Mtree usage in pfSense



  • I saw that mtree is used to set/check file permissions on pfSense.

    The results of the mtree check are written to /cf/conf/mtree.log.

    Shouldn't this logfile be empty if the checks are all fine? I'm just wondering as I see several entries.

    Are there any plans to use also the integrity verification features of mtree?


  • Rebel Alliance Developer Netgate

    Some files are expected to change from the baseline, like the password files/databases, config files, and so on. It could be fine-tuned some more to ignore some of those.

    Long-term it would be nice to have some integrity verification but there is more work to do there yet.