mon, Apr 24, 2023 at 10:47 AM Jonathan Drews <<a href="mailto:jondrews@fastmail.com" target="_blank">jondrews@fastmail.com</a>> wrote:<br>
>> My computer system:<br>
>> $ uname -mprsv<br>
>> OpenBSD 7.3 <a href="http://GENERIC.MP#1125" rel="noreferrer" target="_blank">GENERIC.MP#1125</a> <<a href="http://generic.mp/#1125" rel="noreferrer" target="_blank">http://generic.mp/#1125</a>> amd64 amd64<br>
>> <br>
>> I have a problem with running mtree as root. I want to make a base file<br>
>> for / and all it's subdirectories using the command:<br>
>> <br>
>> # mtree -ck sha256digest > /root/root24Apr2023.mtree<br>
>> <br>
>> but I get the following error message:<br>
>> <br>
>> unknown keyword: sha256digest.<br>
>> <br>
>> however if I run it as an ordinary user it works fine:<br>
>> <br>
>> $ mtree -cK sha256digest > homeCleetus3.mtree<br>
>> <br>
>> look :<br>
>> $ cat homeCleetus3.mtree | head<br>
>> <br>
>> # user: cleetus<br>
>> # machine: Leo.my.domain<br>
>> # tree: /home/cleetus<br>
>> # date: Mon Apr 24 01:07:21 2023<br>
>> <br>
>> # .<br>
>> /set type=file uid=1000 gid=1000 mode=0640 nlink=1<br>
>> . type=dir mode=0755 nlink=58 time=1682319490.964620832<br>
>> .Xauthority mode=0600 size=450 time=1682149878.454612237 \<br>
>> <br>
>> sha256digest=4372c73e50cf1cc00822db9db1631e4f7ad7f71d9724633ab740b5fcfbb19a71<br>
>> <br>
>> if I run mtree wlike so:<br>
>> # cd /<br>
>> # mtree -c /root/root24Apr2023.mtree<br>
>> <br>
>> it records the files and directories.<br>
>> <br>
>> What am I doing wrong here? I am creating a base file of directories<br>
>> in case of intrusion. If I suspect an intrusion, then I would cd to<br>
>> root (/) and run:<br>
>> <br>
>> mtree -f root24Apr2023.mtree > diffRoot.mtree<br>
>> <br>
>> and look for any changed files.<br>
>> <br>
>> FYI I used this tutorial on mtree:<br>
>> <a href="https://forums.freebsd.org/threads/small-guide-on-using-mtree.61113/" rel="noreferrer" target="_blank">https://forums.freebsd.org/threads/small-guide-on-using-mtree.61113/</a><br>
>> <br>
>> <br>
>> --<br>
>> Kind regards,<br>
>> Jonathan <br>
>> <br>
>> _______________________________________________<br>
>> Semibug mailing list<br>
>> <a href="mailto:Semibug@lists.nycbug.org" target="_blank">Semibug@lists.nycbug.org</a><br>
>> <a href="https://lists.nycbug.org:8443/mailman/listinfo/semibug" rel="noreferrer" target="_blank">https://lists.nycbug.org:8443/mailman/listinfo/semibug</a><br>
</blockquote></div>