Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

veriexec(4) [netbsd man page]

VERIEXEC(4)						   BSD Kernel Interfaces Manual 					       VERIEXEC(4)

NAME

     veriexec -- Veriexec pseudo-device

SYNOPSIS

     pseudo-device veriexec

DESCRIPTION

     Veriexec verifies the integrity of specified executables and files before they are run or read.  This makes it much more difficult to insert
     a trojan horse into the system and also makes it more difficult to run binaries that are not supposed to be running, for example, packet
     sniffers, DDoS clients and so on.

     The veriexec pseudo-device is used to load and delete entries to and from the in-kernel Veriexec databases, as well as query information
     about them.  It can also be used to dump the entire database.

   Kernel-userland interaction
     Veriexec uses proplib(3) for communication between the kernel and userland.

     VERIEXEC_LOAD
	   Load an entry for a file to be monitored by Veriexec.

	   The dictionary passed contains the following elements:

	   Name 	 Type	   Purpose
	   file 	 string    filename for this entry
	   entry-type	 uint8	   entry type (see below)
	   fp-type	 string    fingerprint hashing algorithm
	   fp		 data	   the fingerprint

	   ``entry-type'' can be one or more (binary-OR'd) of the following:

	   Type 		 Effect
	   VERIEXEC_DIRECT	 can execute directly
	   VERIEXEC_INDIRECT	 can execute indirectly (interpreter, mmap(2))
	   VERIEXEC_FILE	 can be opened
	   VERIEXEC_UNTRUSTED	 located on untrusted storage

     VERIEXEC_DELETE
	   Removes either an entry for a single file or entries for an entire mount from Veriexec.

	   The dictionary passed contains the following elements:

	   Name    Type      Purpose
	   file    string    filename or mount-point

     VERIEXEC_DUMP
	   Dump the Veriexec monitored files database from the kernel.

	   Only files that the filename is kept for them will be dumped.  The returned array contains dictionaries with the following elements:

	   Name 	 Type	   Purpose
	   file 	 string    filename
	   fp-type	 string    fingerprint hashing algorithm
	   fp		 data	   the fingerprint
	   entry-type	 uint8	   entry type (see above)

     VERIEXEC_FLUSH
	   Flush the Veriexec database, removing all entries.

	   This command has no parameters.

     VERIEXEC_QUERY
	   Queries Veriexec about a file, returning information that may be useful about it.

	   The dictionary passed contains the following elements:

	   Name    Type      Purpose
	   file    string    filename

	   The dictionary returned contains the following elements:

	   Name 	 Type	   Purpose
	   entry-type	 uint8	   entry type (see above)
	   status	 uint8	   entry status
	   fp-type	 string    fingerprint hashing algorithm
	   fp		 data	   the fingerprint

	   ``status'' can be one of the following:

	   Status		   Meaning
	   FINGERPRINT_NOTEVAL	   not evaluated
	   FINGERPRINT_VALID	   fingerprint match
	   FINGERPRINT_MISMATCH    fingerprint mismatch

     Note that the requests VERIEXEC_LOAD, VERIEXEC_DELETE, and VERIEXEC_FLUSH are not permitted once the strict level has been raised past 0.

SEE ALSO

     proplib(3), sysctl(3), security(7), sysctl(8), veriexecctl(8), veriexecgen(8), veriexec(9)

NOTES

     veriexec is part of the default configuration on the following architectures: amd64, i386, prep, sparc64.

AUTHORS

     Brett Lymn <blymn@NetBSD.org>
     Elad Efrat <elad@NetBSD.org>

BSD
								  March 19, 2011							       BSD

Check Out this Related Man Page

synos(1)                                                        Mail Avenger 0.8.3                                                        synos(1)

NAME

       synos - guess operating system from TCP SYN fingerprint

SYNOPSIS

       synos [--mtu mtu] [--db path] syn-fingerprint

DESCRIPTION

       synos takes a SYN fingerprint, in the format described for the CLIENT_SYNFP environment variable in the avenger(1) man page, and outputs a
       guess as to the type of the client operating system.  synos makes use of the OpenBSD SYN fingerprint database (which is also repackaged
       with Mail Avenger).

   OPTIONS
       --mtu val
           Certain operating systems set the initial TCP window size based on the maximum transmission unit, or MTU, of the network.  For such
           operating systems, synos usually checks the window size using both the client's MSS option plus 40 bytes (for TCP and IP headers), or a
           hard-coded MTU, which defaults to 1,500 bytes.  If either value works, the fingerprint is considered to match the operating system.
           You can change the value 1,500 by specifying this option.  A value of 0 tells synos to use only the value derived from the MSS option.

       --db file
           Specifies an alternate location for the SYN fingerprint database.

FILES

       /usr/local/share/pf.os
           Default location of SYN fingerprint database.

SEE ALSO

       avenger(1), asmtpd(8)

       The Mail Avenger home page: <http://www.mailavenger.org/>.

       The OpenBSD home page: <http://www.openbsd.org/>.

BUGS

       The operating system type is determined by heuristics that are not always reliable.  Moreover, not all operating systems can be
       distinguished.  The database may not even contain a client's particular operating system and version.

       It is not hard to fool synos deliberately by changing TCP socket options or injecting raw packets onto the network.

AUTHOR

       David Mazieres

Mail Avenger 0.8.3                                                  2012-04-05                                                            synos(1)
Man Page