|
VERIEXECCTL(8) |
System Manager's Manual |
VERIEXECCTL(8) |
NAME
veriexecctl — manage the Veriexec subsystem
SYNOPSIS
|
veriexecctl |
[-ekv] load [file] |
|
veriexecctl |
delete file | mount_point |
DESCRIPTION
The
veriexecctl command is used to manipulate
Veriexec, the
NetBSD file integrity subsystem.
Commands
-
load [file]
-
Load the fingerprint entries contained in file, if specified, or the default signatures file otherwise.
This operation is only allowed in learning mode (strict level zero).
The following flags are allowed with this command:
-
-e
-
Evaluate fingerprint on load, as opposed to when the file is accessed.
-
-k
-
Keep the filenames in the entry for more accurate logging.
-
-v
-
Enable verbose output.
-
delete file | mount_point
-
Delete either a single entry file or all entries on mount_point from being monitored by Veriexec.
-
dump
-
Dump the Veriexec database from the kernel. Only entries that have the filename will be presented.
This can be used to recover a lost database:
# veriexecctl dump > /etc/signatures
-
flush
-
Delete all entries in the Veriexec database.
-
query file
-
Query Veriexec for information associated with file: Filename, mount, fingerprint, fingerprint algorithm, evaluation status, and entry type.
FILES
-
/dev/veriexec
-
Veriexec pseudo-device
-
/etc/signatures
-
default signatures file
HISTORY
veriexecctl first appeared in NetBSD 2.0.
AUTHORS
Brett Lymn <blymn@NetBSD.org> Elad Efrat <elad@NetBSD.org>
NOTES
The kernel is expected to have the “veriexec” pseudo-device.