|Linux & Unix Commands - Search Man Pages
VERIEXECCTL(8) BSD System Manager's Manual VERIEXECCTL(8)
veriexecctl -- manage the Veriexec subsystem
veriexecctl [-ekv] load [file]
veriexecctl delete file | mount_point
veriexecctl query file
The veriexecctl command is used to manipulate Veriexec, the NetBSD file integrity subsystem.
Load the fingerprint entries contained in file, if specified, or the default signa-
tures file otherwise.
This operation is only allowed in learning mode (strict level zero).
The following flags are allowed with this command:
-e Evaluate fingerprint on load, as opposed to when the file is accessed.
-k Keep the filenames in the entry for more accurate logging.
-v Enable verbose output.
delete file | mount_point
Delete either a single entry file or all entries on mount_point from being monitored
dump Dump the Veriexec database from the kernel. Only entries that have the filename will
This can be used to recover a lost database:
# veriexecctl dump > /etc/signatures
Delete all entries in the Veriexec database.
Query Veriexec for information associated with file: Filename, mount, fingerprint,
fingerprint algorithm, evaluation status, and entry type.
/dev/veriexec Veriexec pseudo-device
/etc/signatures default signatures file
veriexec(4), veriexec(5), security(7), veriexec(8), veriexecgen(8)
veriexecctl first appeared in NetBSD 2.0.
Brett Lymn <blymn@NetBSD.org>
Elad Efrat <elad@NetBSD.org>
The kernel is expected to have the ``veriexec'' pseudo-device.
BSD August 31, 2008 BSD
All times are GMT -4. The time now is 01:33 AM.