Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 01:18:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 59

Update authdb.yml (#19161)

Browse source 
Need help to get the correct formatting for the notes key/val

---------

Co-authored-by: Eric <eashaw@sailsjs.com>
Co-authored-by: Drew Baker <89049099+Drew-P-drawers@users.noreply.github.com>
This commit is contained in:
Brock Walters 2024-05-24 07:40:32 -04:00 committed by GitHub
parent f58bc88d5b
commit 3f926e7569
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 48 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
schema/tables/authdb.yml
View file

@ -2,6 +2,7 @@ name: authdb
platforms:
- darwin
description: Returns JSON output for the `authorizationdb read <right_name>` command.
evented: false
columns:
- name: right_name
type: text
@ -13,5 +14,50 @@ columns:
required: false
description: >-
The JSON output parsed from the plist output of the `authorizationdb read <right_name>` command.
notes: This table is not a core osquery table. It is included as part of Fleet's agent ([fleetd](https://fleetdm.com/docs/get-started/anatomy#fleetd)).
evented: false
example: >-
```
SELECT * FROM authdb WHERE right_name='system.login.console';
```
notes: >
This table is not a core osquery table. It is included as part of Fleet's agent ([fleetd](https://fleetdm.com/docs/get-started/anatomy#fleetd)).
The authorizationdb is a SQLite database that can be dumped out with the following Terminal command:
```
sudo /usr/bin/sqlite3 /var/db/auth.db .dump
```
The following command generates a .plist showing the attributes of the authorizationdb configuration:
```
security authorizationdb read system.login.console
```
The “right_name” string `system.login.console` is used in the mandatory WHERE clause for this table:
```
SELECT * FROM authdb WHERE right_name='system.login.console';
```
- [Apple documentation](https://developer.apple.com/library/archive/documentation/Security/Conceptual/authorization_concepts/02authconcepts/authconcepts.html)
- A [general purpose authorizationdb article](https://theevilbit.github.io/posts/macos_authorization/)
- Armin Briegel (Scripting OS X) on the [macOS root user and the authorizationdb](https://scriptingosx.com/2018/05/demystifying-root-on-macos-part-4-the-authorization-database/)
- Elliot Jordan on using the authorizationdb in his tool [Escrow Buddy](https://www.elliotjordan.com/posts/macos-authdb-mechs/)