Home | History | Annotate | Download | only in veriexecgen
History log of /src/usr.sbin/veriexecgen/veriexecgen.8
RevisionDateAuthorComments
 1.22  31-Jul-2019  wiz Fix punctuation formatting nits.
 1.21  31-Jul-2019  alnsn Add an option to read entries from a file.
 1.20  08-Jan-2019  gutteridge veriexecgen(8): improve example for appending /etc to the signatures
database. From Edgar Pettijohn in PR misc/53839.
 1.19  10-Sep-2017  wiz branches: 1.19.2; 1.19.4;
Fix enumeration.
 1.18  09-Sep-2017  sevan Remove the ability to generate a signature database with the hash algorithms
MD5, SHA1 & RMD160 which are either broken or on their way to being broken.

Discussed on tech-security
http://mail-index.netbsd.org/tech-security/2017/08/21/msg000936.html

ok riastradh
 1.17  28-Apr-2011  wiz branches: 1.17.36;
security(7), not (8).
 1.16  11-Mar-2009  joerg Fix markup
 1.15  30-Apr-2008  martin branches: 1.15.8;
Convert TNF licenses to new 2 clause variant
 1.14  18-Feb-2008  elad branches: 1.14.4;
Following input from Matthew Mondor, some Veriexec documentation changes:

- Document the signatures file format in a veriexec(5) man-page,
- Document the strict levels and a general Veriexec intro in veriexec(8)
instead of security(8).

Okay blymn@.
 1.13  10-Feb-2008  elad Xref security(8) from veriexec(4), veriexec(9), veriexecctl(8), and
veriexecgen(8).

Suggested by Matthew Mondor.
 1.12  15-May-2007  elad branches: 1.12.4;
Some Veriexec stuff that's been rotting in my tree for months.

Bug fixes:
- Fix crash reported by Scott Ellis on current-users@.

- Fix race conditions in enforcing the Veriexec rename and remove
policies. These are NOT security issues.

- Fix memory leak in rename handling when overwriting a monitored
file.

- Fix table deletion logic.

- Don't prevent query requests if not in learning mode.


KPI updates:
- fileassoc_table_run() now takes a cookie to pass to the callback.

- veriexec_table_add() was removed, it is now done internally. As a
result, there's no longer a need for VERIEXEC_TABLESIZE.

- veriexec_report() was removed, it is now internal.

- Perform sanity checks on the entry type, and enforce default type
in veriexec_file_add() rather than in veriexecctl.

- Add veriexec_flush(), used to delete all Veriexec tables, and
veriexec_dump(), used to fill an array with all Veriexec entries.


New features:
- Add a '-k' flag to veriexecctl, to keep the filenames in the kernel
database. This allows Veriexec to produce slightly more accurate
logs under certain circumstances. In the future, this can be either
replaced by vnode->pathname translation, or combined with it.

- Add a VERIEXEC_DUMP ioctl, to dump the entire Veriexec database.
This can be used to recover a database if the file was lost.
Example usage:

# veriexecctl dump > /etc/signatures

Note that only entries with the filename kept (that is, were loaded
with the '-k' flag) will be dumped.

Idea from Brett Lymn.

- Add a VERIEXEC_FLUSH ioctl, to delete all Veriexec entries. Sample
usage:

# veriexecctl flush

- Add a 'veriexec_flags' rc(8) variable, and make its default have
the '-k' flag. On systems using the default signatures file
(generaetd from running 'veriexecgen' with no arguments), this will
use additional 32kb of kernel memory on average.

- Add a '-e' flag to veriexecctl, to evaluate the fingerprint during
load. This is done automatically for files marked as 'untrusted'.


Misc. stuff:
- The code for veriexecctl was massively simplified as a result of
eliminating the need for VERIEXEC_TABLESIZE, and now uses a single
pass of the signatures file, making the loading somewhat faster.

- Lots of minor fixes found using the (still under development)
Veriexec regression testsuite.

- Some of the messages Veriexec prints were improved.

- Various documentation fixes.


All relevant man-pages were updated to reflect the above changes.

Binary compatibility with existing veriexecctl binaries is maintained.
 1.11  09-Jan-2007  mjf Delete advertising clause.
 1.10  19-Dec-2006  agc + some minor cosmetic changes

+ rather than using global variables, accessed all over the place, create
a local structure, and pass it down.

+ add a -p argument to denote a prefix, so that it's possible to record
a different directory hierarchy from the one that was scanned. One
typical use would be:

# ./veriexecgen -v -d /usr/dest/i386 -a -p /usr/dest/i386 -r -o fingers

to create a fingerprint database called fingers from the files located
in the /usr/dest/i386 hierarchy, but without the leading /usr/dest/i386
prefix:

# Generated by agc, Tue Dec 19 13:10:34 2006
/bin/domainname SHA256 12622c8f3698e51f090abf84ce81aaaaa1ed72135291b41a3e7d6c7b6a2a9847
/bin/chmod SHA256 5c3f8fec48601e0eaf7f47522ad8ff9fabb442b123ada97a71de285b4f6bf658

+ make veriexecgen into a host tool
 1.9  04-Dec-2006  agc Normally, veriexecgen will treat an error such as a dangling symlink,
or an inability to get the real path, as fatal.

Be a bit more verbose about this in the default case - tell the user
which directory entry caused the failure.

Also introduce a new -W flag, which will warn the user about the
error, but will still continue processing - it treats errors as
warnings, and allows a signatures file to be built.
 1.8  23-Sep-2006  elad branches: 1.8.2;
Add /lib, /libexec, and /usr/libexec to -D. Update man page.
 1.7  18-Sep-2006  elad Add the -S flag, for setting the signatures file immutable after creating
it.
 1.6  17-Sep-2006  wiz Sort sections.
 1.5  17-Sep-2006  elad Clarify some more, tiny markup fixes. Veriexecgen can be just invoked as:

# veriexecgen

after a clean install.
 1.4  17-Sep-2006  elad Fix some confusions; pointed out by wiz@, thanks!
 1.3  17-Sep-2006  wiz Drop trailing whitespace. Fix a typo.
 1.2  16-Sep-2006  elad Add an EXAMPLES section.
 1.1  16-Sep-2006  elad Add a C version of Veriexec's fingerprint generator, written by Matt
Fleming.

This one has some nice options -- for example, an admin can run right
after installing a system:

fpgen -D

and it will fingerprint a set of "common" system directories to the
default loaction. See the man-page for more stuff.

Performance-wise, here are results for both fpgen.sh (old) and this
new tool:

474.599u 574.335s 13:53.05 125.9% 0+0k 0+307io 0pf+0w

0.424u 0.131s 0:00.56 98.2% 0+0k 0+2io 0pf+0w

...guess which is which? (that's ~1500 times *faster*)
 1.8.2.1  09-Dec-2006  bouyer Pull up following revision(s) (requested by elad in ticket #255):
usr.sbin/veriexecgen/veriexecgen.c: revision 1.9
usr.sbin/veriexecgen/veriexecgen.8: revision 1.9
Normally, veriexecgen will treat an error such as a dangling symlink,
or an inability to get the real path, as fatal.
Be a bit more verbose about this in the default case - tell the user
which directory entry caused the failure.
Also introduce a new -W flag, which will warn the user about the
error, but will still continue processing - it treats errors as
warnings, and allows a signatures file to be built.
 1.12.4.1  23-Mar-2008  matt sync with HEAD
 1.14.4.1  18-May-2008  yamt sync with head.
 1.15.8.1  13-May-2009  jym Sync with HEAD.

Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
 1.17.36.1  11-Sep-2017  snj Pull up following revision(s) (requested by sevan in ticket #272):
usr.sbin/veriexecgen/veriexecgen.c: 1.18
usr.sbin/veriexecgen/veriexecgen.8: 1.18-1.19
Remove the ability to generate a signature database with the hash algorithms
MD5, SHA1 & RMD160 which are either broken or on their way to being broken.
Discussed on tech-security
http://mail-index.netbsd.org/tech-security/2017/08/21/msg000936.html
ok riastradh
--
Fix enumeration.
 1.19.4.2  13-Apr-2020  martin Mostly merge changes from HEAD upto 20200411
 1.19.4.1  10-Jun-2019  christos Sync with HEAD
 1.19.2.1  18-Jan-2019  pgoyette Synch with HEAD

RSS XML Feed