8387760ed1
* We now use hash tables instead of a list to store the in kernel
fingerprints.
* Fingerprint methods handling has been made more flexible, it is now
even simpler to add new methods.
* the loader no longer passes in magic numbers representing the
fingerprint method so veriexecctl is not longer kernel specific.
* fingerprint methods can be tailored out using options in the kernel
config file.
* more fingerprint methods added - rmd160, sha256/384/512
* veriexecctl can now report the fingerprint methods supported by the
running kernel.
* regularised the naming of some portions of veriexec.
146 lines
4.3 KiB
Groff
146 lines
4.3 KiB
Groff
.\" $NetBSD: veriexecctl.8,v 1.8 2005/04/20 13:44:45 blymn Exp $
|
|
.\"
|
|
.\" Copyright (c) 1999
|
|
.\" Brett Lymn - blymn@baea.com.au, brett_lymn@yahoo.com.au
|
|
.\"
|
|
.\" This code is donated to The NetBSD Foundation by the author.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. The name of the Author may not be used to endorse or promote
|
|
.\" products derived from this software without specific prior written
|
|
.\" permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" $Id: veriexecctl.8,v 1.8 2005/04/20 13:44:45 blymn Exp $
|
|
.\"
|
|
.Dd January 6, 2005
|
|
.Dt VERIEXECCTL 8
|
|
.Os
|
|
.Sh NAME
|
|
.Nm veriexecctl
|
|
.Nd load or report verified exec fingerprints
|
|
.Sh SYNOPSIS
|
|
.Nm
|
|
.Ar command
|
|
.Oo
|
|
.Ar arg
|
|
.Oc
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm
|
|
command is used to manipulate the Verified Exec feature.
|
|
Verified Exec must have been configured into the booted kernel for this
|
|
commaned to work.
|
|
.Sh COMMANDS
|
|
.Pp
|
|
.Cm load
|
|
.Ar veriexec.conf
|
|
.Pp
|
|
Load the fingerprint entries contained in
|
|
.Ar veriexec.conf
|
|
into the in kernel tables.
|
|
This operation is only available if kern.securelevel is less than or
|
|
equal to zero.
|
|
Once loaded the kernel can then validate executed programs
|
|
or files against the loaded fingerprints and report when fingerprints
|
|
do not match.
|
|
.Pp
|
|
.Cm fingerprints
|
|
.Pp
|
|
Report the fingerprint methods that are available in the currently running
|
|
kernel.
|
|
This command will return a space separated list of supported fingerprint
|
|
methods that will be accepted by the kernel.
|
|
The default list is:
|
|
.Bd -literal -offset indent
|
|
MD5
|
|
RMD160
|
|
SHA1
|
|
SHA256
|
|
SHA384
|
|
SHA512
|
|
.Ed
|
|
.Pp
|
|
.Sh VERIEXEC.CONF
|
|
.Pp
|
|
The
|
|
.Ar veriexec.conf
|
|
file contains lines of fields (separated by one or more whitespace
|
|
characters) of the form:
|
|
.Pp
|
|
.Dl path type fingerprint options
|
|
.Pp
|
|
Where
|
|
.Em path
|
|
is the full path to the file and
|
|
.Em type
|
|
is the type of fingerprint used, see above for the default list.
|
|
Other fingerprints may be available depending on kernel configuration,
|
|
use the
|
|
.Cm fingerprints
|
|
command option to extract the fingerprints supported by the currently
|
|
running kernel.
|
|
The
|
|
.Em fingerprint
|
|
field is a hexadecimal representation of the fingerprint for
|
|
the file.
|
|
The field
|
|
.Em options
|
|
contains the associated options for the file.
|
|
Currently there are two valid options:
|
|
.Pp
|
|
.Bl -tag -width INDIRECT -compact
|
|
.Pp
|
|
.It Pa INDIRECT
|
|
If this option is set then the executable cannot be invoked directly, it
|
|
can only be used as an interpreter in shell scripts.
|
|
.It Pa FILE
|
|
Indicates that the fingerprint is associated with a file, not an
|
|
executable.
|
|
Files have their fingerprints verified during
|
|
.Xr open 2
|
|
and are automatically made read only.
|
|
This option may be used to verify shared libraries have not been
|
|
tampered with.
|
|
.El
|
|
.Pp
|
|
There must be only one executable/fingerprint pair per line.
|
|
Comments are indicated by the first character of a line being a
|
|
.Sq \&#
|
|
character.
|
|
.Sh FILES
|
|
.Bl -tag -width /dev/veriexec -compact
|
|
.It Pa /dev/veriexec
|
|
verified executable device node
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Pa /usr/share/examples/veriexecctl/gen_md5 ,
|
|
.Pa /usr/share/examples/veriexecctl/gen_sha1
|
|
.Sh HISTORY
|
|
.Nm
|
|
first appeared in
|
|
.Nx 2.0 .
|
|
.Sh NOTES
|
|
.Nm
|
|
requires the kernel to have been configured with the
|
|
.Dv VERIFIED_EXEC
|
|
option and the verifiedexec pseudo-device.
|