Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
m
Macear
11/06/2020, 10:58 AMHi đź‘‹ does osquery have some option like
sslCommonNameToCheckinsecuret
theopolis
11/06/2020, 12:41 PMI am not sure what insecure flag you are referencing? But there should not be a way to disable TLS server certificate verification unless you build a debug build. To pin to a specific certificate you’ll have to supply a specific certificate bundle containing only the leaf or root certificates you trust. The common name verified will be the one in the hostname flag, there’s no feature or flag to change that in osquery.
m
Macear
11/06/2020, 12:48 PM@theopolis yes, not the “insecure” flag. I meant the “allow_unsafe” flag.
s
Stefano Bonicatti
11/06/2020, 1:47 PMThat skips the file and folder permission checks, since osquery wants to have some "specific" permissions to be set on its binary, on the folder it's in, and also on the extensions it eventually runs
m
Macear
11/06/2020, 3:26 PM@Stefano Bonicatti thanks for explaining!