VERIEXECGEN(8) NetBSD System Manager's Manual VERIEXECGEN(8)
veriexecgen -- generate fingerprints for Veriexec
veriexecgen [-AaDrSTvW] [-d dir] [-o fingerprintdb] [-p prefix] [-t algorithm] veriexecgen [-h]
veriexecgen can be used to create a fingerprint database for use with Veriexec. If no command line arguments were specified, veriexecgen will resort to default operation, implying -D -o /etc/signatures -t sha256. If the output file already exists, veriexecgen will save a backup copy in the same file only with a ``.old'' suffix. The following options are available: -A Append to the output file, don't overwrite it. -a Add fingerprints for non-executable files as well. -D Search system directories, /bin, /sbin, /usr/bin, /usr/sbin, /lib, /usr/lib, /libexec, and /usr/libexec. -d dir Scan for files in dir. Multiple uses of this flag can specify more than one directory. -h Display the help screen. -o fingerprintdb Save the generated fingerprint database to fingerprintdb. -p prefix When storing files in the fingerprint database, store the full pathnames of files with the leading ``prefix'' of the file- names removed. -r Scan recursively. -S Set the immutable flag on the created signatures file when done writing it. -T Put a timestamp on the generated file. -t algorithm Use algorithm for the fingerprints. Must be one of ``sha256'', ``sha384'', or ``sha512''. -v Verbose mode. Print messages describing what operations are being done. -W By default, veriexecgen will exit when an error condition is encountered. This option will treat errors such as not being able to follow a symbolic link, not being able to find the real path for a directory entry, or not being able to calcu- late a hash of an entry as a warning, rather than an error. If errors are treated as warnings, veriexecgen will continue processing. The default behaviour is to treat errors as fatal.
Fingerprint files in the common system directories using the default hashing algorithm ``sha256'' and save to the default fingerprint database in /etc/signatures: # veriexecgen Fingerprint files in /etc, appending to the default fingerprint database: # veriexecgen -A -a -d /etc Fingerprint files in /path/to/somewhere using ``sha512'' as the hashing algorithm, saving to /etc/somewhere.fp: # veriexecgen -d /path/to/somewhere -t sha512 -o /etc/somewhere.fp
veriexec(4), veriexec(5), security(7), veriexec(8), veriexecctl(8) NetBSD 9.0 January 8, 2019 NetBSD 9.0
You can also request any man page by name and (optionally) by section: