| @@ -1,133 +1,133 @@ | | | @@ -1,133 +1,133 @@ |
1 | .\" $NetBSD: veriexecctl.8,v 1.35 2008/08/31 23:40:19 dholland Exp $ | | 1 | .\" $NetBSD: veriexecctl.8,v 1.36 2011/04/28 11:23:57 wiz Exp $ |
2 | .\" | | 2 | .\" |
3 | .\" Copyright (c) 1999 | | 3 | .\" Copyright (c) 1999 |
4 | .\" Brett Lymn - blymn@baea.com.au, brett_lymn@yahoo.com.au | | 4 | .\" Brett Lymn - blymn@baea.com.au, brett_lymn@yahoo.com.au |
5 | .\" | | 5 | .\" |
6 | .\" This code is donated to The NetBSD Foundation by the author. | | 6 | .\" This code is donated to The NetBSD Foundation by the author. |
7 | .\" | | 7 | .\" |
8 | .\" Redistribution and use in source and binary forms, with or without | | 8 | .\" Redistribution and use in source and binary forms, with or without |
9 | .\" modification, are permitted provided that the following conditions | | 9 | .\" modification, are permitted provided that the following conditions |
10 | .\" are met: | | 10 | .\" are met: |
11 | .\" 1. Redistributions of source code must retain the above copyright | | 11 | .\" 1. Redistributions of source code must retain the above copyright |
12 | .\" notice, this list of conditions and the following disclaimer. | | 12 | .\" notice, this list of conditions and the following disclaimer. |
13 | .\" 2. Redistributions in binary form must reproduce the above copyright | | 13 | .\" 2. Redistributions in binary form must reproduce the above copyright |
14 | .\" notice, this list of conditions and the following disclaimer in the | | 14 | .\" notice, this list of conditions and the following disclaimer in the |
15 | .\" documentation and/or other materials provided with the distribution. | | 15 | .\" documentation and/or other materials provided with the distribution. |
16 | .\" 3. The name of the Author may not be used to endorse or promote | | 16 | .\" 3. The name of the Author may not be used to endorse or promote |
17 | .\" products derived from this software without specific prior written | | 17 | .\" products derived from this software without specific prior written |
18 | .\" permission. | | 18 | .\" permission. |
19 | .\" | | 19 | .\" |
20 | .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND | | 20 | .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND |
21 | .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | | 21 | .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
22 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | | 22 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
23 | .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE | | 23 | .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE |
24 | .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | | 24 | .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
25 | .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | | 25 | .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
26 | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | | 26 | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
27 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | | 27 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
28 | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | | 28 | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
29 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | | 29 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
30 | .\" SUCH DAMAGE. | | 30 | .\" SUCH DAMAGE. |
31 | .\" | | 31 | .\" |
32 | .\" $Id: veriexecctl.8,v 1.35 2008/08/31 23:40:19 dholland Exp $ | | 32 | .\" $Id: veriexecctl.8,v 1.36 2011/04/28 11:23:57 wiz Exp $ |
33 | .\" | | 33 | .\" |
34 | .Dd August 31, 2008 | | 34 | .Dd August 31, 2008 |
35 | .Dt VERIEXECCTL 8 | | 35 | .Dt VERIEXECCTL 8 |
36 | .Os | | 36 | .Os |
37 | .Sh NAME | | 37 | .Sh NAME |
38 | .Nm veriexecctl | | 38 | .Nm veriexecctl |
39 | .Nd manage the | | 39 | .Nd manage the |
40 | .Em Veriexec | | 40 | .Em Veriexec |
41 | subsystem | | 41 | subsystem |
42 | .Sh SYNOPSIS | | 42 | .Sh SYNOPSIS |
43 | .Nm | | 43 | .Nm |
44 | .Op Fl ekv | | 44 | .Op Fl ekv |
45 | .Cm load Op file | | 45 | .Cm load Op file |
46 | .Nm | | 46 | .Nm |
47 | .Cm delete Ar file | mount_point | | 47 | .Cm delete Ar file | mount_point |
48 | .Nm | | 48 | .Nm |
49 | .Cm dump | | 49 | .Cm dump |
50 | .Nm | | 50 | .Nm |
51 | .Cm flush | | 51 | .Cm flush |
52 | .Nm | | 52 | .Nm |
53 | .Cm query Ar file | | 53 | .Cm query Ar file |
54 | .Sh DESCRIPTION | | 54 | .Sh DESCRIPTION |
55 | The | | 55 | The |
56 | .Nm | | 56 | .Nm |
57 | command is used to manipulate | | 57 | command is used to manipulate |
58 | .Em Veriexec , | | 58 | .Em Veriexec , |
59 | the | | 59 | the |
60 | .Nx | | 60 | .Nx |
61 | file integrity subsystem. | | 61 | file integrity subsystem. |
62 | .Ss Commands | | 62 | .Ss Commands |
63 | .Bl -tag -width XXXX | | 63 | .Bl -tag -width XXXX |
64 | .It Cm load Op file | | 64 | .It Cm load Op file |
65 | Load the fingerprint entries contained in | | 65 | Load the fingerprint entries contained in |
66 | .Ar file , | | 66 | .Ar file , |
67 | if specified, or the default signatures file otherwise. | | 67 | if specified, or the default signatures file otherwise. |
68 | .Pp | | 68 | .Pp |
69 | This operation is only allowed in learning mode (strict level zero). | | 69 | This operation is only allowed in learning mode (strict level zero). |
70 | .Pp | | 70 | .Pp |
71 | The following flags are allowed with this command: | | 71 | The following flags are allowed with this command: |
72 | .Bl -tag -width indent | | 72 | .Bl -tag -width indent |
73 | .It Fl e | | 73 | .It Fl e |
74 | Evaluate fingerprint on load, as opposed to when the file is accessed. | | 74 | Evaluate fingerprint on load, as opposed to when the file is accessed. |
75 | .It Fl k | | 75 | .It Fl k |
76 | Keep the filenames in the entry for more accurate logging. | | 76 | Keep the filenames in the entry for more accurate logging. |
77 | .It Fl v | | 77 | .It Fl v |
78 | Enable verbose output. | | 78 | Enable verbose output. |
79 | .El | | 79 | .El |
80 | .It Cm delete Ar file | mount_point | | 80 | .It Cm delete Ar file | mount_point |
81 | Delete either a single entry | | 81 | Delete either a single entry |
82 | .Ar file | | 82 | .Ar file |
83 | or all entries on | | 83 | or all entries on |
84 | .Ar mount_point | | 84 | .Ar mount_point |
85 | from being monitored by | | 85 | from being monitored by |
86 | .Em Veriexec . | | 86 | .Em Veriexec . |
87 | .It Cm dump | | 87 | .It Cm dump |
88 | Dump the | | 88 | Dump the |
89 | .Em Veriexec | | 89 | .Em Veriexec |
90 | database from the kernel. | | 90 | database from the kernel. |
91 | Only entries that have the filename will be presented. | | 91 | Only entries that have the filename will be presented. |
92 | .Pp | | 92 | .Pp |
93 | This can be used to recover a lost database: | | 93 | This can be used to recover a lost database: |
94 | .Bd -literal -offset indent | | 94 | .Bd -literal -offset indent |
95 | # veriexecctl dump \*[Gt] /etc/signatures | | 95 | # veriexecctl dump \*[Gt] /etc/signatures |
96 | .Ed | | 96 | .Ed |
97 | .It Cm flush | | 97 | .It Cm flush |
98 | Delete all entries in the | | 98 | Delete all entries in the |
99 | .Em Veriexec | | 99 | .Em Veriexec |
100 | database. | | 100 | database. |
101 | .It Cm query Ar file | | 101 | .It Cm query Ar file |
102 | Query | | 102 | Query |
103 | .Em Veriexec | | 103 | .Em Veriexec |
104 | for information associated with | | 104 | for information associated with |
105 | .Ar file : | | 105 | .Ar file : |
106 | Filename, mount, fingerprint, fingerprint algorithm, evaluation status, | | 106 | Filename, mount, fingerprint, fingerprint algorithm, evaluation status, |
107 | and entry type. | | 107 | and entry type. |
108 | .El | | 108 | .El |
109 | .Sh FILES | | 109 | .Sh FILES |
110 | .Bl -tag -width /etc/signatures -compact | | 110 | .Bl -tag -width /etc/signatures -compact |
111 | .It Pa /dev/veriexec | | 111 | .It Pa /dev/veriexec |
112 | .Em Veriexec | | 112 | .Em Veriexec |
113 | pseudo-device | | 113 | pseudo-device |
114 | .It Pa /etc/signatures | | 114 | .It Pa /etc/signatures |
115 | default signatures file | | 115 | default signatures file |
116 | .El | | 116 | .El |
117 | .Sh SEE ALSO | | 117 | .Sh SEE ALSO |
118 | .Xr veriexec 4 , | | 118 | .Xr veriexec 4 , |
119 | .Xr veriexec 5 , | | 119 | .Xr veriexec 5 , |
120 | .Xr security 8 , | | 120 | .Xr security 7 , |
121 | .Xr veriexec 8 , | | 121 | .Xr veriexec 8 , |
122 | .Xr veriexecgen 8 | | 122 | .Xr veriexecgen 8 |
123 | .Sh HISTORY | | 123 | .Sh HISTORY |
124 | .Nm | | 124 | .Nm |
125 | first appeared in | | 125 | first appeared in |
126 | .Nx 2.0 . | | 126 | .Nx 2.0 . |
127 | .Sh AUTHORS | | 127 | .Sh AUTHORS |
128 | .An Brett Lymn Aq blymn@NetBSD.org | | 128 | .An Brett Lymn Aq blymn@NetBSD.org |
129 | .An Elad Efrat Aq elad@NetBSD.org | | 129 | .An Elad Efrat Aq elad@NetBSD.org |
130 | .Sh NOTES | | 130 | .Sh NOTES |
131 | The kernel is expected to have the | | 131 | The kernel is expected to have the |
132 | .Dq veriexec | | 132 | .Dq veriexec |
133 | pseudo-device. | | 133 | pseudo-device. |