veriexec(5)
- NetBSD Manual Pages
VERIEXEC(5) NetBSD File Formats Manual VERIEXEC(5)
NAME
veriexec -- format for the Veriexec signatures file
DESCRIPTION
Veriexec loads entries to the in-kernel database from a file describing
files to be monitored and the type of monitoring. This file is often
referred to as the `signatures database' or `signatures file'.
The signatures file can be easily created using veriexecgen(8).
SIGNATURES DATABASE FORMAT
The signatures database has a line based structure, where each line has
several fields separated by white-space (space, tabs, etc.) taking the
following form:
path type fingerprint flags
The description for each field is as follows:
path The full path to the file. White-space characters can be escaped
if prefixed with a `\'.
type Type of fingerprinting algorithm used for the file.
Requires kernel support for the specified algorithm. List of fin-
gerprinting algorithms supported by the kernel can be obtained by
using the following command:
# sysctl kern.veriexec.algorithms
fingerprint
The fingerprint for the file. Can (usually) be generated using the
following command:
% cksum -a <algorithm> <file>
flags
Optional listing of entry flags, separated by a comma. These may
include:
direct
Allow direct execution only.
Execution of a program is said to be ``direct'' when the pro-
gram is invoked by the user (either in a script, manually
typing it, etc.) via the execve(2) syscall.
indirect
Allow indirect execution only.
Execution of a program is said to be ``indirect'' if it is
invoked by the kernel to interpret a script (``hash-bang'').
file Allow opening the file only, via the open(2) syscall (no exe-
cution is allowed).
untrusted
Indicate that the file is located on untrusted storage and
its fingerprint evaluation status should not be cached, but
rather re-calculated each time it is accessed.
Fingerprints for untrusted files will always be evaluated on
load.
To improve readaibility of the signatures file, the following
aliases are provided:
program
An alias for ``direct''.
interpreter
An alias for ``indirect''
script
An alias for both ``direct'' and ``file''.
library
An alias for both ``file'' and ``indirect''.
If no flags are specified, ``direct'' is assumed.
Comments begin with a `#' character and span to the end of the line.
SEE ALSO
veriexec(4), security(8), veriexec(8), veriexecctl(8), veriexecgen(8)
HISTORY
veriexec first appeared in NetBSD 2.0.
AUTHORS
Brett Lymn <blymn@NetBSD.org>
Elad Efrat <elad@NetBSD.org>
NetBSD 5.0.1 February 18, 2008 NetBSD 5.0.1
Powered by man-cgi (2024-03-20).
Maintained for NetBSD
by Kimmo Suominen.
Based on man-cgi by Panagiotis Christias.