unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (NetBSD-6.1.5)
Page:
Section:
Apropos / Subsearch:
optional field

VERIEXECGEN(8)              System Manager's Manual             VERIEXECGEN(8)

NAME
     veriexecgen -- generate fingerprints for Veriexec

SYNOPSIS
     veriexecgen [-AaDrSTvW] [-d dir] [-o fingerprintdb] [-p prefix]
                 [-t algorithm]
     veriexecgen [-h]

DESCRIPTION
     veriexecgen can be used to create a fingerprint database for use with
     Veriexec.

     If no command line arguments were specified, veriexecgen will resort to
     default operation, implying -D -o /etc/signatures -t sha256.

     If the output file already exists, veriexecgen will save a backup copy in
     the same file only with a ``.old'' suffix.

     The following options are available:

     -A               Append to the output file, don't overwrite it.

     -a               Add fingerprints for non-executable files as well.

     -D               Search system directories, /bin, /sbin, /usr/bin,
                      /usr/sbin, /lib, /usr/lib, /libexec, and /usr/libexec.

     -d dir           Scan for files in dir.  Multiple uses of this flag can
                      specify more than one directory.

     -h               Display the help screen.

     -o fingerprintdb
                      Save the generated fingerprint database to
                      fingerprintdb.

     -p prefix        When storing files in the fingerprint database, store
                      the full pathnames of files with the leading ``prefix''
                      of the filenames removed.

     -r               Scan recursively.

     -S               Set the immutable flag on the created signatures file
                      when done writing it.

     -T               Put a timestamp on the generated file.

     -t algorithm     Use algorithm for the fingerprints.  Must be one of
                      ``md5'', ``sha1'', ``sha256'', ``sha384'', ``sha512'',
                      or ``rmd160''.

     -v               Verbose mode.  Print messages describing what operations
                      are being done.

     -W               By default, veriexecgen will exit when an error
                      condition is encountered.  This option will treat errors
                      such as not being able to follow a symbolic link, not
                      being able to find the real path for a directory entry,
                      or not being able to calculate a hash of an entry as a
                      warning, rather than an error.  If errors are treated as
                      warnings, veriexecgen will continue processing.  The
                      default behaviour is to treat errors as fatal.

FILES
     /etc/signatures

EXAMPLES
     Fingerprint files in the common system directories using the default
     hashing algorithm ``sha256'' and save to the default fingerprint database
     in /etc/signatures:

           # veriexecgen

     Fingerprint files in /etc, appending to the default fingerprint database:

           # veriexecgen -A -d /etc

     Fingerprint files in /path/to/somewhere using ``rmd160'' as the hashing
     algorithm, saving to /etc/somewhere.fp:

           # veriexecgen -d /path/to/somewhere -t rmd160 -o /etc/somewhere.fp

SEE ALSO
     veriexec(4), veriexec(5), security(7), veriexec(8), veriexecctl(8)

NetBSD 6.1.5                   February 18, 2008                  NetBSD 6.1.5