valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 02:18:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,506 Commits 2 Branches 109 Tags 25 MiB
12716496aa
Commit Graph

1420 Commits

Author SHA1 Message Date
Teddy Reed
12716496aa [Fix #1694] Expire results for 'old' scheduled queries 2015-12-07 12:23:43 -08:00
Teddy Reed
c020bb87b4 Merge pull request #1705 from theopolis/dump 
[#1702] Add config and database dumping to stdout
 2015-12-06 21:41:31 -08:00
Teddy Reed
24aa387eb0 Merge pull request #1696 from theopolis/node_invalid 
[#1676] Clear node key on node_invalid
 2015-12-06 17:10:12 -08:00
Teddy Reed
bfa0d617be Merge pull request #1679 from theopolis/support_multi_loggers 
[#1648] Support multiple loggers
 2015-12-06 15:00:32 -08:00
Teddy Reed
eeff5d0bf0 [#1676] Clear node key on node_invalid 2015-12-06 14:28:00 -08:00
Teddy Reed
9ebd292eb6 [#1648] Support multiple loggers 2015-12-06 11:10:10 -08:00
Teddy Reed
fef53fa0d0 Add config and database dumping to stdout 2015-12-06 11:01:26 -08:00
Teddy Reed
ad07e07879 Make chrome extension identifiers easier to extract 2015-12-04 11:50:13 -08:00
Teddy Reed
1acba4dfa6 Merge pull request #1700 from theopolis/tsk2 
TSK integration and example tables
 2015-12-04 11:26:03 -08:00
Teddy Reed
f687a84840 [Fix #1689] Remove C-style comments from config examples 2015-12-04 11:08:54 -08:00
Teddy Reed
373ce339dc TSK integration and example tables 2015-12-04 11:08:51 -08:00
Teddy Reed
e5bc6410ba Merge pull request #1697 from theopolis/fix_1660 
[Fix #1660] Prevent spurious NETLINK recv retries
 2015-12-02 23:56:39 -08:00
Teddy Reed
4dc6b9f0a3 [Fix #1660] Prevent spurious NETLINK recv retries 2015-12-02 23:33:20 -08:00
Teddy Reed
ffb5b7020e [Fix #1693, #1527] Add osquery-specific query planner output 2015-12-02 19:57:24 -08:00
Teddy Reed
ccff0c8c18 [Fix #1686] Add 'subject' and 'signing_algorithm' to certificates 2015-11-29 18:32:13 -08:00
Teddy Reed
f57968e0f6 Use a static 'binary' name for Glog 2015-11-27 11:27:09 -08:00
Teddy Reed
2bad9d6a74 Changes to suport node-based configs 2015-11-24 14:44:56 -08:00
Teddy Reed
2e57869d34 Merge pull request #1681 from theopolis/fix_1665 
[#1665, #1615] Refactor user-based tables to act uniformly
 2015-11-24 13:07:28 -08:00
Teddy Reed
35129a7af7 [#1665, #1615] Refactor user-based tables to act uniformly 2015-11-24 12:46:25 -08:00
Teddy Reed
204b16a946 Merge pull request #1675 from theopolis/planner_or 
Fix constraints stacking
 2015-11-24 12:25:15 -08:00
Teddy Reed
f2361bca21 Merge pull request #1680 from sharvilshah/clang_analyzer_fixes 
Fix clang-analyzer warning
 2015-11-24 07:04:06 -08:00
Sharvil Shah
4ac0e68c08 Fix clang-analyzer warning -- Use uint32_t instead of size_t for uniform_int_distribution 2015-11-24 00:56:37 -08:00
Teddy Reed
fe8b9246e9 Merge pull request #1673 from theopolis/replace_run_profile 
[#1527] Add a --profile option to the shell, replace 'run'
 2015-11-23 21:32:51 -08:00
Teddy Reed
5370fef950 Merge pull request #1678 from theopolis/audit_user_events 
[#1497] Add user_events table based on audit user-type messages
 2015-11-23 21:31:37 -08:00
Teddy Reed
07fd718e00 Add user_events table based on audit user-type messages 2015-11-23 18:13:31 -08:00
Teddy Reed
3221fbd9b3 Fix constraints stacking 2015-11-22 22:53:23 -08:00
Teddy Reed
a3a05e7e1e [#1527] Add a --profile option to the shell, replace 'run' 2015-11-21 22:45:40 -08:00
Teddy Reed
08c7911eb7 Merge pull request #1655 from theopolis/iokit_events 
Rewrite OS X hardware events to use IOKit proper
 2015-11-21 19:45:10 -08:00
Teddy Reed
6748fdb024 Rewrite OS X hardware events to use IOKit proper 2015-11-21 19:31:05 -08:00
Teddy Reed
7ca7974dfb Merge pull request #1668 from cdown/f/freebsd_uid 
freebsd process table: Fix EUID/EGID to not use saved IDs
 2015-11-21 11:19:36 -08:00
Teddy Reed
283f7c6d59 Fix clang analyze failures in signature table 2015-11-21 09:56:19 -08:00
Chris Down
d4d87a69ce freebsd process table: Fix EUID/EGID to not use saved IDs 
It's not totally clear why saved IDs were used here. There is some precident in
sigar (https://github.com/hyperic/sigar), where they also use the saved UID,
but me and @wxsBSD are not really sure why. Maybe it's because kinfo_proc feels
different than similar structs on other Unices.

Fixes #1662.
 2015-11-21 02:52:06 -08:00
Teddy Reed
8425010874 Merge pull request #1664 from stripe/andrew-better-homebrew 
Determine Homebrew Cellar from binary
 2015-11-20 16:06:30 -08:00
Andrew Dunham
161f8b9fd0 Determine Homebrew Cellar from binary 
We look at the location of the Homebrew binary `brew` on disk, and use
the real path (i.e. path with all symlinks resolved) from that binary to
determine the Cellar.  This behavior mirrors that of Homebrew itself.
 2015-11-20 15:15:18 -08:00
Teddy Reed
9ae53f2158 Merge pull request #1663 from cdown/f/saved_ids 
Add saved UIDs and GIDs to process table
 2015-11-20 14:35:20 -08:00
Teddy Reed
5cd040eb35 Merge pull request #1667 from theopolis/add_hash_check 
Use a noexcept method of directory checking for hash
 2015-11-20 14:24:43 -08:00
Teddy Reed
a72fa19536 Use a noexcept method of directory checking for hash 2015-11-20 13:32:56 -08:00
Teddy Reed
a673a793fe Merge pull request #1659 from PickmanSec/knownhosts 
Added known_hosts table
 2015-11-20 12:46:13 -08:00
Teddy Reed
9f5154eb4b Merge pull request #1652 from theopolis/better_types 
Add a SQLite query planner for type detection
 2015-11-19 09:11:26 -08:00
Teddy Reed
16247f10e8 Merge pull request #1624 from PickmanSec/master 
added authorized_keys table
 2015-11-19 09:10:59 -08:00
Chris Down
39bdec4c8d Add saved UIDs and GIDs to process table 2015-11-18 16:44:07 -08:00
Michael George
dde59f8c18 Added known_hosts file 
added known_hosts table
 2015-11-17 12:38:19 -08:00
Michael George
a649bf6733 Added authorized_keys table 
Fixed mislabled variable from line parsing

Update authorized_keys.cpp

Update authorized_keys.cpp

Check if line is empty
 2015-11-16 10:36:24 -08:00
Teddy Reed
98f212e7a9 Add a SQLite query planner for type detection 2015-11-15 13:56:16 -08:00
Teddy Reed
cef8f59054 Merge pull request #1639 from theopolis/cache 
Table results caching
 2015-11-14 16:22:24 -08:00
Teddy Reed
e1d7511600 Remove column type string representations 2015-11-14 15:57:30 -08:00
Teddy Reed
c2be670806 Table results caching 
1. Table implementations (spec files) can mark the table as 'cachable'.
2. Cached results depend on the shortest/quickest interval of scheduled
queries that act on results of the table.
3. The table API generator blocks caching on index/additional/required
table column options.
 2015-11-14 15:57:23 -08:00
Teddy Reed
7480003eb6 Merge pull request #1646 from stripe/andrew-refactor-signature 
Refactor how we determine the OS version in the signature table
 2015-11-11 14:18:48 -08:00
Teddy Reed
ee84f35632 Merge pull request #1645 from stripe/andrew-configure-perms 
Allow setting the mode of log files
 2015-11-11 13:46:24 -08:00
Andrew Dunham
4ccdcc7864 Allow setting the mode of log files 
This also sets the appropriate flags in glog
 2015-11-11 11:37:55 -08:00