Updated: 2022/Sep/29
Please read Privacy Policy. It's for your privacy.
VERIEXECCTL(8) System Manager's Manual VERIEXECCTL(8)
NAME
veriexecctl - manage the Veriexec subsystem
SYNOPSIS
veriexecctl [-ekv] load [file]
veriexecctl delete file | mount_point
veriexecctl dump
veriexecctl flush
veriexecctl query file
DESCRIPTION
The veriexecctl command is used to manipulate Veriexec, the NetBSD file
integrity subsystem.
Commands
load [file]
Load the fingerprint entries contained in file, if specified, or
the default signatures file otherwise.
This operation is only allowed in learning mode (strict level
zero).
The following flags are allowed with this command:
-e Evaluate fingerprint on load, as opposed to when the file
is accessed.
-k Keep the filenames in the entry for more accurate logging.
-v Enable verbose output.
delete file | mount_point
Delete either a single entry file or all entries on mount_point
from being monitored by Veriexec.
dump Dump the Veriexec database from the kernel. Only entries that have
the filename will be presented.
This can be used to recover a lost database:
# veriexecctl dump > /etc/signatures
flush
Delete all entries in the Veriexec database.
query file
Query Veriexec for information associated with file: Filename,
mount, fingerprint, fingerprint algorithm, evaluation status, and
entry type.
FILES
/dev/veriexec Veriexec pseudo-device
/etc/signatures default signatures file
SEE ALSO
veriexec(4), veriexec(5), security(7), veriexec(8), veriexecgen(8)
HISTORY
veriexecctl first appeared in NetBSD 2.0.
AUTHORS
Brett Lymn <blymn@NetBSD.org>
Elad Efrat <elad@NetBSD.org>
NOTES
The kernel is expected to have the "veriexec" pseudo-device.
NetBSD 10.99 August 31, 2008 NetBSD 10.99