https://github.com/osquery/osquery logo
Title
m

Macear

11/06/2020, 10:58 AM
Hi đź‘‹ does osquery have some option like
sslCommonNameToCheck
? It would be really useful to specify common name of TLS server manually. Does the flag
insecure
disable common name checking?
t

theopolis

11/06/2020, 12:41 PM
I am not sure what insecure flag you are referencing? But there should not be a way to disable TLS server certificate verification unless you build a debug build. To pin to a specific certificate you’ll have to supply a specific certificate bundle containing only the leaf or root certificates you trust. The common name verified will be the one in the hostname flag, there’s no feature or flag to change that in osquery.
m

Macear

11/06/2020, 12:48 PM
@theopolis yes, not the “insecure” flag. I meant the “allow_unsafe” flag.
s

Stefano Bonicatti

11/06/2020, 1:47 PM
That skips the file and folder permission checks, since osquery wants to have some "specific" permissions to be set on its binary, on the folder it's in, and also on the extensions it eventually runs
m

Macear

11/06/2020, 3:26 PM
@Stefano Bonicatti thanks for explaining!