Updated: 2022/Sep/29
Please read Privacy Policy. It's for your privacy.
VERIEXECCTL(8) System Manager's Manual VERIEXECCTL(8) NAME veriexecctl - manage the Veriexec subsystem SYNOPSIS veriexecctl [-ekv] load [file] veriexecctl delete file | mount_point veriexecctl dump veriexecctl flush veriexecctl query file DESCRIPTION The veriexecctl command is used to manipulate Veriexec, the NetBSD file integrity subsystem. Commands load [file] Load the fingerprint entries contained in file, if specified, or the default signatures file otherwise. This operation is only allowed in learning mode (strict level zero). The following flags are allowed with this command: -e Evaluate fingerprint on load, as opposed to when the file is accessed. -k Keep the filenames in the entry for more accurate logging. -v Enable verbose output. delete file | mount_point Delete either a single entry file or all entries on mount_point from being monitored by Veriexec. dump Dump the Veriexec database from the kernel. Only entries that have the filename will be presented. This can be used to recover a lost database: # veriexecctl dump > /etc/signatures flush Delete all entries in the Veriexec database. query file Query Veriexec for information associated with file: Filename, mount, fingerprint, fingerprint algorithm, evaluation status, and entry type. FILES /dev/veriexec Veriexec pseudo-device /etc/signatures default signatures file SEE ALSO veriexec(4), veriexec(5), security(7), veriexec(8), veriexecgen(8) HISTORY veriexecctl first appeared in NetBSD 2.0. AUTHORS Brett Lymn <blymn@NetBSD.org> Elad Efrat <elad@NetBSD.org> NOTES The kernel is expected to have the "veriexec" pseudo-device. NetBSD 10.99 August 31, 2008 NetBSD 10.99