143 lines
4.1 KiB
Groff
143 lines
4.1 KiB
Groff
.\" $NetBSD: veriexecgen.8,v 1.8 2006/09/23 19:08:48 elad Exp $
|
|
.\"
|
|
.\" Copyright (c) 2006 The NetBSD Foundation, Inc.
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" This code is derived from software contributed to The NetBSD Foundation
|
|
.\" by Matt Fleming.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. All advertising materials mentioning features or use of this software
|
|
.\" must display the following acknowledgement:
|
|
.\" This product includes software developed by the NetBSD
|
|
.\" Foundation, Inc. and its contributors.
|
|
.\" 4. Neither the name of The NetBSD Foundation nor the names of its
|
|
.\" contributors may be used to endorse or promote products derived
|
|
.\" from this software without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
|
.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
|
.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
|
.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
.\" POSSIBILITY OF SUCH DAMAGE.
|
|
.\"
|
|
.Dd September 23, 2006
|
|
.Dt VERIEXECGEN 8
|
|
.Sh NAME
|
|
.Nm veriexecgen
|
|
.Nd generate fingerprints for Veriexec
|
|
.Sh SYNOPSIS
|
|
.Nm
|
|
.Op Fl AaDrSv
|
|
.Op Fl d Pa dir
|
|
.Op Fl o Pa fingerprintdb
|
|
.Op Fl t Ar algorithm
|
|
.Nm
|
|
.Op Fl h
|
|
.Sh DESCRIPTION
|
|
.Nm
|
|
can be used to create a fingerprint database for use with Veriexec.
|
|
.Pp
|
|
If no command line arguments were specified,
|
|
.Nm
|
|
will resort to default operation, implying
|
|
.Fl D Fl o Ar /etc/signatures Fl t Ar sha256 .
|
|
.Pp
|
|
If the output file already exists,
|
|
.Nm
|
|
will save a backup copy in the same file only with a
|
|
.Dq .old
|
|
suffix.
|
|
.Pp
|
|
The following options are available:
|
|
.Bl -tag
|
|
.It Fl A
|
|
Append to the output file, don't overwrite it.
|
|
.It Fl a
|
|
Add fingerprints for non-executable files as well.
|
|
.It Fl D
|
|
Search system directories,
|
|
.Pa /bin ,
|
|
.Pa /sbin ,
|
|
.Pa /usr/bin ,
|
|
.Pa /usr/sbin ,
|
|
.Pa /lib ,
|
|
.Pa /usr/lib ,
|
|
.Pa /libexec ,
|
|
and
|
|
.Pa /usr/libexec .
|
|
.It Fl d Ar dir
|
|
Scan for files in
|
|
.Ar dir .
|
|
Multiple uses of this flag can specify more than one directory.
|
|
.\" .It Fl F
|
|
.\" Try to guess the correct flags for every file.
|
|
.It Fl h
|
|
Display the help screen.
|
|
.It Fl o Ar fingerprintdb
|
|
Save the generated fingerprint database to
|
|
.Ar fingerprintdb .
|
|
.It Fl r
|
|
Scan recursively.
|
|
.It Fl S
|
|
Set the immutable flag on the created signatures file when done writing it.
|
|
.It Fl t Ar algorithm
|
|
Use
|
|
.Ar algorithm
|
|
for the fingerprints.
|
|
Must be one of
|
|
.Dq md5 ,
|
|
.Dq sha1 ,
|
|
.Dq sha256 ,
|
|
.Dq sha384 ,
|
|
.Dq sha512 ,
|
|
or
|
|
.Dq rmd160 .
|
|
.It Fl v
|
|
Verbose mode.
|
|
Print messages describing what operations are being done.
|
|
.El
|
|
.Sh FILES
|
|
.Pa /etc/signatures
|
|
.Sh EXAMPLES
|
|
Fingerprint files in the common system directories using the default hashing
|
|
algorithm
|
|
.Dq sha256
|
|
and save to the default fingerprint database in
|
|
.Pa /etc/signatures :
|
|
.Bd -literal -offset indent
|
|
# veriexecgen
|
|
.Ed
|
|
.Pp
|
|
Fingerprint files in
|
|
.Pa /etc ,
|
|
appending to the default fingerprint database:
|
|
.Bd -literal -offset indent
|
|
# veriexecgen -A -d /etc
|
|
.Ed
|
|
.Pp
|
|
Fingerprint files in
|
|
.Pa /path/to/somewhere using
|
|
.Dq rmd160
|
|
as the hashing algorithm, saving to
|
|
.Pa /etc/somewhere.fp :
|
|
.Bd -literal -offset indent
|
|
# veriexecgen -d /path/to/somewhere -t rmd160 -o /etc/somewhere.fp
|
|
.Ed
|
|
.Sh SEE ALSO
|
|
.Xr veriexec 4 ,
|
|
.Xr veriexecctl 8
|