valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 09:58:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,213 Commits 2 Branches 109 Tags 25 MiB
0e16f56c8d
Commit Graph

1225 Commits

Author SHA1 Message Date
Teddy Reed
0e16f56c8d Add 'hidden' flags to customize TLS plugins 2015-08-28 12:57:53 -07:00
Teddy Reed
d47cac7434 Merge pull request #1461 from blackfist/master 
Attempts to add a cli flag --enroll_secret_env
 2015-08-26 14:57:00 -07:00
Kevin Thompson
e8772f2603 Adds an enroll_secret_env flag that allows the user to specify that 
the enroll secret for TLS enrollment is stored in an environment
variable rather than a file.
 2015-08-25 21:11:19 -05:00
Mathieu Kooiman
b151ecedc2 Refs https://github.com/facebook/osquery/issues/320 
Add provisioning scripts to build osquery on Debian Wheezy and Debian Jessie.
 2015-08-20 20:57:22 +02:00
Teddy Reed
bdadc9753b Additional OS X table performance improvements 2015-08-18 01:35:10 -07:00
Teddy Reed
ff926730a9 Remove VirtualTable matrix rotation 2015-08-17 16:58:54 -07:00
Teddy Reed
5bf30a779d RocksDB usage speedups 2015-08-15 20:43:53 -07:00
Teddy Reed
43cf5f1a0a Merge pull request #1448 from theopolis/strol-speedup 
Speedup type conversions, yara, and 10.10 symbols at runtime
 2015-08-14 11:01:46 -07:00
Teddy Reed
68d7a6e0be Speedup type conversions, yara, and 10.10 symbols at runtime 2015-08-13 18:04:03 -07:00
Teddy Reed
634dfe7da1 Merge pull request #1438 from sharvilshah/fix_homebrew_version 
[Fix #1434] version reporting for homewbrew_packages
 2015-08-12 11:30:21 -07:00
Sharvil Shah
b190f5f99a Fix #1433, os_version reporting for 10.11 2015-08-11 14:03:27 -07:00
Sharvil Shah
369040e69b Fix version reporting for homewbrew_packages. Fixes #1434 2015-08-11 01:50:40 -07:00
Michael O'Farrell
eefccf27b1 Switch boost lexical casts to strtol. This should be faster than a boost lexical cast. 2015-08-07 16:33:32 -07:00
Sharvil Shah
64588be88b Fix build on OS X 10.11 
enum `SecItemClass` changed in 10.11 headers,
so don't instantiate with rvalue of int.

Update `SecKeychainSearchCreateFromAttributes` to match the stricter definition.

Fixes #1423
 2015-08-05 18:29:29 -07:00
Teddy Reed
1eea02ed9b Merge pull request #1419 from theopolis/sql_optimizations 
Several small optimizations around internal SQL queries
 2015-08-03 16:11:36 -07:00
Teddy Reed
a11dfcc222 Merge pull request #1422 from theopolis/options_on_packs 
Apply query options to pack queries
 2015-08-03 15:50:05 -07:00
Teddy Reed
f86c9e7778 Apply query options to pack queries 2015-08-03 15:33:55 -07:00
Teddy Reed
67b0f51ab5 Several small optimizations around internal SQL queries 2015-08-03 07:56:55 -07:00
Michael O'Farrell
5d0e4be6a1 Merge pull request #1335 from mofarrell/kernel-file-events 
Added kernel file access events.
 2015-07-31 15:22:11 -07:00
Michael O'Farrell
9f2b318778 Added kernel file access events. 2015-07-31 15:06:46 -07:00
Mike Arpaia
a45c794f52 building on 10.9 2015-07-31 11:57:39 -07:00
osquery
ae8305e00e Revert "Remove OS X 10.9 code path since we no longer support it" 
This reverts commit 05bbe2ce06.
 2015-07-31 11:44:34 -07:00
Michael O'Farrell
b0289adcf5 Merge pull request #1414 from theopolis/env_limits 
Add optional environment variable whitelist to process_events
 2015-07-30 18:17:31 -07:00
Teddy Reed
dc82ffa636 Add optional environment variable whitelist to process_events 2015-07-30 16:05:11 -07:00
Michael O'Farrell
8c8c591195 Merge pull request #1404 from mofarrell/load-kernel 
Added loading of kernel.
 2015-07-30 15:20:33 -07:00
Michael O'Farrell
eaf7de08df Added loading of kernel. 2015-07-30 14:36:46 -07:00
Michael O'Farrell
9e20d5904d Merge pull request #1412 from theopolis/use_sigkill 
Use SIGKILL on OS X
 2015-07-30 10:55:56 -07:00
Michael O'Farrell
f694149584 Merge pull request #1411 from mofarrell/benchmark-means 
Benchmark using mean across 5 runs.
 2015-07-29 18:00:35 -07:00
Teddy Reed
8082a0b5ac Use SIGKILL on OS X 2015-07-29 17:05:45 -07:00
Michael O'Farrell
346743e87f Benchmark using mean across 5 runs. 2015-07-29 16:50:19 -07:00
Chris Down
260df0d6d0 linux users table: Do not drop users with duplicate UIDs 
See Github issue #1301. FreeBSD (which also uses this table) by default has two
users which are UID 0 -- both `toor` and `root`. 19a2d64959 made it so that we
would only get the first one from `getpwent`, but this feature is undesirable
in cases where two different users share the same UID.
 2015-07-29 09:00:47 -07:00
Teddy Reed
fa36a8918b Merge pull request #1401 from theopolis/tests_and_benchmarks 
Various additional tests and benchmarks
 2015-07-28 13:20:46 -07:00
Teddy Reed
ff9cb71628 Various additional tests and benchmarks 2015-07-28 12:26:17 -07:00
Michael O'Farrell
93a65eaf04 Merge pull request #1400 from mofarrell/process-events-env-arg 
Adding environment variables and arguments for process events.
 2015-07-27 17:54:06 -07:00
Michael O'Farrell
3f87d5832f Adding environment variables and arguments for process events. 2015-07-27 15:48:47 -07:00
Wesley Shields
698e226b80 Add tags and strings columns to YARA tables. 
When strings match they will be populated into the "strings" column of
the table. The format is identifier:offset.

When a matching rule has tags defined the tags will be put into the
"tags" column of the table in a comma separated list.
 2015-07-27 08:20:24 -04:00
Teddy Reed
e2553e26b1 Merge pull request #1391 from theopolis/1374 
[Fix #1374] Allow subscription subclassing
 2015-07-26 13:46:19 -07:00
Alex Gaynor
e9dca0ef4d Fixed #1392 -- removed non-existant modes from .mode's help 2015-07-26 13:34:08 -04:00
Teddy Reed
d2effc539c [Fix #1374] Allow subscription subclassing 2015-07-26 01:48:27 -07:00
Teddy Reed
af13c1b7ea Silence google benchmark CMake output, remove benchmark tests 2015-07-24 09:52:29 -07:00
Teddy Reed
cce8a6aab3 Merge pull request #1384 from theopolis/table_cleanups 
Remove some non-warning/error log lines from tables
 2015-07-24 00:32:11 -07:00
Teddy Reed
2d7ce9341a Remove some non-warning/error log lines from tables 2015-07-24 00:09:06 -07:00
Teddy Reed
928f46c00f Merge pull request #1379 from theopolis/fix_1369 
[Fix #1369] Limit IOKit HID events
 2015-07-23 18:26:04 -07:00
Teddy Reed
5e3a86d2a8 Merge pull request #1376 from theopolis/fix_1367 
[Fix #1367] Disable user-controlled FIFO reads
 2015-07-23 18:25:52 -07:00
Teddy Reed
220fa0bd92 Merge pull request #1383 from theopolis/fix_1381 
[Fix #1381] Add documentation/install for daemon+Homebrew
 2015-07-23 18:25:40 -07:00
Teddy Reed
264ec99bd3 Merge pull request #1378 from mlw/fix-ubuntu10-string-concat-crash 
Support for older GCC compiler
 2015-07-23 18:25:05 -07:00
Michael O'Farrell
66b075a685 Merge pull request #1377 from mofarrell/benchmark 
Added benchmarking targets.
 2015-07-23 17:37:56 -07:00
Michael O'Farrell
a65f8dd93c Added benchmarking targets. 2015-07-23 17:07:42 -07:00
Teddy Reed
81aa36ecc7 [Fix #1381] Add documentation/install for daemon+Homebrew 2015-07-23 16:05:59 -07:00
Javier Marcos
f91a96f590 Fixing problem with versionChecker and adding usecase to tests 2015-07-23 14:21:43 -07:00