Home Man
Search
Today's Posts
Register

Linux & Unix Commands - Search Man Pages

NetBSD 6.1.5 - man page for veriexec (netbsd section 4)

VERIEXEC(4)			   BSD Kernel Interfaces Manual 		      VERIEXEC(4)

NAME
     veriexec -- Veriexec pseudo-device

SYNOPSIS
     pseudo-device veriexec

DESCRIPTION
     Veriexec verifies the integrity of specified executables and files before they are run or
     read.  This makes it much more difficult to insert a trojan horse into the system and also
     makes it more difficult to run binaries that are not supposed to be running, for example,
     packet sniffers, DDoS clients and so on.

     The veriexec pseudo-device is used to load and delete entries to and from the in-kernel
     Veriexec databases, as well as query information about them.  It can also be used to dump
     the entire database.

   Kernel-userland interaction
     Veriexec uses proplib(3) for communication between the kernel and userland.

     VERIEXEC_LOAD
	   Load an entry for a file to be monitored by Veriexec.

	   The dictionary passed contains the following elements:

	   Name 	 Type	   Purpose
	   file 	 string    filename for this entry
	   entry-type	 uint8	   entry type (see below)
	   fp-type	 string    fingerprint hashing algorithm
	   fp		 data	   the fingerprint

	   ``entry-type'' can be one or more (binary-OR'd) of the following:

	   Type 		 Effect
	   VERIEXEC_DIRECT	 can execute directly
	   VERIEXEC_INDIRECT	 can execute indirectly (interpreter, mmap(2))
	   VERIEXEC_FILE	 can be opened
	   VERIEXEC_UNTRUSTED	 located on untrusted storage

     VERIEXEC_DELETE
	   Removes either an entry for a single file or entries for an entire mount from
	   Veriexec.

	   The dictionary passed contains the following elements:

	   Name    Type      Purpose
	   file    string    filename or mount-point

     VERIEXEC_DUMP
	   Dump the Veriexec monitored files database from the kernel.

	   Only files that the filename is kept for them will be dumped.  The returned array con-
	   tains dictionaries with the following elements:

	   Name 	 Type	   Purpose
	   file 	 string    filename
	   fp-type	 string    fingerprint hashing algorithm
	   fp		 data	   the fingerprint
	   entry-type	 uint8	   entry type (see above)

     VERIEXEC_FLUSH
	   Flush the Veriexec database, removing all entries.

	   This command has no parameters.

     VERIEXEC_QUERY
	   Queries Veriexec about a file, returning information that may be useful about it.

	   The dictionary passed contains the following elements:

	   Name    Type      Purpose
	   file    string    filename

	   The dictionary returned contains the following elements:

	   Name 	 Type	   Purpose
	   entry-type	 uint8	   entry type (see above)
	   status	 uint8	   entry status
	   fp-type	 string    fingerprint hashing algorithm
	   fp		 data	   the fingerprint

	   ``status'' can be one of the following:

	   Status		   Meaning
	   FINGERPRINT_NOTEVAL	   not evaluated
	   FINGERPRINT_VALID	   fingerprint match
	   FINGERPRINT_MISMATCH    fingerprint mismatch

     Note that the requests VERIEXEC_LOAD, VERIEXEC_DELETE, and VERIEXEC_FLUSH are not permitted
     once the strict level has been raised past 0.

SEE ALSO
     proplib(3), sysctl(3), security(7), sysctl(8), veriexecctl(8), veriexecgen(8), veriexec(9)

NOTES
     veriexec is part of the default configuration on the following architectures: amd64, i386,
     prep, sparc64.

AUTHORS
     Brett Lymn <blymn@NetBSD.org>
     Elad Efrat <elad@NetBSD.org>

BSD					  March 19, 2011				      BSD


All times are GMT -4. The time now is 10:51 AM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
UNIX.COM Login
Username:
Password:  
Show Password