mirror of
https://github.com/fleetdm/fleet
synced 2026-05-23 00:49:03 +00:00
02437a098e
Closes: #19271 Closes: #19286 Changes: - Updated the example in the schema folder readme - Updated the block scalar used in Fleet's osquery override documentation (`>-` » `|-`) and removed extra newlines - Updated the block scalar used in URLs used to create new yaml override files - Regenerated osqeury_fleet_schema.json
13 lines
964 B
YAML
13 lines
964 B
YAML
name: nvram_info
|
|
platforms:
|
|
- darwin
|
|
description: Information from nvram system call.
|
|
columns:
|
|
- name: amfi_enabled
|
|
type: integer
|
|
required: false
|
|
description: |-
|
|
Apple Mobile File Integrity (AMFI) was first released in macOS 10.12. The daemon and service block attempts to run unsigned code. AMFI uses lanchd, code signatures, certificates, entitlements, and provisioning profiles to create a filtered entitlement dictionary for an app. AMFI is the macOS kernel module that enforces code-signing and library validation.
|
|
Note: AMFI cannot be disabled with SIP enabled, but a change attempt can be made that will appear successful, and report incorrectly as successful. If the AMFI audit fails, and the SIP audit passes, this is still an issue the admin should research.
|
|
notes: This table is not a core osquery table. It is included as part of Fleet's agent ([fleetd](https://fleetdm.com/docs/get-started/anatomy#fleetd)).
|
|
evented: false
|