mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 08:55:24 +00:00
4784217b57
Updating documentation of Fleetd tables as part of the oncall duty. Updating the json used by Fleet using the following command: ```sh cd website ./node_modules/sails/bin/sails.js run generate-merged-schema ``` Samples: ![Screenshot 2023-02-20 at 17 20 55](https://user-images.githubusercontent.com/2073526/220192112-69a116e4-badb-4328-92d3-9a2a6f8657fe.png) ![Screenshot 2023-02-20 at 17 21 09](https://user-images.githubusercontent.com/2073526/220192117-dfa06c69-2166-47d4-99c3-e108911e2084.png) @mikermcneil @eashaw: `generate-merged-schema` generates a different output every time it's executed. Guess: It seems it should sort the output lexicograhically?
14 lines
1.1 KiB
YAML
14 lines
1.1 KiB
YAML
name: nvram_info
|
|
platforms:
|
|
- darwin
|
|
description: Information from nvram system call.
|
|
columns:
|
|
- name: amfi_enabled
|
|
type: integer
|
|
required: false
|
|
description: |
|
|
Apple Mobile File Integrity (AMFI) was first released in macOS 10.12. The daemon and service block attempts to run unsigned code. AMFI uses lanchd, code signatures, certificates, entitlements, and provisioning profiles to create a filtered entitlement dictionary for an app. AMFI is the macOS kernel module that enforces code-signing and library validation.
|
|
Note: AMFI cannot be disabled with SIP enabled, but a change attempt can be made that will appear successful, and report incorrectly as successful. If the AMFI audit fails, and the SIP audit passes, this is still an issue the admin should research.
|
|
notes: This table is not a core osquery table. It is included as part of [Fleetd](https://fleetdm.com/docs/using-fleet/orbit), the osquery manager from Fleet. Fleetd can be built with [fleetctl](https://fleetdm.com/docs/using-fleet/adding-hosts#osquery-installer).
|
|
evented: false
|