VERIEXECGEN(8)          NetBSD System Manager's Manual          VERIEXECGEN(8)

     veriexecgen -- generate fingerprints for Veriexec

     veriexecgen [-AaDrSTvW] [-d dir] [-o fingerprintdb] [-p prefix]
                 [-t algorithm]
     veriexecgen [-h]

     veriexecgen can be used to create a fingerprint database for use with

     If no command line arguments were specified, veriexecgen will resort to
     default operation, implying -D -o /etc/signatures -t sha256.

     If the output file already exists, veriexecgen will save a backup copy in
     the same file only with a ``.old'' suffix.

     The following options are available:

     -A          Append to the output file, don't overwrite it.

     -a          Add fingerprints for non-executable files as well.

     -D          Search system directories, /bin, /sbin, /usr/bin, /usr/sbin,
                 /lib, /usr/lib, /libexec, and /usr/libexec.

     -d dir      Scan for files in dir.  Multiple uses of this flag can spec-
                 ify more than one directory.

     -h          Display the help screen.

     -o fingerprintdb
                 Save the generated fingerprint database to fingerprintdb.

     -p prefix   When storing files in the fingerprint database, store the
                 full pathnames of files with the leading ``prefix'' of the
                 filenames removed.

     -r          Scan recursively.

     -S          Set the immutable flag on the created signatures file when
                 done writing it.

     -T          Put a timestamp on the generated file.

     -t algorithm
                 Use algorithm for the fingerprints.  Must be one of ``md5'',
                 ``sha1'', ``sha256'', ``sha384'', ``sha512'', or ``rmd160''.

     -v          Verbose mode.  Print messages describing what operations are
                 being done.

     -W          By default, veriexecgen will exit when an error condition is
                 encountered.  This option will treat errors such as not being
                 able to follow a symbolic link, not being able to find the
                 real path for a directory entry, or not being able to calcu-
                 late a hash of an entry as a warning, rather than an error.
                 If errors are treated as warnings, veriexecgen will continue
                 processing.  The default behaviour is to treat errors as


     Fingerprint files in the common system directories using the default
     hashing algorithm ``sha256'' and save to the default fingerprint database
     in /etc/signatures:

           # veriexecgen

     Fingerprint files in /etc, appending to the default fingerprint database:

           # veriexecgen -A -d /etc

     Fingerprint files in /path/to/somewhere using ``rmd160'' as the hashing
     algorithm, saving to /etc/somewhere.fp:

           # veriexecgen -d /path/to/somewhere -t rmd160 -o /etc/somewhere.fp

     veriexec(4), veriexec(5), security(8), veriexec(8), veriexecctl(8)

NetBSD 5.0.1                   February 18, 2008                  NetBSD 5.0.1

You can also request any man page by name and (optionally) by section:


Use the DEFAULT collection to view manual pages for third-party software.

©1994 Man-cgi 1.15, Panagiotis Christias <>
©1996-2015 Modified for NetBSD by Kimmo Suominen