VERIEXECGEN(8)          NetBSD System Manager's Manual          VERIEXECGEN(8)

     veriexecgen -- generate fingerprints for Veriexec

     veriexecgen [-AaDrSTvW] [-d dir] [-o fingerprintdb] [-p prefix]
                 [-t algorithm]
     veriexecgen [-h]

     veriexecgen can be used to create a fingerprint database for use with

     If no command line arguments were specified, veriexecgen will resort to
     default operation, implying -D -o /etc/signatures -t sha256.

     If the output file already exists, veriexecgen will save a backup copy in
     the same file only with a ``.old'' suffix.

     The following options are available:

     -A         Append to the output file, don't overwrite it.

     -a         Add fingerprints for non-executable files as well.

     -D         Search system directories, /bin, /sbin, /usr/bin, /usr/sbin,
                /lib, /usr/lib, /libexec, and /usr/libexec.

     -d dir     Scan for files in dir.  Multiple uses of this flag can specify
                more than one directory.

     -h         Display the help screen.

     -o fingerprintdb
                Save the generated fingerprint database to fingerprintdb.

     -p prefix  When storing files in the fingerprint database, store the full
                pathnames of files with the leading ``prefix'' of the file-
                names removed.

     -r         Scan recursively.

     -S         Set the immutable flag on the created signatures file when
                done writing it.

     -T         Put a timestamp on the generated file.

     -t algorithm
                Use algorithm for the fingerprints.  Must be one of ``md5'',
                ``sha1'', ``sha256'', ``sha384'', ``sha512'', or ``rmd160''.

     -v         Verbose mode.  Print messages describing what operations are
                being done.

     -W         By default, veriexecgen will exit when an error condition is
                encountered.  This option will treat errors such as not being
                able to follow a symbolic link, not being able to find the
                real path for a directory entry, or not being able to calcu-
                late a hash of an entry as a warning, rather than an error.
                If errors are treated as warnings, veriexecgen will continue
                processing.  The default behaviour is to treat errors as


     Fingerprint files in the common system directories using the default
     hashing algorithm ``sha256'' and save to the default fingerprint database
     in /etc/signatures:

           # veriexecgen

     Fingerprint files in /etc, appending to the default fingerprint database:

           # veriexecgen -A -d /etc

     Fingerprint files in /path/to/somewhere using ``rmd160'' as the hashing
     algorithm, saving to /etc/somewhere.fp:

           # veriexecgen -d /path/to/somewhere -t rmd160 -o /etc/somewhere.fp

     veriexec(4), veriexec(5), security(7), veriexec(8), veriexecctl(8)

NetBSD 6.0                     February 18, 2008                    NetBSD 6.0

You can also request any man page by name and (optionally) by section:


Use the DEFAULT collection to view manual pages for third-party software.

©1994 Man-cgi 1.15, Panagiotis Christias <>
©1996-2015 Modified for NetBSD by Kimmo Suominen