valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 02:18:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,506 Commits 2 Branches 109 Tags 25 MiB
12716496aa
Commit Graph

1420 Commits

Author SHA1 Message Date
Teddy Reed
654830cf11 Merge pull request #1594 from rcseacord/additional-sign-fixes 
eliminated some warnings from Clang 3.7 analyze mode
 2015-10-23 13:03:54 -03:00
Robert C. Seacord
09481d0381 Fixed some type problems, casting away const, integer types, old style casts, etc. 2015-10-21 20:56:58 +00:00
Robert C. Seacord
1d9695ac31 eliminated some warnings from Clang 3.7 analyze mode 2015-10-21 06:02:58 +00:00
Robert C. Seacord
7a87be9ada more sign coversion errors 2015-10-20 06:08:01 +00:00
Robert C. Seacord
1d7877d120 remmoved fanitize compiler option 2015-10-20 02:51:57 +00:00
Teddy Reed
c0257aa7d1 Merge pull request #1589 from theopolis/fix_1578 
[Fix #1578] Support OPENSSL_NO_SSV3
 2015-10-19 11:25:46 -07:00
Teddy Reed
7ba87a88bb Merge pull request #1585 from rcseacord/additional-sign-fixes 
Additional sign fixes
 2015-10-19 11:25:18 -07:00
Teddy Reed
8214dd1309 Merge pull request #1584 from theopolis/fix_1580 
[Fix #1580] Handle exceptions in linux process_memory_map
 2015-10-19 09:28:16 -07:00
Teddy Reed
f891503cd9 Merge pull request #1577 from nemith/dpkg 
Support for newer versions of libdpkg
 2015-10-19 09:24:37 -07:00
Teddy Reed
00875988dc Use native OS X version as min ABI 2015-10-18 20:47:09 -07:00
Teddy Reed
2bd6398b53 [Fix #1578] Support OPENSSL_NO_SSV3 2015-10-18 20:47:06 -07:00
Teddy Reed
bc50c053fb Remove boolean type-columns from file in favor of 'type' 2015-10-17 12:16:54 -07:00
Robert C. Seacord
e57828aac3 changes for integer sign problems 2015-10-17 00:18:35 +00:00
Teddy Reed
3cc7984cc2 [Fix #1580] Handle exceptions in linux process_memory_map 2015-10-16 16:59:23 -07:00
Robert C. Seacord
acb2f6f628 eliminating diagnostics, mostly for comparisons between signed and unsigned operations 2015-10-16 16:10:37 +00:00
Robert C. Seacord
37b8e83a9e fixes for problems related to unsigned to signed integer comparisons 2015-10-16 16:10:36 +00:00
Robert C. Seacord
0a6a36485c redeclared i from int to size_t in two locatoins to eliminate several signed to unsigned comparisons 2015-10-16 16:10:36 +00:00
Teddy Reed
3f8cb14fbb Merge pull request #1579 from nemith/segv 
Fix segfault on interfaces tables
 2015-10-15 17:58:04 -07:00
Brandon Bennett
f683871653 Fix segfault on interfaces tables 
getifaddrs(3) states that ifa_addr can be null. Check to make sure they are not null before accessing them
 2015-10-15 16:53:14 -06:00
Brandon Bennett
65738a73c1 Support for newer versions of libdpkg 
Libdpkg has some breaking changes in newer versions which prevented
compiling the deb_packages table on Ubuntu 15.04.  This change looks for
the libpkg version user pkg-config and adds some preprocessor magic to
support the newer versions.
 2015-10-15 16:43:14 -06:00
Teddy Reed
3be0994933 [Fix #1570] Check for invalid apt sources 
This fixes a crash identified by @endrazine.
When apt sources data in /etc/apt/sources.list or /etc/apt/sources.list.d/{*}.list contain invalid data/lines the cache_file.GetPkgCache(); call will fail and cache will be nullptr. Subsequent usage results in a SIGSEV.

To reproduce the fault try:

$ zzuf -I /etc/ -r 0.01:0.1 -s 0:1000 -v \
 ./build/trusty/osquery/osqueryi --registry_exceptions=true --verbose \
 "select count(*) from apt_sources"

Signed-off-by: Jonathan Brossard
 2015-10-15 15:20:26 -07:00
Teddy Reed
201fbabb28 [Fix #1559] Allow boost.filesystem incorrect LC_CTYPE 2015-10-13 09:55:44 -07:00
Teddy Reed
4852e3525f Merge pull request #1550 from theopolis/ext_clean 
Extension managers should clean extension sockets when starting
 2015-10-12 13:36:10 -07:00
Teddy Reed
171bfecd20 Merge pull request #1552 from theopolis/glog_benchmark 
Build Glog with OS X ABI, add SKIP_BENCHMARK
 2015-10-12 13:35:45 -07:00
Teddy Reed
34717fda29 Merge pull request #1554 from mlw/fix-lingering-socket-fds 
Close socket fds when finished with them
 2015-10-12 13:32:52 -07:00
Matthew White
2446b22a5f Close socket fds when finished with them 2015-10-12 09:59:09 -07:00
Teddy Reed
b7a2d861bf Build Glog with OS X ABI, add SKIP_BENCHMARK 2015-10-11 14:37:49 -07:00
Teddy Reed
c7ff3dfb4f Merge pull request #1549 from theopolis/more_11 
Bumb RocksDB to ERROR, fix OS X kernel_info, silence compile warnings
 2015-10-11 20:39:56 +01:00
Teddy Reed
6b16720039 Fix kernel_info on OS X, remove md5 2015-10-11 11:43:42 -07:00
Teddy Reed
fb56646623 Restrict RocksDB log level to ERROR 2015-10-11 10:50:56 -07:00
Mike Arpaia
4d0cd46f42 Merge pull request #1539 from theopolis/nit_101 
Minor nits around distributed CLIs
 2015-10-09 14:55:05 -07:00
Teddy Reed
dbdf64ed6e Use better defines for 10.11 2015-10-08 07:22:48 -07:00
Teddy Reed
d5a7498881 Extension managers should clean extension sockets when starting 2015-10-08 06:47:23 -07:00
Teddy Reed
689ae4c865 Minor nits around distributed CLIs 2015-10-02 11:33:50 -07:00
Mike Arpaia
5789d889f4 Merge pull request #1538 from marpaia/discovery_queries 
[fix #1536] Schedule iteration pass-by-reference
 2015-09-30 15:50:05 -07:00
Mike Arpaia
65df593d33 [fix #1536] Schedule iteration pass-by-reference 
There was a bug in the `osquery::Schedule` container object such that,
when the iteration through the schedule occured, pack objects were being
passed by value (copied) instead of passed by reference. Thus, the
discovery query would be executed, the object's cache would be updated,
and then the object would go out of scope and be destructed, thus
leaving the original object without ever having ran the discovery query.
This caused discovery queries to thrash. Bad times.

I added a new test so that we don't regress here as well as const'd a
few functions that should have been const in `osquery::Pack`.
 2015-09-30 15:41:43 -07:00
Matthew White
25dbd33e1e Fixed bug when checking if config is valid 2015-09-30 10:50:28 -07:00
Teddy Reed
2a71162b0c Merge pull request #1534 from theopolis/glob_fix 
Fix potential hang with recursive globbing
 2015-09-28 18:06:53 -07:00
Teddy Reed
66888de80a Fix potential hang with recursive globbing 2015-09-28 17:50:25 -07:00
Teddy Reed
31b7966088 [Fix #1531] Use libarchive finish for safari_extension parsing 2015-09-28 17:33:42 -07:00
Teddy Reed
bbac2cf07f [#1529] Allow DB Readonly with RocksDB lite 2015-09-28 01:50:32 -07:00
Teddy Reed
64c18a70a9 Merge pull request #1525 from theopolis/process_adds 
Add state, group, and nice to processes
 2015-09-24 14:43:17 -07:00
Teddy Reed
5890901c00 Add state, group, and nice to processes 2015-09-24 13:11:46 -07:00
Teddy Reed
2d4150499a Merge pull request #1526 from theopolis/linux_sigs 
[#1488] Shutdown Linux event publishers responsibly
 2015-09-24 11:08:41 -07:00
Teddy Reed
bb65ec49ac [#1488] Shutdown Linux event publishers responsibly 2015-09-22 23:06:23 -07:00
Mike Arpaia
327a9bcdb1 Merge pull request #1522 from marpaia/startup_items 
Include system startup items
 2015-09-22 16:06:20 -07:00
Mike Arpaia
b09031adda Include system startup items 
We were not parsing system startup items.
 2015-09-22 15:50:55 -07:00
Teddy Reed
0b006f28c7 Merge pull request #1519 from theopolis/osx_events 
[#1488] Stop OS X event publishers with SIGINT
 2015-09-22 09:14:47 -07:00
Teddy Reed
97ca0e627a [#1488] Stop OS X event publishers with SIGINT 2015-09-21 22:02:27 -07:00
Mike Arpaia
4021a742df Merge pull request #1507 from jacknagz/os_version_rhel 
RHEL os_version fix
 2015-09-21 18:03:03 -07:00
Teddy Reed
284dac71de Write helpful DB access/open error to verbose log 2015-09-20 10:35:26 -07:00
Teddy Reed
946ab354ff Merge pull request #1517 from theopolis/fix_yara 
Fix YARA sigfile caching
 2015-09-20 10:34:29 -07:00
Teddy Reed
d042967f43 Fix YARA sigfile caching 2015-09-20 00:06:57 -07:00
Jack Naglieri
9c1e114728 Fix os_version table regex for REDHAT_BASED systems. Updating centos6/7 and freebsd10 Vagrant boxes. 2015-09-18 14:47:08 -07:00
Mike Arpaia
a0795f300b Merge pull request #1512 from theopolis/schedule_tracking 
Scheduled query success tracking
 2015-09-17 13:39:04 -07:00
Teddy Reed
c51d214ddd Scheduled query success tracking 2015-09-16 23:31:07 -07:00
Mike Arpaia
73045e4974 Moving packs to top level include directory 
I could've swore that I did this already, but this moves
`include/osquery/config/packs.h` to `include/osquery/packs.h`.
 2015-09-16 15:51:05 -07:00
Teddy Reed
333f2ce8c8 [#1506] Silent kext loading messages from syslog 2015-09-16 13:13:56 -07:00
Mike Arpaia
3d81223dfb Merge pull request #1508 from marpaia/distributed_test_fixes 
Making distributed tests more awesome and less flaky
 2015-09-16 12:05:51 -07:00
Mike Arpaia
dc6e395b77 Only log to warning if the config can't be read by the daemon 
fix #1504
 2015-09-16 10:54:38 -07:00
Mike Arpaia
41ef6798c6 Making distributed tests more awesome and less flaky 
Distributed tests were failing every now and then because the test
plugin didn't implement retry's and the test server wasn't always
starting up fast enough. I fixed this by refactoring the tests to use
the real TLS plugin, which has retry logic. This required some mangling
of the configuration options, which should serve as a good reference as
well.
 2015-09-16 10:36:34 -07:00
Teddy Reed
7852c356ec Merge pull request #1494 from theopolis/signals 
[#1488] Use signal handlers for teardown and reloading
 2015-09-15 16:14:40 -07:00
Teddy Reed
65162e7239 Merge pull request #1501 from sharvilshah/sysinfo_updates 
Update system_info table to include CPU type, CPU cores and total memory
 2015-09-14 20:02:56 -04:00
Teddy Reed
7c2a625ef2 Use signal handlers for teardown and reloading 2015-09-14 16:57:00 -07:00
Teddy Reed
944e3de206 Merge pull request #1496 from theopolis/events_table 
[#1487] Add osquery_events table to track pubsub stats
 2015-09-14 15:27:35 -04:00
Sharvil Shah
28143f64f0 Update system_info table: adds CPU type, CPU cores and total memory. 
This change adds following columns to `system_info` table:

    cpu_type, cpu_subtype, cpu_brand, cpu_physical_cores,
    cpu_logical_cores, physical_memory, hardware_model

Here's an example output of those columns:

```
              cpu_type = x86_64h
           cpu_subtype = Intel x86-64h Haswell
             cpu_brand = Intel(R) Core(TM) i7-4850HQ CPU @ 2.30GHz
    cpu_physical_cores = 4
     cpu_logical_cores = 8
       physical_memory = 17179869184
        hardware_model = MacBookPro11,3
```
 2015-09-10 14:44:48 -07:00
Matthew White
28d456a2f1 Fix build for Ubuntu Lucid 2015-09-10 13:55:59 -04:00
Scott Piper
5e7d0d6a37 Added system_info table 2015-09-09 10:26:16 -07:00
Mike Arpaia
9929c61c94 Merge pull request #1500 from marpaia/remote 
Client-side implementation of distributed queries
 2015-09-08 15:02:32 -07:00
Mike Arpaia
aaa03a1058 Distributed queries client-side 2015-09-08 13:33:48 -07:00
Mike Arpaia
07283817cb Removing remnants of a refactoring from Christmas Past 2015-09-04 11:33:33 -07:00
Mike Arpaia
de58353131 Config MD5 a bit more deterministic 
```
$ ./build/darwin/osquery/osqueryi --config_path=/asdfasdfadfs
E0903 11:45:02.050308 1990836992 init.cpp:370] Error reading config: config file does not exist
Using a virtual database. Need help, type '.help'
osquery> .mode line
osquery> .all osquery_info
           pid = 33700
       version = 1.5.2-43-gb06fa92
    config_md5 =
  config_valid = 0
   config_path = /asdfasdfadfs
    extensions = active
build_platform = darwin
  build_distro = 10.10
osquery> .exit

$ ./build/darwin/osquery/osqueryi
osquery> .mode line
osquery> .all osquery_info
           pid = 33781
       version = 1.5.2-43-gb06fa92
    config_md5 = 8a432ac93d3de080c62d77ba99b89783
  config_valid = 1
   config_path = /var/osquery/osquery.conf
    extensions = active
build_platform = darwin
  build_distro = 10.10
osquery> .exit
```
 2015-09-03 22:03:40 -07:00
Teddy Reed
b57040db60 Add osquery_events table to track pubsub stats 2015-09-03 15:10:53 -07:00
Teddy Reed
2813d3ab87 Add a Linux audit event publisher 2015-09-03 08:45:02 -07:00
Teddy Reed
ba7cef3f78 Merge pull request #1493 from theopolis/fix_1492 
[Fix #1492] Fix firefox key counting and spec typo
 2015-09-02 23:49:55 -07:00
Teddy Reed
01e040a01c Merge pull request #1491 from theopolis/cleanups3 
Static analysis cleanups, static libmagic
 2015-09-02 23:49:13 -07:00
Teddy Reed
7a15d25796 [Fix #1492] Fix firefox key counting and spec typo 2015-09-02 19:50:36 -07:00
Teddy Reed
bb2b5f594b Static analysis cleanups, static libmagic 2015-09-02 16:55:20 -07:00
Mike Arpaia
fb2f33d770 Removing the ptvalue typedef 
Removing the ptvalue typedef in favor of just using `pt::ptree::value_type`
 2015-09-02 12:50:24 -07:00
Mike Arpaia
f92fa761f7 Merge pull request #1484 from theopolis/faster_plist 
Add plist parsing benchmarks and refactor slightly for perf wins
 2015-09-02 12:48:44 -07:00
Mike Arpaia
a140333441 [fix #1390] query pack re-org 
This commit contains the features specified in #1390 as well as a
refactoring of the general osquery configuration code.

The API for the config plugins hasn't changed, although now there's a
`genPack` method that config plugins can implement. If a plugin doesn't
implement `genPack`, then the map<string, string> format cannot be used.
The default config plugin, the filesystem plugin, now implements
`genPack`, so existing query packs code will continue to work as it
always has.

Now many other config plugins can implement custom pack handling for
what makes sense in their context. `genPacks` is not a pure virtual, so
it doesn't have to be implemented in your plugin if you don't want to
use it. Also, more importantly, all config plugins can use the standard
inline pack format if they want to use query packs. Which is awesome.

For more information, refer to #1390, the documentation and the doxygen
comments included with this pull requests, as well as the following
example config which is now supported, regardless of what config plugin
you're using:

```json
{
  "options": {
    "enable_monitor": "true"
  },
  "packs": {
    "core_os_monitoring": {
        "version": "1.4.5",
        "discovery": [
          "select pid from processes where name like '%osqueryd%';"
        ],
        "queries": {
          "kernel_modules": {
              "query": "SELECT name, size FROM kernel_modules;",
              "interval": 600
          },
          "system_controls": {
              "query": "SELECT * FROM system_controls;",
              "interval": 600,
              "snapshot": true,
          },
          "usb_devices": {
              "query": "SELECT * FROM usb_devices;",
              "interval": 600
          }
        }
    },
    "osquery_internal_info": {
        "version": "1.4.5",
        "discovery": [
          "select pid from processes where name like '%osqueryd%';"
        ],
        "queries": {
          "info": {
              "query": "select i.*, p.resident_size, p.user_time, p.system_time, time.minutes as counter from osquery_info i, processes p, time where p.pid = i.pid;",
              "interval": 60,
              "snapshot": true
          },
          "registry": {
              "query": "SELECT * FROM osquery_registry;",
              "interval": 600,
              "snapshot": true
          },
          "schedule": {
              "query": "select name, interval, executions, output_size, wall_time, (user_time/executions) as avg_user_time, (system_time/executions) as avg_system_time, average_memory from osquery_schedule;",
              "interval": 60,
              "snapshot": true
          }
        }
    }
  }
}
```

The `osquery_packs` table was modified to remove the superfluous
columns which could already have been found in `osquery_schedule`. Two
more columns were added in their place, representing stats about pack's
discovery query execution history.

Notably, the internal API for the `osquery::Config` class has changed
rather dramatically as apart of the refactoring. We think this is an
improvement. While strictly adhering to the osquery config plugin
interface will have avoided any compatibility errors, advanced users may
notice compilation errors if they access config data directly. All
internal users of the config have obviously been updated. Yet another
reason to merge your code into mainline; we update it for you when we
refactor!
 2015-09-02 10:56:26 -07:00
Teddy Reed
5f56490835 Add plist parsing benchmarks and refactor slightly for perf wins 2015-09-01 18:56:09 -07:00
Teddy Reed
4dd77a43a7 Remove cpp-netlib from third-party, prefer deps-build 2015-08-31 09:27:01 -07:00
Teddy Reed
776de9c4d1 Merge pull request #1477 from theopolis/table_xp_meta 
XProtect meta virtual table and safari_extensions column additions
 2015-08-30 21:31:35 -07:00
Teddy Reed
906d19927f [#1418] Use libarchive to parse Safari extension bundles 2015-08-29 23:59:41 -07:00
Teddy Reed
9ca040c54f Merge pull request #1478 from sharvilshah/shell_cleanups 
Shell Cleanups
 2015-08-29 23:52:55 -07:00
Sharvil Shah
fc6865b8a9 Remove unused functions/macros/variables from shell and misc hardening 2015-08-29 22:08:01 -07:00
Teddy Reed
cd1d39b323 Merge pull request #1407 from theopolis/tls_customization 
Add 'hidden' flags to customize TLS plugins
 2015-08-28 17:21:49 -07:00
Javier Marcos
74be3d1da0 Removing dots at the end of log entries 2015-08-28 16:50:44 -07:00
Javier Marcos
086ab40f83 Merge pull request #1473 from javuto/this_is_real_magic 
Adding magic table to check for libmagic data
 2015-08-28 14:03:10 -07:00
Teddy Reed
0e16f56c8d Add 'hidden' flags to customize TLS plugins 2015-08-28 12:57:53 -07:00
Javier Marcos
1a50977a23 Adding magic table to check for libmagic data 2015-08-28 12:49:46 -07:00
Teddy Reed
88c7ad35a2 Merge pull request #1471 from theopolis/process_start_fix 
[Fix #1453] Use second precision for process start times
 2015-08-28 11:48:25 -07:00
Teddy Reed
2433d9e06c [#1418] Include XProtect's meta list of plugin versions, and blacklisted extensions 2015-08-28 11:46:21 -07:00
Teddy Reed
014e504fba [Fix #1432] Improve OS X USB device reporting 2015-08-27 16:36:54 -07:00
Teddy Reed
3c114c3439 [Fix #1453] Use second precision for process start times 2015-08-27 15:47:06 -07:00
Teddy Reed
d47cac7434 Merge pull request #1461 from blackfist/master 
Attempts to add a cli flag --enroll_secret_env
 2015-08-26 14:57:00 -07:00
Kevin Thompson
e8772f2603 Adds an enroll_secret_env flag that allows the user to specify that 
the enroll secret for TLS enrollment is stored in an environment
variable rather than a file.
 2015-08-25 21:11:19 -05:00
Mathieu Kooiman
b151ecedc2 Refs https://github.com/facebook/osquery/issues/320 
Add provisioning scripts to build osquery on Debian Wheezy and Debian Jessie.
 2015-08-20 20:57:22 +02:00
Teddy Reed
bdadc9753b Additional OS X table performance improvements 2015-08-18 01:35:10 -07:00
Teddy Reed
ff926730a9 Remove VirtualTable matrix rotation 2015-08-17 16:58:54 -07:00
Teddy Reed
5bf30a779d RocksDB usage speedups 2015-08-15 20:43:53 -07:00
Teddy Reed
43cf5f1a0a Merge pull request #1448 from theopolis/strol-speedup 
Speedup type conversions, yara, and 10.10 symbols at runtime
 2015-08-14 11:01:46 -07:00
Teddy Reed
68d7a6e0be Speedup type conversions, yara, and 10.10 symbols at runtime 2015-08-13 18:04:03 -07:00
Teddy Reed
634dfe7da1 Merge pull request #1438 from sharvilshah/fix_homebrew_version 
[Fix #1434] version reporting for homewbrew_packages
 2015-08-12 11:30:21 -07:00
Sharvil Shah
b190f5f99a Fix #1433, os_version reporting for 10.11 2015-08-11 14:03:27 -07:00
Sharvil Shah
369040e69b Fix version reporting for homewbrew_packages. Fixes #1434 2015-08-11 01:50:40 -07:00
Michael O'Farrell
eefccf27b1 Switch boost lexical casts to strtol. This should be faster than a boost lexical cast. 2015-08-07 16:33:32 -07:00
Sharvil Shah
64588be88b Fix build on OS X 10.11 
enum `SecItemClass` changed in 10.11 headers,
so don't instantiate with rvalue of int.

Update `SecKeychainSearchCreateFromAttributes` to match the stricter definition.

Fixes #1423
 2015-08-05 18:29:29 -07:00
Teddy Reed
1eea02ed9b Merge pull request #1419 from theopolis/sql_optimizations 
Several small optimizations around internal SQL queries
 2015-08-03 16:11:36 -07:00
Teddy Reed
a11dfcc222 Merge pull request #1422 from theopolis/options_on_packs 
Apply query options to pack queries
 2015-08-03 15:50:05 -07:00
Teddy Reed
f86c9e7778 Apply query options to pack queries 2015-08-03 15:33:55 -07:00
Teddy Reed
67b0f51ab5 Several small optimizations around internal SQL queries 2015-08-03 07:56:55 -07:00
Michael O'Farrell
5d0e4be6a1 Merge pull request #1335 from mofarrell/kernel-file-events 
Added kernel file access events.
 2015-07-31 15:22:11 -07:00
Michael O'Farrell
9f2b318778 Added kernel file access events. 2015-07-31 15:06:46 -07:00
Mike Arpaia
a45c794f52 building on 10.9 2015-07-31 11:57:39 -07:00
osquery
ae8305e00e Revert "Remove OS X 10.9 code path since we no longer support it" 
This reverts commit 05bbe2ce06.
 2015-07-31 11:44:34 -07:00
Michael O'Farrell
b0289adcf5 Merge pull request #1414 from theopolis/env_limits 
Add optional environment variable whitelist to process_events
 2015-07-30 18:17:31 -07:00
Teddy Reed
dc82ffa636 Add optional environment variable whitelist to process_events 2015-07-30 16:05:11 -07:00
Michael O'Farrell
8c8c591195 Merge pull request #1404 from mofarrell/load-kernel 
Added loading of kernel.
 2015-07-30 15:20:33 -07:00
Michael O'Farrell
eaf7de08df Added loading of kernel. 2015-07-30 14:36:46 -07:00
Michael O'Farrell
9e20d5904d Merge pull request #1412 from theopolis/use_sigkill 
Use SIGKILL on OS X
 2015-07-30 10:55:56 -07:00
Michael O'Farrell
f694149584 Merge pull request #1411 from mofarrell/benchmark-means 
Benchmark using mean across 5 runs.
 2015-07-29 18:00:35 -07:00
Teddy Reed
8082a0b5ac Use SIGKILL on OS X 2015-07-29 17:05:45 -07:00
Michael O'Farrell
346743e87f Benchmark using mean across 5 runs. 2015-07-29 16:50:19 -07:00
Chris Down
260df0d6d0 linux users table: Do not drop users with duplicate UIDs 
See Github issue #1301. FreeBSD (which also uses this table) by default has two
users which are UID 0 -- both `toor` and `root`. 19a2d64959 made it so that we
would only get the first one from `getpwent`, but this feature is undesirable
in cases where two different users share the same UID.
 2015-07-29 09:00:47 -07:00
Teddy Reed
fa36a8918b Merge pull request #1401 from theopolis/tests_and_benchmarks 
Various additional tests and benchmarks
 2015-07-28 13:20:46 -07:00
Teddy Reed
ff9cb71628 Various additional tests and benchmarks 2015-07-28 12:26:17 -07:00
Michael O'Farrell
93a65eaf04 Merge pull request #1400 from mofarrell/process-events-env-arg 
Adding environment variables and arguments for process events.
 2015-07-27 17:54:06 -07:00
Michael O'Farrell
3f87d5832f Adding environment variables and arguments for process events. 2015-07-27 15:48:47 -07:00
Wesley Shields
698e226b80 Add tags and strings columns to YARA tables. 
When strings match they will be populated into the "strings" column of
the table. The format is identifier:offset.

When a matching rule has tags defined the tags will be put into the
"tags" column of the table in a comma separated list.
 2015-07-27 08:20:24 -04:00
Teddy Reed
e2553e26b1 Merge pull request #1391 from theopolis/1374 
[Fix #1374] Allow subscription subclassing
 2015-07-26 13:46:19 -07:00
Alex Gaynor
e9dca0ef4d Fixed #1392 -- removed non-existant modes from .mode's help 2015-07-26 13:34:08 -04:00
Teddy Reed
d2effc539c [Fix #1374] Allow subscription subclassing 2015-07-26 01:48:27 -07:00
Teddy Reed
af13c1b7ea Silence google benchmark CMake output, remove benchmark tests 2015-07-24 09:52:29 -07:00
Teddy Reed
cce8a6aab3 Merge pull request #1384 from theopolis/table_cleanups 
Remove some non-warning/error log lines from tables
 2015-07-24 00:32:11 -07:00
Teddy Reed
2d7ce9341a Remove some non-warning/error log lines from tables 2015-07-24 00:09:06 -07:00
Teddy Reed
928f46c00f Merge pull request #1379 from theopolis/fix_1369 
[Fix #1369] Limit IOKit HID events
 2015-07-23 18:26:04 -07:00
Teddy Reed
5e3a86d2a8 Merge pull request #1376 from theopolis/fix_1367 
[Fix #1367] Disable user-controlled FIFO reads
 2015-07-23 18:25:52 -07:00
Teddy Reed
220fa0bd92 Merge pull request #1383 from theopolis/fix_1381 
[Fix #1381] Add documentation/install for daemon+Homebrew
 2015-07-23 18:25:40 -07:00
Teddy Reed
264ec99bd3 Merge pull request #1378 from mlw/fix-ubuntu10-string-concat-crash 
Support for older GCC compiler
 2015-07-23 18:25:05 -07:00
Michael O'Farrell
66b075a685 Merge pull request #1377 from mofarrell/benchmark 
Added benchmarking targets.
 2015-07-23 17:37:56 -07:00
Michael O'Farrell
a65f8dd93c Added benchmarking targets. 2015-07-23 17:07:42 -07:00
Teddy Reed
81aa36ecc7 [Fix #1381] Add documentation/install for daemon+Homebrew 2015-07-23 16:05:59 -07:00
Javier Marcos
f91a96f590 Fixing problem with versionChecker and adding usecase to tests 2015-07-23 14:21:43 -07:00
Teddy Reed
7c330f0bf8 [Fix #1369] Limit IOKit HID events 2015-07-23 11:52:23 -07:00
Matthew White
1c3587b95a Changed where string concat was being performed to support older GCC compiler 2015-07-23 08:56:26 -07:00
Teddy Reed
ad94eaf0b8 [Fix #1367] Disable user-controlled FIFO reads 2015-07-22 10:15:39 -07:00
Teddy Reed
fc24682816 Fix profile platform bug in leaks checking 2015-07-20 02:06:52 -07:00
Teddy Reed
e8cb919f03 Merge pull request #1364 from theopolis/harden_applications 
[Fix #1357] Use OS X LS API for app listing
 2015-07-20 01:14:07 -07:00