Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 01:18:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 59

fix osquery query used to determine MDM disk encryption status (#10901)

Browse source
This commit is contained in:
Roberto Dip 2023-03-31 12:45:25 -03:00 committed by GitHub
parent cc57016f02
commit f253475b32
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
server/service/osquery_utils/queries.go
View file

@ -572,8 +572,7 @@ var mdmQueries = map[string]DetailQuery{
// > location at any time.
//
// [1]: https://developer.apple.com/documentation/devicemanagement/fderecoverykeyescrow
Query: fmt.Sprintf(`SELECT to_base64(group_concat(line, x'0a')) as filevault_key,
(%s) as encrypted FROM file_lines WHERE path='/var/db/FileVaultPRK.dat'`, usesMacOSDiskEncryptionQuery),
Query: fmt.Sprintf(`SELECT to_base64(group_concat(line, x'0a')) as filevault_key, COALESCE((%s), 0) as encrypted FROM file_lines WHERE path='/var/db/FileVaultPRK.dat'`, usesMacOSDiskEncryptionQuery),
Platforms: []string{"darwin"},
DirectIngestFunc: directIngestDiskEncryptionKeyDarwin,
Discovery: discoveryTable("file_lines"),