valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 09:58:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Convert Linux process_events mode column to octal (#3800)

Browse Source
This commit is contained in:
Babatunde Micheal Okutubo 2017-10-12 23:02:34 -04:00 committed by Teddy Reed
parent 2b4a46ead5
commit 702203086f
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
osquery/tables/events/linux/process_events.cpp
View File

@ -81,7 +81,13 @@ bool ProcessUpdate(size_t type, const AuditFields& fields, AuditFields& r) {
}
if (type == AUDIT_PATH) {
r["mode"] = (fields.count("mode")) ? fields.at("mode") : "";
if (fields.count("mode")) {
std::stringstream ss;
ss << "0" << std::oct << fields.at("mode");
ss >> r["mode"];
} else {
r["mode"] = "";
}
r["owner_uid"] = fields.count("ouid") ? fields.at("ouid") : "0";
r["owner_gid"] = fields.count("ogid") ? fields.at("ogid") : "0";
}