mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 08:55:24 +00:00
4784217b57
Updating documentation of Fleetd tables as part of the oncall duty. Updating the json used by Fleet using the following command: ```sh cd website ./node_modules/sails/bin/sails.js run generate-merged-schema ``` Samples:   @mikermcneil @eashaw: `generate-merged-schema` generates a different output every time it's executed. Guess: It seems it should sort the output lexicograhically?
16 lines
1.1 KiB
YAML
16 lines
1.1 KiB
YAML
name: csrutil_info
|
|
platforms:
|
|
- darwin
|
|
description: Information from csrutil system call.
|
|
columns:
|
|
- name: ssv_enabled
|
|
type: integer
|
|
required: false
|
|
description: |
|
|
Sealed System Volume is a security feature introduced in macOS 11.0 Big Sur.
|
|
During system installation, a SHA-256 cryptographic hash is calculated for all immutable system files and stored in a Merkle tree which itself is hashed as the Seal. Both are stored in the metadata of the snapshot created of the System volume.
|
|
The seal is verified by the boot loader at startup. macOS will not boot if system files have been tampered with. If validation fails, the user will be instructed to reinstall the operating system.
|
|
During read operations for files located in the Sealed System Volume, a hash is calculated and compared to the value stored in the Merkle tree.
|
|
notes: This table is not a core osquery table. It is included as part of [Fleetd](https://fleetdm.com/docs/using-fleet/orbit), the osquery manager from Fleet. Fleetd can be built with [fleetctl](https://fleetdm.com/docs/using-fleet/adding-hosts#osquery-installer).
|
|
evented: false
|