netbsd man page for veriexecgen

Netbsd Man Pages All Man Pages Latest Topics Forum Categories

Query: veriexecgen

OS: netbsd

Section: 8

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

VERIEXECGEN(8)						    BSD System Manager's Manual 					    VERIEXECGEN(8)


NAME

     veriexecgen -- generate fingerprints for Veriexec


SYNOPSIS

     veriexecgen [-AaDrSTvW] [-d dir] [-o fingerprintdb] [-p prefix] [-t algorithm]
     veriexecgen [-h]


DESCRIPTION

     veriexecgen can be used to create a fingerprint database for use with Veriexec.

     If no command line arguments were specified, veriexecgen will resort to default operation, implying -D -o /etc/signatures -t sha256.

     If the output file already exists, veriexecgen will save a backup copy in the same file only with a ``.old'' suffix.

     The following options are available:

     -A 	Append to the output file, don't overwrite it.

     -a 	Add fingerprints for non-executable files as well.

     -D 	Search system directories, /bin, /sbin, /usr/bin, /usr/sbin, /lib, /usr/lib, /libexec, and /usr/libexec.

     -d dir	Scan for files in dir.	Multiple uses of this flag can specify more than one directory.

     -h 	Display the help screen.

     -o fingerprintdb
		Save the generated fingerprint database to fingerprintdb.

     -p prefix	When storing files in the fingerprint database, store the full pathnames of files with the leading ``prefix'' of the filenames
		removed.

     -r 	Scan recursively.

     -S 	Set the immutable flag on the created signatures file when done writing it.

     -T 	Put a timestamp on the generated file.

     -t algorithm
		Use algorithm for the fingerprints.  Must be one of ``md5'', ``sha1'', ``sha256'', ``sha384'', ``sha512'', or ``rmd160''.

     -v 	Verbose mode.  Print messages describing what operations are being done.

     -W 	By default, veriexecgen will exit when an error condition is encountered.  This option will treat errors such as not being able to
		follow a symbolic link, not being able to find the real path for a directory entry, or not being able to calculate a hash of an
		entry as a warning, rather than an error.  If errors are treated as warnings, veriexecgen will continue processing.  The default
		behaviour is to treat errors as fatal.


FILES

     /etc/signatures


EXAMPLES

     Fingerprint files in the common system directories using the default hashing algorithm ``sha256'' and save to the default fingerprint data-
     base in /etc/signatures:

	   # veriexecgen

     Fingerprint files in /etc, appending to the default fingerprint database:

	   # veriexecgen -A -d /etc

     Fingerprint files in /path/to/somewhere using ``rmd160'' as the hashing algorithm, saving to /etc/somewhere.fp:

	   # veriexecgen -d /path/to/somewhere -t rmd160 -o /etc/somewhere.fp


SEE ALSO

     veriexec(4), veriexec(5), security(7), veriexec(8), veriexecctl(8)


BSD
								 February 18, 2008							       BSD
Related Man Pages
digest(1) - opensolaris
c_rehash(1ssl) - debian
veriexec(4) - netbsd
md5(1) - freebsd
gnupg::revoker(3pm) - debian
Similar Topics in the Unix Linux Community
Fingerprint GUI 0.6 (Default branch)
Fingerprint GUI 0.7 (Default branch)
Fingerprint GUI 0.8 (Default branch)
Fingerprint GUI 0.9 (Default branch)
Accept fingerprint automaticaly secureCRT