Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8380617e54
NetBSD/share/examples/veriexecctl/gen_rmd160

27 lines
787 B
Plaintext
Raw Normal View History

Rototill of the verified exec functionality. * We now use hash tables instead of a list to store the in kernel fingerprints. * Fingerprint methods handling has been made more flexible, it is now even simpler to add new methods. * the loader no longer passes in magic numbers representing the fingerprint method so veriexecctl is not longer kernel specific. * fingerprint methods can be tailored out using options in the kernel config file. * more fingerprint methods added - rmd160, sha256/384/512 * veriexecctl can now report the fingerprint methods supported by the running kernel. * regularised the naming of some portions of veriexec.
2005-04-20 17:44:45 +04:00
#!/bin/sh
#
# $NetBSD: gen_rmd160,v 1.1 2005/04/20 13:44:45 blymn Exp $
#
# This is a helper script that scans all the file systems for
# executables and generates an entry in the signatures file for
# each one found. The script is probably best run by root and
# will move the old signatures file prior to starting the real work.
#
mv signatures signatures.old
echo "Fingerprinting the system, this may take a while...."
#
find / \( \( -fstype ffs -a ! -iregex '^/proc.*' -a -type f -a \( -perm -0100 -o -perm -0010 -o -perm -0001 \) \) -o -name 'lib*so*' \) -print | while read line
do
echo "Fingerprinting $line"
hash=`rmd160 < $line`
flag=""
if [ ! -x $line ]
then
flag=" FILE"
fi
if [ "${hash}" != "" ]
then
echo "$line rmd160 ${hash}${flag}" >> signatures
fi
done
Reference in New Issue Copy Permalink