OS version
The OS Version device posture attribute checks whether the version of a device’s operating system matches, is greater than or lesser than the configured value.
Prerequisites
-
Cloudflare WARP client is deployed on the device. For a list of supported modes and operating systems, refer to WARP Client Checks.
Enable the OS version check
- In Zero Trust ↗, go to Settings > WARP Client.
- Scroll down to WARP client checks and select Add new.
- Select OS version.
- Configure the Operating system, Operator, and Version fields to specify the OS version you want devices to match.
-
(Optional) Configure additional OS-specific fields:
- Version extra: Enter the macOS Rapid Security Response (RSR) ↗ version you want devices to match (for example,
(a)
). Be sure to include the parenthesis around the letter.
- Version extra: Enter the iOS Rapid Security Response (RSR) ↗ version you want devices to match (for example,
(a)
). Be sure to include the parenthesis around the letter.
-
Distro name and Distro revision: Enter the Linux distribution you want devices to match (for example,
ubuntu 22.04
). The distro version always matches with an equal-to operator (==) regardless of the Operator setting. -
Version extra: Enter the patch version of the kernel. For example, if the kernel is
6.50.0-1007-oem
, enter1007
.
- Version extra: Enter the macOS Rapid Security Response (RSR) ↗ version you want devices to match (for example,
-
Select Save.
Next, go to Logs > Posture and verify that the OS version check is returning the expected results.
Determine the OS version
Operating systems display version numbers in different ways. This section covers how to retrieve the version number in each OS, in a format matching what the OS version posture check expects.
macOS
-
Open a terminal window.
-
Use the
defaults
command to check for the value ofSystemVersionStampAsString
.
Windows
-
Open a PowerShell window.
-
Use the
Get-CimInstance
command to get the version property of theWin32_OperatingSystem
class.
Linux
OS version
The Linux OS version check reads the system kernel version.
-
Open a Terminal window.
-
Run the
uname -r
command to get the complete kernel version. For example, -
Version is the first three numbers of the output in SemVer format (
5.14.0
). -
Version extra is the first number after the SemVer (
25
).
Distro version
The WARP client reads Distro name and Distro revision from the /etc/os-release
file. The name comes from the ID field, and the revision comes from the VERSION_ID field.
To determine the Linux distro version on your device:
-
Open a Terminal window.
-
Get the OS identification fields that contain
ID
: -
If the output of the above command contained
ID=ubuntu
andVERSION_ID=22.04
, Distro name would beubuntu
and Distro revision would be22.04
. The WARP client will check these strings for an exact match.
ChromeOS
ChromeOS version numbers consist of four parts ↗: MAJOR.MINOR.BUILD.PATCH
. The OS version posture check returns MAJOR.MINOR.BUILD
.
To determine the ChromeOS version on your device:
- Open Chrome browser and go to
chrome://system
. - Find the following values:
Property OS version component CHROMEOS_RELEASE_CHROME_MILESTONE
MAJOR
CHROMEOS_RELEASE_BUILD_NUMBER
MINOR
CHROMEOS_RELEASE_BRANCH_NUMBER
BUILD
- The OS version in Semver format is
MAJOR.MINOR.BUILD
(for example,103.14816.131
).