NetBSD/share/man/man4/veriexec.4
2011-03-18 22:19:31 +00:00

159 lines
4.9 KiB
Groff

.\" $NetBSD: veriexec.4,v 1.21 2011/03/18 22:19:31 jruoho Exp $
.\"
.\" Copyright 2005 Elad Efrat <elad@bsd.org.il>
.\" Copyright 2005 Brett Lymn <blymn@netbsd.org>
.\"
.\" This code is donated to The NetBSD Foundation by the author.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. The name of the Author may not be used to endorse or promote
.\" products derived from this software without specific prior written
.\" permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd March 19, 2011
.Dt VERIEXEC 4
.Os
.Sh NAME
.Nm veriexec
.Nd Veriexec pseudo-device
.Sh SYNOPSIS
.Cd pseudo-device veriexec
.Sh DESCRIPTION
.Em Veriexec
verifies the integrity of specified executables and files before they are
run or read.
This makes it much more difficult to insert a trojan horse into the system
and also makes it more difficult to run binaries that are not supposed to
be running, for example, packet sniffers, DDoS clients and so on.
.Pp
The
.Nm
pseudo-device is used to load and delete entries to and from the in-kernel
.Em Veriexec
databases, as well as query information about them.
It can also be used to dump the entire database.
.Ss Kernel-userland interaction
.Em Veriexec
uses
.Xr proplib 3
for communication between the kernel and userland.
.Bl -tag -width XXXX
.It Dv VERIEXEC_LOAD
Load an entry for a file to be monitored by
.Em Veriexec .
.Pp
The dictionary passed contains the following elements:
.Bl -column entryxtype string
.It Sy Name Type Purpose
.It file string filename for this entry
.It entry-type uint8 entry type ( see below )
.It fp-type string fingerprint hashing algorithm
.It fp data the fingerprint
.El
.Pp
.Dq entry-type
can be one or more (binary-OR'd) of the following:
.Bl -column veriexecxuntrusted effect
.It Sy Type Effect
.It Dv VERIEXEC_DIRECT can execute directly
.It Dv VERIEXEC_INDIRECT can execute indirectly (interpreter, Xr mmap 2 )
.It Dv VERIEXEC_FILE can be opened
.It Dv VERIEXEC_UNTRUSTED located on untrusted storage
.El
.It Dv VERIEXEC_DELETE
Removes either an entry for a single file or entries for an entire mount from
.Em Veriexec .
.Pp
The dictionary passed contains the following elements:
.Bl -column file string
.It Sy Name Type Purpose
.It file string filename or mount-point
.El
.It Dv VERIEXEC_DUMP
Dump the
.Em Veriexec
monitored files database from the kernel.
.Pp
Only files that the filename is kept for them will be dumped.
The returned array contains dictionaries with the following elements:
.Bl -column entryxtype string
.It Sy Name Type Purpose
.It file string filename
.It fp-type string fingerprint hashing algorithm
.It fp data the fingerprint
.It entry-type uint8 entry type ( see above )
.El
.It Dv VERIEXEC_FLUSH
Flush the
.Em Veriexec
database, removing all entries.
.Pp
This command has no parameters.
.It Dv VERIEXEC_QUERY
Queries
.Em Veriexec
about a file, returning information that may be useful about it.
.Pp
The dictionary passed contains the following elements:
.Bl -column file string
.It Sy Name Type Purpose
.It file string filename
.El
.Pp
The dictionary returned contains the following elements:
.Bl -column entryxtype string
.It Sy Name Type Purpose
.It entry-type uint8 entry type ( see above )
.It status uint8 entry status
.It fp-type string fingerprint hashing algorithm
.It fp data the fingerprint
.El
.Pp
.Dq status
can be one of the following:
.Bl -column fingerprintxmismatch effect
.It Sy Status Meaning
.It Dv FINGERPRINT_NOTEVAL not evaluated
.It Dv FINGERPRINT_VALID fingerprint match
.It Dv FINGERPRINT_MISMATCH fingerprint mismatch
.El
.El
.Pp
Note that the requests
.Dv VERIEXEC_LOAD ,
.Dv VERIEXEC_DELETE ,
and
.Dv VERIEXEC_FLUSH
are not permitted once the strict level has been raised past 0.
.Sh SEE ALSO
.Xr proplib 3 ,
.Xr sysctl 3 ,
.Xr security 7 ,
.Xr sysctl 8 ,
.Xr veriexecctl 8 ,
.Xr veriexecgen 8 ,
.Xr veriexec 9
.Sh NOTES
.Nm
is part of the default configuration on the following architectures: amd64,
i386, prep, sparc64.
.Sh AUTHORS
.An Brett Lymn Aq blymn@NetBSD.org
.An Elad Efrat Aq elad@NetBSD.org