Further investigation shows that I can execute the command, /bin/cat, without 
the message. The veriexec message is getting logged when mtree is run on 
the /bin directory as part of the daily security checks.



On Tuesday 03 April 2007 09:16, John R. Shannon wrote:
> I appear to be logging an incorrect access type message from veriexec on
> every program executed. A typical log entry looks like:
>
> Veriexec: Incorrect access type. [cat, pid=2202, uid=0, gid=0]
>
> where the corresponding /etc/signatures entry looks like:
>
> /bin/cat SHA256
> 1b5e1dd4710b020e4306fc57fd5d87ed3fd3c8253dc586d3aa8f84e3a4476d8b
>
> The kernel uses the veriexec options and pseudodevice as defined in GENERIC
> and /dev/veriexec is present.
>
> Is this something familiar?

-- 
John R. Shannon, CISSP
Chief Scientist
DSCI, Information Assurance Division
jshannon@dsci-usa.com
john.r.shannon@us.army.mil
shannonjr@NetBSD.org
(208)522-4506