load [file]
Load the fingerprint entries contained in
file, if specified, or the default signatures file otherwise.
This operation is only allowed in learning mode (strict level zero).
The following flags are allowed with this command:
-e
Evaluate fingerprint on load, as opposed to when the file is accessed.
-k
Keep the filenames in the entry for more accurate logging.
-v
Enable verbose output.
delete file | mount_point
Delete either a single entry file or all entries on mount_point from being monitored by Veriexec.
dump
Dump the
Veriexec database from the kernel. Only entries that have the filename will be presented.
This can be used to recover a lost database:
# veriexecctl dump > /etc/signatures
flush
Delete all entries in the Veriexec database.
query file
Query Veriexec for information associated with file: Filename, mount, fingerprint, fingerprint algorithm, evaluation status, and entry type.