VERIEXECGEN(8)          NetBSD System Manager's Manual          VERIEXECGEN(8)

NAME
     veriexecgen -- generate fingerprints for Veriexec

SYNOPSIS
     veriexecgen [-AaDrSTvW] [-d dir] [-o fingerprintdb] [-p prefix]
                 [-t algorithm]
     veriexecgen [-h]

DESCRIPTION
     veriexecgen can be used to create a fingerprint database for use with
     Veriexec.

     If no command line arguments were specified, veriexecgen will resort to
     default operation, implying -D -o /etc/signatures -t sha256.

     If the output file already exists, veriexecgen will save a backup copy in
     the same file only with a ``.old'' suffix.

     The following options are available:

     -A          Append to the output file, don't overwrite it.

     -a          Add fingerprints for non-executable files as well.

     -D          Search system directories, /bin, /sbin, /usr/bin, /usr/sbin,
                 /lib, /usr/lib, /libexec, and /usr/libexec.

     -d dir      Scan for files in dir.  Multiple uses of this flag can spec-
                 ify more than one directory.

     -h          Display the help screen.

     -o fingerprintdb
                 Save the generated fingerprint database to fingerprintdb.

     -p prefix   When storing files in the fingerprint database, store the
                 full pathnames of files with the leading ``prefix'' of the
                 filenames removed.

     -r          Scan recursively.

     -S          Set the immutable flag on the created signatures file when
                 done writing it.

     -T          Put a timestamp on the generated file.

     -t algorithm
                 Use algorithm for the fingerprints.  Must be one of ``md5'',
                 ``sha1'', ``sha256'', ``sha384'', ``sha512'', or ``rmd160''.

     -v          Verbose mode.  Print messages describing what operations are
                 being done.

     -W          By default, veriexecgen will exit when an error condition is
                 encountered.  This option will treat errors such as not being
                 able to follow a symbolic link, not being able to find the
                 real path for a directory entry, or not being able to calcu-
                 late a hash of an entry as a warning, rather than an error.
                 If errors are treated as warnings, veriexecgen will continue
                 processing.  The default behaviour is to treat errors as
                 fatal.

FILES
     /etc/signatures

EXAMPLES
     Fingerprint files in the common system directories using the default
     hashing algorithm ``sha256'' and save to the default fingerprint database
     in /etc/signatures:

           # veriexecgen

     Fingerprint files in /etc, appending to the default fingerprint database:

           # veriexecgen -A -d /etc

     Fingerprint files in /path/to/somewhere using ``rmd160'' as the hashing
     algorithm, saving to /etc/somewhere.fp:

           # veriexecgen -d /path/to/somewhere -t rmd160 -o /etc/somewhere.fp

SEE ALSO
     veriexec(4), veriexec(5), security(8), veriexec(8), veriexecctl(8)

NetBSD 5.0.1                   February 18, 2008                  NetBSD 5.0.1

You can also request any man page by name and (optionally) by section:

Command: 
Section: 
Architecture: 
Collection: 
 

Use the DEFAULT collection to view manual pages for third-party software.


©1994 Man-cgi 1.15, Panagiotis Christias <christia@softlab.ntua.gr>
©1996-2014 Modified for NetBSD by Kimmo Suominen