Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 01:18:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 84

Update standard-query-library.yml (#17122)

Browse source 
1. Updated 1password query with final version
This commit is contained in:
Brock Walters 2024-02-23 15:58:04 -05:00 committed by GitHub
parent 6efe55d6f7
commit a430194969
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
View file

@ -880,12 +880,12 @@ apiVersion: v1
kind: policy
spec:
name: No 1Password emergency kit stored on desktop or in downloads (macOS)
query: SELECT EXISTS (SELECT 1 FROM file WHERE filename LIKE '%Emergency Kit%.pdf' AND (path LIKE '/Users/%%/Downloads/%%' OR path LIKE '/Users/%%/Desktop/%%'));
query: SELECT 1 FROM file WHERE filename LIKE '%Emergency Kit%.pdf' AND (path LIKE '/Users/%%/Desktop/%%' OR path LIKE '/Users/%%/Documents/%%' OR path LIKE '/Users/%%/Downloads/%%' OR path LIKE '/Users/Shared');
description: "Looks for PDF files with file names typically used by 1Password for emergency recovery kits."
resolution: "Delete 1Password emergency kits from your computer, and empty the trash. 1Password emergency kits should only be printed and stored in a physically secure location."
platform: darwin
tags: compliance, built-in
contributors: GuillaumeRoss
contributors: nonpunctual
---
apiVersion: v1
kind: query