VERIEXECGEN(8) | System Manager's Manual | VERIEXECGEN(8) |
veriexecgen
—
veriexecgen |
[-AaDrSTvW ] [-d
dir] [-o
fingerprintdb] [-p
prefix] [-t
algorithm] |
veriexecgen |
[-h ] |
veriexecgen
can be used to create a fingerprint database
for use with Veriexec.
If no command line arguments were specified,
veriexecgen
will resort to default operation,
implying -D
-o
/etc/signatures -t
sha256.
If the output file already exists,
veriexecgen
will save a backup copy in the same file
only with a “.old” suffix.
The following options are available:
-A
-a
-D
-d
dir-h
-o
fingerprintdb-p
prefix-r
-S
-T
-t
algorithm-v
-W
veriexecgen
will exit when an error
condition is encountered. This option will treat errors such as not being
able to follow a symbolic link, not being able to find the real path for a
directory entry, or not being able to calculate a hash of an entry as a
warning, rather than an error. If errors are treated as warnings,
veriexecgen
will continue processing. The default
behaviour is to treat errors as fatal.# veriexecgen
Fingerprint files in /etc, appending to the default fingerprint database:
# veriexecgen -A -a -d /etc
Fingerprint files in /path/to/somewhere using “sha512” as the hashing algorithm, saving to /etc/somewhere.fp:
# veriexecgen -d /path/to/somewhere -t sha512 -o /etc/somewhere.fp
January 8, 2019 | NetBSD 9.4 |