Diff a Directory Tree Files

$Id: README,v 1.3 2011/07/11 05:30:53 rdilley Exp $
=== Directory Tree Differ (DT)

by Ron Dilley <ron.dilley@uberadmin.com>

For the latest information on dt, please see:
http://www.uberadmin.com/dt/

== What is dt?

dt is short for difftree and it is a fast directory
comparison tool.

== Why use it?

I build dt during a security incident to compare directory
snapshots on a large SAN.  I attemped to use both tripwire
and osiris and neither could complete the comparison of
directories in a reasonable amount of time.  This tool
sacrifices absolute comparisons using hashing and databases
for speed and a minimal set of comparisons of data available
from fstat.

== Implimentation

Here is an example of running dt against a set of directories.
Each directory passed to dt will be compared to the previous
argument.  This allows a quick comparison between each directory
to get a summary of the changes over time.

% ./src/dt ~/cvs ~/c1 ~/c2 ~/c3

Processing dir [/home/rdilley/cvs]
Processing dir [/home/rdilley/c1]
mt[2011/07/11@00:32:31->2011/07/10@20:10:05] d [/home/rdilley/c1/difftree]
mt[2011/07/10@23:52:12->2011/07/10@15:06:10] d [/home/rdilley/c1/difftree/CVS]
s[457->435] f [/home/rdilley/c1/difftree/CVS/Entries]
+ f [/difftree/CVS/Entries.Log]
mt[2011/07/11@01:07:39->2011/07/10@21:53:23] d [/home/rdilley/c1/difftree/src]
g[100>1000] d [/home/rdilley/c1/pdnsd]
p[rwxr-xr-x->rwxr-x---] d [/home/rdilley/c1/imspy]
- f [/bc.tar.gz]
- f [/difftree/configure.scan]
- f [/difftree/autoscan.log]
Processing dir [/home/rdilley/c2]
s[686328114->0] f [/home/rdilley/c2/dictionary.txt]
g[1000>100] f [/home/rdilley/c2/difftree/src/hash.c]
g[1000>100] d [/home/rdilley/c2/pdnsd]
g[100>1000] p[rwxr-xr-x->rwxr-sr-x] d [/home/rdilley/c2/quickparser]
p[rwxr-x---->rwxr-xr-x] d [/home/rdilley/c2/imspy]
+ f [/bc.tar.gz]
mt[2007/08/22@22:34:40->2011/07/11@01:08:34] f [/home/rdilley/c2/wsd-0.1.config]
Processing dir [/home/rdilley/c3]
g[1000>100] p[rwxr-sr-x->rwxr-xr-x] d [/home/rdilley/c3/quickparser]
+ f [/psmd.config.orig]
s[654->16] t[f->sl] p[rwxr-xr-x->rwxrwxrwx] sl [/home/rdilley/c3/psmd.config]
mt[2011/07/11@01:08:34->2007/08/22@22:34:40] f [/home/rdilley/c3/wsd-0.1.config]
- f [/dictionary.txt]

Any changes are noted as {type}[{old}->{new}] and a file can have multiple
changes.

The change types are as follows:
--------------------------------
+	New file
-	Missing file
s	Size changed
u	UID changed
g	GID changed
p	Permissions changed
mt	Modify time changed
at	Access time changed (disabled)
ct	Create time changed (disabled)

The second column is the file type:
-----------------------------------
f	File
d	Directory
sl	Soft Link
blk	Block device
fifo	FIFO
chr	Character device
sok	Socket

The third column is the fully qualified filename.

dt comes with a minimal set of options as follows:

% ./dt -h
dt v0.3 [Jul 10 2011 - 23:52:35]

syntax: dt [options]
 -d {lvl}   enable debugging info
 -h         this info
 -l {dir}   directory to create logs in (default: /var/log/dt)
 -m         hash files and compare (disables -q|--quick mode)
 -q         do quick comparisons only
 -v         display version information

The -l and -m options are disabled.

The -q option detects new and missing files and changes in file size.

The -d option is only useful if dt is compiled with --enable-debug.

== Security Implications

Assume that there are errors in the dt source that would
allow an attacker to gain unauthorized access to your
computer.  Don't trust this software and install and use
it at your own risk.

== Bugs

I am not a programmer by any strech of the imagination.  I
have attempted to remove the obvious bugs and other
programmer related errors but please keep in mind the first
sentence.  If you find an issue with code, please send me
an e-mail with details and I will be happy to look into
it.

Ron Dilley
ron.dilley@uberadmin.com