Updated: 2022/Sep/29
Please read Privacy Policy. It's for your privacy.
VERIEXEC(5) File Formats Manual VERIEXEC(5)
NAME
veriexec - format for the Veriexec signatures file
DESCRIPTION
Veriexec loads entries to the in-kernel database from a file describing
files to be monitored and the type of monitoring. This file is often
referred to as the `signatures database' or `signatures file'.
The signatures file can be easily created using veriexecgen(8).
SIGNATURES DATABASE FORMAT
The signatures database has a line based structure, where each line has
several fields separated by white-space (space, tabs, etc.) taking the
following form:
path type fingerprint flags
The description for each field is as follows:
path The full path to the file. White-space characters can be
escaped if prefixed with a `\'.
type Type of fingerprinting algorithm used for the file.
Requires kernel support for the specified algorithm. List
of fingerprinting algorithms supported by the kernel can be
obtained by using the following command:
# sysctl kern.veriexec.algorithms
fingerprint The fingerprint for the file. Can (usually) be generated
using the following command:
% cksum -a <algorithm> <file>
flags Optional listing of entry flags, separated by a comma.
These may include:
direct Allow direct execution only.
Execution of a program is said to be "direct"
when the program is invoked by the user (either
in a script, manually typing it, etc.) via the
execve(2) syscall.
indirect Allow indirect execution only.
Execution of a program is said to be "indirect"
if it is invoked by the kernel to interpret a
script ("hash-bang").
file Allow opening the file only, via the open(2)
syscall (no execution is allowed).
untrusted Indicate that the file is located on untrusted
storage and its fingerprint evaluation status
should not be cached, but rather re-calculated
each time it is accessed.
Fingerprints for untrusted files will always be
evaluated on load.
To improve readability of the signatures file, the following
aliases are provided:
program An alias for "direct".
interpreter An alias for "indirect"
script An alias for both "direct" and "file".
library An alias for both "file" and "indirect".
If no flags are specified, "direct" is assumed.
Comments begin with a `#' character and span to the end of the line.
SEE ALSO
veriexec(4), security(7), veriexec(8), veriexecctl(8), veriexecgen(8)
HISTORY
veriexec first appeared in NetBSD 2.0.
AUTHORS
Brett Lymn <blymn@NetBSD.org>
Elad Efrat <elad@NetBSD.org>
NetBSD 10.99 March 18, 2011 NetBSD 10.99