Commit Graph

33 Commits

Author SHA1 Message Date
sevan 5f0969c23a Omit files not marked executable from the signature database by default.
Closes PR kern/41669
Reviewed by <agc>
2019-04-23 22:35:42 +00:00
gutteridge 77213afac9 veriexecgen(8): improve example for appending /etc to the signatures
database. From Edgar Pettijohn in PR misc/53839.
2019-01-08 01:31:49 +00:00
wiz 96dff12048 Fix enumeration. 2017-09-10 10:13:47 +00:00
sevan 5bd038bb6e Remove the ability to generate a signature database with the hash algorithms
MD5, SHA1 & RMD160 which are either broken or on their way to being broken.

Discussed on tech-security
http://mail-index.netbsd.org/tech-security/2017/08/21/msg000936.html

ok riastradh
2017-09-09 21:27:23 +00:00
wiz 85e4f3c354 security(7), not (8). 2011-04-28 11:23:57 +00:00
elad 9229a44cd8 PR/41911: Jukka Ruohonen: A bug in veriexecgen
Do as suggested and add the missing 'T' to getopt() and update usage.

Thanks for the PR!
2009-08-21 04:09:41 +00:00
lukem d877c4c3c0 Enable WARNS=4 by default, except for:
cpuctl  dumplfs  hprop  ipf  iprop-log  kadmin  kcm  kdc  kdigest
	kimpersonate  kstash  ktutil  makefs  ndbootd  ntp  pppd  quot
	racoon  racoonctl  rtadvd  sntp  sup  tcpdchk  tcpdmatch  tcpdump
	traceroute  traceroute6  user  veriexecgen  wsmoused  zic
(Mostly third-party applications)
2009-04-22 15:23:01 +00:00
joerg 0bdacf5008 Fix markup 2009-03-11 14:00:29 +00:00
martin 11a6dbe728 Convert TNF licenses to new 2 clause variant 2008-04-30 13:10:46 +00:00
martin 3028e483e4 Convert to new 2 clause license 2008-04-29 06:53:00 +00:00
elad 52cf460a76 Following input from Matthew Mondor, some Veriexec documentation changes:
- Document the signatures file format in a veriexec(5) man-page,
  - Document the strict levels and a general Veriexec intro in veriexec(8)
    instead of security(8).

Okay blymn@.
2008-02-18 10:37:19 +00:00
elad 8f8e9e057c Xref security(8) from veriexec(4), veriexec(9), veriexecctl(8), and
veriexecgen(8).

Suggested by Matthew Mondor.
2008-02-10 19:32:23 +00:00
elad 6700cfccd6 Some Veriexec stuff that's been rotting in my tree for months.
Bug fixes:
  - Fix crash reported by Scott Ellis on current-users@.

  - Fix race conditions in enforcing the Veriexec rename and remove
    policies. These are NOT security issues.

  - Fix memory leak in rename handling when overwriting a monitored
    file.

  - Fix table deletion logic.

  - Don't prevent query requests if not in learning mode.


KPI updates:
  - fileassoc_table_run() now takes a cookie to pass to the callback.

  - veriexec_table_add() was removed, it is now done internally. As a
    result, there's no longer a need for VERIEXEC_TABLESIZE.

  - veriexec_report() was removed, it is now internal.

  - Perform sanity checks on the entry type, and enforce default type
    in veriexec_file_add() rather than in veriexecctl.

  - Add veriexec_flush(), used to delete all Veriexec tables, and
    veriexec_dump(), used to fill an array with all Veriexec entries.


New features:
  - Add a '-k' flag to veriexecctl, to keep the filenames in the kernel
    database. This allows Veriexec to produce slightly more accurate
    logs under certain circumstances. In the future, this can be either
    replaced by vnode->pathname translation, or combined with it.

  - Add a VERIEXEC_DUMP ioctl, to dump the entire Veriexec database.
    This can be used to recover a database if the file was lost.
    Example usage:

        # veriexecctl dump > /etc/signatures

    Note that only entries with the filename kept (that is, were loaded
    with the '-k' flag) will be dumped.

    Idea from Brett Lymn.

  - Add a VERIEXEC_FLUSH ioctl, to delete all Veriexec entries. Sample
    usage:

        # veriexecctl flush

  - Add a 'veriexec_flags' rc(8) variable, and make its default have
    the '-k' flag. On systems using the default signatures file
    (generaetd from running 'veriexecgen' with no arguments), this will
    use additional 32kb of kernel memory on average.

  - Add a '-e' flag to veriexecctl, to evaluate the fingerprint during
    load. This is done automatically for files marked as 'untrusted'.


Misc. stuff:
  - The code for veriexecctl was massively simplified as a result of
    eliminating the need for VERIEXEC_TABLESIZE, and now uses a single
    pass of the signatures file, making the loading somewhat faster.

  - Lots of minor fixes found using the (still under development)
    Veriexec regression testsuite.

  - Some of the messages Veriexec prints were improved.

  - Various documentation fixes.


All relevant man-pages were updated to reflect the above changes.

Binary compatibility with existing veriexecctl binaries is maintained.
2007-05-15 19:47:43 +00:00
hubertf 889da1779b * Don't include headers twice
* Remove a few trailing whitespaces
 * Rearrange and join to one #if for some headers

Patch contributed by Slava Semushin <slava.semushin@gmail.com>
in private mail.
2007-01-16 17:32:04 +00:00
mjf bf77574aa2 Delete advertising clause. 2007-01-09 13:53:31 +00:00
wiz b2801fe843 Sync usage with man page. 2006-12-23 09:16:38 +00:00
agc fa94897003 + some minor cosmetic changes
+ rather than using global variables, accessed all over the place, create
a local structure, and pass it down.

+ add a -p argument to denote a prefix, so that it's possible to record
a different directory hierarchy from the one that was scanned.  One
typical use would be:

	# ./veriexecgen -v -d /usr/dest/i386 -a -p /usr/dest/i386 -r -o fingers

to create a fingerprint database called fingers from the files located
in the /usr/dest/i386 hierarchy, but without the leading /usr/dest/i386
prefix:

	# Generated by agc, Tue Dec 19 13:10:34 2006
	/bin/domainname SHA256 12622c8f3698e51f090abf84ce81aaaaa1ed72135291b41a3e7d6c7b6a2a9847
	/bin/chmod SHA256 5c3f8fec48601e0eaf7f47522ad8ff9fabb442b123ada97a71de285b4f6bf658

+ make veriexecgen into a host tool
2006-12-19 21:21:28 +00:00
agc 221d869ea3 Minor cosmetic changes:
1. use EXIT_SUCCESS and EXIT_FAILURE, rather than 0 or 1, throughout
2. add some comments
3. use descriptive names for variables, so that their use is easily
gleaned.
2006-12-04 21:22:40 +00:00
agc a1ab0bea62 Normally, veriexecgen will treat an error such as a dangling symlink,
or an inability to get the real path, as fatal.

Be a bit more verbose about this in the default case - tell the user
which directory entry caused the failure.

Also introduce a new -W flag, which will warn the user about the
error, but will still continue processing - it treats errors as
warnings, and allows a signatures file to be built.
2006-12-04 07:06:56 +00:00
christos 11c53ad61c kill crypto/rmd160.h and crypto/sha2.h, and instead make symlinks to
/usr/include from /usr/include/sys. This makes all the one way hash
header handling identical.
2006-10-30 20:22:53 +00:00
elad 28e2a804c9 For now, also mark "file" entries as "indirect". 2006-10-27 22:14:17 +00:00
elad b35a67141f Add /lib, /libexec, and /usr/libexec to -D. Update man page. 2006-09-23 19:08:48 +00:00
elad d2a7cc99dc Oops, fix test. Pointed out by Matt Fleming, thanks! 2006-09-19 20:37:08 +00:00
elad c94625dc78 Oops, -S is supposed to be optional. Pointed out by Matt Fleming, thanks! 2006-09-18 20:53:48 +00:00
elad f8c54c15cf Add the -S flag, for setting the signatures file immutable after creating
it.
2006-09-18 17:47:25 +00:00
elad 47f2f39c75 Oops, forgot to remove -g. 2006-09-18 10:09:31 +00:00
wiz 5e52501584 Sort sections. 2006-09-17 10:27:54 +00:00
elad ac00894537 Clarify some more, tiny markup fixes. Veriexecgen can be just invoked as:
# veriexecgen

after a clean install.
2006-09-17 10:14:36 +00:00
elad 55e6bda6fa Fix some confusions; pointed out by wiz@, thanks! 2006-09-17 05:04:05 +00:00
wiz 86f767cf74 Drop trailing whitespace. Fix a typo. 2006-09-17 01:02:30 +00:00
elad 8fd10e3884 Add an EXAMPLES section. 2006-09-16 21:41:59 +00:00
elad c1ea404a01 crypto/sha1.h -> sha1.h 2006-09-16 21:26:02 +00:00
elad ade08c91dc Add a C version of Veriexec's fingerprint generator, written by Matt
Fleming.

This one has some nice options -- for example, an admin can run right
after installing a system:

        fpgen -D

and it will fingerprint a set of "common" system directories to the
default loaction. See the man-page for more stuff.

Performance-wise, here are results for both fpgen.sh (old) and this
new tool:

	474.599u 574.335s 13:53.05 125.9%       0+0k 0+307io 0pf+0w

	0.424u 0.131s 0:00.56 98.2%     0+0k 0+2io 0pf+0w

...guess which is which? (that's ~1500 times *faster*)
2006-09-16 20:54:42 +00:00