valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 10:23:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,376 Commits 2 Branches 109 Tags 25 MiB
0589d0395e
Commit Graph

141 Commits

Author SHA1 Message Date
Teddy Reed
b8087a1b26 Fix readFile TOCTOU error 2015-10-26 01:21:05 -07:00
Robert C. Seacord
1d9695ac31 eliminated some warnings from Clang 3.7 analyze mode 2015-10-21 06:02:58 +00:00
Robert C. Seacord
e57828aac3 changes for integer sign problems 2015-10-17 00:18:35 +00:00
Robert C. Seacord
acb2f6f628 eliminating diagnostics, mostly for comparisons between signed and unsigned operations 2015-10-16 16:10:37 +00:00
Teddy Reed
66888de80a Fix potential hang with recursive globbing 2015-09-28 17:50:25 -07:00
Mike Arpaia
fb2f33d770 Removing the ptvalue typedef 
Removing the ptvalue typedef in favor of just using `pt::ptree::value_type`
 2015-09-02 12:50:24 -07:00
Teddy Reed
5f56490835 Add plist parsing benchmarks and refactor slightly for perf wins 2015-09-01 18:56:09 -07:00
Javier Marcos
74be3d1da0 Removing dots at the end of log entries 2015-08-28 16:50:44 -07:00
Teddy Reed
bdadc9753b Additional OS X table performance improvements 2015-08-18 01:35:10 -07:00
Teddy Reed
5e3a86d2a8 Merge pull request #1376 from theopolis/fix_1367 
[Fix #1367] Disable user-controlled FIFO reads
 2015-07-23 18:25:52 -07:00
Teddy Reed
81aa36ecc7 [Fix #1381] Add documentation/install for daemon+Homebrew 2015-07-23 16:05:59 -07:00
Teddy Reed
ad94eaf0b8 [Fix #1367] Disable user-controlled FIFO reads 2015-07-22 10:15:39 -07:00
Mike Arpaia
5ccfe886ba Merge pull request #1363 from theopolis/less_rows 
[Fix #1303] Only emit rows when appropriate for processes/users.
 2015-07-19 20:36:26 -07:00
Teddy Reed
5249e74146 [Fix #1303] Only emit rows when appropriate for processes/users. 
When optimizing a table using query constraints an implementation should not add unneeded rows.
A user experience bug exists when selecting with an explicit non-existing pid/uid.
 2015-07-19 20:20:04 -07:00
Teddy Reed
95775be1d9 [Fix #1355] Allow plist keys with '.' 
Boost property trees are level delimited using '.' characters.
An Apple property list may contain keys with '.' characters, so the plist conversion must use iterators and raw node appends.
 2015-07-19 16:24:43 -07:00
Teddy Reed
c36fbda274 Merge pull request #1349 from theopolis/centos_version 
[Fix #1319] CentOS version reporting and file read error
 2015-07-17 09:07:29 -07:00
Teddy Reed
f06820f578 [Fix #1319] CentOS version reporting and file read error 
1. Redhat-based distributions were not reporting their version correct.
2. The file read API assumed stat would return an accurate file size.
This has been replaced with an attempt to seek to the end of the file.
 2015-07-16 14:16:51 -07:00
Artur Chmiel
ac9a320218 Updated the readFile function to correctly handle symbolic links 2015-07-16 07:55:12 +02:00
Teddy Reed
263090e8f2 [Fix #1332] Check mode for links in readFile 
1. "really" check for links in readFile
2. Apply the same restrictions and flag ACLs to file hashing.
 2015-07-14 14:24:52 -07:00
Teddy Reed
f48619ed28 [#1285, #1276] Faster, optimized subscriber results 2015-07-07 00:59:28 -07:00
Teddy Reed
d2685cfa41 [#1142] Move path resolution into publisher logic 2015-07-07 00:45:55 -07:00
Teddy Reed
dd9fa25d78 [Fix #1171, #1089] Add configurable max reads 
There are 3 new options that control how files are read:
--read_max: controls the maximum size, in bytes, for file reads. If a file is larger than `read_max` the read will fail.
--read_user_max: similar to `read_max` but applies additional limitations to user-controlled files.
--read_user_links: a boolean control to enable/disable following symlinks for user-controlled files.

Important highlights:
If files exceed the configured max, those reads will fail.
The `read_max` will override `read_user_max` if it is set lower.
A default integer value of `0` will disable the limitations.

The default `read_max` is set to 50M and the default `read_user_max` is 10M.
 2015-07-06 00:49:43 -07:00
Teddy Reed
7aac5fd358 Replace custom wildcarding with POSIX-glob 
POSIX-globbing will allow event publishers/subscribers to post-check
results against glob-syntax, fnpath matching, and POSIX C-regex.
These checks are anecdotally speedy.
 2015-07-02 13:53:16 -07:00
Teddy Reed
e7ab2fc47b Limit scope of git/tag version defines. 
Harden plist parsing against internal fuzzing tests.
Improve file/stream read speeds.
 2015-06-12 10:10:20 -07:00
Mike Arpaia
fff36af0af Removing trailing whitespace 2015-05-11 23:31:13 -07:00
Teddy Reed
70e3c190bb Easier build host-based sync 2015-05-05 15:15:45 -07:00
Teddy Reed
c63bf0451a Various exception hardening 2015-05-03 14:18:20 -07:00
Teddy Reed
d0bbb0bc4f Towards safer and shuffled unittests 2015-04-29 14:43:27 -07:00
Teddy Reed
be65922569 Fast tests 2015-04-27 09:40:31 -07:00
Teddy Reed
c9e07ec2ba Add launchd_overrides table 2015-04-15 23:19:23 -07:00
Teddy Reed
54af369702 [Fix #968] Refactor launchd 2015-04-10 18:04:26 -07:00
Teddy Reed
d30455893f Merge pull request #941 from theopolis/rhel_fun 
[Implement #926] RHEL6 provisioning
 2015-04-08 14:37:48 -07:00
Teddy Reed
41ce00e573 RHEL6 provisioning 2015-04-06 23:43:01 -07:00
Mitchell Grenier
a6a8cc596b Fixed a bug that would prevent single files from showing up in wildcard resolutions 2015-04-06 15:21:17 -07:00
Teddy Reed
692c1b1751 Add package_receipts/package_bom OS X tables 2015-03-27 23:12:09 -07:00
Teddy Reed
38bfed3414 Remove libprocps(ng) in favor of parsing proc manually 2015-03-27 12:37:16 -07:00
Teddy Reed
79ddc5ba38 Remove unused shell functions 2015-03-19 16:14:29 -07:00
Mitchell Grenier
3f75a0345f Fixing hopefully the last filesystem exception 2015-03-17 11:52:56 -07:00
Mitchell Grenier
e230aebab5 Fixing UBN by adding extra trys to uncaught throws 2015-03-16 15:44:24 -07:00
Mitchell Grenier
637336f8c9 Ability to configure osquery from multiple files 2015-03-13 17:19:02 -07:00
Teddy Reed
fe0f369af0 Extension-dependent config/logger plugins 2015-03-13 12:01:30 -07:00
Teddy Reed
5cfff6ac57 [For #579] Remove gotos from auto-release plist parsing 2015-03-08 15:45:39 -07:00
Teddy Reed
4916392aa8 Merge pull request #812 from theopolis/keychain 
Add more keychain search paths for certificates
 2015-03-07 23:27:50 -08:00
Teddy Reed
0673900837 Registry modules 2015-03-04 20:33:10 -08:00
Mitchell Grenier
93577f3ab2 Added filesystem .. test 
Supporting relative paths
 2015-03-03 16:18:37 -08:00
Mitchell Grenier
fc09924a59 clang format 2015-03-02 16:48:01 -08:00
Mitchell Grenier
0016bc4a8c Addressing theopolis changes 2015-03-02 15:46:42 -08:00
Mitchell Grenier
68ea487137 Addressing theopolis changes 2015-03-02 15:43:31 -08:00
Teddy Reed
e123f9f0a2 Add more keychain search paths for certificates 2015-03-01 21:15:42 -08:00
Mitchell Grenier
544615ef57 Bug fix for REC_LIST_FOLDERS 
Fixed a bug where when using REC_LIST_FOLDERS, the root resolution directory
would not be returned.
 2015-03-01 18:26:37 -08:00