170 lines
5.3 KiB
Groff
170 lines
5.3 KiB
Groff
.\" $NetBSD: veriexecctl.8,v 1.28 2006/09/30 10:56:31 elad Exp $
|
|
.\"
|
|
.\" Copyright (c) 1999
|
|
.\" Brett Lymn - blymn@baea.com.au, brett_lymn@yahoo.com.au
|
|
.\"
|
|
.\" This code is donated to The NetBSD Foundation by the author.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. The name of the Author may not be used to endorse or promote
|
|
.\" products derived from this software without specific prior written
|
|
.\" permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" $Id: veriexecctl.8,v 1.28 2006/09/30 10:56:31 elad Exp $
|
|
.\"
|
|
.Dd September 30, 2006
|
|
.Dt VERIEXECCTL 8
|
|
.Os
|
|
.Sh NAME
|
|
.Nm veriexecctl
|
|
.Nd load or report veriexec fingerprints
|
|
.Sh SYNOPSIS
|
|
.Nm
|
|
.Cm load Ar signatures
|
|
.Nm
|
|
.Cm delete Op file | mount_point
|
|
.Nm
|
|
.Cm query Ar file
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm
|
|
command is used to manipulate the Veriexec feature.
|
|
Veriexec must have been configured into the booted kernel for this
|
|
commaned to work.
|
|
.Ss Commands
|
|
.Bl -tag -width 25n
|
|
.It Cm load Ar signatures
|
|
Load the fingerprint entries contained in
|
|
.Ar signatures
|
|
into the in kernel tables.
|
|
This operation is only available if kern.veriexec.strict is zero.
|
|
Once loaded the kernel can then validate executed programs
|
|
or files against the loaded fingerprints and report when fingerprints
|
|
do not match.
|
|
.It Cm delete Op file | mount_point
|
|
Delete the specified file from the Veriexec table in which it is stored.
|
|
If the argument is a mount_point (or a directory), the device id for
|
|
it is fetched and the entire Veriexec table that refers to it is
|
|
removed.
|
|
.It Cm query Ar file
|
|
Query Veriexec about information associated with
|
|
.Ar file :
|
|
Filename, mount, fingerprint, fingerprint algorithm, evaluation status,
|
|
and entry type.
|
|
.El
|
|
.Ss Signatures
|
|
The
|
|
.Pa signatures
|
|
file contains lines of fields (separated by one or more whitespace
|
|
characters) of the form:
|
|
.Pp
|
|
.Dl path type fingerprint options
|
|
.Pp
|
|
Where
|
|
.Em path
|
|
is the full path to the file and
|
|
.Em type
|
|
is the type of fingerprint used, see above for the default list.
|
|
Other fingerprints may be available depending on kernel configuration.
|
|
The
|
|
.Em fingerprint
|
|
field is a hexadecimal representation of the fingerprint for
|
|
the file.
|
|
The field
|
|
.Em options
|
|
contains the associated options for the file.
|
|
Currently there are eight valid options, five of which are aliases
|
|
to improve readability of the database files:
|
|
.Pp
|
|
.Bl -tag
|
|
.It Dv DIRECT
|
|
Allow direct execution only.
|
|
.It Dv INDIRECT
|
|
If this option is set then the executable cannot be invoked directly, it
|
|
can only be used as an interpreter in scripts.
|
|
.It Dv FILE
|
|
Indicates that the fingerprint is associated with a file, not an
|
|
executable.
|
|
Files have their fingerprints verified during
|
|
.Xr open 2
|
|
and are automatically made read only.
|
|
This option may be used to verify shared libraries have not been
|
|
tampered with.
|
|
.It Dv PROGRAM
|
|
An alias for
|
|
.Dv DIRECT ,
|
|
allow direct execution only.
|
|
.It Dv INTERPRETER
|
|
An alias for
|
|
.Dv INDIRECT ,
|
|
the executable may only be used as an interpreter
|
|
for scripts.
|
|
.It Dv SCRIPT
|
|
The file is a script.
|
|
For correct operation of veriexec, a script must have both
|
|
.Dv FILE
|
|
and
|
|
.Dv DIRECT
|
|
attributes set.
|
|
This option is a shorthand way of setting the options for correct
|
|
operation of scripts.
|
|
.It Dv LIBRARY
|
|
The file is a library, this option is an alias for
|
|
.Dv FILE
|
|
and
|
|
.Dv INDIRECT .
|
|
.It Dv UNTRUSTED
|
|
This option is used to indicate that the file is located on
|
|
untrusted storage, and its fingerprint should not be cached,
|
|
but calculated each time it is accessed and when pages with
|
|
this file as backing store are paged in.
|
|
.El
|
|
.Pp
|
|
There must be only one executable/fingerprint pair per line.
|
|
Comments are indicated by the first character of a line being a
|
|
.Sq \&#
|
|
character.
|
|
Multiple options can be combined using a
|
|
.Sq \&,
|
|
character.
|
|
If no options are specified, both direct and indirect execution
|
|
are implied.
|
|
.Sh FILES
|
|
.Bl -tag -width /etc/signatures -compact
|
|
.It Pa /dev/veriexec
|
|
veriexec device node
|
|
.It Pa /etc/signatures
|
|
default signatures file
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr veriexec 4 ,
|
|
.Xr veriexecgen 8
|
|
.Sh HISTORY
|
|
.Nm
|
|
first appeared in
|
|
.Nx 2.0 .
|
|
.Sh NOTES
|
|
.Nm
|
|
requires the kernel to have been configured with the veriexec pseudo-device.
|
|
.Sh BUGS
|
|
There must be no whitespace in the path field of a fingerprint entry.
|