veriexec(5) - NetBSD Manual Pages

VERIEXEC(5)               NetBSD File Formats Manual               VERIEXEC(5)


NAME
veriexec -- format for the Veriexec signatures file
DESCRIPTION
Veriexec loads entries to the in-kernel database from a file describing files to be monitored and the type of monitoring. This file is often referred to as the `signatures database' or `signatures file'. The signatures file can be easily created using veriexecgen(8).
SIGNATURES DATABASE FORMAT
The signatures database has a line based structure, where each line has several fields separated by white-space (space, tabs, etc.) taking the following form: path type fingerprint flags The description for each field is as follows: path The full path to the file. White-space characters can be escaped if prefixed with a `\'. type Type of fingerprinting algorithm used for the file. Requires kernel support for the specified algorithm. List of fin- gerprinting algorithms supported by the kernel can be obtained by using the following command: # sysctl kern.veriexec.algorithms fingerprint The fingerprint for the file. Can (usually) be generated using the following command: % cksum -a <algorithm> <file> flags Optional listing of entry flags, separated by a comma. These may include: direct Allow direct execution only. Execution of a program is said to be ``direct'' when the pro- gram is invoked by the user (either in a script, manually typing it, etc.) via the execve(2) syscall. indirect Allow indirect execution only. Execution of a program is said to be ``indirect'' if it is invoked by the kernel to interpret a script (``hash-bang''). file Allow opening the file only, via the open(2) syscall (no exe- cution is allowed). untrusted Indicate that the file is located on untrusted storage and its fingerprint evaluation status should not be cached, but rather re-calculated each time it is accessed. Fingerprints for untrusted files will always be evaluated on load. To improve readaibility of the signatures file, the following aliases are provided: program An alias for ``direct''. interpreter An alias for ``indirect'' script An alias for both ``direct'' and ``file''. library An alias for both ``file'' and ``indirect''. If no flags are specified, ``direct'' is assumed. Comments begin with a `#' character and span to the end of the line.
SEE ALSO
veriexec(4), security(8), veriexec(8), veriexecctl(8), veriexecgen(8)
HISTORY
veriexec first appeared in NetBSD 2.0.
AUTHORS
Brett Lymn <blymn@NetBSD.org> Elad Efrat <elad@NetBSD.org> NetBSD 5.1 February 18, 2008 NetBSD 5.1

Powered by man-cgi (2024-08-26). Maintained for NetBSD by Kimmo Suominen. Based on man-cgi by Panagiotis Christias.