Sysadmin > NetBSDveriexec



  1. Check if your kernel (/usr/src/sys/arch/amd64/conf/GENERIC) has:
       pseudo-device veriexec
       options VERIFIED_EXEC_FP_MD5
       options VERIFIED_EXEC_FP_SHA1
       options VERIFIED_EXEC_FP_RMD160
       options VERIFIED_EXEC_FP_SHA512
       options VERIFIED_EXEC_FP_SHA384
       options VERIFIED_EXEC_FP_SHA256
       pseudo-device veriexec 1
  2. check if you have /dev/veriexec
    • if it is missing cd /dev && sh MAKEDEV veriexec

initial setup

run veriexecgen (maybe veriexecgen -D)

/etc.rc.d/veriexec start

add veriexec=YES to your rc.conf

veriexecctl load /etc/signature

with kern.veriexec.strict=1 you can higher the security alter extensive testing!!!

Helpful links: