VERIEXECGEN(8) NetBSD System Manager's Manual VERIEXECGEN(8)
NAME
veriexecgen -- generate fingerprints for Veriexec
SYNOPSIS
veriexecgen [-AaDrSTvW] [-d dir] [-f file] [-o fingerprintdb] [-p prefix] [-t algorithm] veriexecgen [-h]
DESCRIPTION
veriexecgen can be used to create a fingerprint database for use with Veriexec. If no command line arguments were specified, veriexecgen will resort to default operation, implying -D -o /etc/signatures -t sha256. If the output file already exists, veriexecgen will save a backup copy in the same file only with a ``.old'' suffix. The following options are available: -A Append to the output file, don't overwrite it. -a Add fingerprints for non-executable files as well. -D Search system directories, /bin, /sbin, /usr/bin, /usr/sbin, /lib, /usr/lib, /libexec, and /usr/libexec. -d dir Scan for files in dir. Multiple uses of this flag can specify more than one directory. -f file Read files from file, or if file is "-" read from stdin. -h Display the help screen. -o fingerprintdb Save the generated fingerprint database to fingerprintdb. -p prefix When storing files in the fingerprint database, store the full pathnames of files with the leading ``prefix'' of the file- names removed. -r Scan recursively. -S Set the immutable flag on the created signatures file when done writing it. -T Put a timestamp on the generated file. -t algorithm Use algorithm for the fingerprints. Must be one of ``sha256'', ``sha384'', or ``sha512''. -v Verbose mode. Print messages describing what operations are being done. -W By default, veriexecgen will exit when an error condition is encountered. This option will treat errors such as not being able to follow a symbolic link, not being able to find the real path for a directory entry, or not being able to calcu- late a hash of an entry as a warning, rather than an error. If errors are treated as warnings, veriexecgen will continue processing. The default behaviour is to treat errors as fatal.
FILES
/etc/signatures
EXAMPLES
Fingerprint files in the common system directories using the default hashing algorithm ``sha256'' and save to the default fingerprint database in /etc/signatures: # veriexecgen Fingerprint files in /etc, appending to the default fingerprint database: # veriexecgen -A -a -d /etc Fingerprint files in /path/to/somewhere using ``sha512'' as the hashing algorithm, saving to /etc/somewhere.fp: # veriexecgen -d /path/to/somewhere -t sha512 -o /etc/somewhere.fp
SEE ALSO
veriexec(4), veriexec(5), security(7), veriexec(8), veriexecctl(8) NetBSD 10.1 July 31, 2019 NetBSD 10.1
Powered by man-cgi (2024-08-26). Maintained for NetBSD by Kimmo Suominen. Based on man-cgi by Panagiotis Christias.