From bb1cbe5e1c0a05baa22232fdac4e14317d63e5dc Mon Sep 17 00:00:00 2001 From: wiz Date: Fri, 22 Apr 2005 14:35:13 +0000 Subject: [PATCH] Mention command names in SYNOPSIS; add gen_rmd160 to SEE ALSO; improve formatting; bump date. --- sbin/veriexecctl/veriexecctl.8 | 66 +++++++++++++++++----------------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/sbin/veriexecctl/veriexecctl.8 b/sbin/veriexecctl/veriexecctl.8 index 838b4c667644..05d0a3c6ae11 100644 --- a/sbin/veriexecctl/veriexecctl.8 +++ b/sbin/veriexecctl/veriexecctl.8 @@ -1,4 +1,4 @@ -.\" $NetBSD: veriexecctl.8,v 1.8 2005/04/20 13:44:45 blymn Exp $ +.\" $NetBSD: veriexecctl.8,v 1.9 2005/04/22 14:35:13 wiz Exp $ .\" .\" Copyright (c) 1999 .\" Brett Lymn - blymn@baea.com.au, brett_lymn@yahoo.com.au @@ -29,9 +29,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: veriexecctl.8,v 1.8 2005/04/20 13:44:45 blymn Exp $ +.\" $Id: veriexecctl.8,v 1.9 2005/04/22 14:35:13 wiz Exp $ .\" -.Dd January 6, 2005 +.Dd April 22, 2005 .Dt VERIEXECCTL 8 .Os .Sh NAME @@ -39,10 +39,9 @@ .Nd load or report verified exec fingerprints .Sh SYNOPSIS .Nm -.Ar command -.Oo -.Ar arg -.Oc +.Cm fingerprints +.Nm +.Cm load Ar veriexec.conf .Sh DESCRIPTION The .Nm @@ -50,10 +49,28 @@ command is used to manipulate the Verified Exec feature. Verified Exec must have been configured into the booted kernel for this commaned to work. .Sh COMMANDS -.Pp -.Cm load -.Ar veriexec.conf -.Pp +.Bl -tag -width 25n +.It Cm fingerprints +Report the fingerprint methods that are available in the currently running +kernel. +This command will return a space separated list of supported fingerprint +methods that will be accepted by the kernel. +The default list is: +.Bl -item -offset indent -compact +.It +MD5 +.It +RMD160 +.It +SHA1 +.It +SHA256 +.It +SHA384 +.It +SHA512 +.El +.It Cm load Ar veriexec.conf Load the fingerprint entries contained in .Ar veriexec.conf into the in kernel tables. @@ -62,27 +79,10 @@ equal to zero. Once loaded the kernel can then validate executed programs or files against the loaded fingerprints and report when fingerprints do not match. -.Pp -.Cm fingerprints -.Pp -Report the fingerprint methods that are available in the currently running -kernel. -This command will return a space separated list of supported fingerprint -methods that will be accepted by the kernel. -The default list is: -.Bd -literal -offset indent -MD5 -RMD160 -SHA1 -SHA256 -SHA384 -SHA512 -.Ed -.Pp +.El .Sh VERIEXEC.CONF -.Pp The -.Ar veriexec.conf +.Pa veriexec.conf file contains lines of fields (separated by one or more whitespace characters) of the form: .Pp @@ -108,11 +108,10 @@ contains the associated options for the file. Currently there are two valid options: .Pp .Bl -tag -width INDIRECT -compact -.Pp -.It Pa INDIRECT +.It Dv INDIRECT If this option is set then the executable cannot be invoked directly, it can only be used as an interpreter in shell scripts. -.It Pa FILE +.It Dv FILE Indicates that the fingerprint is associated with a file, not an executable. Files have their fingerprints verified during @@ -133,6 +132,7 @@ verified executable device node .El .Sh SEE ALSO .Pa /usr/share/examples/veriexecctl/gen_md5 , +.Pa /usr/share/examples/veriexecctl/gen_rmd160 , .Pa /usr/share/examples/veriexecctl/gen_sha1 .Sh HISTORY .Nm