Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
VERIEXECGEN(8)		  BSD System Manager's Manual		VERIEXECGEN(8)

     veriexecgen -- generate fingerprints for Veriexec

     veriexecgen [-AaDrSTvW] [-d dir] [-o fingerprintdb] [-p prefix]
		 [-t algorithm]
     veriexecgen [-h]

     veriexecgen can be	used to	create a fingerprint database for use with

     If	no command line	arguments were specified, veriexecgen will resort to
     default operation,	implying -D -o /etc/signatures -t sha256.

     If	the output file	already	exists,	veriexecgen will save a	backup copy in
     the same file only	with a ".old" suffix.

     The following options are available:

     -A		Append to the output file, don't overwrite it.

     -a		Add fingerprints for non-executable files as well.

     -D		Search system directories, /bin, /sbin,	/usr/bin, /usr/sbin,
		/lib, /usr/lib,	/libexec, and /usr/libexec.

     -d	dir	Scan for files in dir.	Multiple uses of this flag can specify
		more than one directory.

     -h		Display	the help screen.

     -o	fingerprintdb
		Save the generated fingerprint database	to fingerprintdb.

     -p	prefix	When storing files in the fingerprint database,	store the full
		pathnames of files with	the leading "prefix" of	the filenames

     -r		Scan recursively.

     -S		Set the	immutable flag on the created signatures file when
		done writing it.

     -T		Put a timestamp	on the generated file.

     -t	algorithm
		Use algorithm for the fingerprints.  Must be one of "md5",
		"sha1",	"sha256", "sha384", "sha512", or "rmd160".

     -v		Verbose	mode.  Print messages describing what operations are
		being done.

     -W		By default, veriexecgen	will exit when an error	condition is
		encountered.  This option will treat errors such as not	being
		able to	follow a symbolic link,	not being able to find the
		real path for a	directory entry, or not	being able to calcu-
		late a hash of an entry	as a warning, rather than an error.
		If errors are treated as warnings, veriexecgen will continue
		processing.  The default behaviour is to treat errors as fa-


     Fingerprint files in the common system directories	using the default
     hashing algorithm "sha256"	and save to the	default	fingerprint database
     in	/etc/signatures:

	   # veriexecgen

     Fingerprint files in /etc,	appending to the default fingerprint database:

	   # veriexecgen -A -d /etc

     Fingerprint files in /path/to/somewhere using "rmd160" as the hashing al-
     gorithm, saving to	/etc/somewhere.fp:

	   # veriexecgen -d /path/to/somewhere -t rmd160 -o /etc/somewhere.fp

     veriexec(4), veriexec(5), security(7), veriexec(8), veriexecctl(8)

BSD			       February	18, 2008			   BSD


Want to link to this manual page? Use this URL:

home | help