8387760ed1
* We now use hash tables instead of a list to store the in kernel
fingerprints.
* Fingerprint methods handling has been made more flexible, it is now
even simpler to add new methods.
* the loader no longer passes in magic numbers representing the
fingerprint method so veriexecctl is not longer kernel specific.
* fingerprint methods can be tailored out using options in the kernel
config file.
* more fingerprint methods added - rmd160, sha256/384/512
* veriexecctl can now report the fingerprint methods supported by the
running kernel.
* regularised the naming of some portions of veriexec.
27 lines
787 B
Bash
Executable File
27 lines
787 B
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# $NetBSD: gen_rmd160,v 1.1 2005/04/20 13:44:45 blymn Exp $
|
|
#
|
|
# This is a helper script that scans all the file systems for
|
|
# executables and generates an entry in the signatures file for
|
|
# each one found. The script is probably best run by root and
|
|
# will move the old signatures file prior to starting the real work.
|
|
#
|
|
mv signatures signatures.old
|
|
echo "Fingerprinting the system, this may take a while...."
|
|
#
|
|
find / \( \( -fstype ffs -a ! -iregex '^/proc.*' -a -type f -a \( -perm -0100 -o -perm -0010 -o -perm -0001 \) \) -o -name 'lib*so*' \) -print | while read line
|
|
do
|
|
echo "Fingerprinting $line"
|
|
hash=`rmd160 < $line`
|
|
flag=""
|
|
if [ ! -x $line ]
|
|
then
|
|
flag=" FILE"
|
|
fi
|
|
if [ "${hash}" != "" ]
|
|
then
|
|
echo "$line rmd160 ${hash}${flag}" >> signatures
|
|
fi
|
|
done
|