valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 02:18:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,509 Commits 2 Branches 109 Tags 25 MiB
02c2b37a5d
Commit Graph

330 Commits

Author SHA1 Message Date
mike@arpaia.co
b9f732c31f Updating the license comment to be the correct open source header 
As per t5494224, all of the license headers in osquery needed to be updated
to reflect the correct open source header style.
 2014-12-18 10:52:55 -08:00
Teddy Reed
6a6851c4bc Merge pull request #544 from theopolis/events_2.0 
Events 2.0
 2014-12-17 20:17:02 -08:00
Teddy Reed
fa7a1fe4f1 Add more docs to Events 2.0 2014-12-17 21:10:51 -07:00
Teddy Reed
d5c5253bbc Add osquery_flags vtable 2014-12-16 02:07:50 -08:00
Teddy Reed
6de14466db Events 2.0 using pbr 2014-12-15 11:55:05 -08:00
Teddy Reed
17efa0b3d6 Migrate subscribers on OSX 2014-12-15 00:25:28 -08:00
Teddy Reed
fbd56663d9 Migrate fsevents to events 2.0 2014-12-14 22:17:38 -08:00
Teddy Reed
d927495209 Support casted subscribes 2014-12-14 21:20:20 -08:00
Teddy Reed
c1e37b73fb Non-static event type and name IDs 2014-12-14 18:03:41 -08:00
Teddy Reed
d2a93cf8c1 Remove EventSubscriber macros 2014-12-14 17:05:07 -07:00
Teddy Reed
0d00e4b0e9 Remove EventPublisher macros 2014-12-14 04:43:31 -07:00
mike@arpaia.co
8f8bc6b772 osquery_info table 2014-12-10 18:38:41 -08:00
Bryan Eastes
bd97cb501a First draft of workaround for #520 2014-12-10 00:15:27 -08:00
Teddy Reed
2ebbbf6f98 Linux udev events 2014-12-08 14:13:47 -08:00
Teddy Reed
a0866c0972 Merge pull request #524 from theopolis/events_expiry 
Events expiry
 2014-12-06 19:52:16 -08:00
Teddy Reed
19695d40aa Add expiration to events 2014-12-06 18:28:03 -07:00
Teddy Reed
78ecc73d81 Add -json output mode for shell 2014-12-06 18:22:48 -07:00
Teddy Reed
7b16e45f55 Improve pubsub unittests 2014-12-05 16:18:05 -07:00
Teddy Reed
b7765a6af0 Codemod to improve include search paths for includes 2014-12-03 15:31:09 -08:00
Teddy Reed
f4337243ec Towards simple table generation 2014-12-02 20:36:46 -08:00
Teddy Reed
366c646cb8 Merge pull request #507 from theopolis/config_options 
Read arguments/options from config
 2014-12-01 23:57:53 -08:00
Teddy Reed
8db44f70f3 [Fix #500] Add virtual dtors to event pub/subs 2014-12-01 02:44:35 -07:00
Teddy Reed
43b4debd47 Read arguments/options from config 2014-12-01 02:05:46 -07:00
Teddy Reed
e33443d354 clang-format on feature-predicate updates 2014-11-29 22:36:07 -08:00
Teddy Reed
76780aa6f0 Improve OSX apps table 2014-11-29 22:36:07 -08:00
Teddy Reed
b1cf8f1e61 Improve and use constraints for various OSX tables 2014-11-29 22:36:07 -08:00
Teddy Reed
56014b9c31 Moving tables definitions into core/tables.cpp 2014-11-29 22:36:06 -08:00
Teddy Reed
b18068f114 Improve kextstat/startup_items code and perf 2014-11-29 22:36:06 -08:00
Teddy Reed
ba86d68e68 Rebuild generated files when templates change. 2014-11-29 22:36:06 -08:00
Teddy Reed
b4be08a702 Updating table generators to use QueryContext 2014-11-29 22:36:05 -08:00
Teddy Reed
cd8413d483 Organizing affinity types into tables. 2014-11-29 22:36:05 -08:00
mike@arpaia.co
e29e808358 build tooling 
adding build files for some random build systems
 2014-11-25 17:38:16 -08:00
Teddy Reed
44181b7aeb Add basic support for unsigned long long int 2014-11-21 10:32:56 -08:00
Teddy Reed
b2debf509a Cleanup inode table implementations and unblacklist 2014-11-19 16:56:48 -08:00
mike@arpaia.co
e7fedd8833 throw in ctor if an error occurs 2014-11-17 19:47:44 -08:00
Mike Arpaia
49da6387ea Merge pull request #454 from facebook/pidfile 
pidfile for osqueryd
 2014-11-17 19:27:08 -08:00
mike@arpaia.co
c56b663261 pidfile for osqueryd 
close #442
 2014-11-17 18:42:36 -08:00
mike@arpaia.co
f8c27bde85 Add a splay of 10% to scheduled queries so that they don't stack 
close #446
 2014-11-17 14:19:09 -08:00
mike@arpaia.co
ca2c63419a incorrect namespacing 2014-11-17 13:47:44 -08:00
Teddy Reed
565bce3c07 Fix unwind exception catching 2014-11-14 01:42:00 -08:00
Teddy Reed
153cc7208f More control over logging 2014-11-12 18:19:22 -07:00
Teddy Reed
aa933491d2 Merge pull request #416 from theopolis/hack_fix_386 
[Fix #386] This is a hack to fix Ubuntu unwinding
 2014-11-12 16:43:18 -08:00
Teddy Reed
b419c79791 [Fix #386] This is a hack to fix Ubuntu unwinding 2014-11-12 17:12:37 -07:00
mike@arpaia.co
a8832482b3 implementation for #360 2014-11-12 16:51:14 -05:00
Teddy Reed
0d8b9d3eaa Use SQLite types 2014-11-12 11:07:24 -08:00
Teddy Reed
8e408f987e Table spec documentation examples 2014-11-11 11:26:11 -08:00
Bryan Eastes
ec081c9a54 Added --host_identifier option 
Conflicts:
	osquery/core/system.cpp
 2014-11-10 16:41:13 -05:00
Teddy Reed
bc05f5de78 Merge pull request #383 from theopolis/fix_rpm_packages 
[Fix #367] Check RPMTAG class before cast
 2014-11-10 01:59:13 -08:00
Teddy Reed
b0ff403d3d Fixing librpm API usage leaks 2014-11-10 01:48:07 -08:00
Teddy Reed
ea0d210ad3 Fix newline warning in flags 2014-11-09 13:24:57 -07:00
Teddy Reed
f7667ec440 Remove Threads requirement, cleanup flags 2014-11-09 00:00:57 -08:00
Teddy Reed
078d4cf7d2 Refector shell flags/versioning 2014-11-08 20:27:28 -08:00
Teddy Reed
62d6472cfe Rethinking some build improvements 2014-11-08 19:28:35 -08:00
Veres Lajos
afc82c722f typo fixes - https://github.com/vlajos/misspell_fixer 2014-11-07 22:18:02 +00:00
mike@arpaia.co
896a4f2957 generic users function and some general cleanups 2014-11-04 11:40:54 -08:00
Mike Arpaia
a9e636af9f Merge pull request #349 from facebook/329 
Ensuring that listening_ports results are unique
 2014-11-03 14:08:04 -08:00
mike@arpaia.co
1ce7f7b486 adding a comment denoting performance 2014-11-03 12:16:39 -08:00
Zachary Wasserman
c559f0e1d2 Refactor osquery::fileystem to use boost::filesystem::path rather than std::string 2014-11-03 12:08:46 -08:00
mike@arpaia.co
75ded8b881 Ensuring that listening_ports results are unique 2014-11-03 12:03:57 -08:00
Teddy Reed
24b7be320c Fix #328, add gflags defines for shell-internal flags 2014-11-02 15:40:35 -08:00
Teddy Reed
1554bf3295 Fix #290, add permissions to osqueryd logging 2014-10-30 15:03:05 -07:00
yetanotherhacker
8cee7e0b3c Spelling fixes in comments and output. 2014-10-30 04:27:00 -04:00
Teddy Reed
8a9374d6e3 [vtables] Support linux crontab vars 2014-10-29 02:24:00 -07:00
Teddy Reed
47d1f13966 Using Cpp03 to remove double right angle brackets 2014-10-27 17:56:55 -07:00
Teddy Reed
6e60612520 Using clang-format 3.5 2014-10-27 17:37:36 -07:00
Teddy Reed
cc31e93762 Version bump, 1.0.3 2014-10-27 12:29:51 -07:00
Teddy Reed
0a1925200e Clean flags usage in daemon/shell and dbhandle 2014-10-27 12:09:35 -07:00
Teddy Reed
6d50d762ce Changing flag infra, reducing config testing, adding debug macro 2014-10-27 10:30:02 -07:00
Teddy Reed
991cbdfb00 Fix permissions on DB handle 2014-10-27 10:05:08 -07:00
Teddy Reed
a82792b3f7 Log results as events 2014-10-24 17:05:17 -07:00
mike@arpaia.co
0033e9bd02 cleaning up some memory leak supps 2014-10-09 22:06:55 -07:00
Teddy Reed
ded0717e94 [events] Additional INotify tests 2014-10-07 12:27:25 -07:00
Teddy Reed
8213e7dcbc [events] Improve inotify 2014-10-06 14:37:44 -07:00
Teddy Reed
c553a59745 [events] Use pub/sub diction for events 2014-10-03 11:30:51 -07:00
Teddy Reed
1e36b494b4 [events] Rename MonitorContext to SubscriptionContext 2014-10-03 08:26:41 -07:00
Teddy Reed
b2474b49eb [events] Renamed EventType to EventPublisher 2014-10-03 08:14:36 -07:00
Teddy Reed
e77ae22fe2 [events] Rename EventModule to EventSubscriber 2014-10-03 08:08:06 -07:00
Teddy Reed
69bfb92905 [events] Fleshing out OSX FSEvent framework 2014-10-02 21:30:14 -07:00
mike@arpaia.co
764619c849 Adding a function to read tomcat configs from disk 2014-09-30 19:59:52 -07:00
mike@arpaia.co
c8fded9498 comments for tomcat 2014-09-30 19:54:44 -07:00
Mike Arpaia
3fb8c8a5d4 Merge pull request #183 from facebook/tomcat-users 
Adding a function to parse the Tomcat users XML file
 2014-09-30 19:51:54 -07:00
mike@arpaia.co
196ec880ab Adding a function to parse the Tomcat users XML file 
This is apart of a bigger, better virtual table idea that @carnal0wnage
had.
 2014-09-30 19:49:38 -07:00
Teddy Reed
bf8209ca90 Merge pull request #182 from facebook/events_docs 
[events] Added remaining doxy comments
 2014-09-30 15:00:08 -07:00
Teddy Reed
ef044c4a72 [events] Added remaining doxy comments 2014-09-30 12:50:14 -07:00
Teddy Reed
6eb9c5fd44 EventFactory, Dispatcher as singletons 2014-09-29 20:47:24 -07:00
Teddy Reed
588f1198f3 Merge pull request #174 from facebook/passwd_changes_vtable 
[events] Events lifecycle complete, passwd_changes vtable
 2014-09-26 21:13:52 -07:00
Teddy Reed
ed338e8356 [events] Events lifecycle complete, passwd_changes vtable 2014-09-26 12:58:32 -07:00
mike@arpaia.co
0c783ebf0a Migrating internal usage of osquery::query to osquery::SQL 2014-09-26 00:34:56 -07:00
mike@arpaia.co
7076aa813c SQL class for executing queries 
implements #141
 2014-09-26 00:28:18 -07:00
mike@arpaia.co
636ced854f Pretty shell results 
Example:

```
osquery> select name, program || program_arguments as executable from launchd limit 5;

+----------------------------------+-------------------------------------------------------------------------------+
| name                             | executable                                                                    |
+----------------------------------+-------------------------------------------------------------------------------+
| bootps.plist                     | /usr/libexec/bootpd                                                           |
| com.apple.afpfs_afpLoad.plist    | /System/Library/Filesystems/AppleShare/afpLoad                                |
| com.apple.afpfs_checkafp.plist   | /System/Library/Filesystems/AppleShare/check_afp.app/Contents/MacOS/check_afp |
| com.apple.AirPlayXPCHelper.plist | /usr/libexec/AirPlayXPCHelper                                                 |
| com.apple.airport.wps.plist      | /usr/libexec/wps                                                              |
+----------------------------------+-------------------------------------------------------------------------------+
osquery> .tables
  => alf
  => alf_exceptions
  => alf_explicit_auths
  => alf_services
  => apps
  => ca_certs
  => etc_hosts
  => interface_addresses
  => interface_details
  => kextstat
  => last
  => launchd
  => listening_ports
  => nvram
  => osx_version
  => processes
  => routes
  => time
```
 2014-09-25 21:39:07 -07:00
Teddy Reed
9220da7e3d [events] Registry integration 2014-09-24 12:43:14 -07:00
mike@arpaia.co
5f4108c503 Moving all boost smart pointers to std smart pointers 2014-09-24 10:54:59 -07:00
Teddy Reed
9a2d299424 [events] Events and registry coordination 2014-09-24 10:46:37 -07:00
Teddy Reed
94953df90e [events] Flesh out inotify eventtype 2014-09-23 13:01:03 -07:00
Teddy Reed
bb7097a255 [events] EventType threads for each run loop 2014-09-22 18:35:12 -07:00
mike@arpaia.co
ebfc47b399 Edits to https://github.com/facebook/osquery/pull/148/ 2014-09-22 14:35:59 -07:00
mike@arpaia.co
16122544f5 Reorganizing tests so that the public headers don't have to include gtest 2014-09-22 14:30:52 -07:00
Teddy Reed
9b42c060ea [events] Linux inotify event type 2014-09-22 01:47:50 -07:00
mike@arpaia.co
627821abc1 Periodic clang-format 2014-09-21 14:29:28 -07:00
mike@arpaia.co
b5ee19f49f Removing the osquery::db namespace 2014-09-21 14:27:09 -07:00
Teddy Reed
eee37034b4 [events] Intro of non-async event framework 2014-09-18 15:05:41 -07:00
mike@arpaia.co
f06a4ba52e cleaning up the plugin interfaces 2014-09-16 01:34:39 -07:00
mike@arpaia.co
5998dbd1c5 clang-format 2014-09-16 00:36:49 -07:00
mike@arpaia.co
d9edc81041 Updating the format of doxygen comment blocks 2014-09-16 00:28:23 -07:00
mike@arpaia.co
b36b5c8f29 fixing documentation error 2014-09-15 23:26:22 -07:00
mike@arpaia.co
0eab76a20c refactored aggregateQuery to query 2014-09-15 23:07:03 -07:00
mike@arpaia.co
9147eb541f fixing up some misdocumented parameters 2014-09-15 18:54:18 -07:00
mike@arpaia.co
011d38a767 moving namespace documentation into the doxygen directory 2014-09-15 18:53:04 -07:00
mike@arpaia.co
441ca7bb36 better namespace documentation 2014-09-15 18:11:49 -07:00
mike@arpaia.co
019efb923a namespace documentation 2014-09-15 17:24:29 -07:00
mike@arpaia.co
4a048db278 database namespace documentation 2014-09-15 17:13:22 -07:00
mike@arpaia.co
8d1714841a plugin docs 2014-09-15 14:37:57 -07:00
mike@arpaia.co
e295630d32 Accidental comment 2014-09-15 13:37:20 -07:00
mike@arpaia.co
6f940fb827 Status docs 2014-09-15 13:23:28 -07:00
mike@arpaia.co
6985d4bfa5 scheduler documentation 2014-09-15 13:11:39 -07:00
mike@arpaia.co
1f42458bfb registry docs 2014-09-15 13:09:16 -07:00
mike@arpaia.co
3ca56b42a9 config documentation updates 2014-09-15 13:02:30 -07:00
mike@arpaia.co
798a8aa02a logger documentation 2014-09-15 13:02:23 -07:00
mike@arpaia.co
e0b385aa95 filesystem.h docs 2014-09-15 12:47:00 -07:00
mike@arpaia.co
42afd04bec docs for devtools.h 2014-09-15 12:28:41 -07:00
mike@arpaia.co
7d97186a26 comments for core.h 2014-09-15 12:23:07 -07:00
mike@arpaia.co
de426754d9 moving fs to the global namespace 2014-09-15 11:47:52 -07:00
mike@arpaia.co
d29c58f795 moving scheduler to global namespace 2014-09-15 11:26:16 -07:00
mike@arpaia.co
05f4bc513c down with scheduledQueries_t 2014-09-15 11:17:48 -07:00
mike@arpaia.co
b7f8f5f72a moving logger to the global namespace 2014-09-15 11:14:17 -07:00
mike@arpaia.co
fb2591d82a #143 2014-09-15 11:09:33 -07:00
mike@arpaia.co
68318f816b doxygen docs for Dispatcher 2014-09-14 23:02:50 -07:00
mike@arpaia.co
ad9b0bb5c1 Doxyfile, for docs 2014-09-13 15:18:26 -07:00
mike@arpaia.co
6a0e5b7ddb Removing the unimplemented transaction locking methods in DBHandle 2014-09-13 13:53:12 -07:00
mike@arpaia.co
e838110e84 Moving header to include 2014-09-12 17:50:03 -07:00