VERIEXEC(5)               NetBSD File Formats Manual               VERIEXEC(5)

NAME
     veriexec -- format for the Veriexec signatures file

DESCRIPTION
     Veriexec loads entries to the in-kernel database from a file describing
     files to be monitored and the type of monitoring.  This file is often
     referred to as the `signatures database' or `signatures file'.

     The signatures file can be easily created using veriexecgen(8).

SIGNATURES DATABASE FORMAT
     The signatures database has a line based structure, where each line has
     several fields separated by white-space (space, tabs, etc.) taking the
     following form:

           path type fingerprint    flags

     The description for each field is as follows:

     path  The full path to the file.  White-space characters can be escaped
           if prefixed with a `\'.

     type  Type of fingerprinting algorithm used for the file.

           Requires kernel support for the specified algorithm.  List of fin-
           gerprinting algorithms supported by the kernel can be obtained by
           using the following command:

                 # sysctl kern.veriexec.algorithms

     fingerprint
           The fingerprint for the file.  Can (usually) be generated using the
           following command:

                 % cksum -a <algorithm> <file>

     flags
           Optional listing of entry flags, separated by a comma.  These may
           include:

           direct
                 Allow direct execution only.

                 Execution of a program is said to be ``direct'' when the pro-
                 gram is invoked by the user (either in a script, manually
                 typing it, etc.) via the execve(2) syscall.

           indirect
                 Allow indirect execution only.

                 Execution of a program is said to be ``indirect'' if it is
                 invoked by the kernel to interpret a script (``hash-bang'').

           file  Allow opening the file only, via the open(2) syscall (no exe-
                 cution is allowed).

           untrusted
                 Indicate that the file is located on untrusted storage and
                 its fingerprint evaluation status should not be cached, but
                 rather re-calculated each time it is accessed.

                 Fingerprints for untrusted files will always be evaluated on
                 load.

           To improve readaibility of the signatures file, the following
           aliases are provided:

           program
                 An alias for ``direct''.

           interpreter
                 An alias for ``indirect''

           script
                 An alias for both ``direct'' and ``file''.

           library
                 An alias for both ``file'' and ``indirect''.

           If no flags are specified, ``direct'' is assumed.

     Comments begin with a `#' character and span to the end of the line.

SEE ALSO
     veriexec(4), security(8), veriexec(8), veriexecctl(8), veriexecgen(8)

HISTORY
     veriexec first appeared in NetBSD 2.0.

AUTHORS
     Brett Lymn <blymn@NetBSD.org>
     Elad Efrat <elad@NetBSD.org>

NetBSD 5.1                     February 18, 2008                    NetBSD 5.1

You can also request any man page by name and (optionally) by section:

Command: 
Section: 
Architecture: 
Collection: 
 

Use the DEFAULT collection to view manual pages for third-party software.


©1994 Man-cgi 1.15, Panagiotis Christias <christia@softlab.ntua.gr>
©1996-2014 Modified for NetBSD by Kimmo Suominen