Unix/Linux Go Back    


NetBSD 6.1.5 - man page for veriexecgen (netbsd section 8)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)


VERIEXECGEN(8)			   BSD System Manager's Manual			   VERIEXECGEN(8)

NAME
     veriexecgen -- generate fingerprints for Veriexec

SYNOPSIS
     veriexecgen [-AaDrSTvW] [-d dir] [-o fingerprintdb] [-p prefix] [-t algorithm]
     veriexecgen [-h]

DESCRIPTION
     veriexecgen can be used to create a fingerprint database for use with Veriexec.

     If no command line arguments were specified, veriexecgen will resort to default operation,
     implying -D -o /etc/signatures -t sha256.

     If the output file already exists, veriexecgen will save a backup copy in the same file only
     with a ``.old'' suffix.

     The following options are available:

     -A 	Append to the output file, don't overwrite it.

     -a 	Add fingerprints for non-executable files as well.

     -D 	Search system directories, /bin, /sbin, /usr/bin, /usr/sbin, /lib, /usr/lib,
		/libexec, and /usr/libexec.

     -d dir	Scan for files in dir.	Multiple uses of this flag can specify more than one
		directory.

     -h 	Display the help screen.

     -o fingerprintdb
		Save the generated fingerprint database to fingerprintdb.

     -p prefix	When storing files in the fingerprint database, store the full pathnames of files
		with the leading ``prefix'' of the filenames removed.

     -r 	Scan recursively.

     -S 	Set the immutable flag on the created signatures file when done writing it.

     -T 	Put a timestamp on the generated file.

     -t algorithm
		Use algorithm for the fingerprints.  Must be one of ``md5'', ``sha1'',
		``sha256'', ``sha384'', ``sha512'', or ``rmd160''.

     -v 	Verbose mode.  Print messages describing what operations are being done.

     -W 	By default, veriexecgen will exit when an error condition is encountered.  This
		option will treat errors such as not being able to follow a symbolic link, not
		being able to find the real path for a directory entry, or not being able to cal-
		culate a hash of an entry as a warning, rather than an error.  If errors are
		treated as warnings, veriexecgen will continue processing.  The default behaviour
		is to treat errors as fatal.

FILES
     /etc/signatures

EXAMPLES
     Fingerprint files in the common system directories using the default hashing algorithm
     ``sha256'' and save to the default fingerprint database in /etc/signatures:

	   # veriexecgen

     Fingerprint files in /etc, appending to the default fingerprint database:

	   # veriexecgen -A -d /etc

     Fingerprint files in /path/to/somewhere using ``rmd160'' as the hashing algorithm, saving to
     /etc/somewhere.fp:

	   # veriexecgen -d /path/to/somewhere -t rmd160 -o /etc/somewhere.fp

SEE ALSO
     veriexec(4), veriexec(5), security(7), veriexec(8), veriexecctl(8)

BSD					February 18, 2008				      BSD
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums


All times are GMT -4. The time now is 09:14 AM.