https://github.com/osquery/osquery logo
#macos
Title
# macos
a

allister

05/06/2022, 3:17 AM
also what you're pointing at should change at every revision, so it's probably less overhead to just maintain a list of what you care about and the certs you expect the code to be signed with at those paths
a

aDamn

05/06/2022, 12:18 PM
By revision, you mean when a plist is modified?
a

allister

05/09/2022, 12:16 AM
no, I mean when the 'vendor' updates the software as that would change the target's hash
in practice the launchd jobs barely ever get revised once something works close to as intended
4 Views