Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
VERIEXEC(5)		    BSD	File Formats Manual		   VERIEXEC(5)

NAME
     veriexec -- format	for the	Veriexec signatures file

DESCRIPTION
     Veriexec loads entries to the in-kernel database from a file describing
     files to be monitored and the type	of monitoring.	This file is often re-
     ferred to as the `signatures database' or `signatures file'.

     The signatures file can be	easily created using veriexecgen(8).

SIGNATURES DATABASE FORMAT
     The signatures database has a line	based structure, where each line has
     several fields separated by white-space (space, tabs, etc.) taking	the
     following form:

	   path	type fingerprint    flags

     The description for each field is as follows:

     path	  The full path	to the file.  White-space characters can be
		  escaped if prefixed with a `\'.

     type	  Type of fingerprinting algorithm used	for the	file.

		  Requires kernel support for the specified algorithm.	List
		  of fingerprinting algorithms supported by the	kernel can be
		  obtained by using the	following command:

			# sysctl kern.veriexec.algorithms

     fingerprint  The fingerprint for the file.	 Can (usually) be generated
		  using	the following command:

			% cksum	-a <algorithm> <file>

     flags	  Optional listing of entry flags, separated by	a comma.
		  These	may include:

		  direct     Allow direct execution only.

			     Execution of a program is said to be "direct"
			     when the program is invoked by the	user (either
			     in	a script, manually typing it, etc.) via	the
			     execve(2) syscall.

		  indirect   Allow indirect execution only.

			     Execution of a program is said to be "indirect"
			     if	it is invoked by the kernel to interpret a
			     script ("hash-bang").

		  file	     Allow opening the file only, via the open(2)
			     syscall (no execution is allowed).

		  untrusted  Indicate that the file is located on untrusted
			     storage and its fingerprint evaluation status
			     should not	be cached, but rather re-calculated
			     each time it is accessed.

			     Fingerprints for untrusted	files will always be
			     evaluated on load.

		  To improve readaibility of the signatures file, the follow-
		  ing aliases are provided:

		  program      An alias	for "direct".

		  interpreter  An alias	for "indirect"

		  script       An alias	for both "direct" and "file".

		  library      An alias	for both "file"	and "indirect".

		  If no	flags are specified, "direct" is assumed.

     Comments begin with a `#' character and span to the end of	the line.

SEE ALSO
     veriexec(4), security(7), veriexec(8), veriexecctl(8), veriexecgen(8)

HISTORY
     veriexec first appeared in	NetBSD 2.0.

AUTHORS
     Brett Lymn	<blymn@NetBSD.org>
     Elad Efrat	<elad@NetBSD.org>

BSD				March 18, 2011				   BSD

NAME | DESCRIPTION | SIGNATURES DATABASE FORMAT | SEE ALSO | HISTORY | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=veriexec&sektion=5&manpath=NetBSD+6.0>

home | help