# freebsd-update IDS and mandoc.db



## Anubas (Nov 14, 2016)

I have a script that runs `freebsd-update IDS` each night on all my servers. Since installing 11.0, I have noticed the following output:


```
/usr/share/man/mandoc.db has been modified!
/usr/share/man/mandoc.db has been modified!
/usr/share/man/mandoc.db has been modified!
/usr/share/openssl/man/mandoc.db has been modified!
/usr/share/openssl/man/mandoc.db has been modified!
/usr/share/openssl/man/mandoc.db has been modified!
```

If I patch my servers, the warnings go away for a couple of days then return, which suggests to me that the files are being modified outside of the patch updates. I can fix this by patching my servers again.


```
$ sudo freebsd-update fetch
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching metadata signature for 11.0-RELEASE from update5.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

The following files will be updated as part of updating to 11.0-RELEASE-p3:
/usr/share/man/mandoc.db
/usr/share/openssl/man/mandoc.db
```

Questions:
1. Is it normal for the above listed mandoc.db files to change outside of patching?
2. If this is normal, should `freebsd-update IDS` even be checking these files?
3. Why are these files listed three times each in the `freebsd-update IDS` output? All of the other exceptions, such as /etc/crontab only show up once, as you would expect.


----------



## kpa (Nov 14, 2016)

It's normal because those databases get updated from time to time, I believe by a periodic(8) job. The location of those databases is technically speaking wrong because if you take hier(7) literally they should be under /var/db and not be part of the IDS check at all.


----------



## Anubas (Nov 15, 2016)

I have created the following bug report.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214545


----------



## Anubas (Mar 6, 2017)

This issue has been marked as closed/fixed but a related bug (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217389) may be keeping users from seeing the fix. I will keep this thread updated.


----------

