veriexecctl
—
manage the Veriexec subsystem
veriexecctl |
[-ekv ] load
[file] |
veriexecctl |
delete file |
mount_point |
The veriexecctl
command is used to manipulate
Veriexec, the NetBSD file integrity
subsystem.
load
[file]
- Load the fingerprint entries contained in file, if
specified, or the default signatures file otherwise.
This operation is only allowed in learning mode (strict level
zero).
The following flags are allowed with this command:
-e
- Evaluate fingerprint on load, as opposed to when the file is
accessed.
-k
- Keep the filenames in the entry for more accurate logging.
-v
- Enable verbose output.
delete
file | mount_point
- Delete either a single entry file or all entries on
mount_point from being monitored by
Veriexec.
dump
- Dump the Veriexec database from the kernel. Only entries
that have the filename will be presented.
This can be used to recover a lost database:
# veriexecctl dump > /etc/signatures
flush
- Delete all entries in the Veriexec database.
query
file
- Query Veriexec for information associated with
file: Filename, mount, fingerprint, fingerprint
algorithm, evaluation status, and entry type.
- /dev/veriexec
- Veriexec pseudo-device
- /etc/signatures
- default signatures file
veriexecctl
first appeared in NetBSD
2.0.
The kernel is expected to have the “veriexec” pseudo-device.