| VERIEXECGEN(8) | System Manager's Manual | VERIEXECGEN(8) | 
NAME
 veriexecgen — generate fingerprints for Veriexec
SYNOPSIS
| veriexecgen | [-AaDrSTvW] [-d dir] [-o fingerprintdb] [-p prefix] [-t algorithm] | 
 
DESCRIPTION
 veriexecgen can be used to create a fingerprint database for use with 
Veriexec.
If no command line arguments were specified, veriexecgen will resort to default operation, implying -D -o /etc/signatures -t sha256.
If the output file already exists, veriexecgen will save a backup copy in the same file only with a “.old” suffix.
The following options are available:
- 
-A
- 
Append to the output file, don't overwrite it.
- 
-a
- 
Add fingerprints for non-executable files as well.
- 
-D
- 
Search system directories, /bin, /sbin, /usr/bin, /usr/sbin, /lib, /usr/lib, /libexec, and /usr/libexec.
- 
-d dir
- 
Scan for files in dir. Multiple uses of this flag can specify more than one directory.
- 
-h
- 
Display the help screen.
- 
-o fingerprintdb
- 
Save the generated fingerprint database to fingerprintdb.
- 
-p prefix
- 
When storing files in the fingerprint database, store the full pathnames of files with the leading “prefix” of the filenames removed.
- 
-r
- 
Scan recursively.
- 
-S
- 
Set the immutable flag on the created signatures file when done writing it.
- 
-T
- 
Put a timestamp on the generated file.
- 
-t algorithm
- 
Use algorithm for the fingerprints. Must be one of “md5”, “sha1”, “sha256”, “sha384”, “sha512”, or “rmd160”.
- 
-v
- 
Verbose mode. Print messages describing what operations are being done.
- 
-W
- 
By default, veriexecgen will exit when an error condition is encountered. This option will treat errors such as not being able to follow a symbolic link, not being able to find the real path for a directory entry, or not being able to calculate a hash of an entry as a warning, rather than an error. If errors are treated as warnings, veriexecgen will continue processing. The default behaviour is to treat errors as fatal.
 
FILES
 /etc/signatures
EXAMPLES
 Fingerprint files in the common system directories using the default hashing algorithm “sha256” and save to the default fingerprint database in 
/etc/signatures:
# veriexecgen
Fingerprint files in /etc, appending to the default fingerprint database:
# veriexecgen -A -d /etc
Fingerprint files in /path/to/somewhere using “rmd160” as the hashing algorithm, saving to /etc/somewhere.fp:
# veriexecgen -d /path/to/somewhere -t rmd160 -o /etc/somewhere.fp