valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-06 09:35:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8cc6d99c66
osquery-1/specs/darwin/signature.table
packetzero f0d00b44b2 Advert index not implemented (#5938)
2019-10-28 20:27:06 -04:00

22 lines
1.2 KiB
Plaintext
Raw Blame History

table_name("signature")
description("File (executable, bundle, installer, disk) code signing status.")
schema([
Column("path", TEXT, "Must provide a path or directory",
index=True, required=True),
Column("hash_resources", INTEGER,
"Set to 1 to also hash resources, or 0 otherwise. Default is 1",
additional=True),
Column("arch", TEXT, "If applicable, the arch of the signed code"),
Column("signed", INTEGER, "1 If the file is signed else 0"),
Column("identifier", TEXT, "The signing identifier sealed into the signature"),
Column("cdhash", TEXT, "Hash of the application Code Directory"),
Column("team_identifier", TEXT, "The team signing identifier sealed into the signature"),
Column("authority", TEXT, "Certificate Common Name"),
])
implementation("signature@genSignature")
examples([
"SELECT * FROM signature WHERE path = '/bin/ls'",
"SELECT * FROM signature WHERE path = '/Applications/Xcode.app' AND hash_resources=0",
"SELECT * FROM (SELECT path, MIN(signed) AS all_signed, MIN(CASE WHEN authority = 'Software Signing' AND signed = 1 THEN 1 ELSE 0 END) AS all_signed_by_apple FROM signature WHERE path LIKE '/bin/%' GROUP BY path);"
])
Reference in New Issue View Git Blame Copy Permalink