Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

veriexecctl(8) [netbsd man page]

VERIEXECCTL(8)						    BSD System Manager's Manual 					    VERIEXECCTL(8)

NAME
veriexecctl -- manage the Veriexec subsystem SYNOPSIS
veriexecctl [-ekv] load [file] veriexecctl delete file | mount_point veriexecctl dump veriexecctl flush veriexecctl query file DESCRIPTION
The veriexecctl command is used to manipulate Veriexec, the NetBSD file integrity subsystem. Commands load [file] Load the fingerprint entries contained in file, if specified, or the default signatures file otherwise. This operation is only allowed in learning mode (strict level zero). The following flags are allowed with this command: -e Evaluate fingerprint on load, as opposed to when the file is accessed. -k Keep the filenames in the entry for more accurate logging. -v Enable verbose output. delete file | mount_point Delete either a single entry file or all entries on mount_point from being monitored by Veriexec. dump Dump the Veriexec database from the kernel. Only entries that have the filename will be presented. This can be used to recover a lost database: # veriexecctl dump > /etc/signatures flush Delete all entries in the Veriexec database. query file Query Veriexec for information associated with file: Filename, mount, fingerprint, fingerprint algorithm, evaluation status, and entry type. FILES
/dev/veriexec Veriexec pseudo-device /etc/signatures default signatures file SEE ALSO
veriexec(4), veriexec(5), security(7), veriexec(8), veriexecgen(8) HISTORY
veriexecctl first appeared in NetBSD 2.0. AUTHORS
Brett Lymn <blymn@NetBSD.org> Elad Efrat <elad@NetBSD.org> NOTES
The kernel is expected to have the ``veriexec'' pseudo-device. BSD
August 31, 2008 BSD

Check Out this Related Man Page

VERIEXEC(4)						   BSD Kernel Interfaces Manual 					       VERIEXEC(4)

NAME
veriexec -- Veriexec pseudo-device SYNOPSIS
pseudo-device veriexec DESCRIPTION
Veriexec verifies the integrity of specified executables and files before they are run or read. This makes it much more difficult to insert a trojan horse into the system and also makes it more difficult to run binaries that are not supposed to be running, for example, packet sniffers, DDoS clients and so on. The veriexec pseudo-device is used to load and delete entries to and from the in-kernel Veriexec databases, as well as query information about them. It can also be used to dump the entire database. Kernel-userland interaction Veriexec uses proplib(3) for communication between the kernel and userland. VERIEXEC_LOAD Load an entry for a file to be monitored by Veriexec. The dictionary passed contains the following elements: Name Type Purpose file string filename for this entry entry-type uint8 entry type (see below) fp-type string fingerprint hashing algorithm fp data the fingerprint ``entry-type'' can be one or more (binary-OR'd) of the following: Type Effect VERIEXEC_DIRECT can execute directly VERIEXEC_INDIRECT can execute indirectly (interpreter, mmap(2)) VERIEXEC_FILE can be opened VERIEXEC_UNTRUSTED located on untrusted storage VERIEXEC_DELETE Removes either an entry for a single file or entries for an entire mount from Veriexec. The dictionary passed contains the following elements: Name Type Purpose file string filename or mount-point VERIEXEC_DUMP Dump the Veriexec monitored files database from the kernel. Only files that the filename is kept for them will be dumped. The returned array contains dictionaries with the following elements: Name Type Purpose file string filename fp-type string fingerprint hashing algorithm fp data the fingerprint entry-type uint8 entry type (see above) VERIEXEC_FLUSH Flush the Veriexec database, removing all entries. This command has no parameters. VERIEXEC_QUERY Queries Veriexec about a file, returning information that may be useful about it. The dictionary passed contains the following elements: Name Type Purpose file string filename The dictionary returned contains the following elements: Name Type Purpose entry-type uint8 entry type (see above) status uint8 entry status fp-type string fingerprint hashing algorithm fp data the fingerprint ``status'' can be one of the following: Status Meaning FINGERPRINT_NOTEVAL not evaluated FINGERPRINT_VALID fingerprint match FINGERPRINT_MISMATCH fingerprint mismatch Note that the requests VERIEXEC_LOAD, VERIEXEC_DELETE, and VERIEXEC_FLUSH are not permitted once the strict level has been raised past 0. SEE ALSO
proplib(3), sysctl(3), security(7), sysctl(8), veriexecctl(8), veriexecgen(8), veriexec(9) NOTES
veriexec is part of the default configuration on the following architectures: amd64, i386, prep, sparc64. AUTHORS
Brett Lymn <blymn@NetBSD.org> Elad Efrat <elad@NetBSD.org> BSD
March 19, 2011 BSD
Man Page