Mtree usage in pfSense
I saw that mtree is used to set/check file permissions on pfSense.
The results of the mtree check are written to /cf/conf/mtree.log.
Shouldn't this logfile be empty if the checks are all fine? I'm just wondering as I see several entries.
Are there any plans to use also the integrity verification features of mtree?
Some files are expected to change from the baseline, like the password files/databases, config files, and so on. It could be fine-tuned some more to ignore some of those.
Long-term it would be nice to have some integrity verification but there is more work to do there yet.