I was wondering if anyone has used osquery to verify that a component/software has been digitally signed using a recognized certificate that is recognized and approved (in linux ubuntu servers)...
08/23/2018, 6:30 PM
@samantha. I don't know if osquery has this capability on Linux...which code signing system do these Linux servers use?
08/24/2018, 3:29 AM
the closest thing under linux would be IMA and EVM. in these cases linux kernel is what would be doing the verification based values in 'security.ima' extended filesystem attribute.
potential place for osquery would be consume the kernel IMA measurement logs. but deployment of these systems is quite rare.