The July 2012 issue of BSD Magazine has an article by yours truly: freebsd-update as an Intrusion Detection System.
It also has a code to get you 30% off of Absolute FreeBSD at No Starch Press. If you don’t have your copy of this book, here’s your chance.
It has other good articles too. None as awe-inspiring as mine, of course, but definitely worth a read.
Look’s like /etc/mtree use on OpenBSD…
Unfortunately, Wesley, you cannot trust any files on the compromised system. That includes /etc/mtree. You’d need to boot from install media for the version you’re running and run a similar comparison. That’s similar to what freebsd-update does, they’ve just wrapped it all up in a more newbie-friendly manner.