mirror of
https://github.com/valitydev/osquery-1.git
synced 2024-11-07 09:58:54 +00:00
f912fca415
cdhash - code directory hash (https://developer.apple.com/library/mac/documentation/Security/Conceptu al/CodeSigningGuide/RequirementLang/RequirementLang.html) team_identifier is a unique id of the app developer authority is the common name of the signed certificate
15 lines
675 B
Plaintext
15 lines
675 B
Plaintext
table_name("signature")
|
|
description("File (executable, bundle, installer, disk) code signing status.")
|
|
schema([
|
|
Column("path", TEXT, "Must provide a path or directory", required=True),
|
|
Column("signed", INTEGER, "1 If the file is signed else 0"),
|
|
Column("identifier", TEXT, "The signing identifier sealed into the signature"),
|
|
Column("cdhash", TEXT, "SHA1 hash of the application Code Directory"),
|
|
Column("team_identifier", TEXT, "The team signing identifier sealed into the signature"),
|
|
Column("authority", TEXT, "Certificate Common Name"),
|
|
])
|
|
implementation("signature@genSignature")
|
|
examples([
|
|
"select * from signature where path = '/bin/ls'",
|
|
])
|