I would appreciate any donations. Wishlist or send e-mail type donations to maekawa AT daemon-systems.org.
VERIEXECGEN(8) System Manager's Manual VERIEXECGEN(8) NAME veriexecgen - generate fingerprints for Veriexec SYNOPSIS veriexecgen [-AaDrSTvW] [-d dir] [-o fingerprintdb] [-p prefix] [-t algorithm] veriexecgen [-h] DESCRIPTION veriexecgen can be used to create a fingerprint database for use with Veriexec. If no command line arguments were specified, veriexecgen will resort to default operation, implying -D -o /etc/signatures -t sha256. If the output file already exists, veriexecgen will save a backup copy in the same file only with a ".old" suffix. The following options are available: -A Append to the output file, don't overwrite it. -a Add fingerprints for non-executable files as well. -D Search system directories, /bin, /sbin, /usr/bin, /usr/sbin, /lib, /usr/lib, /libexec, and /usr/libexec. -d dir Scan for files in dir. Multiple uses of this flag can specify more than one directory. -h Display the help screen. -o fingerprintdb Save the generated fingerprint database to fingerprintdb. -p prefix When storing files in the fingerprint database, store the full pathnames of files with the leading "prefix" of the filenames removed. -r Scan recursively. -S Set the immutable flag on the created signatures file when done writing it. -T Put a timestamp on the generated file. -t algorithm Use algorithm for the fingerprints. Must be one of "sha256", "sha384", or "sha512". -v Verbose mode. Print messages describing what operations are being done. -W By default, veriexecgen will exit when an error condition is encountered. This option will treat errors such as not being able to follow a symbolic link, not being able to find the real path for a directory entry, or not being able to calculate a hash of an entry as a warning, rather than an error. If errors are treated as warnings, veriexecgen will continue processing. The default behaviour is to treat errors as fatal. FILES /etc/signatures EXAMPLES Fingerprint files in the common system directories using the default hashing algorithm "sha256" and save to the default fingerprint database in /etc/signatures: # veriexecgen Fingerprint files in /etc, appending to the default fingerprint database: # veriexecgen -A -d /etc Fingerprint files in /path/to/somewhere using "sha512" as the hashing algorithm, saving to /etc/somewhere.fp: # veriexecgen -d /path/to/somewhere -t sha512 -o /etc/somewhere.fp SEE ALSO veriexec(4), veriexec(5), security(7), veriexec(8), veriexecctl(8) NetBSD 8.0 September 9, 2017 NetBSD 8.0