Mention command names in SYNOPSIS; add gen_rmd160 to SEE ALSO;

improve formatting; bump date.
2005-04-22 14:35:13 +00:00 · 2005-04-22 14:35:13 +00:00 · bb1cbe5e1c
parent df9d0a0359
commit bb1cbe5e1c
1 changed files with 33 additions and 33 deletions
--- a/sbin/veriexecctl/veriexecctl.8
+++ b/sbin/veriexecctl/veriexecctl.8
@ -1,4 +1,4 @@
-.\" $NetBSD: veriexecctl.8,v 1.8 2005/04/20 13:44:45 blymn Exp $
+.\" $NetBSD: veriexecctl.8,v 1.9 2005/04/22 14:35:13 wiz Exp $
 .\"
 .\" Copyright (c) 1999
 .\"	Brett Lymn - blymn@baea.com.au, brett_lymn@yahoo.com.au
@ -29,9 +29,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"	$Id: veriexecctl.8,v 1.8 2005/04/20 13:44:45 blymn Exp $
+.\"	$Id: veriexecctl.8,v 1.9 2005/04/22 14:35:13 wiz Exp $
 .\"
-.Dd January 6, 2005
+.Dd April 22, 2005
 .Dt VERIEXECCTL 8
 .Os
 .Sh NAME
@ -39,10 +39,9 @@
 .Nd load or report verified exec fingerprints
 .Sh SYNOPSIS
 .Nm
-.Ar command
+.Cm fingerprints
-.Oo
+.Nm
-.Ar arg
+.Cm load Ar veriexec.conf
 .Oc
 .Sh DESCRIPTION
 The
 .Nm
@ -50,10 +49,28 @@ command is used to manipulate the Verified Exec feature.
 Verified Exec must have been configured into the booted kernel for this
 commaned to work.
 .Sh COMMANDS
-.Pp
+.Bl -tag -width 25n
-.Cm load
+.It Cm fingerprints
-.Ar veriexec.conf
+Report the fingerprint methods that are available in the currently running
-.Pp
+kernel.
 This command will return a space separated list of supported fingerprint
 methods that will be accepted by the kernel.
 The default list is:
 .Bl -item -offset indent -compact
 .It
 MD5
 .It
 RMD160
 .It
 SHA1
 .It
 SHA256
 .It
 SHA384
 .It
 SHA512
 .El
 .It Cm load Ar veriexec.conf
 Load the fingerprint entries contained in
 .Ar veriexec.conf
 into the in kernel tables.
@ -62,27 +79,10 @@ equal to zero.
 Once loaded the kernel can then validate executed programs
 or files against the loaded fingerprints and report when fingerprints
 do not match.
-.Pp
+.El
 .Cm fingerprints
 .Pp
 Report the fingerprint methods that are available in the currently running
 kernel.
 This command will return a space separated list of supported fingerprint
 methods that will be accepted by the kernel.
 The default list is:
 .Bd -literal -offset indent
 MD5
 RMD160
 SHA1
 SHA256
 SHA384
 SHA512
 .Ed
 .Pp
 .Sh VERIEXEC.CONF
 .Pp
 The
-.Ar veriexec.conf
+.Pa veriexec.conf
 file contains lines of fields (separated by one or more whitespace
 characters) of the form:
 .Pp
@ -108,11 +108,10 @@ contains the associated options for the file.
 Currently there are two valid options:
 .Pp
 .Bl -tag -width INDIRECT -compact
-.Pp
+.It Dv INDIRECT
 .It Pa INDIRECT
 If this option is set then the executable cannot be invoked directly, it
 can only be used as an interpreter in shell scripts.
-.It Pa FILE
+.It Dv FILE
 Indicates that the fingerprint is associated with a file, not an
 executable.
 Files have their fingerprints verified during
@ -133,6 +132,7 @@ verified executable device node
 .El
 .Sh SEE ALSO
 .Pa /usr/share/examples/veriexecctl/gen_md5 ,
 .Pa /usr/share/examples/veriexecctl/gen_rmd160 ,
 .Pa /usr/share/examples/veriexecctl/gen_sha1
 .Sh HISTORY
 .Nm