- NetBSD Manual Pages
VERIEXECGEN(8) NetBSD System Manager's Manual VERIEXECGEN(8)
Powered by man-cgi (2020-09-24).
Maintained for NetBSD
by Kimmo Suominen.
Based on man-cgi by Panagiotis Christias.
veriexecgen -- generate fingerprints for Veriexec
veriexecgen [-AaDrSTvW] [-d dir] [-f file] [-o fingerprintdb] [-p prefix]
veriexecgen can be used to create a fingerprint database for use with
If no command line arguments were specified, veriexecgen will resort to
default operation, implying -D -o /etc/signatures -t sha256.
If the output file already exists, veriexecgen will save a backup copy in
the same file only with a ``.old'' suffix.
The following options are available:
-A Append to the output file, don't overwrite it.
-a Add fingerprints for non-executable files as well.
-D Search system directories, /bin, /sbin, /usr/bin, /usr/sbin,
/lib, /usr/lib, /libexec, and /usr/libexec.
-d dir Scan for files in dir. Multiple uses of this flag can specify
more than one directory.
-f file Read files from file, or if file is "-" read from stdin.
-h Display the help screen.
Save the generated fingerprint database to fingerprintdb.
-p prefix When storing files in the fingerprint database, store the full
pathnames of files with the leading ``prefix'' of the file-
-r Scan recursively.
-S Set the immutable flag on the created signatures file when
done writing it.
-T Put a timestamp on the generated file.
Use algorithm for the fingerprints. Must be one of
``sha256'', ``sha384'', or ``sha512''.
-v Verbose mode. Print messages describing what operations are
-W By default, veriexecgen will exit when an error condition is
encountered. This option will treat errors such as not being
able to follow a symbolic link, not being able to find the
real path for a directory entry, or not being able to calcu-
late a hash of an entry as a warning, rather than an error.
If errors are treated as warnings, veriexecgen will continue
processing. The default behaviour is to treat errors as
Fingerprint files in the common system directories using the default
hashing algorithm ``sha256'' and save to the default fingerprint database
Fingerprint files in /etc, appending to the default fingerprint database:
# veriexecgen -A -a -d /etc
Fingerprint files in /path/to/somewhere using ``sha512'' as the hashing
algorithm, saving to /etc/somewhere.fp:
# veriexecgen -d /path/to/somewhere -t sha512 -o /etc/somewhere.fp
veriexec(4), veriexec(5), security(7), veriexec(8), veriexecctl(8)
NetBSD 9.99 July 31, 2019 NetBSD 9.99