Mention command names in SYNOPSIS; add gen_rmd160 to SEE ALSO;
improve formatting; bump date.
This commit is contained in:
parent
df9d0a0359
commit
bb1cbe5e1c
|
@ -1,4 +1,4 @@
|
|||
.\" $NetBSD: veriexecctl.8,v 1.8 2005/04/20 13:44:45 blymn Exp $
|
||||
.\" $NetBSD: veriexecctl.8,v 1.9 2005/04/22 14:35:13 wiz Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1999
|
||||
.\" Brett Lymn - blymn@baea.com.au, brett_lymn@yahoo.com.au
|
||||
|
@ -29,9 +29,9 @@
|
|||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $Id: veriexecctl.8,v 1.8 2005/04/20 13:44:45 blymn Exp $
|
||||
.\" $Id: veriexecctl.8,v 1.9 2005/04/22 14:35:13 wiz Exp $
|
||||
.\"
|
||||
.Dd January 6, 2005
|
||||
.Dd April 22, 2005
|
||||
.Dt VERIEXECCTL 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -39,10 +39,9 @@
|
|||
.Nd load or report verified exec fingerprints
|
||||
.Sh SYNOPSIS
|
||||
.Nm
|
||||
.Ar command
|
||||
.Oo
|
||||
.Ar arg
|
||||
.Oc
|
||||
.Cm fingerprints
|
||||
.Nm
|
||||
.Cm load Ar veriexec.conf
|
||||
.Sh DESCRIPTION
|
||||
The
|
||||
.Nm
|
||||
|
@ -50,10 +49,28 @@ command is used to manipulate the Verified Exec feature.
|
|||
Verified Exec must have been configured into the booted kernel for this
|
||||
commaned to work.
|
||||
.Sh COMMANDS
|
||||
.Pp
|
||||
.Cm load
|
||||
.Ar veriexec.conf
|
||||
.Pp
|
||||
.Bl -tag -width 25n
|
||||
.It Cm fingerprints
|
||||
Report the fingerprint methods that are available in the currently running
|
||||
kernel.
|
||||
This command will return a space separated list of supported fingerprint
|
||||
methods that will be accepted by the kernel.
|
||||
The default list is:
|
||||
.Bl -item -offset indent -compact
|
||||
.It
|
||||
MD5
|
||||
.It
|
||||
RMD160
|
||||
.It
|
||||
SHA1
|
||||
.It
|
||||
SHA256
|
||||
.It
|
||||
SHA384
|
||||
.It
|
||||
SHA512
|
||||
.El
|
||||
.It Cm load Ar veriexec.conf
|
||||
Load the fingerprint entries contained in
|
||||
.Ar veriexec.conf
|
||||
into the in kernel tables.
|
||||
|
@ -62,27 +79,10 @@ equal to zero.
|
|||
Once loaded the kernel can then validate executed programs
|
||||
or files against the loaded fingerprints and report when fingerprints
|
||||
do not match.
|
||||
.Pp
|
||||
.Cm fingerprints
|
||||
.Pp
|
||||
Report the fingerprint methods that are available in the currently running
|
||||
kernel.
|
||||
This command will return a space separated list of supported fingerprint
|
||||
methods that will be accepted by the kernel.
|
||||
The default list is:
|
||||
.Bd -literal -offset indent
|
||||
MD5
|
||||
RMD160
|
||||
SHA1
|
||||
SHA256
|
||||
SHA384
|
||||
SHA512
|
||||
.Ed
|
||||
.Pp
|
||||
.El
|
||||
.Sh VERIEXEC.CONF
|
||||
.Pp
|
||||
The
|
||||
.Ar veriexec.conf
|
||||
.Pa veriexec.conf
|
||||
file contains lines of fields (separated by one or more whitespace
|
||||
characters) of the form:
|
||||
.Pp
|
||||
|
@ -108,11 +108,10 @@ contains the associated options for the file.
|
|||
Currently there are two valid options:
|
||||
.Pp
|
||||
.Bl -tag -width INDIRECT -compact
|
||||
.Pp
|
||||
.It Pa INDIRECT
|
||||
.It Dv INDIRECT
|
||||
If this option is set then the executable cannot be invoked directly, it
|
||||
can only be used as an interpreter in shell scripts.
|
||||
.It Pa FILE
|
||||
.It Dv FILE
|
||||
Indicates that the fingerprint is associated with a file, not an
|
||||
executable.
|
||||
Files have their fingerprints verified during
|
||||
|
@ -133,6 +132,7 @@ verified executable device node
|
|||
.El
|
||||
.Sh SEE ALSO
|
||||
.Pa /usr/share/examples/veriexecctl/gen_md5 ,
|
||||
.Pa /usr/share/examples/veriexecctl/gen_rmd160 ,
|
||||
.Pa /usr/share/examples/veriexecctl/gen_sha1
|
||||
.Sh HISTORY
|
||||
.Nm
|
||||
|
|
Loading…
Reference in New Issue