Thu Apr 28 11:23:57 2011 UTC ()
security(7), not (8).


(wiz)
diff -r1.35 -r1.36 src/sbin/veriexecctl/veriexecctl.8
cvs diff -r1.35 -r1.36 src/sbin/veriexecctl/veriexecctl.8 (switch to unified diff)

--- src/sbin/veriexecctl/veriexecctl.8 2008/08/31 23:40:19 1.35
+++ src/sbin/veriexecctl/veriexecctl.8 2011/04/28 11:23:57 1.36
@@ -1,133 +1,133 @@ @@ -1,133 +1,133 @@
1.\" $NetBSD: veriexecctl.8,v 1.35 2008/08/31 23:40:19 dholland Exp $ 1.\" $NetBSD: veriexecctl.8,v 1.36 2011/04/28 11:23:57 wiz Exp $
2.\" 2.\"
3.\" Copyright (c) 1999 3.\" Copyright (c) 1999
4.\" Brett Lymn - blymn@baea.com.au, brett_lymn@yahoo.com.au 4.\" Brett Lymn - blymn@baea.com.au, brett_lymn@yahoo.com.au
5.\" 5.\"
6.\" This code is donated to The NetBSD Foundation by the author. 6.\" This code is donated to The NetBSD Foundation by the author.
7.\" 7.\"
8.\" Redistribution and use in source and binary forms, with or without 8.\" Redistribution and use in source and binary forms, with or without
9.\" modification, are permitted provided that the following conditions 9.\" modification, are permitted provided that the following conditions
10.\" are met: 10.\" are met:
11.\" 1. Redistributions of source code must retain the above copyright 11.\" 1. Redistributions of source code must retain the above copyright
12.\" notice, this list of conditions and the following disclaimer. 12.\" notice, this list of conditions and the following disclaimer.
13.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" 2. Redistributions in binary form must reproduce the above copyright
14.\" notice, this list of conditions and the following disclaimer in the 14.\" notice, this list of conditions and the following disclaimer in the
15.\" documentation and/or other materials provided with the distribution. 15.\" documentation and/or other materials provided with the distribution.
16.\" 3. The name of the Author may not be used to endorse or promote 16.\" 3. The name of the Author may not be used to endorse or promote
17.\" products derived from this software without specific prior written 17.\" products derived from this software without specific prior written
18.\" permission. 18.\" permission.
19.\" 19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 20.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE. 30.\" SUCH DAMAGE.
31.\" 31.\"
32.\" $Id: veriexecctl.8,v 1.35 2008/08/31 23:40:19 dholland Exp $ 32.\" $Id: veriexecctl.8,v 1.36 2011/04/28 11:23:57 wiz Exp $
33.\" 33.\"
34.Dd August 31, 2008 34.Dd August 31, 2008
35.Dt VERIEXECCTL 8 35.Dt VERIEXECCTL 8
36.Os 36.Os
37.Sh NAME 37.Sh NAME
38.Nm veriexecctl 38.Nm veriexecctl
39.Nd manage the 39.Nd manage the
40.Em Veriexec 40.Em Veriexec
41subsystem 41subsystem
42.Sh SYNOPSIS 42.Sh SYNOPSIS
43.Nm 43.Nm
44.Op Fl ekv 44.Op Fl ekv
45.Cm load Op file 45.Cm load Op file
46.Nm 46.Nm
47.Cm delete Ar file | mount_point 47.Cm delete Ar file | mount_point
48.Nm 48.Nm
49.Cm dump 49.Cm dump
50.Nm 50.Nm
51.Cm flush 51.Cm flush
52.Nm 52.Nm
53.Cm query Ar file 53.Cm query Ar file
54.Sh DESCRIPTION 54.Sh DESCRIPTION
55The 55The
56.Nm 56.Nm
57command is used to manipulate 57command is used to manipulate
58.Em Veriexec , 58.Em Veriexec ,
59the 59the
60.Nx 60.Nx
61file integrity subsystem. 61file integrity subsystem.
62.Ss Commands 62.Ss Commands
63.Bl -tag -width XXXX 63.Bl -tag -width XXXX
64.It Cm load Op file 64.It Cm load Op file
65Load the fingerprint entries contained in 65Load the fingerprint entries contained in
66.Ar file , 66.Ar file ,
67if specified, or the default signatures file otherwise. 67if specified, or the default signatures file otherwise.
68.Pp 68.Pp
69This operation is only allowed in learning mode (strict level zero). 69This operation is only allowed in learning mode (strict level zero).
70.Pp 70.Pp
71The following flags are allowed with this command: 71The following flags are allowed with this command:
72.Bl -tag -width indent 72.Bl -tag -width indent
73.It Fl e 73.It Fl e
74Evaluate fingerprint on load, as opposed to when the file is accessed. 74Evaluate fingerprint on load, as opposed to when the file is accessed.
75.It Fl k 75.It Fl k
76Keep the filenames in the entry for more accurate logging. 76Keep the filenames in the entry for more accurate logging.
77.It Fl v 77.It Fl v
78Enable verbose output. 78Enable verbose output.
79.El 79.El
80.It Cm delete Ar file | mount_point 80.It Cm delete Ar file | mount_point
81Delete either a single entry 81Delete either a single entry
82.Ar file 82.Ar file
83or all entries on 83or all entries on
84.Ar mount_point 84.Ar mount_point
85from being monitored by 85from being monitored by
86.Em Veriexec . 86.Em Veriexec .
87.It Cm dump 87.It Cm dump
88Dump the 88Dump the
89.Em Veriexec 89.Em Veriexec
90database from the kernel. 90database from the kernel.
91Only entries that have the filename will be presented. 91Only entries that have the filename will be presented.
92.Pp 92.Pp
93This can be used to recover a lost database: 93This can be used to recover a lost database:
94.Bd -literal -offset indent 94.Bd -literal -offset indent
95# veriexecctl dump \*[Gt] /etc/signatures 95# veriexecctl dump \*[Gt] /etc/signatures
96.Ed 96.Ed
97.It Cm flush 97.It Cm flush
98Delete all entries in the 98Delete all entries in the
99.Em Veriexec 99.Em Veriexec
100database. 100database.
101.It Cm query Ar file 101.It Cm query Ar file
102Query 102Query
103.Em Veriexec 103.Em Veriexec
104for information associated with 104for information associated with
105.Ar file : 105.Ar file :
106Filename, mount, fingerprint, fingerprint algorithm, evaluation status, 106Filename, mount, fingerprint, fingerprint algorithm, evaluation status,
107and entry type. 107and entry type.
108.El 108.El
109.Sh FILES 109.Sh FILES
110.Bl -tag -width /etc/signatures -compact 110.Bl -tag -width /etc/signatures -compact
111.It Pa /dev/veriexec 111.It Pa /dev/veriexec
112.Em Veriexec 112.Em Veriexec
113pseudo-device 113pseudo-device
114.It Pa /etc/signatures 114.It Pa /etc/signatures
115default signatures file 115default signatures file
116.El 116.El
117.Sh SEE ALSO 117.Sh SEE ALSO
118.Xr veriexec 4 , 118.Xr veriexec 4 ,
119.Xr veriexec 5 , 119.Xr veriexec 5 ,
120.Xr security 8 , 120.Xr security 7 ,
121.Xr veriexec 8 , 121.Xr veriexec 8 ,
122.Xr veriexecgen 8 122.Xr veriexecgen 8
123.Sh HISTORY 123.Sh HISTORY
124.Nm 124.Nm
125first appeared in 125first appeared in
126.Nx 2.0 . 126.Nx 2.0 .
127.Sh AUTHORS 127.Sh AUTHORS
128.An Brett Lymn Aq blymn@NetBSD.org 128.An Brett Lymn Aq blymn@NetBSD.org
129.An Elad Efrat Aq elad@NetBSD.org 129.An Elad Efrat Aq elad@NetBSD.org
130.Sh NOTES 130.Sh NOTES
131The kernel is expected to have the 131The kernel is expected to have the
132.Dq veriexec 132.Dq veriexec
133pseudo-device. 133pseudo-device.