man.bsd.lv manual page server

DESCRIPTION

If no command line arguments were specified, veriexecgen will resort to default operation, implying -D -o /etc/signatures -t sha256.

If the output file already exists, veriexecgen will save a backup copy in the same file only with a “.old” suffix.

The following options are available:

-A

Append to the output file, don't overwrite it.

-a

Add fingerprints for non-executable files as well.

-D

Search system directories, /bin, /sbin, /usr/bin, /usr/sbin, /lib, /usr/lib, /libexec, and /usr/libexec.

-d dir

Scan for files in dir. Multiple uses of this flag can specify more than one directory.

-h

Display the help screen.

-o fingerprintdb

Save the generated fingerprint database to fingerprintdb.

-p prefix

When storing files in the fingerprint database, store the full pathnames of files with the leading “prefix” of the filenames removed.

-r

Scan recursively.

-S

Set the immutable flag on the created signatures file when done writing it.

-T

Put a timestamp on the generated file.

-t algorithm

Use algorithm for the fingerprints. Must be one of “sha256”, “sha384”, or “sha512”.

-v

Verbose mode. Print messages describing what operations are being done.

-W

By default, veriexecgen will exit when an error condition is encountered. This option will treat errors such as not being able to follow a symbolic link, not being able to find the real path for a directory entry, or not being able to calculate a hash of an entry as a warning, rather than an error. If errors are treated as warnings, veriexecgen will continue processing. The default behaviour is to treat errors as fatal.

# veriexecgen

# veriexecgen -A -a -d /etc

# veriexecgen -d /path/to/somewhere -t sha512 -o /etc/somewhere.fp