Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 00:49:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 106
fleet/schema/tables/nvram_info.yml
Rachael Shaw 895d4bc2f7
Use "Fleet's agent (fleetd)" naming in the docs (#18138) 
For #16512

---------

Co-authored-by: Eric <eashaw@sailsjs.com>
2024-04-29 11:12:03 -05:00

13 lines
964 B
YAML
Raw Blame History

name: nvram_info
platforms:
- darwin
description: Information from nvram system call.
columns:
- name: amfi_enabled
type: integer
required: false
description: >-
Apple Mobile File Integrity (AMFI) was first released in macOS 10.12. The daemon and service block attempts to run unsigned code. AMFI uses lanchd, code signatures, certificates, entitlements, and provisioning profiles to create a filtered entitlement dictionary for an app. AMFI is the macOS kernel module that enforces code-signing and library validation.
Note: AMFI cannot be disabled with SIP enabled, but a change attempt can be made that will appear successful, and report incorrectly as successful. If the AMFI audit fails, and the SIP audit passes, this is still an issue the admin should research.
notes: This table is not a core osquery table. It is included as part of Fleet's agent ([fleetd](https://fleetdm.com/docs/get-started/anatomy#fleetd)).
evented: false
Reference in a new issue View git blame Copy permalink