Merge pull request #725 from facebook/desc_columns_tables

Adding description to columns

osquery/tables/specs/linux/process_memory_map.table

@@ -1,7 +1,7 @@
 table_name("process_memory_map")
 description("Process memory mapped files and pseudo device/regions.")
 schema([
-    Column("pid", INTEGER),
+    Column("pid", INTEGER, "Process (or thread) ID"),
     Column("start", TEXT, "Virtual start address (hex)"),
     Column("end", TEXT, "Virtual end address (hex)"),
     Column("permissions", TEXT, "r=read, w=write, x=execute, p=private (cow)"),

osquery/tables/specs/x/crontab.table

@@ -2,11 +2,11 @@ table_name("crontab")
 description("Line parsed values from system and user cron/tab.")
 schema([
     Column("event", TEXT, "The job @event name (rare)"),
-    Column("minute", TEXT),
-    Column("hour", TEXT),
-    Column("day_of_month", TEXT),
-    Column("month", TEXT),
-    Column("day_of_week", TEXT),
+    Column("minute", TEXT, "The exact minute for the job"),
+    Column("hour", TEXT, "The hour of the day for the job"),
+    Column("day_of_month", TEXT, "The day of the month for the job"),
+    Column("month", TEXT, "The month of the year for the job"),
+    Column("day_of_week", TEXT, "The day of the week for the job"),
     Column("command", TEXT, "Raw command string"),
     Column("path", TEXT, "File parsed"),
 ])

osquery/tables/specs/x/etc_services.table

@@ -1,9 +1,9 @@
 table_name("etc_services")
 description("Line-parsed /etc/services.")
 schema([
-    Column("name", TEXT),
-    Column("port", INTEGER),
-    Column("protocol", TEXT),
+    Column("name", TEXT, "Service name"),
+    Column("port", INTEGER, "Service port number"),
+    Column("protocol", TEXT, "Transport protocol (TCP/UDP)"),
     Column("aliases", TEXT, "Optional space separated list of other names for a service"),
     Column("comment", TEXT, "Optional comment for a service."),
 ])

osquery/tables/specs/x/file.table

@@ -3,7 +3,7 @@ description("Interactive filesystem attributes and metadata.")
 schema([
     Column("path", TEXT, "Absolute file path", required=True),
     Column("filename", TEXT, "Name portion of file path"),
-    Column("inode", BIGINT),
+    Column("inode", BIGINT, "Filesystem inode number"),
     Column("uid", BIGINT, "Owning user ID"),
     Column("gid", BIGINT, "Owning group ID"),
     Column("mode", TEXT, "Permission bits"),

osquery/tables/specs/x/logged_in_users.table

@@ -1,10 +1,10 @@
 table_name("logged_in_users")
 description("Users with an active shell on the system.")
 schema([
-    Column("user", TEXT),
-    Column("tty", TEXT),
-    Column("host", TEXT),
-    Column("time", INTEGER),
+    Column("user", TEXT, "User login name"),
+    Column("tty", TEXT, "Device name"),
+    Column("host", TEXT, "Remote hostname"),
+    Column("time", INTEGER, "Time entry was made"),
     Column("pid", INTEGER, "Process (or thread) ID"),
 ])
 implementation("logged_in_users@genLoggedInUsers")

osquery/tables/specs/x/process_open_sockets.table

@@ -2,13 +2,13 @@ table_name("process_open_sockets")
 description("Processes which have open network sockets on the system.")
 schema([
     Column("pid", INTEGER, "Process (or thread) ID"),
-    Column("socket", INTEGER),
-    Column("family", INTEGER),
-    Column("protocol", INTEGER),
-    Column("local_address", TEXT),
-    Column("remote_address", TEXT),
-    Column("local_port", INTEGER),
-    Column("remote_port", INTEGER),
+    Column("socket", INTEGER, "Socket descriptor number"),
+    Column("family", INTEGER, "Network protocol (IPv4, IPv6)"),
+    Column("protocol", INTEGER, "Transport protocol (TCP/UDP)"),
+    Column("local_address", TEXT, "Socket local address"),
+    Column("remote_address", TEXT, "Socket remote address"),
+    Column("local_port", INTEGER, "Socket local port"),
+    Column("remote_port", INTEGER, "Socket remote port"),
 ])
 implementation("system/process_open_sockets@genOpenSockets")