valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 10:23:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,640 Commits 2 Branches 109 Tags 25 MiB
1413008642
Commit Graph

847 Commits

Author SHA1 Message Date
Teddy Reed
5394fe62ec Add debug_package for OS X 2016-02-01 16:51:43 -08:00
Teddy Reed
3c09d69ef0 Remove deps and release from PR builds 2016-01-21 09:37:10 -08:00
Teddy Reed
d664c53ed0 Merge pull request #1784 from theopolis/docs_debug 
Rollup of several docs and build fixes.
 2016-01-20 15:56:53 -08:00
Teddy Reed
e4a8d74523 Fix RHEL7 systemd service 2016-01-20 14:31:02 -08:00
Teddy Reed
80a2e6f723 Merge pull request #1789 from theopolis/fix_1788 
[Fix #1788] Use an array for the 'data' key in TLS logs
 2016-01-20 12:18:21 -08:00
Teddy Reed
b9117b17a1 [Fix #1788] Use an array for the 'data' key in TLS logs 2016-01-20 11:59:14 -08:00
Scott J Roberts
1f0d5fb059 modified osqueryctl for flags based deploys 2016-01-20 13:00:49 -05:00
Teddy Reed
dfa32d9e7e Update OS X kernel building to include distro 2016-01-19 16:20:16 -08:00
Teddy Reed
e4593f86dc Update OS X package build script to use 10.11 2016-01-19 14:03:32 -08:00
Teddy Reed
1a12b41d76 Promote 10.11 to default darwin package builder 2016-01-16 15:47:26 -08:00
Teddy Reed
30b1627038 Merge pull request #1771 from theopolis/improve_tls 
Improve TLS logging memory
 2016-01-15 00:50:56 -08:00
Teddy Reed
d6e91c81e9 Improve TLS logging memory 2016-01-15 00:22:31 -08:00
Teddy Reed
ec119f852f Merge pull request #1766 from sharvilshah/wifi_plist_parsing_fix 
[Fix #1760] Fix wifi_networks for OS X 10.9
 2016-01-14 00:58:09 -08:00
Sharvil Shah
826643adf8 [Fix #1760] wifi_networks now takes into account slight differences b/w OS X 10.9 and later 2016-01-13 22:52:52 -08:00
Teddy Reed
0ff07096bd [#1641] Add CentOS 7 systemd service and sysconfig 2016-01-13 09:27:54 -08:00
Teddy Reed
18528e7750 Merge pull request #1761 from theopolis/fix_benchmarks 
Unify build script and fix EVENTS benchmarks
 2016-01-12 18:11:24 -08:00
Teddy Reed
832c3cfcce Unify build script and fix EVENTS benchmarks 2016-01-12 17:09:52 -08:00
Teddy Reed
21b3af199e Allow packs to add file_path categories 2016-01-08 17:59:19 -08:00
Teddy Reed
7c38cf17d9 Add support for make packages on Debian 2016-01-07 23:50:31 -08:00
Sharvil Shah
82995771e1 Build on Debian 7 (Wheezy) 
Install GCC 4.8.4 from source, so that we have C++11 features
and can build RocksDB

Fix #1745
 2016-01-05 16:31:20 -08:00
Teddy Reed
41b5ca545f [Fix #1736] Do not cache TLS node key within enroll plugin 2015-12-17 16:44:30 -08:00
Teddy Reed
2ec5d34291 Bump non-OS X TSK builds to 4.2.0 2015-12-14 23:43:08 -08:00
Teddy Reed
fbc8fb92dc Allow --config_dump with watcher 2015-12-14 16:19:37 -08:00
Teddy Reed
1636abeed6 Update Fedora to use dnf, RocksDB to 4.1 2015-12-14 15:24:11 -08:00
Teddy Reed
2fe800d9b8 Add ASAN blacklists for GFlags and RocksDB 2015-12-14 15:09:46 -08:00
Teddy Reed
9d394065e3 [#1636] Add simple sharding to packs and pack queries 2015-12-10 10:01:53 -08:00
Teddy Reed
b88d6816f3 Additional TSK tables 2015-12-07 08:36:22 -08:00
Teddy Reed
c020bb87b4 Merge pull request #1705 from theopolis/dump 
[#1702] Add config and database dumping to stdout
 2015-12-06 21:41:31 -08:00
pathcl
6c8cc20117 PEP8 Compliance && Python 3.X compatibility 
Signed-off-by: Teddy Reed
Merge-conflicts-by: Teddy Reed

Closes: #1586
 2015-12-06 20:57:30 -08:00
Teddy Reed
9ebd292eb6 [#1648] Support multiple loggers 2015-12-06 11:10:10 -08:00
Teddy Reed
fef53fa0d0 Add config and database dumping to stdout 2015-12-06 11:01:26 -08:00
Teddy Reed
1acba4dfa6 Merge pull request #1700 from theopolis/tsk2 
TSK integration and example tables
 2015-12-04 11:26:03 -08:00
Teddy Reed
f687a84840 [Fix #1689] Remove C-style comments from config examples 2015-12-04 11:08:54 -08:00
Teddy Reed
373ce339dc TSK integration and example tables 2015-12-04 11:08:51 -08:00
Teddy Reed
e5bc6410ba Merge pull request #1697 from theopolis/fix_1660 
[Fix #1660] Prevent spurious NETLINK recv retries
 2015-12-02 23:56:39 -08:00
Teddy Reed
4dc6b9f0a3 [Fix #1660] Prevent spurious NETLINK recv retries 2015-12-02 23:33:20 -08:00
Teddy Reed
ffb5b7020e [Fix #1693, #1527] Add osquery-specific query planner output 2015-12-02 19:57:24 -08:00
Mykola Kokalko
652e5a24f3 [Fixed] build for lucid 
[Added] python packages which are not installable via pip on lucid

[Moved] installing latest bison and openssl right before thrift building for lucid

[Fixed] package bison installation for not lucid

[Added] OpenSSL dependency for lucid

[Changed] prefix to /usr/local

[Fixed] wrong file for checking if dependency is intalled
 2015-11-30 17:49:31 +01:00
Teddy Reed
44286eb611 Add hardware/internal (monitoring) packs and reduce FPs, duplicate queries 2015-11-26 16:00:53 -08:00
Teddy Reed
204b16a946 Merge pull request #1675 from theopolis/planner_or 
Fix constraints stacking
 2015-11-24 12:25:15 -08:00
Teddy Reed
3221fbd9b3 Fix constraints stacking 2015-11-22 22:53:23 -08:00
Teddy Reed
a3a05e7e1e [#1527] Add a --profile option to the shell, replace 'run' 2015-11-21 22:45:40 -08:00
Teddy Reed
98f212e7a9 Add a SQLite query planner for type detection 2015-11-15 13:56:16 -08:00
Teddy Reed
cef8f59054 Merge pull request #1639 from theopolis/cache 
Table results caching
 2015-11-14 16:22:24 -08:00
Teddy Reed
e1d7511600 Remove column type string representations 2015-11-14 15:57:30 -08:00
Teddy Reed
c2be670806 Table results caching 
1. Table implementations (spec files) can mark the table as 'cachable'.
2. Cached results depend on the shortest/quickest interval of scheduled
queries that act on results of the table.
3. The table API generator blocks caching on index/additional/required
table column options.
 2015-11-14 15:57:23 -08:00
Andrew Dunham
4ccdcc7864 Allow setting the mode of log files 
This also sets the appropriate flags in glog
 2015-11-11 11:37:55 -08:00
Teddy Reed
28bdcecc19 Custom flaky test marker 2015-11-08 02:29:49 -08:00
Teddy Reed
b29168a7b7 Use a null DB for the run test binary 2015-11-04 10:39:40 -08:00
Teddy Reed
5aa225d4c3 Merge pull request #1619 from sharvilshah/wifi 
Implement wifi_networks tables for OS X
 2015-11-02 16:11:21 -08:00
Teddy Reed
15215cdbc0 Add persistent splays 2015-11-02 14:10:04 -08:00
Teddy Reed
6aae4c9aa0 Fix tests and shell escape errors (faults) 2015-11-02 10:57:01 -08:00
Teddy Reed
50550e607a Build and provision edits for FreeBSD CI 2015-11-02 01:47:09 -08:00
Sharvil Shah
9a6d6d1293 Implement wifi_networks tables for OS X 
If the option of remembering known Wi-Fi networks is enabled on a system,
they are persisted to disk as a preferences property list file.
This table is populated by parsing that file.
 2015-11-01 16:53:51 -08:00
Teddy Reed
6a07135648 Passing clang Address/Leak Sanitize version 3.7 2015-11-01 04:00:21 -08:00
Teddy Reed
cd8f42844a Mark flaky integration tests 2015-10-28 09:40:17 -07:00
Teddy Reed
8ca2925ef0 [Fix #1583] Require osqueryd to have R/W access to RocksDB 2015-10-27 16:09:24 -07:00
Teddy Reed
654830cf11 Merge pull request #1594 from rcseacord/additional-sign-fixes 
eliminated some warnings from Clang 3.7 analyze mode
 2015-10-23 13:03:54 -03:00
Robert C. Seacord
1d9695ac31 eliminated some warnings from Clang 3.7 analyze mode 2015-10-21 06:02:58 +00:00
Teddy Reed
7ba87a88bb Merge pull request #1585 from rcseacord/additional-sign-fixes 
Additional sign fixes
 2015-10-19 11:25:18 -07:00
Scott J Roberts
1258800279 basic flag added 
wrong thing on the clipboard

updated to ProgramArguments vs Program per theopolis
 2015-10-19 11:56:12 -04:00
Robert C. Seacord
acb2f6f628 eliminating diagnostics, mostly for comparisons between signed and unsigned operations 2015-10-16 16:10:37 +00:00
Teddy Reed
c26f7bf8da Merge pull request #1565 from PickmanSec/master 
added comment parsing for profile.py
 2015-10-15 12:19:59 -07:00
Teddy Reed
2e7415f871 Convert wiki to UNIX format and refresh most content 2015-10-15 12:18:16 -07:00
Michael George
ed00e54aa7 added comment parsing 
added packs to profiling

added comment scrubing.
 2015-10-14 17:04:38 -07:00
Luis San Martin
0f0d873a96 sudo added as requeriment 2015-10-14 20:05:12 -03:00
Teddy Reed
1c12d274f4 Minor fix, return an empty query data 2015-10-13 09:25:10 -07:00
Teddy Reed
0440bb970f Fix test_5_daemon_sigint, and hardware_events tests 2015-10-13 08:40:23 -07:00
Javier Marcos
7442392c7f Fixing default configuration syntax, trailing comma 2015-10-09 14:50:00 +02:00
Mike Arpaia
5789d889f4 Merge pull request #1538 from marpaia/discovery_queries 
[fix #1536] Schedule iteration pass-by-reference
 2015-09-30 15:50:05 -07:00
Mike Arpaia
65df593d33 [fix #1536] Schedule iteration pass-by-reference 
There was a bug in the `osquery::Schedule` container object such that,
when the iteration through the schedule occured, pack objects were being
passed by value (copied) instead of passed by reference. Thus, the
discovery query would be executed, the object's cache would be updated,
and then the object would go out of scope and be destructed, thus
leaving the original object without ever having ran the discovery query.
This caused discovery queries to thrash. Bad times.

I added a new test so that we don't regress here as well as const'd a
few functions that should have been const in `osquery::Pack`.
 2015-09-30 15:41:43 -07:00
Teddy Reed
ad4b41cb84 Merge pull request #1524 from mathieuk/build_on_debian_wheezy_with_benchmark_change 
Build on debian wheezy with recent changes
 2015-09-30 13:32:55 -07:00
Mathieu Kooiman
d26d12a63c Make osquery build on debian again 2015-09-30 19:37:56 +02:00
Teddy Reed
bb65ec49ac [#1488] Shutdown Linux event publishers responsibly 2015-09-22 23:06:23 -07:00
Teddy Reed
7852c356ec Merge pull request #1494 from theopolis/signals 
[#1488] Use signal handlers for teardown and reloading
 2015-09-15 16:14:40 -07:00
Teddy Reed
7c2a625ef2 Use signal handlers for teardown and reloading 2015-09-14 16:57:00 -07:00
Teddy Reed
944e3de206 Merge pull request #1496 from theopolis/events_table 
[#1487] Add osquery_events table to track pubsub stats
 2015-09-14 15:27:35 -04:00
Mike Arpaia
aaa03a1058 Distributed queries client-side 2015-09-08 13:33:48 -07:00
Teddy Reed
b57040db60 Add osquery_events table to track pubsub stats 2015-09-03 15:10:53 -07:00
Teddy Reed
2813d3ab87 Add a Linux audit event publisher 2015-09-03 08:45:02 -07:00
Mike Arpaia
a140333441 [fix #1390] query pack re-org 
This commit contains the features specified in #1390 as well as a
refactoring of the general osquery configuration code.

The API for the config plugins hasn't changed, although now there's a
`genPack` method that config plugins can implement. If a plugin doesn't
implement `genPack`, then the map<string, string> format cannot be used.
The default config plugin, the filesystem plugin, now implements
`genPack`, so existing query packs code will continue to work as it
always has.

Now many other config plugins can implement custom pack handling for
what makes sense in their context. `genPacks` is not a pure virtual, so
it doesn't have to be implemented in your plugin if you don't want to
use it. Also, more importantly, all config plugins can use the standard
inline pack format if they want to use query packs. Which is awesome.

For more information, refer to #1390, the documentation and the doxygen
comments included with this pull requests, as well as the following
example config which is now supported, regardless of what config plugin
you're using:

```json
{
  "options": {
    "enable_monitor": "true"
  },
  "packs": {
    "core_os_monitoring": {
        "version": "1.4.5",
        "discovery": [
          "select pid from processes where name like '%osqueryd%';"
        ],
        "queries": {
          "kernel_modules": {
              "query": "SELECT name, size FROM kernel_modules;",
              "interval": 600
          },
          "system_controls": {
              "query": "SELECT * FROM system_controls;",
              "interval": 600,
              "snapshot": true,
          },
          "usb_devices": {
              "query": "SELECT * FROM usb_devices;",
              "interval": 600
          }
        }
    },
    "osquery_internal_info": {
        "version": "1.4.5",
        "discovery": [
          "select pid from processes where name like '%osqueryd%';"
        ],
        "queries": {
          "info": {
              "query": "select i.*, p.resident_size, p.user_time, p.system_time, time.minutes as counter from osquery_info i, processes p, time where p.pid = i.pid;",
              "interval": 60,
              "snapshot": true
          },
          "registry": {
              "query": "SELECT * FROM osquery_registry;",
              "interval": 600,
              "snapshot": true
          },
          "schedule": {
              "query": "select name, interval, executions, output_size, wall_time, (user_time/executions) as avg_user_time, (system_time/executions) as avg_system_time, average_memory from osquery_schedule;",
              "interval": 60,
              "snapshot": true
          }
        }
    }
  }
}
```

The `osquery_packs` table was modified to remove the superfluous
columns which could already have been found in `osquery_schedule`. Two
more columns were added in their place, representing stats about pack's
discovery query execution history.

Notably, the internal API for the `osquery::Config` class has changed
rather dramatically as apart of the refactoring. We think this is an
improvement. While strictly adhering to the osquery config plugin
interface will have avoided any compatibility errors, advanced users may
notice compilation errors if they access config data directly. All
internal users of the config have obviously been updated. Yet another
reason to merge your code into mainline; we update it for you when we
refactor!
 2015-09-02 10:56:26 -07:00
Teddy Reed
d63510f8bd Remove benchmark from third-party, prefer deps-build 2015-08-31 15:01:13 -07:00
Teddy Reed
4dd77a43a7 Remove cpp-netlib from third-party, prefer deps-build 2015-08-31 09:27:01 -07:00
Javier Marcos
1a50977a23 Adding magic table to check for libmagic data 2015-08-28 12:49:46 -07:00
Dave Gosselin
6899127e1e Add support for building on Fedora 21 2015-08-25 11:10:56 -04:00
Mathieu Kooiman
b151ecedc2 Refs https://github.com/facebook/osquery/issues/320 
Add provisioning scripts to build osquery on Debian Wheezy and Debian Jessie.
 2015-08-20 20:57:22 +02:00
Teddy Reed
73da2f1448 Merge pull request #1443 from sharvilshah/libressl 
[#1329] Statically link against brew bottled libressl on OS X
 2015-08-18 01:09:45 -07:00
Teddy Reed
fb93b73253 Merge pull request #1450 from eastebry/fix-package-dependencies 
Fix lucid package building
 2015-08-17 16:04:00 -07:00
Teddy Reed
5bf30a779d RocksDB usage speedups 2015-08-15 20:43:53 -07:00
Bryan Eastes
1ac7c5d21a Installing specific FPM version 2015-08-15 15:11:29 -07:00
Sharvil Shah
ccc086f050 Statically link against brew bottled libressl on OS X 
* It wasn't straightforward to get OpenSSL building
 without avx/vxoprs optimizations on 10.10
* libressl is essentially a modern/lean-ish drop-in replacement for OpenSSL
and can build without avx optimizations to support older Macs

This change:

* Installs libressl (builds a bottle) using homebrew
* And statically links `libcrypto.a` and `libssl.a` unless
`BUILD_LINK_SHARED` is requested.

Fixes #1329
 2015-08-13 15:31:26 -07:00
Javier Marcos
ee98bbde67 Fix for the version variable 2015-08-13 07:02:24 +02:00
Teddy Reed
251aded11c Merge pull request #1442 from javuto/darwin_package_10.9 
Updating the script to create packages for 10.9 building
 2015-08-12 18:16:36 -07:00
Teddy Reed
fd1b4b06e8 Merge pull request #1436 from theopolis/pack_place 
[#1402] Add notes around pack paths in example.conf
 2015-08-12 18:15:50 -07:00
Teddy Reed
b9ded9e7af [#1402] Add notes around pack paths in example.conf 2015-08-12 17:15:42 -07:00
Javier Marcos
861e0e4273 Using the code in lib.sh 2015-08-13 00:53:44 +02:00
Javier Marcos
54cb08c193 Updating the script to create packages for 10.9 building 2015-08-12 20:34:50 +02:00
Teddy Reed
ea0ca195f6 Update build/test for 10.9 (do not test extension) 
OS X 10.9 should not build/test a kernel extension yet. The MAC policy framework is slightly different and the APIs/version dependencies need to be tested.
 2015-08-12 10:40:53 -07:00
Sharvil Shah
e4f52589f5 Remove -mtune compile flag 
Having `-mtune=i386` is causing compilation failure for gflags on ubuntu.
This change removes the `mtune` compile flag.
`-march` flag is already set to `x86-64` and according to gcc doc,
Specifying `-march=cpu-type` implies `-mtune=cpu-type.`

Fixes #1428
 2015-08-06 17:14:33 -07:00
Teddy Reed
67b0f51ab5 Several small optimizations around internal SQL queries 2015-08-03 07:56:55 -07:00
Michael O'Farrell
dda11ce74a Executable size benchmark change. 2015-07-30 15:44:25 -07:00
Michael O'Farrell
346743e87f Benchmark using mean across 5 runs. 2015-07-29 16:50:19 -07:00
Michael O'Farrell
5956e685e9 Report bytes using word count 2015-07-29 15:10:20 -07:00
Michael O'Farrell
46ee4b491c Benchmark stripped binary size. 2015-07-29 11:35:04 -07:00
Michael O'Farrell
0cb5730d55 Added benchmark for executable size. 2015-07-28 22:34:22 -07:00
Teddy Reed
ff9cb71628 Various additional tests and benchmarks 2015-07-28 12:26:17 -07:00
Elan Ruusamäe
bb40956844 don't qualify any system with lsb-release as ubuntu 2015-07-25 14:52:59 +03:00
Michael O'Farrell
66b075a685 Merge pull request #1377 from mofarrell/benchmark 
Added benchmarking targets.
 2015-07-23 17:37:56 -07:00
Michael O'Farrell
a65f8dd93c Added benchmarking targets. 2015-07-23 17:07:42 -07:00
Teddy Reed
f03ec9ddac [Fix #1368] Restore autostart post-install scripts 2015-07-21 19:09:24 -07:00
Teddy Reed
fc24682816 Fix profile platform bug in leaks checking 2015-07-20 02:06:52 -07:00
Teddy Reed
95775be1d9 [Fix #1355] Allow plist keys with '.' 
Boost property trees are level delimited using '.' characters.
An Apple property list may contain keys with '.' characters, so the plist conversion must use iterators and raw node appends.
 2015-07-19 16:24:43 -07:00
Teddy Reed
a713d09f0e Install additional configs for HB/packages 2015-07-17 16:07:22 -07:00
Teddy Reed
270b4da540 [Fix #1339] Add kernel-build to packages when used 2015-07-16 15:23:29 -07:00
Javier Marcos
7241becda1 Fix tables JSON file name 2015-07-16 13:38:31 -07:00
Javier Marcos
84e0c77a98 Generation of table docs with packages and docs targets 2015-07-16 12:23:44 -07:00
Javier Marcos
01fabf910d Merge pull request #1343 from javuto/generate_tables_output 
Adding support to generate documentation to external files
 2015-07-15 17:10:27 -07:00
Javier Marcos
ba69bf8efa Adding support to generate documentation to external files 2015-07-15 13:18:41 -07:00
Teddy Reed
341245f751 Build/install gflags' static library on build hosts. 
As of [homebrew #41151](https://github.com/Homebrew/homebrew/pull/41151) gflags is not installed with a static library.
Our build hosts must have static versions of gflags.
 2015-07-14 17:20:55 -07:00
Teddy Reed
c269bbeaf3 Rollup of build changes 2015-07-14 13:45:53 -07:00
Teddy Reed
19d7a9e735 Merge pull request #1328 from mofarrell/kernel 
Fixed cleanup in testing script in failure cases.
 2015-07-13 16:41:44 -07:00
Michael O'Farrell
b2b1f0483d Fixed cleanup in testing script in failure cases. 2015-07-13 16:11:45 -07:00
Teddy Reed
0e49a3a9a1 Build separate OS X packages 2015-07-13 15:44:16 -07:00
Michael O'Farrell
dd1f0af0ff Build system changes for kernel extension testing and deployment. 2015-07-09 11:50:23 -07:00
Michael O'Farrell
0284b9e60d Merge branch 'master' into kernel 
Conflicts:
	mkdocs.yml
 2015-07-08 10:26:32 -07:00
Teddy Reed
f48619ed28 [#1285, #1276] Faster, optimized subscriber results 2015-07-07 00:59:28 -07:00
Matthew White
11f447a959 Minor fixes to support building on Ubuntu 10.04 2015-07-06 15:18:11 -07:00
Teddy Reed
7aac5fd358 Replace custom wildcarding with POSIX-glob 
POSIX-globbing will allow event publishers/subscribers to post-check
results against glob-syntax, fnpath matching, and POSIX C-regex.
These checks are anecdotally speedy.
 2015-07-02 13:53:16 -07:00
Teddy Reed
64e4afa136 Merge pull request #1294 from theopolis/relax_test_timesouts 
Relax extensions and shell timeouts
 2015-07-02 13:50:07 -07:00
Teddy Reed
89e5b6c729 Relax extensions and shell timeouts 2015-07-02 12:14:44 -07:00
Mike Arpaia
ba89b67cc5 Install snappy headers instead of just the library 
We found that not installing the headers for snappy caused RocksDB's
snappy detection to not find that snappy was installed:
https://goo.gl/YOWJl0

The snippet there requires that the headers are installed, not just the
library. By installing the headers, we can ensure that snappy is linked.

OR, alternatively, we could just leave it and not link snappy. It's
uncertain what the specific benefits of including snappy are for our
use-case. (CC @igorcanadi)
 2015-07-01 16:14:06 -07:00
Michael O'Farrell
a7bd4bd3db Merge pull request #1278 from facebook/master 
Merge branch 'master' into kernel
 2015-06-30 13:12:16 -07:00
Teddy Reed
757940fe6f Towards CMake-powered kernel extension building 2015-06-30 00:49:16 -07:00
Mike Arpaia
06793f9d00 Merge pull request #1267 from marpaia/osquery-latest-no-more 
Remove "latest" from the osquery package names
 2015-06-29 15:09:31 -07:00
Teddy Reed
0d6ab16281 Yara events was not building 2015-06-29 14:45:31 -07:00
Mike Arpaia
d6719f9ef7 Remove "latest" from the osquery package names 2015-06-29 11:18:49 -07:00
Teddy Reed
8db6ca4a3f [Fix #1198] Add a small retry to ext watcher 2015-06-28 02:12:50 -07:00
Teddy Reed
5566d8cd96 Merge pull request #1194 from theopolis/lucid-build 
Loose support for building on Ubuntu 10.04
 2015-06-27 20:47:53 -07:00
Teddy Reed
e7ed68e187 [Fix #1198] Faster death/timeout checks in extensions tests 2015-06-25 02:53:53 -07:00
Sharvil Shah
368517c6a6 Use psutil's Process.children() instead of Process.get_children() as the latter has been deprecated. 
Process.get_children() had been deprecated in psutil 2.x and is compeletely removed in 3.x versions
in favor of Process.children().

This fixes #1220.
 2015-06-23 16:44:05 -07:00
Mike Arpaia
2b9bbb6bd4 Merge pull request #1223 from marpaia/yara-3.4.0 
updating yara to 3.4.0
 2015-06-22 09:33:25 -07:00
Teddy Reed
37188f788b Fixups in tables, add DOUBLE, shell extensions 2015-06-22 04:17:23 -04:00
Mike Arpaia
6f85f2f617 updating yara to 3.4.0 2015-06-21 11:40:51 -04:00
Teddy Reed
46ceb7aa6d Merge pull request #1213 from theopolis/certs2 
Update testing x509 certs
 2015-06-13 02:24:29 -07:00
Teddy Reed
2fb774218a Update testing x509 certs 2015-06-13 02:13:31 -07:00
Teddy Reed
e7ab2fc47b Limit scope of git/tag version defines. 
Harden plist parsing against internal fuzzing tests.
Improve file/stream read speeds.
 2015-06-12 10:10:20 -07:00
Teddy Reed
727f5b091f Various table perf improvements and TLS docs 2015-06-05 22:03:15 -07:00
Teddy Reed
ccb1c2cd69 Loose support for building on Ubuntu 10.04 2015-06-04 18:25:49 -07:00
Teddy Reed
4e59bcf4c1 Merge pull request #1191 from theopolis/feature-backoffs 
[#1190] Schedule queries without logging removed results
 2015-06-04 14:58:19 -07:00
Teddy Reed
a678f8f46a Merge pull request #1192 from theopolis/rocksdb-from-homebrew 
[Fix #1185, #1183] Use RocksDB from Homebrew on OS X
 2015-06-04 14:34:52 -07:00
Teddy Reed
650a43d053 [Fix #1185, #1183] Use RocksDB from Homebrew on OS X 2015-06-04 13:56:58 -07:00
Teddy Reed
e244883ea4 [#1190] Schedule queries without logging removed results 2015-06-04 13:53:55 -07:00
Teddy Reed
a70828c2a4 Merge pull request #1187 from sharvilshah/xattr_update 
Extended Attributes: Use LaunchServices API for quarantine data
 2015-06-03 22:38:17 -07:00
Sharvil Shah
065fe6412d Use LaunchServices (part of CoreServices) to grab quarantine properties instead of manually parsing the colon separated attribute data. 
Fall back to deprecated LaunchService API for OS X 10.9 Mavericks.

Added tests for extended_attributes

Better error handling and cleanup
 2015-06-03 22:18:45 -07:00
Teddy Reed
c934ad0df3 Update tooling/profiling paths 2015-06-03 21:22:12 -07:00
Teddy Reed
8aacaca7eb Query pack platform binds should match any/all 2015-06-03 13:56:39 -07:00
Teddy Reed
a105924804 Move specs to a top-level path, add query examples 
1. Example queries will run with an (optional) integration test.
2. Fix bad accesses with OS X package BOMs
3. Move spec files from ./osquery/tables/specs to ./specs
4. Remove server parsers (netlib) from client builds.
 2015-06-03 10:39:05 -07:00
Teddy Reed
5899bbb8f5 Merge pull request #1182 from theopolis/osx_rocksdb_portable 
Build RocksDB from source on Darwin
 2015-06-02 15:50:15 -07:00
Teddy Reed
eeab588d8f Build RocksDB from source on Darwin 2015-06-02 15:25:16 -07:00
Teddy Reed
f41fb6b107 Remove package-manager installed autoconf tools for older distros 2015-06-02 03:05:47 -07:00
Teddy Reed
0669d8205e Merge pull request #1174 from theopolis/remote_logger 
TLS/HTTPS-based logger plugin
 2015-06-02 02:59:34 -07:00
Teddy Reed
33f53809ad Fix DBHandle checking with concurrent processes. 
`make tests` fails with another osquery process running.
The backing-store check happens after a config plugin is setUp and
the initial load occures. This may involve calls to cached keys, the
check should occur pre-config initialize.
 2015-06-02 02:50:04 -07:00
Teddy Reed
da9bd5801b Migrate HTTP remote logger to TLS logger 2015-06-01 10:12:31 -07:00
Teddy Reed
4064fa6eb5 Pack and testing fixups 2015-05-28 12:17:27 -07:00
Blake Frantz
28d9237b50 Amazon EC2-based vagrant targets for RHEL/Amazon Linux 
1. added docs for vagrant-aws support in Vagrantfile
2. removed aws target that have local vagrant support. inline-string'd aws.user_data
3. support building rhel6/7 in aws
4. correct aws-rhel6.6 name. it should be rhel6.5
 2015-05-26 21:03:10 -07:00
Teddy Reed
8b3686a58a TLS plugin workflow tests 2015-05-26 19:55:00 -07:00
Teddy Reed
b90b21bc2d [Fix #1154] Clean up CMake messages and check TP 2015-05-23 17:15:28 -07:00
Teddy Reed
5969ae4fbf Clean up TLS-version from OpenSSL detection 2015-05-23 13:04:36 -07:00
Javier Marcos
9a4f611baf Merge pull request #1155 from javuto/osquery_packs_table 
Osquery packs table
 2015-05-21 20:32:45 -07:00
Javier Marcos
c6855fab43 Table for osquery packs 2015-05-19 18:44:28 -07:00
Teddy Reed
b3338dc5d2 Merge pull request #1146 from theopolis/tls 
Towards TLS config/logging
 2015-05-19 17:17:04 -07:00
Teddy Reed
2a1f496cc5 Towards TLS config/logging 2015-05-19 17:05:55 -07:00
Javier Marcos
65e6e38e0f Merge pull request #1143 from javuto/pack_config_changes 
Support to load query packs as scheduled queries
 2015-05-16 15:37:27 -07:00
Javier Marcos
47e680e825 Adding tests and implementing version checker 2015-05-15 22:25:19 -07:00
Teddy Reed
f5945f98b4 Oracle 5.11 2015-05-14 22:44:01 -07:00
Teddy Reed
525c584a0b Merge pull request #1141 from theopolis/static_cryptsetup 
Build libcryptsetup statically
 2015-05-14 22:33:56 -07:00
Teddy Reed
9ee839b265 Build libcryptsetup statically 2015-05-14 19:36:00 -07:00
Blake Frantz
4262dd502d add install_iptables_dev 2015-05-13 11:52:49 -07:00
Blake Frantz
3a49fc46c8 Merge remote-tracking branch 'upstream/master' 2015-05-13 07:38:41 -07:00
Blake Frantz
410dec3a9c update provision/lib.sh to support amazon linux 2015-05-13 07:37:59 -07:00
Mike Arpaia
fff36af0af Removing trailing whitespace 2015-05-11 23:31:13 -07:00
Blake Frantz
805db480c5 Merge remote-tracking branch 'upstream/master' 2015-05-11 16:08:59 -07:00
Teddy Reed
5b43067c98 Merge pull request #1130 from theopolis/patch-134 
[Fix #1125 #1126] Flag padding checks, config_check tests
 2015-05-11 13:43:36 -07:00
Teddy Reed
fed0474bce Merge pull request #1129 from brandt/fix-command-not-found 
Fix missing command: force_provision
 2015-05-11 11:45:38 -07:00
Teddy Reed
7815f49020 Merge pull request #1128 from brandt/fix-dep-libtool-url 
Fix URL for libtool
 2015-05-11 11:45:29 -07:00
Teddy Reed
88b93b853c Add example newsyslog conf for OS X 2015-05-11 10:42:41 -07:00
Teddy Reed
771ed4da2f [Fix #1125 #1126] Flag padding checks, config_check tests 2015-05-11 10:37:16 -07:00
J. Brandt Buckley
3c6916a01b Fix missing command: force_provision 
Prior to this commit, you'd get this error when running `make deps` with a version of autoconf that belongs in a museum (e.g. the one that's in CentOS 6 Base):

```
[+] autoconf is already installed. skipping provision.
/home/brandt/osquery/tools/provision/lib.sh: line 163: force_provision: command not found
make: *** [deps] Error 127
```

I couldn't find a `force_provision` in the codebase. Plain old `provision` should do the job.
 2015-05-11 00:50:55 -06:00
J. Brandt Buckley
a0a09eb588 Fix URL for libtool 
Looks like a simple typo: `automake` for `libtool`

Before this commit, this is the error you'd get when you ran `make deps`:

```
[+] libtool is not installed/provisioned. installing...
[+] libtool has not been downloaded. downloading...
--2015-05-11 06:01:38--  https://osquery-packages.s3.amazonaws.com/deps/automake-2.4.5.tar.gz
Resolving osquery-packages.s3.amazonaws.com... failed: Temporary failure in name resolution.
wget: unable to resolve host address “osquery-packages.s3.amazonaws.com”
[+] libtool has not been extracted. extracting...
tar (child): libtool-2.4.5.tar.gz: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error is not recoverable: exiting now
/vagrant/tools/provision/lib.sh: line 196: pushd: libtool-2.4.5: No such file or directory
make: *** [deps] Error 1
```
 2015-05-11 00:14:15 -06:00
Blake Frantz
bbc21a545a remove unnecessary conditionals from amazon.sh 2015-05-10 17:33:12 -07:00
Blake Frantz
5c00016e30 base rhel/amazon/centos detection on system-release and ubuntu on lsb-release 2015-05-10 17:10:30 -07:00
Blake Frantz
2e865a69d6 Merge remote-tracking branch 'upstream/master' 2015-05-10 14:38:33 -07:00
Blake Frantz
2c4ae6758a initial commit for adding support for amazon linux 2015.03 2015-05-10 11:42:30 -07:00
Teddy Reed
8235fd155f Merge pull request #1122 from theopolis/relax_deps 
Relaxing iptables, EL-deps
 2015-05-09 23:52:28 -07:00
Teddy Reed
3e9f40f73f [Fix #1121] Minify shell table/schema, add meta tests 2015-05-09 19:48:28 -07:00
Teddy Reed
98b52c39a1 elaxing iptables, EL-deps 2015-05-09 18:16:13 -07:00
Teddy Reed
b5be0212e2 Merge pull request #1120 from theopolis/iptables_best 
Adding new table to display iptables filters, chains and rules
 2015-05-08 20:10:34 -07:00
Teddy Reed
6a3002a2c6 Remove patching for sysroot 2015-05-08 19:16:33 -07:00
Javier Marcos
4f21090fb8 Adding new table to display iptables filters, chains and rules 
Patching headers to avoid void pointers
Adding test for parsing ipt_ip entries
 2015-05-08 19:11:49 -07:00
Teddy Reed
1de7cfb331 Use CMake find_package for python, fix ifaddrs on FreeBSD 2015-05-08 18:49:01 -07:00
Teddy Reed
c7b9114975 Towards building on FreeBSD/ports 2015-05-07 23:12:30 -07:00
Teddy Reed
c50838922f Merge pull request #1102 from theopolis/sync_builds 
Easier build host-based sync
 2015-05-06 21:06:53 -07:00
Teddy Reed
70e3c190bb Easier build host-based sync 2015-05-05 15:15:45 -07:00
Mike Arpaia
abd1e89767 Merge pull request #1101 from marpaia/rocksdb-3.10.2 
[Fix #1099] Build RocksDB 3.10.2 on linux
 2015-05-05 11:05:46 -07:00
Mike Arpaia
b460a53e8b download RocksDB from osquery S3 2015-05-05 10:43:25 -07:00
Mike Arpaia
dfe62540ce [Fix #1099] Build RocksDB 3.10.2 on linux 2015-05-04 21:12:37 -07:00
Teddy Reed
cdb112eccb Add a CMake variable for packages 2015-05-04 17:09:09 -07:00
Teddy Reed
fa35ee5f7b Merge pull request #1095 from theopolis/raw_sockets 
[Fix #1080] Remove netlink, support raw sockets
 2015-05-04 12:09:37 -07:00
Teddy Reed
893f678403 Linting and asan fixups 2015-05-04 11:00:21 -07:00
Teddy Reed
7da8b6f68a [Fix #1080] Remove netlink, support raw sockets 2015-05-04 10:57:49 -07:00
Teddy Reed
51634fd848 Use unique sockets for extensions tests, RHN pass 
The extensions tests were previously using the same extensions socket
path. This may lead to races during the tests. There might be more
stability work needed to relax time/speed assumptions.

The RHN subscription manager has been failing on RHEL when enabling
repos. We can turn this fail into a warning and attempt to recover.
 2015-05-04 10:48:50 -07:00
Teddy Reed
c63bf0451a Various exception hardening 2015-05-03 14:18:20 -07:00
Teddy Reed
e01a73b4f3 Schedule monitoring, doc updates, logger plugin fixes 2015-05-03 11:54:15 -07:00
Teddy Reed
06aa60a127 Merge pull request #1074 from sharvilshah/disable_tables_runtime_flag 
[Implements #1016] Disable tables runtime flag
 2015-04-30 01:55:03 -07:00
Sharvil Shah
2735e731de Implement --disable_tables runtime flag 2015-04-30 01:41:01 -07:00
Javier Marcos
05855816f2 Support RHEL6 
Adding support to build RHEL6
 2015-04-29 22:48:01 -07:00
Javier Marcos
f30a8207df Support RHEL6 
Package changes from RHEL6 to RHEL7
 2015-04-29 18:33:27 -07:00
Teddy Reed
3c117fa5f3 Add rhel-6-server-optional-rpms to RHEL6 2015-04-29 16:21:07 -07:00
Teddy Reed
d0bbb0bc4f Towards safer and shuffled unittests 2015-04-29 14:43:27 -07:00
Javier Marcos
cf12156c09 Building in RHEL with g++ 
Using clang won't work
 2015-04-28 18:13:12 -07:00
Teddy Reed
be65922569 Fast tests 2015-04-27 09:40:31 -07:00
Teddy Reed
ed69536c06 Update ubuntu.sh 2015-04-26 17:41:08 -07:00
Teddy Reed
337a20cc75 Install cmake 3.2.1 on 14.04 
The repo-provided CMake is at 2.x, which will build extra cpp-netlib tests.
 2015-04-26 17:41:08 -07:00
Teddy Reed
a972b1b0b0 Merge pull request #1027 from sharvilshah/fde_linux 
[Implement #933] Add LUKS/dm-crypt disk_encryption support for Linux
 2015-04-25 12:43:05 -07:00
Teddy Reed
5e2ce5c2e9 Merge pull request #1039 from theopolis/fix_flags 
Fix dameon flags loading from options
 2015-04-25 01:28:30 -07:00
Sharvil Shah
f72dcb5d96 add libcrypysetup-dev library 
moved disk_ecryption table spec to crossplatform

link libcryptsetup

implemented get cipher type and cipher_mode:

more idiomatic c++11

no need to explicitly call std::string constructor to convert char * to std::string

update cryptsetup sources for centos

add function prototype for older libcryptsetup which is in centos6

ifdef check for centos6 which uses older libcryptsetup

remove forward declared functions defined in libcryptsetup, stylistic changes
 2015-04-24 17:01:14 -07:00
Teddy Reed
5e08b8bf60 Simpler RHEL6 provision 2015-04-24 14:25:59 -07:00
Teddy Reed
b90aeab2fe Fix dameon flags loading from options 2015-04-24 11:37:51 -07:00
Javier Marcos
6f447ffedb Merge pull request #1031 from javuto/etc_protocols_table 
Adding new table for /etc/protocols
 2015-04-22 18:18:03 -07:00
Teddy Reed
b2dc8b7264 Build cmake with gcc to avoid gnu++1y 2015-04-22 17:58:08 -07:00
Javier Marcos
ddb41ae84a Adding tests to the prototocols table 2015-04-22 17:49:27 -07:00
Teddy Reed
8930f9e692 Documentation updates, separate config/logging pages 
Mostly minor documentation/wiki/guide fixes.
The breaks down the "using osqueryd" page into more of a summary
of what the daemon does from a schedule/logging perspective.

The bulk of the "using osqueryd" page now exists in the configuration
deployment page and the new "logging" deployment page.
 2015-04-18 22:09:25 -07:00
Teddy Reed
c59ce0e4e4 Lint fixes and clang analyze 2015-04-17 09:18:46 -07:00
Teddy Reed
c9e07ec2ba Add launchd_overrides table 2015-04-15 23:19:23 -07:00
Teddy Reed
595e94547d Build LLVM 3.4 using gcc 4.9 on RHEL6.5 2015-04-13 09:19:09 -07:00
Teddy Reed
4a299c1fac Remove php from thrift provision 
The only thrift bindings we need for osquery are cpp/python.
Python is used for the integration tests.
 2015-04-10 17:15:31 -07:00
Teddy Reed
d30455893f Merge pull request #941 from theopolis/rhel_fun 
[Implement #926] RHEL6 provisioning
 2015-04-08 14:37:48 -07:00
Teddy Reed
1305a2764a [Fix #964] Restrict apt-sources to arch=amd64 2015-04-08 14:13:01 -07:00
Teddy Reed
78ec6fb305 Merge pull request #956 from sharvilshah/bug/etc_hosts_comment_parsing 
[Fix #955] Fix etc_hosts hostname parsing so that inline comments are now ignored
 2015-04-07 00:27:58 -07:00
Teddy Reed
41ce00e573 RHEL6 provisioning 2015-04-06 23:43:01 -07:00
Sharvil Shah
e7a3d24ece Fix etc_hosts hostname parsing so that inline comments are now ignored; update tests 2015-04-06 23:32:56 -07:00
Mitchell Grenier
f5b7f921d3 Fing crashes from bad JSON 
There are a couple places where this was an issue.

The first place was in the filesystem plugin where it was only checked that it
existed, and not that it was an actual file.

The second was a lack of try and catch on the parse call in config.cpp.

Both of those issues are addressed in this diff.
 2015-04-06 16:00:26 -07:00
Teddy Reed
2df9a6558e Add some osquery-theme to API docs 2015-04-06 01:21:10 -07:00
Teddy Reed
e87ab14246 Update provision.sh and os-specific deps 
Remove some repeated or unused conditionals.
Make sure autoconf is at least version 2.69.
 2015-04-04 16:15:40 -07:00
Mike Arpaia
367d695d77 Merge pull request #938 from facebook/theopolis-patch-1 
[Fix #937] Return non-0 for status
 2015-04-04 00:12:52 -07:00
Teddy Reed
652ca19862 [Fix #937] Return non-0 for status 2015-04-03 17:24:10 -07:00
Javier Marcos
b0e69b7074 Support for RHEL building 2015-04-03 16:53:06 -07:00
Teddy Reed
ddc02f6867 Update provisioning to include yara installs 2015-04-03 00:49:29 -07:00
Teddy Reed
2b20d3dde0 Merge yara subscribers 2015-04-03 00:48:13 -07:00
Javier Marcos
4a1aced53a Breaking provision.sh into multiple scripts 2015-04-02 21:34:55 -07:00
mtmcgrew
da0ce578da correct chkconfig level 
3 is not needed twice
 2015-04-02 13:53:25 -07:00
Teddy Reed
b1640a9c0c Merge pull request #906 from eastebry/902_clean_option 
Added clean options, general osqueryctl cleanups
 2015-03-31 22:17:38 -07:00
Bryan Eastes
afe76d4f6e Added clean options, general osqueryctl cleanups 2015-03-31 21:50:28 -07:00
Teddy Reed
fc623d98d5 Declare extension registries 'external' 2015-03-30 02:03:26 -07:00
Teddy Reed
d9d068bb5d Merge pull request #910 from theopolis/centos_pkgs 
Remove snappy/libproc from CentOS deps
 2015-03-27 20:04:45 -07:00
Teddy Reed
c37474775c Remove snappy/libproc from CentOS deps 2015-03-27 19:19:55 -07:00
Teddy Reed
38bfed3414 Remove libprocps(ng) in favor of parsing proc manually 2015-03-27 12:37:16 -07:00
Teddy Reed
709723efda Merge pull request #880 from theopolis/shell_db 
Remove unused shell functions
 2015-03-19 21:33:37 -07:00
Teddy Reed
4721205b25 [Fix #884] Remove return 1s when no action needed in init 2015-03-19 16:34:35 -07:00
Teddy Reed
79ddc5ba38 Remove unused shell functions 2015-03-19 16:14:29 -07:00
Teddy Reed
91dce32095 Speed up shell and add max value size 2015-03-18 15:07:13 -07:00
Mike Arpaia
b8c658ec71 Update make_linux_package.sh 2015-03-17 15:59:33 -07:00
Javier Marcos
c122ca4e6e Merge pull request #872 from facebook/wget_and_packages 
Fix for centos7 targets
 2015-03-17 12:01:50 -07:00
Javier Marcos
52ad62cb04 Fix for centos7 targets 2015-03-17 11:53:10 -07:00
Teddy Reed
afd11fe1f3 Set osquery_extensions for worker child 2015-03-17 10:36:19 -07:00
Teddy Reed
1a0334ec9a Use a .load file instead of delimited dirs 2015-03-17 10:11:43 -07:00
Teddy Reed
363bef2b98 [Fix #861] Allow initscript to read gflags flagfile 2015-03-16 11:59:04 -07:00
Teddy Reed
bf863097f8 [Fix #833] Add NDEBUG to provision for gflags/thrift 2015-03-14 22:27:54 -07:00
Teddy Reed
fd3083fb43 [Fix #846] Extension flag aliases are limited to strings 2015-03-14 20:36:27 -07:00
Teddy Reed
6fee50be78 Merge pull request #851 from theopolis/better_ext_testing 
Improve extensions integration testing
 2015-03-14 11:25:24 -07:00
Teddy Reed
1170887d56 Improve extensions integration testing 2015-03-13 18:33:55 -07:00
Mitchell Grenier
637336f8c9 Ability to configure osquery from multiple files 2015-03-13 17:19:02 -07:00
Teddy Reed
fe0f369af0 Extension-dependent config/logger plugins 2015-03-13 12:01:30 -07:00
Teddy Reed
6a81cec937 Organize kernel_extensions to add signatures 2015-03-09 11:43:06 -07:00
Theodore M. Reed
4803b441a2 Move preprocessor defines before compile flags 2015-03-06 12:11:21 -08:00
Teddy Reed
0673900837 Registry modules 2015-03-04 20:33:10 -08:00
Teddy Reed
8efa07e520 Watcher process will fail if DB path is incorrect 2015-03-04 18:51:41 -08:00
Teddy Reed
3c02806cd8 Extensions autoloading prequel 2015-03-04 18:51:41 -08:00
Teddy Reed
5b5eb7f693 [Fix #823] Install cmake/boost after clang on centos 2015-03-04 17:32:19 -08:00
Teddy Reed
41ab6f3161 Organizing osquery python testing 
Move /osquery/python_tests/* to /tools/tests
Move test_extensions process controls to test_base module
Use test_base.Testing to implement each module's main()
  - This applies a default argparse with --build
  - test_base.ARGS is the argparse-parsed namespace
  - Use test_base.ARGS.build for the platform-specific dir
Move WatchdogTests to /tools/tests/test_watchdog.py
 2015-03-02 16:23:22 -08:00
Teddy Reed
722cf3b59c Merge pull request #813 from theopolis/no_osx_symlinks_pkg 
[#808] Prefer /private/var for PKG install structure
 2015-03-02 16:02:30 -08:00
Teddy Reed
40e167d7b7 Merge pull request #810 from theopolis/respect_cflags 
Respect external CMake C/CXX flags
 2015-03-02 16:01:53 -08:00
Teddy Reed
e0eff0478b [#808] Prefer /private/var for PKG install structure 2015-03-02 00:19:52 -08:00
Teddy Reed
dcff476807 Respect external CMake C/CXX flags 
Use osquery-C flags for every object compile.
Add CXX flags without conditional logic.
Move the `python-thrift` target into the CPP generation command.
Remove verbose option for extensions python unittest.
Add thrift as a pip install requirement (for unittests).
 2015-03-01 21:19:31 -07:00
Teddy Reed
ff1f1c086b [Fix #805] Add symlink to gmake for gflags 2015-02-27 19:45:18 -07:00
Teddy Reed
2237f00c12 Rename ca_certs to certificates 2015-02-26 23:47:05 -08:00
Teddy Reed
b9dbcb2545 Fix some tooling regressions 2015-02-25 00:09:43 -08:00
mike@arpaia.co
451f990e80 adding osqueryctl to OS X 2015-02-24 12:27:06 -08:00
mike@arpaia.co
7d212f80fd osquery ctl script 
Addresses #585
 2015-02-24 11:13:27 -08:00
Teddy Reed
f173fb6e0a Working on sync using new non-macro decisions 2015-02-23 23:15:04 -08:00
Teddy Reed
ace433e49d Allow external calls from within registry 2015-02-23 21:35:54 -08:00
Teddy Reed
a29addba61 Extensions integrations testing 2015-02-22 22:56:18 -07:00
Teddy Reed
2529d652be Merge pull request #782 from theopolis/mkdir_generated 
Move sync to CMake and remove generated mkdir
 2015-02-19 17:56:45 -08:00
Teddy Reed
59a5e017b2 Move sync to CMake and remove generated mkdir 2015-02-19 17:00:43 -08:00
Teddy Reed
451ef686ed Building example extension with SDK 2015-02-18 20:11:00 -08:00
Mike Arpaia
441fd17e58 include the OSQUERY_BUILD_SDK flag when compiling the SDK 2015-02-18 16:13:52 -08:00
mike@arpaia.co
843fe3a302 syncing sdk with codemod and targets 2015-02-18 09:02:04 -08:00
Teddy Reed
3c36c4196b Merge pull request #731 from jedi22/wildcard_events 
Added parsing of extra data along with its addition to the osqueryconfig structure
 2015-02-15 19:16:54 -08:00
Javier Marcos
a9025679de Downloading dependencies from S3 2015-02-13 18:54:59 -08:00
Mitchell Grenier
de5ac74fab All changes addressed 2015-02-13 16:52:11 -08:00
Javier Marcos
92b1fbeb8b Using gcc 4.8 and fix on the provision script 2015-02-13 15:27:18 -08:00
Teddy Reed
aa078895d3 CentOS7 clang without fortify 
1. _FORTIFY_SOURCE=1 will cause readlink/recv to hang when using
heap-allocated target buffers.
2. Install boost/rocksdb/thrift using source, similar to CentOS6.5
3. Remove boost::regex, prefer extended std::regex without static
link to boost_regex.
 2015-02-13 12:47:30 -08:00
Javier Marcos
13fbc6f514 Logic to check packages was wrong 2015-02-13 08:38:35 -08:00
Javier Marcos
5da83051a4 bug in provision when checking for packages 2015-02-12 20:18:28 -08:00
Javier Marcos
431ee195b1 We need libudev for CentOS 6 2015-02-12 17:20:52 -08:00
Javier Marcos
7517af8cad Adding needed dependencies for packages in CentOS 7 2015-02-12 17:01:10 -08:00
Javier Marcos
c46584af4e Adding rpm-build to provision 2015-02-12 00:49:47 -08:00
Javier Marcos
715f894c1c Fix for the CentOS 7 support 2015-02-11 22:07:25 -08:00
Mitchell Grenier
0448afbd91 Asynchronously resolve the wildcards of all the files we want to monitor 2015-02-11 19:35:57 -08:00
Mitchell Grenier
dca2f9d7bb Added parsing of extra data along with its addition to the osqueryconfig structure 
Added tests as well
 2015-02-11 19:35:57 -08:00
Javier Marcos
bcad687ea2 Adding support for CentOS 7 2015-02-11 17:19:45 -08:00
Teddy Reed
de868e6eb1 Merge pull request #715 from theopolis/more_descriptions 
Add more table descriptions for API generation
 2015-02-09 12:59:22 -08:00
Mike Arpaia
bb6550f1da type in example config 2015-02-09 10:12:43 -08:00
Teddy Reed
1252fa2663 Add more table descriptions for API generation 2015-02-08 18:40:35 -07:00
Teddy Reed
9a9fd208d6 Update osquery.example.conf 
Update logger/config options to new "plugin" naming.
 2015-02-07 01:48:24 -08:00
Teddy Reed
0586b92fa5 GenAPI should output JSON instead of React JS 2015-02-04 21:02:32 -07:00
mike@arpaia.co
b0398eb745 fix #698 2015-02-03 16:34:42 -08:00
Bryan Eastes
636717989b Added --autostart flag to osx packaging script 2015-02-02 18:22:25 -08:00
mike@arpaia.co
137f7d9a43 ignore ds_store on table generation 
fix for #695
 2015-02-02 12:58:37 -08:00
Teddy Reed
e37b16ce2f Clang analyze fixups for Linux 2015-02-01 05:10:57 -07:00
Teddy Reed
f96b498ae3 Remove EventFactory::deregister... in favor of ::end 2015-02-01 02:20:09 -07:00
Teddy Reed
a146d7f4e9 Improve profile.py to error when exit !=0 2015-02-01 02:20:09 -07:00
Teddy Reed
ab08bc76a8 Towards a new registry 2015-02-01 02:20:09 -07:00
Teddy Reed
c4fb5d45ed Added make analyze (clang-analyze) and fixed output 2015-01-31 03:09:30 -08:00
Javier Marcos
031499165f Adding latest to package names 2015-01-29 19:37:24 -08:00
Teddy Reed
ac08ef441a Merge pull request #661 from theopolis/hash_tests 
Fix #646] Add unit testing to hashing
 2015-01-21 20:13:23 -08:00
Teddy Reed
d912009569 Add unit testing to hashing 2015-01-21 16:24:40 -08:00
Mike Arpaia
b4b42d8cc5 Update make_linux_package.sh 2015-01-21 15:41:24 -08:00
Mike Arpaia
27e2248fa5 Merge pull request #655 from theopolis/tools 
Add table API changes to genapi, leaks summary view
 2015-01-21 13:34:10 -08:00
Teddy Reed
48dfee2af7 Add table API changes to genapi, leaks summary view 2015-01-21 11:50:42 -08:00
Javier Marcos
d4c955b408 gflags should install after cmake 2015-01-20 17:17:01 -08:00
Teddy Reed
ef495c3dc4 Merge pull request #649 from theopolis/genapi_change 
Ignore ',' add support Linux-only categories in genapi.py
 2015-01-20 17:15:18 -08:00
Javier Marcos
0cedf1de70 Provision fails in Ubuntu systems because doxygen and gflags missing, fixing that 2015-01-20 16:06:22 -08:00
Teddy Reed
13884c4bd3 Ignore ',' add support Linux-only categories 2015-01-20 16:04:58 -08:00
Teddy Reed
b7549e09ca SMBIOS parsing on Linux using mem 2015-01-20 15:10:19 -08:00
Teddy Reed
b7852650c2 SMBIOS structure tables for OSX 2015-01-20 15:06:34 -08:00
Javier Marcos
a324a22fbc Fix for #611, CentOS compilation 2015-01-17 17:23:41 -08:00
Teddy Reed
6bd6fce8f5 Merge pull request #614 from maus-/initscript 
Added basic init script
 2015-01-13 19:06:13 -08:00
maus-
93e03b5553 Rename osquery.initd to osqueryd.initd 2015-01-13 16:39:00 -08:00
maus-
d5e6d3eab8 Delete osqueryd.initd 2015-01-13 16:38:49 -08:00
maus-
d16af10d23 Cleaned up wording 2015-01-13 16:38:11 -08:00
maus-
112425feed Updated as per your notes 
A couple of things to note

The script still makes the assumption of having a config in /etc/osquery/osquery.conf however it now checks to see if there is the default example config in /usr/share/osquery/osquery.example.conf and alerts the user that it's using the default. 

To prevent having the pidfile being set in two different locations, it would be nice if the osqueryd application settings could be stored with the standard key=value approach. This would allow the init script to source the config at runtime. The downside however would that the init script still makes the assumption that the location of osquery.conf is standardized. 

I'm not really sure why the pidfile needs to go in the osquery directory anyway, considering most pidfiles for daemons like this typically exists in /var/run/$program.pid which actually would be a nicer default as it removes the requirement of having the folder there in /var. I'd prefer to not keep osquery in /var anyway. 

same goes for the lockfile. Typically you'd never bother with this setting and you'd keep it in /var/lock/subsys/$progname
 2015-01-12 16:25:38 -08:00
Teddy Reed
eaad95b181 Add texinfo to CentOS provision 2015-01-12 15:38:16 -08:00
a wizard named upfish
7686104e27 added init script 2015-01-12 14:56:47 -08:00
Javier Marcos
d9b41f81b9 Installing gems in Ubuntu 12 to avoid error 2015-01-12 11:32:48 -08:00
Teddy Reed
10fafa6299 Support make package 2015-01-10 23:02:32 -08:00
Teddy Reed
c7f92598ad Building glog on CentOS 6.6 2015-01-10 22:12:38 -08:00
Teddy Reed
c5cbf992ad Remove installed unwind headers 2015-01-10 20:38:31 -07:00
mike@arpaia.co
a0a404acc1 removing the dependency on unwind 
Moving glog to third-party so that we can custom compile it so that
we no longer have the dependency on libunwind. #578
 2015-01-10 13:02:30 -07:00
Teddy Reed
18d93d8cbc Building DEB/RPM package dependencies 2015-01-09 12:24:54 -08:00