valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 10:23:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,640 Commits 2 Branches 109 Tags 25 MiB
1413008642
Commit Graph

847 Commits

Author SHA1 Message Date
Michael O'Farrell
dda11ce74a Executable size benchmark change. 2015-07-30 15:44:25 -07:00
Michael O'Farrell
346743e87f Benchmark using mean across 5 runs. 2015-07-29 16:50:19 -07:00
Michael O'Farrell
5956e685e9 Report bytes using word count 2015-07-29 15:10:20 -07:00
Michael O'Farrell
46ee4b491c Benchmark stripped binary size. 2015-07-29 11:35:04 -07:00
Michael O'Farrell
0cb5730d55 Added benchmark for executable size. 2015-07-28 22:34:22 -07:00
Teddy Reed
ff9cb71628 Various additional tests and benchmarks 2015-07-28 12:26:17 -07:00
Elan Ruusamäe
bb40956844 don't qualify any system with lsb-release as ubuntu 2015-07-25 14:52:59 +03:00
Michael O'Farrell
66b075a685 Merge pull request #1377 from mofarrell/benchmark 
Added benchmarking targets.
 2015-07-23 17:37:56 -07:00
Michael O'Farrell
a65f8dd93c Added benchmarking targets. 2015-07-23 17:07:42 -07:00
Teddy Reed
f03ec9ddac [Fix #1368] Restore autostart post-install scripts 2015-07-21 19:09:24 -07:00
Teddy Reed
fc24682816 Fix profile platform bug in leaks checking 2015-07-20 02:06:52 -07:00
Teddy Reed
95775be1d9 [Fix #1355] Allow plist keys with '.' 
Boost property trees are level delimited using '.' characters.
An Apple property list may contain keys with '.' characters, so the plist conversion must use iterators and raw node appends.
 2015-07-19 16:24:43 -07:00
Teddy Reed
a713d09f0e Install additional configs for HB/packages 2015-07-17 16:07:22 -07:00
Teddy Reed
270b4da540 [Fix #1339] Add kernel-build to packages when used 2015-07-16 15:23:29 -07:00
Javier Marcos
7241becda1 Fix tables JSON file name 2015-07-16 13:38:31 -07:00
Javier Marcos
84e0c77a98 Generation of table docs with packages and docs targets 2015-07-16 12:23:44 -07:00
Javier Marcos
01fabf910d Merge pull request #1343 from javuto/generate_tables_output 
Adding support to generate documentation to external files
 2015-07-15 17:10:27 -07:00
Javier Marcos
ba69bf8efa Adding support to generate documentation to external files 2015-07-15 13:18:41 -07:00
Teddy Reed
341245f751 Build/install gflags' static library on build hosts. 
As of [homebrew #41151](https://github.com/Homebrew/homebrew/pull/41151) gflags is not installed with a static library.
Our build hosts must have static versions of gflags.
 2015-07-14 17:20:55 -07:00
Teddy Reed
c269bbeaf3 Rollup of build changes 2015-07-14 13:45:53 -07:00
Teddy Reed
19d7a9e735 Merge pull request #1328 from mofarrell/kernel 
Fixed cleanup in testing script in failure cases.
 2015-07-13 16:41:44 -07:00
Michael O'Farrell
b2b1f0483d Fixed cleanup in testing script in failure cases. 2015-07-13 16:11:45 -07:00
Teddy Reed
0e49a3a9a1 Build separate OS X packages 2015-07-13 15:44:16 -07:00
Michael O'Farrell
dd1f0af0ff Build system changes for kernel extension testing and deployment. 2015-07-09 11:50:23 -07:00
Michael O'Farrell
0284b9e60d Merge branch 'master' into kernel 
Conflicts:
	mkdocs.yml
 2015-07-08 10:26:32 -07:00
Teddy Reed
f48619ed28 [#1285, #1276] Faster, optimized subscriber results 2015-07-07 00:59:28 -07:00
Matthew White
11f447a959 Minor fixes to support building on Ubuntu 10.04 2015-07-06 15:18:11 -07:00
Teddy Reed
7aac5fd358 Replace custom wildcarding with POSIX-glob 
POSIX-globbing will allow event publishers/subscribers to post-check
results against glob-syntax, fnpath matching, and POSIX C-regex.
These checks are anecdotally speedy.
 2015-07-02 13:53:16 -07:00
Teddy Reed
64e4afa136 Merge pull request #1294 from theopolis/relax_test_timesouts 
Relax extensions and shell timeouts
 2015-07-02 13:50:07 -07:00
Teddy Reed
89e5b6c729 Relax extensions and shell timeouts 2015-07-02 12:14:44 -07:00
Mike Arpaia
ba89b67cc5 Install snappy headers instead of just the library 
We found that not installing the headers for snappy caused RocksDB's
snappy detection to not find that snappy was installed:
https://goo.gl/YOWJl0

The snippet there requires that the headers are installed, not just the
library. By installing the headers, we can ensure that snappy is linked.

OR, alternatively, we could just leave it and not link snappy. It's
uncertain what the specific benefits of including snappy are for our
use-case. (CC @igorcanadi)
 2015-07-01 16:14:06 -07:00
Michael O'Farrell
a7bd4bd3db Merge pull request #1278 from facebook/master 
Merge branch 'master' into kernel
 2015-06-30 13:12:16 -07:00
Teddy Reed
757940fe6f Towards CMake-powered kernel extension building 2015-06-30 00:49:16 -07:00
Mike Arpaia
06793f9d00 Merge pull request #1267 from marpaia/osquery-latest-no-more 
Remove "latest" from the osquery package names
 2015-06-29 15:09:31 -07:00
Teddy Reed
0d6ab16281 Yara events was not building 2015-06-29 14:45:31 -07:00
Mike Arpaia
d6719f9ef7 Remove "latest" from the osquery package names 2015-06-29 11:18:49 -07:00
Teddy Reed
8db6ca4a3f [Fix #1198] Add a small retry to ext watcher 2015-06-28 02:12:50 -07:00
Teddy Reed
5566d8cd96 Merge pull request #1194 from theopolis/lucid-build 
Loose support for building on Ubuntu 10.04
 2015-06-27 20:47:53 -07:00
Teddy Reed
e7ed68e187 [Fix #1198] Faster death/timeout checks in extensions tests 2015-06-25 02:53:53 -07:00
Sharvil Shah
368517c6a6 Use psutil's Process.children() instead of Process.get_children() as the latter has been deprecated. 
Process.get_children() had been deprecated in psutil 2.x and is compeletely removed in 3.x versions
in favor of Process.children().

This fixes #1220.
 2015-06-23 16:44:05 -07:00
Mike Arpaia
2b9bbb6bd4 Merge pull request #1223 from marpaia/yara-3.4.0 
updating yara to 3.4.0
 2015-06-22 09:33:25 -07:00
Teddy Reed
37188f788b Fixups in tables, add DOUBLE, shell extensions 2015-06-22 04:17:23 -04:00
Mike Arpaia
6f85f2f617 updating yara to 3.4.0 2015-06-21 11:40:51 -04:00
Teddy Reed
46ceb7aa6d Merge pull request #1213 from theopolis/certs2 
Update testing x509 certs
 2015-06-13 02:24:29 -07:00
Teddy Reed
2fb774218a Update testing x509 certs 2015-06-13 02:13:31 -07:00
Teddy Reed
e7ab2fc47b Limit scope of git/tag version defines. 
Harden plist parsing against internal fuzzing tests.
Improve file/stream read speeds.
 2015-06-12 10:10:20 -07:00
Teddy Reed
727f5b091f Various table perf improvements and TLS docs 2015-06-05 22:03:15 -07:00
Teddy Reed
ccb1c2cd69 Loose support for building on Ubuntu 10.04 2015-06-04 18:25:49 -07:00
Teddy Reed
4e59bcf4c1 Merge pull request #1191 from theopolis/feature-backoffs 
[#1190] Schedule queries without logging removed results
 2015-06-04 14:58:19 -07:00
Teddy Reed
a678f8f46a Merge pull request #1192 from theopolis/rocksdb-from-homebrew 
[Fix #1185, #1183] Use RocksDB from Homebrew on OS X
 2015-06-04 14:34:52 -07:00
Teddy Reed
650a43d053 [Fix #1185, #1183] Use RocksDB from Homebrew on OS X 2015-06-04 13:56:58 -07:00
Teddy Reed
e244883ea4 [#1190] Schedule queries without logging removed results 2015-06-04 13:53:55 -07:00
Teddy Reed
a70828c2a4 Merge pull request #1187 from sharvilshah/xattr_update 
Extended Attributes: Use LaunchServices API for quarantine data
 2015-06-03 22:38:17 -07:00
Sharvil Shah
065fe6412d Use LaunchServices (part of CoreServices) to grab quarantine properties instead of manually parsing the colon separated attribute data. 
Fall back to deprecated LaunchService API for OS X 10.9 Mavericks.

Added tests for extended_attributes

Better error handling and cleanup
 2015-06-03 22:18:45 -07:00
Teddy Reed
c934ad0df3 Update tooling/profiling paths 2015-06-03 21:22:12 -07:00
Teddy Reed
8aacaca7eb Query pack platform binds should match any/all 2015-06-03 13:56:39 -07:00
Teddy Reed
a105924804 Move specs to a top-level path, add query examples 
1. Example queries will run with an (optional) integration test.
2. Fix bad accesses with OS X package BOMs
3. Move spec files from ./osquery/tables/specs to ./specs
4. Remove server parsers (netlib) from client builds.
 2015-06-03 10:39:05 -07:00
Teddy Reed
5899bbb8f5 Merge pull request #1182 from theopolis/osx_rocksdb_portable 
Build RocksDB from source on Darwin
 2015-06-02 15:50:15 -07:00
Teddy Reed
eeab588d8f Build RocksDB from source on Darwin 2015-06-02 15:25:16 -07:00
Teddy Reed
f41fb6b107 Remove package-manager installed autoconf tools for older distros 2015-06-02 03:05:47 -07:00
Teddy Reed
0669d8205e Merge pull request #1174 from theopolis/remote_logger 
TLS/HTTPS-based logger plugin
 2015-06-02 02:59:34 -07:00
Teddy Reed
33f53809ad Fix DBHandle checking with concurrent processes. 
`make tests` fails with another osquery process running.
The backing-store check happens after a config plugin is setUp and
the initial load occures. This may involve calls to cached keys, the
check should occur pre-config initialize.
 2015-06-02 02:50:04 -07:00
Teddy Reed
da9bd5801b Migrate HTTP remote logger to TLS logger 2015-06-01 10:12:31 -07:00
Teddy Reed
4064fa6eb5 Pack and testing fixups 2015-05-28 12:17:27 -07:00
Blake Frantz
28d9237b50 Amazon EC2-based vagrant targets for RHEL/Amazon Linux 
1. added docs for vagrant-aws support in Vagrantfile
2. removed aws target that have local vagrant support. inline-string'd aws.user_data
3. support building rhel6/7 in aws
4. correct aws-rhel6.6 name. it should be rhel6.5
 2015-05-26 21:03:10 -07:00
Teddy Reed
8b3686a58a TLS plugin workflow tests 2015-05-26 19:55:00 -07:00
Teddy Reed
b90b21bc2d [Fix #1154] Clean up CMake messages and check TP 2015-05-23 17:15:28 -07:00
Teddy Reed
5969ae4fbf Clean up TLS-version from OpenSSL detection 2015-05-23 13:04:36 -07:00
Javier Marcos
9a4f611baf Merge pull request #1155 from javuto/osquery_packs_table 
Osquery packs table
 2015-05-21 20:32:45 -07:00
Javier Marcos
c6855fab43 Table for osquery packs 2015-05-19 18:44:28 -07:00
Teddy Reed
b3338dc5d2 Merge pull request #1146 from theopolis/tls 
Towards TLS config/logging
 2015-05-19 17:17:04 -07:00
Teddy Reed
2a1f496cc5 Towards TLS config/logging 2015-05-19 17:05:55 -07:00
Javier Marcos
65e6e38e0f Merge pull request #1143 from javuto/pack_config_changes 
Support to load query packs as scheduled queries
 2015-05-16 15:37:27 -07:00
Javier Marcos
47e680e825 Adding tests and implementing version checker 2015-05-15 22:25:19 -07:00
Teddy Reed
f5945f98b4 Oracle 5.11 2015-05-14 22:44:01 -07:00
Teddy Reed
525c584a0b Merge pull request #1141 from theopolis/static_cryptsetup 
Build libcryptsetup statically
 2015-05-14 22:33:56 -07:00
Teddy Reed
9ee839b265 Build libcryptsetup statically 2015-05-14 19:36:00 -07:00
Blake Frantz
4262dd502d add install_iptables_dev 2015-05-13 11:52:49 -07:00
Blake Frantz
3a49fc46c8 Merge remote-tracking branch 'upstream/master' 2015-05-13 07:38:41 -07:00
Blake Frantz
410dec3a9c update provision/lib.sh to support amazon linux 2015-05-13 07:37:59 -07:00
Mike Arpaia
fff36af0af Removing trailing whitespace 2015-05-11 23:31:13 -07:00
Blake Frantz
805db480c5 Merge remote-tracking branch 'upstream/master' 2015-05-11 16:08:59 -07:00
Teddy Reed
5b43067c98 Merge pull request #1130 from theopolis/patch-134 
[Fix #1125 #1126] Flag padding checks, config_check tests
 2015-05-11 13:43:36 -07:00
Teddy Reed
fed0474bce Merge pull request #1129 from brandt/fix-command-not-found 
Fix missing command: force_provision
 2015-05-11 11:45:38 -07:00
Teddy Reed
7815f49020 Merge pull request #1128 from brandt/fix-dep-libtool-url 
Fix URL for libtool
 2015-05-11 11:45:29 -07:00
Teddy Reed
88b93b853c Add example newsyslog conf for OS X 2015-05-11 10:42:41 -07:00
Teddy Reed
771ed4da2f [Fix #1125 #1126] Flag padding checks, config_check tests 2015-05-11 10:37:16 -07:00
J. Brandt Buckley
3c6916a01b Fix missing command: force_provision 
Prior to this commit, you'd get this error when running `make deps` with a version of autoconf that belongs in a museum (e.g. the one that's in CentOS 6 Base):

```
[+] autoconf is already installed. skipping provision.
/home/brandt/osquery/tools/provision/lib.sh: line 163: force_provision: command not found
make: *** [deps] Error 127
```

I couldn't find a `force_provision` in the codebase. Plain old `provision` should do the job.
 2015-05-11 00:50:55 -06:00
J. Brandt Buckley
a0a09eb588 Fix URL for libtool 
Looks like a simple typo: `automake` for `libtool`

Before this commit, this is the error you'd get when you ran `make deps`:

```
[+] libtool is not installed/provisioned. installing...
[+] libtool has not been downloaded. downloading...
--2015-05-11 06:01:38--  https://osquery-packages.s3.amazonaws.com/deps/automake-2.4.5.tar.gz
Resolving osquery-packages.s3.amazonaws.com... failed: Temporary failure in name resolution.
wget: unable to resolve host address “osquery-packages.s3.amazonaws.com”
[+] libtool has not been extracted. extracting...
tar (child): libtool-2.4.5.tar.gz: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error is not recoverable: exiting now
/vagrant/tools/provision/lib.sh: line 196: pushd: libtool-2.4.5: No such file or directory
make: *** [deps] Error 1
```
 2015-05-11 00:14:15 -06:00
Blake Frantz
bbc21a545a remove unnecessary conditionals from amazon.sh 2015-05-10 17:33:12 -07:00
Blake Frantz
5c00016e30 base rhel/amazon/centos detection on system-release and ubuntu on lsb-release 2015-05-10 17:10:30 -07:00
Blake Frantz
2e865a69d6 Merge remote-tracking branch 'upstream/master' 2015-05-10 14:38:33 -07:00
Blake Frantz
2c4ae6758a initial commit for adding support for amazon linux 2015.03 2015-05-10 11:42:30 -07:00
Teddy Reed
8235fd155f Merge pull request #1122 from theopolis/relax_deps 
Relaxing iptables, EL-deps
 2015-05-09 23:52:28 -07:00
Teddy Reed
3e9f40f73f [Fix #1121] Minify shell table/schema, add meta tests 2015-05-09 19:48:28 -07:00
Teddy Reed
98b52c39a1 elaxing iptables, EL-deps 2015-05-09 18:16:13 -07:00
Teddy Reed
b5be0212e2 Merge pull request #1120 from theopolis/iptables_best 
Adding new table to display iptables filters, chains and rules
 2015-05-08 20:10:34 -07:00
Teddy Reed
6a3002a2c6 Remove patching for sysroot 2015-05-08 19:16:33 -07:00
Javier Marcos
4f21090fb8 Adding new table to display iptables filters, chains and rules 
Patching headers to avoid void pointers
Adding test for parsing ipt_ip entries
 2015-05-08 19:11:49 -07:00
Teddy Reed
1de7cfb331 Use CMake find_package for python, fix ifaddrs on FreeBSD 2015-05-08 18:49:01 -07:00
Teddy Reed
c7b9114975 Towards building on FreeBSD/ports 2015-05-07 23:12:30 -07:00
Teddy Reed
c50838922f Merge pull request #1102 from theopolis/sync_builds 
Easier build host-based sync
 2015-05-06 21:06:53 -07:00
Teddy Reed
70e3c190bb Easier build host-based sync 2015-05-05 15:15:45 -07:00
Mike Arpaia
abd1e89767 Merge pull request #1101 from marpaia/rocksdb-3.10.2 
[Fix #1099] Build RocksDB 3.10.2 on linux
 2015-05-05 11:05:46 -07:00
Mike Arpaia
b460a53e8b download RocksDB from osquery S3 2015-05-05 10:43:25 -07:00
Mike Arpaia
dfe62540ce [Fix #1099] Build RocksDB 3.10.2 on linux 2015-05-04 21:12:37 -07:00
Teddy Reed
cdb112eccb Add a CMake variable for packages 2015-05-04 17:09:09 -07:00
Teddy Reed
fa35ee5f7b Merge pull request #1095 from theopolis/raw_sockets 
[Fix #1080] Remove netlink, support raw sockets
 2015-05-04 12:09:37 -07:00
Teddy Reed
893f678403 Linting and asan fixups 2015-05-04 11:00:21 -07:00
Teddy Reed
7da8b6f68a [Fix #1080] Remove netlink, support raw sockets 2015-05-04 10:57:49 -07:00
Teddy Reed
51634fd848 Use unique sockets for extensions tests, RHN pass 
The extensions tests were previously using the same extensions socket
path. This may lead to races during the tests. There might be more
stability work needed to relax time/speed assumptions.

The RHN subscription manager has been failing on RHEL when enabling
repos. We can turn this fail into a warning and attempt to recover.
 2015-05-04 10:48:50 -07:00
Teddy Reed
c63bf0451a Various exception hardening 2015-05-03 14:18:20 -07:00
Teddy Reed
e01a73b4f3 Schedule monitoring, doc updates, logger plugin fixes 2015-05-03 11:54:15 -07:00
Teddy Reed
06aa60a127 Merge pull request #1074 from sharvilshah/disable_tables_runtime_flag 
[Implements #1016] Disable tables runtime flag
 2015-04-30 01:55:03 -07:00
Sharvil Shah
2735e731de Implement --disable_tables runtime flag 2015-04-30 01:41:01 -07:00
Javier Marcos
05855816f2 Support RHEL6 
Adding support to build RHEL6
 2015-04-29 22:48:01 -07:00
Javier Marcos
f30a8207df Support RHEL6 
Package changes from RHEL6 to RHEL7
 2015-04-29 18:33:27 -07:00
Teddy Reed
3c117fa5f3 Add rhel-6-server-optional-rpms to RHEL6 2015-04-29 16:21:07 -07:00
Teddy Reed
d0bbb0bc4f Towards safer and shuffled unittests 2015-04-29 14:43:27 -07:00
Javier Marcos
cf12156c09 Building in RHEL with g++ 
Using clang won't work
 2015-04-28 18:13:12 -07:00
Teddy Reed
be65922569 Fast tests 2015-04-27 09:40:31 -07:00
Teddy Reed
ed69536c06 Update ubuntu.sh 2015-04-26 17:41:08 -07:00
Teddy Reed
337a20cc75 Install cmake 3.2.1 on 14.04 
The repo-provided CMake is at 2.x, which will build extra cpp-netlib tests.
 2015-04-26 17:41:08 -07:00
Teddy Reed
a972b1b0b0 Merge pull request #1027 from sharvilshah/fde_linux 
[Implement #933] Add LUKS/dm-crypt disk_encryption support for Linux
 2015-04-25 12:43:05 -07:00
Teddy Reed
5e2ce5c2e9 Merge pull request #1039 from theopolis/fix_flags 
Fix dameon flags loading from options
 2015-04-25 01:28:30 -07:00
Sharvil Shah
f72dcb5d96 add libcrypysetup-dev library 
moved disk_ecryption table spec to crossplatform

link libcryptsetup

implemented get cipher type and cipher_mode:

more idiomatic c++11

no need to explicitly call std::string constructor to convert char * to std::string

update cryptsetup sources for centos

add function prototype for older libcryptsetup which is in centos6

ifdef check for centos6 which uses older libcryptsetup

remove forward declared functions defined in libcryptsetup, stylistic changes
 2015-04-24 17:01:14 -07:00
Teddy Reed
5e08b8bf60 Simpler RHEL6 provision 2015-04-24 14:25:59 -07:00
Teddy Reed
b90aeab2fe Fix dameon flags loading from options 2015-04-24 11:37:51 -07:00
Javier Marcos
6f447ffedb Merge pull request #1031 from javuto/etc_protocols_table 
Adding new table for /etc/protocols
 2015-04-22 18:18:03 -07:00
Teddy Reed
b2dc8b7264 Build cmake with gcc to avoid gnu++1y 2015-04-22 17:58:08 -07:00
Javier Marcos
ddb41ae84a Adding tests to the prototocols table 2015-04-22 17:49:27 -07:00
Teddy Reed
8930f9e692 Documentation updates, separate config/logging pages 
Mostly minor documentation/wiki/guide fixes.
The breaks down the "using osqueryd" page into more of a summary
of what the daemon does from a schedule/logging perspective.

The bulk of the "using osqueryd" page now exists in the configuration
deployment page and the new "logging" deployment page.
 2015-04-18 22:09:25 -07:00
Teddy Reed
c59ce0e4e4 Lint fixes and clang analyze 2015-04-17 09:18:46 -07:00
Teddy Reed
c9e07ec2ba Add launchd_overrides table 2015-04-15 23:19:23 -07:00
Teddy Reed
595e94547d Build LLVM 3.4 using gcc 4.9 on RHEL6.5 2015-04-13 09:19:09 -07:00
Teddy Reed
4a299c1fac Remove php from thrift provision 
The only thrift bindings we need for osquery are cpp/python.
Python is used for the integration tests.
 2015-04-10 17:15:31 -07:00
Teddy Reed
d30455893f Merge pull request #941 from theopolis/rhel_fun 
[Implement #926] RHEL6 provisioning
 2015-04-08 14:37:48 -07:00
Teddy Reed
1305a2764a [Fix #964] Restrict apt-sources to arch=amd64 2015-04-08 14:13:01 -07:00
Teddy Reed
78ec6fb305 Merge pull request #956 from sharvilshah/bug/etc_hosts_comment_parsing 
[Fix #955] Fix etc_hosts hostname parsing so that inline comments are now ignored
 2015-04-07 00:27:58 -07:00
Teddy Reed
41ce00e573 RHEL6 provisioning 2015-04-06 23:43:01 -07:00
Sharvil Shah
e7a3d24ece Fix etc_hosts hostname parsing so that inline comments are now ignored; update tests 2015-04-06 23:32:56 -07:00
Mitchell Grenier
f5b7f921d3 Fing crashes from bad JSON 
There are a couple places where this was an issue.

The first place was in the filesystem plugin where it was only checked that it
existed, and not that it was an actual file.

The second was a lack of try and catch on the parse call in config.cpp.

Both of those issues are addressed in this diff.
 2015-04-06 16:00:26 -07:00
Teddy Reed
2df9a6558e Add some osquery-theme to API docs 2015-04-06 01:21:10 -07:00
Teddy Reed
e87ab14246 Update provision.sh and os-specific deps 
Remove some repeated or unused conditionals.
Make sure autoconf is at least version 2.69.
 2015-04-04 16:15:40 -07:00
Mike Arpaia
367d695d77 Merge pull request #938 from facebook/theopolis-patch-1 
[Fix #937] Return non-0 for status
 2015-04-04 00:12:52 -07:00
Teddy Reed
652ca19862 [Fix #937] Return non-0 for status 2015-04-03 17:24:10 -07:00
Javier Marcos
b0e69b7074 Support for RHEL building 2015-04-03 16:53:06 -07:00
Teddy Reed
ddc02f6867 Update provisioning to include yara installs 2015-04-03 00:49:29 -07:00
Teddy Reed
2b20d3dde0 Merge yara subscribers 2015-04-03 00:48:13 -07:00
Javier Marcos
4a1aced53a Breaking provision.sh into multiple scripts 2015-04-02 21:34:55 -07:00
mtmcgrew
da0ce578da correct chkconfig level 
3 is not needed twice
 2015-04-02 13:53:25 -07:00
Teddy Reed
b1640a9c0c Merge pull request #906 from eastebry/902_clean_option 
Added clean options, general osqueryctl cleanups
 2015-03-31 22:17:38 -07:00
Bryan Eastes
afe76d4f6e Added clean options, general osqueryctl cleanups 2015-03-31 21:50:28 -07:00
Teddy Reed
fc623d98d5 Declare extension registries 'external' 2015-03-30 02:03:26 -07:00
Teddy Reed
d9d068bb5d Merge pull request #910 from theopolis/centos_pkgs 
Remove snappy/libproc from CentOS deps
 2015-03-27 20:04:45 -07:00
Teddy Reed
c37474775c Remove snappy/libproc from CentOS deps 2015-03-27 19:19:55 -07:00
Teddy Reed
38bfed3414 Remove libprocps(ng) in favor of parsing proc manually 2015-03-27 12:37:16 -07:00
Teddy Reed
709723efda Merge pull request #880 from theopolis/shell_db 
Remove unused shell functions
 2015-03-19 21:33:37 -07:00
Teddy Reed
4721205b25 [Fix #884] Remove return 1s when no action needed in init 2015-03-19 16:34:35 -07:00
Teddy Reed
79ddc5ba38 Remove unused shell functions 2015-03-19 16:14:29 -07:00
Teddy Reed
91dce32095 Speed up shell and add max value size 2015-03-18 15:07:13 -07:00
Mike Arpaia
b8c658ec71 Update make_linux_package.sh 2015-03-17 15:59:33 -07:00
Javier Marcos
c122ca4e6e Merge pull request #872 from facebook/wget_and_packages 
Fix for centos7 targets
 2015-03-17 12:01:50 -07:00
Javier Marcos
52ad62cb04 Fix for centos7 targets 2015-03-17 11:53:10 -07:00
Teddy Reed
afd11fe1f3 Set osquery_extensions for worker child 2015-03-17 10:36:19 -07:00
Teddy Reed
1a0334ec9a Use a .load file instead of delimited dirs 2015-03-17 10:11:43 -07:00
Teddy Reed
363bef2b98 [Fix #861] Allow initscript to read gflags flagfile 2015-03-16 11:59:04 -07:00
Teddy Reed
bf863097f8 [Fix #833] Add NDEBUG to provision for gflags/thrift 2015-03-14 22:27:54 -07:00
Teddy Reed
fd3083fb43 [Fix #846] Extension flag aliases are limited to strings 2015-03-14 20:36:27 -07:00
Teddy Reed
6fee50be78 Merge pull request #851 from theopolis/better_ext_testing 
Improve extensions integration testing
 2015-03-14 11:25:24 -07:00
Teddy Reed
1170887d56 Improve extensions integration testing 2015-03-13 18:33:55 -07:00
Mitchell Grenier
637336f8c9 Ability to configure osquery from multiple files 2015-03-13 17:19:02 -07:00
Teddy Reed
fe0f369af0 Extension-dependent config/logger plugins 2015-03-13 12:01:30 -07:00
Teddy Reed
6a81cec937 Organize kernel_extensions to add signatures 2015-03-09 11:43:06 -07:00
Theodore M. Reed
4803b441a2 Move preprocessor defines before compile flags 2015-03-06 12:11:21 -08:00
Teddy Reed
0673900837 Registry modules 2015-03-04 20:33:10 -08:00
Teddy Reed
8efa07e520 Watcher process will fail if DB path is incorrect 2015-03-04 18:51:41 -08:00
Teddy Reed
3c02806cd8 Extensions autoloading prequel 2015-03-04 18:51:41 -08:00
Teddy Reed
5b5eb7f693 [Fix #823] Install cmake/boost after clang on centos 2015-03-04 17:32:19 -08:00
Teddy Reed
41ab6f3161 Organizing osquery python testing 
Move /osquery/python_tests/* to /tools/tests
Move test_extensions process controls to test_base module
Use test_base.Testing to implement each module's main()
  - This applies a default argparse with --build
  - test_base.ARGS is the argparse-parsed namespace
  - Use test_base.ARGS.build for the platform-specific dir
Move WatchdogTests to /tools/tests/test_watchdog.py
 2015-03-02 16:23:22 -08:00
Teddy Reed
722cf3b59c Merge pull request #813 from theopolis/no_osx_symlinks_pkg 
[#808] Prefer /private/var for PKG install structure
 2015-03-02 16:02:30 -08:00
Teddy Reed
40e167d7b7 Merge pull request #810 from theopolis/respect_cflags 
Respect external CMake C/CXX flags
 2015-03-02 16:01:53 -08:00
Teddy Reed
e0eff0478b [#808] Prefer /private/var for PKG install structure 2015-03-02 00:19:52 -08:00
Teddy Reed
dcff476807 Respect external CMake C/CXX flags 
Use osquery-C flags for every object compile.
Add CXX flags without conditional logic.
Move the `python-thrift` target into the CPP generation command.
Remove verbose option for extensions python unittest.
Add thrift as a pip install requirement (for unittests).
 2015-03-01 21:19:31 -07:00
Teddy Reed
ff1f1c086b [Fix #805] Add symlink to gmake for gflags 2015-02-27 19:45:18 -07:00
Teddy Reed
2237f00c12 Rename ca_certs to certificates 2015-02-26 23:47:05 -08:00
Teddy Reed
b9dbcb2545 Fix some tooling regressions 2015-02-25 00:09:43 -08:00
mike@arpaia.co
451f990e80 adding osqueryctl to OS X 2015-02-24 12:27:06 -08:00
mike@arpaia.co
7d212f80fd osquery ctl script 
Addresses #585
 2015-02-24 11:13:27 -08:00
Teddy Reed
f173fb6e0a Working on sync using new non-macro decisions 2015-02-23 23:15:04 -08:00
Teddy Reed
ace433e49d Allow external calls from within registry 2015-02-23 21:35:54 -08:00
Teddy Reed
a29addba61 Extensions integrations testing 2015-02-22 22:56:18 -07:00
Teddy Reed
2529d652be Merge pull request #782 from theopolis/mkdir_generated 
Move sync to CMake and remove generated mkdir
 2015-02-19 17:56:45 -08:00
Teddy Reed
59a5e017b2 Move sync to CMake and remove generated mkdir 2015-02-19 17:00:43 -08:00
Teddy Reed
451ef686ed Building example extension with SDK 2015-02-18 20:11:00 -08:00
Mike Arpaia
441fd17e58 include the OSQUERY_BUILD_SDK flag when compiling the SDK 2015-02-18 16:13:52 -08:00
mike@arpaia.co
843fe3a302 syncing sdk with codemod and targets 2015-02-18 09:02:04 -08:00
Teddy Reed
3c36c4196b Merge pull request #731 from jedi22/wildcard_events 
Added parsing of extra data along with its addition to the osqueryconfig structure
 2015-02-15 19:16:54 -08:00
Javier Marcos
a9025679de Downloading dependencies from S3 2015-02-13 18:54:59 -08:00
Mitchell Grenier
de5ac74fab All changes addressed 2015-02-13 16:52:11 -08:00
Javier Marcos
92b1fbeb8b Using gcc 4.8 and fix on the provision script 2015-02-13 15:27:18 -08:00
Teddy Reed
aa078895d3 CentOS7 clang without fortify 
1. _FORTIFY_SOURCE=1 will cause readlink/recv to hang when using
heap-allocated target buffers.
2. Install boost/rocksdb/thrift using source, similar to CentOS6.5
3. Remove boost::regex, prefer extended std::regex without static
link to boost_regex.
 2015-02-13 12:47:30 -08:00
Javier Marcos
13fbc6f514 Logic to check packages was wrong 2015-02-13 08:38:35 -08:00
Javier Marcos
5da83051a4 bug in provision when checking for packages 2015-02-12 20:18:28 -08:00
Javier Marcos
431ee195b1 We need libudev for CentOS 6 2015-02-12 17:20:52 -08:00
Javier Marcos
7517af8cad Adding needed dependencies for packages in CentOS 7 2015-02-12 17:01:10 -08:00
Javier Marcos
c46584af4e Adding rpm-build to provision 2015-02-12 00:49:47 -08:00
Javier Marcos
715f894c1c Fix for the CentOS 7 support 2015-02-11 22:07:25 -08:00
Mitchell Grenier
0448afbd91 Asynchronously resolve the wildcards of all the files we want to monitor 2015-02-11 19:35:57 -08:00
Mitchell Grenier
dca2f9d7bb Added parsing of extra data along with its addition to the osqueryconfig structure 
Added tests as well
 2015-02-11 19:35:57 -08:00
Javier Marcos
bcad687ea2 Adding support for CentOS 7 2015-02-11 17:19:45 -08:00
Teddy Reed
de868e6eb1 Merge pull request #715 from theopolis/more_descriptions 
Add more table descriptions for API generation
 2015-02-09 12:59:22 -08:00
Mike Arpaia
bb6550f1da type in example config 2015-02-09 10:12:43 -08:00
Teddy Reed
1252fa2663 Add more table descriptions for API generation 2015-02-08 18:40:35 -07:00
Teddy Reed
9a9fd208d6 Update osquery.example.conf 
Update logger/config options to new "plugin" naming.
 2015-02-07 01:48:24 -08:00
Teddy Reed
0586b92fa5 GenAPI should output JSON instead of React JS 2015-02-04 21:02:32 -07:00
mike@arpaia.co
b0398eb745 fix #698 2015-02-03 16:34:42 -08:00
Bryan Eastes
636717989b Added --autostart flag to osx packaging script 2015-02-02 18:22:25 -08:00
mike@arpaia.co
137f7d9a43 ignore ds_store on table generation 
fix for #695
 2015-02-02 12:58:37 -08:00
Teddy Reed
e37b16ce2f Clang analyze fixups for Linux 2015-02-01 05:10:57 -07:00
Teddy Reed
f96b498ae3 Remove EventFactory::deregister... in favor of ::end 2015-02-01 02:20:09 -07:00
Teddy Reed
a146d7f4e9 Improve profile.py to error when exit !=0 2015-02-01 02:20:09 -07:00
Teddy Reed
ab08bc76a8 Towards a new registry 2015-02-01 02:20:09 -07:00
Teddy Reed
c4fb5d45ed Added make analyze (clang-analyze) and fixed output 2015-01-31 03:09:30 -08:00
Javier Marcos
031499165f Adding latest to package names 2015-01-29 19:37:24 -08:00
Teddy Reed
ac08ef441a Merge pull request #661 from theopolis/hash_tests 
Fix #646] Add unit testing to hashing
 2015-01-21 20:13:23 -08:00
Teddy Reed
d912009569 Add unit testing to hashing 2015-01-21 16:24:40 -08:00
Mike Arpaia
b4b42d8cc5 Update make_linux_package.sh 2015-01-21 15:41:24 -08:00
Mike Arpaia
27e2248fa5 Merge pull request #655 from theopolis/tools 
Add table API changes to genapi, leaks summary view
 2015-01-21 13:34:10 -08:00
Teddy Reed
48dfee2af7 Add table API changes to genapi, leaks summary view 2015-01-21 11:50:42 -08:00
Javier Marcos
d4c955b408 gflags should install after cmake 2015-01-20 17:17:01 -08:00
Teddy Reed
ef495c3dc4 Merge pull request #649 from theopolis/genapi_change 
Ignore ',' add support Linux-only categories in genapi.py
 2015-01-20 17:15:18 -08:00
Javier Marcos
0cedf1de70 Provision fails in Ubuntu systems because doxygen and gflags missing, fixing that 2015-01-20 16:06:22 -08:00
Teddy Reed
13884c4bd3 Ignore ',' add support Linux-only categories 2015-01-20 16:04:58 -08:00
Teddy Reed
b7549e09ca SMBIOS parsing on Linux using mem 2015-01-20 15:10:19 -08:00
Teddy Reed
b7852650c2 SMBIOS structure tables for OSX 2015-01-20 15:06:34 -08:00
Javier Marcos
a324a22fbc Fix for #611, CentOS compilation 2015-01-17 17:23:41 -08:00
Teddy Reed
6bd6fce8f5 Merge pull request #614 from maus-/initscript 
Added basic init script
 2015-01-13 19:06:13 -08:00
maus-
93e03b5553 Rename osquery.initd to osqueryd.initd 2015-01-13 16:39:00 -08:00
maus-
d5e6d3eab8 Delete osqueryd.initd 2015-01-13 16:38:49 -08:00
maus-
d16af10d23 Cleaned up wording 2015-01-13 16:38:11 -08:00
maus-
112425feed Updated as per your notes 
A couple of things to note

The script still makes the assumption of having a config in /etc/osquery/osquery.conf however it now checks to see if there is the default example config in /usr/share/osquery/osquery.example.conf and alerts the user that it's using the default. 

To prevent having the pidfile being set in two different locations, it would be nice if the osqueryd application settings could be stored with the standard key=value approach. This would allow the init script to source the config at runtime. The downside however would that the init script still makes the assumption that the location of osquery.conf is standardized. 

I'm not really sure why the pidfile needs to go in the osquery directory anyway, considering most pidfiles for daemons like this typically exists in /var/run/$program.pid which actually would be a nicer default as it removes the requirement of having the folder there in /var. I'd prefer to not keep osquery in /var anyway. 

same goes for the lockfile. Typically you'd never bother with this setting and you'd keep it in /var/lock/subsys/$progname
 2015-01-12 16:25:38 -08:00
Teddy Reed
eaad95b181 Add texinfo to CentOS provision 2015-01-12 15:38:16 -08:00
a wizard named upfish
7686104e27 added init script 2015-01-12 14:56:47 -08:00
Javier Marcos
d9b41f81b9 Installing gems in Ubuntu 12 to avoid error 2015-01-12 11:32:48 -08:00
Teddy Reed
10fafa6299 Support make package 2015-01-10 23:02:32 -08:00
Teddy Reed
c7f92598ad Building glog on CentOS 6.6 2015-01-10 22:12:38 -08:00
Teddy Reed
c5cbf992ad Remove installed unwind headers 2015-01-10 20:38:31 -07:00
mike@arpaia.co
a0a404acc1 removing the dependency on unwind 
Moving glog to third-party so that we can custom compile it so that
we no longer have the dependency on libunwind. #578
 2015-01-10 13:02:30 -07:00
Teddy Reed
18d93d8cbc Building DEB/RPM package dependencies 2015-01-09 12:24:54 -08:00
Teddy Reed
a4e236e16a Simpler OSX package building 2015-01-07 20:01:33 -08:00
Teddy Reed
2ad15763e2 Provide example config, improve pid check 2015-01-07 15:22:50 -08:00
Teddy Reed
182cdb713e Small fix for a make jobserver race in gentable 2015-01-05 18:11:10 -08:00
Norm MacLennan
a6b769b6f4 a table to show apt package sources 2015-01-04 19:44:45 -05:00
Teddy Reed
51425c898a Remove brew-dependent pkg build 2015-01-03 22:51:09 -08:00
Teddy Reed
2cef8d6f9f Merge pull request #564 from maclennann/deb_packages 
deb_packages table
 2015-01-02 11:15:56 -08:00
Teddy Reed
9b0adcc47f [Fix #560] Improve config tests 2015-01-01 22:05:03 -08:00
Norm MacLennan
dd4a9d9d74 merging cmake changes for distro-specific tables 2014-12-31 13:06:54 -05:00
Teddy Reed
914ae37a72 Move CMakeLibs and valgrind supp file 2014-12-31 08:32:23 -08:00
Norm MacLennan
beff9471f8 resolve merge conflict with upstream 2014-12-30 18:21:00 -05:00
Norm MacLennan
0191f1de29 resurrect the deb_packages table 2014-12-30 17:24:49 -05:00
Teddy Reed
94811f3ee8 Removed 'core' tables as a build dependency 2014-12-25 12:46:59 -08:00
Teddy Reed
e4b60e883a Variable amalgamation output filename 2014-12-23 21:53:59 -07:00
Theodore M. Reed
b2be1fa383 Whole link tests and refactor flags_test 2014-12-23 20:38:16 -08:00
Teddy Reed
b2dca55539 Build leaner libosquery, allow control over spec/impl 2014-12-23 20:07:12 -08:00
Theodore M. Reed
53d683a3b3 Remove tables dependency from CMake build 2014-12-23 14:37:07 -08:00
mike@arpaia.co
b9f732c31f Updating the license comment to be the correct open source header 
As per t5494224, all of the license headers in osquery needed to be updated
to reflect the correct open source header style.
 2014-12-18 10:52:55 -08:00
Teddy Reed
fefe6de824 OSX XProtect siganture DB as virtual table 2014-12-16 21:35:26 -08:00
Teddy Reed
a75fa3bf11 Merge pull request #538 from theopolis/improve_usb 
Improve usb_devices on OSX
 2014-12-10 19:51:08 -08:00
Teddy Reed
4644c5e19b Simple usb_devices updates 2014-12-10 01:52:02 -08:00
Teddy Reed
0b5083bd0e Improve usb_devices on OSX 2014-12-10 01:17:24 -08:00
Teddy Reed
5b029c96ec Using osquery as the app ID 2014-12-09 17:37:58 -08:00
Teddy Reed
2fae6c0d7c Link the brew dependencies statically on OSX 2014-12-09 13:40:53 -08:00
Teddy Reed
96d68ce98a Clean before building CI 2014-12-08 15:22:17 -08:00
Teddy Reed
f3ab333cf1 Add -s flag to OSX package script 2014-12-04 09:33:04 -08:00
Teddy Reed
ebd77d47c4 Amalgamate generated tables 2014-12-03 02:02:11 -08:00
Teddy Reed
343cdf8405 Organize /tools 2014-12-02 21:16:24 -08:00
Teddy Reed
3ac9c3be09 Verbose option for profile 2014-12-02 12:19:17 -08:00
Teddy Reed
cb4d8e2769 Add regress/compare to profile 2014-11-30 12:18:31 -08:00
Teddy Reed
3fb6e8583c [Fix #503] Check for zombie psutil 2014-11-30 00:55:17 -08:00
Teddy Reed
38bc5542b3 Towards a more universal darwin package 2014-11-22 17:42:02 -08:00
Javier Marcos
00d1d8f563 Avoiding unnecessary download of cmake in Ubuntu, removing Travis support and adding new dependency in osx needed to build a package 2014-11-21 15:33:47 -08:00
Teddy Reed
44181b7aeb Add basic support for unsigned long long int 2014-11-21 10:32:56 -08:00
Javier Marcos
2ca0e44d5c Comment to test PR builds, again 2014-11-19 16:33:33 -08:00
Javier Marcos
a190b41720 Comment to test PR builds 2014-11-19 16:23:25 -08:00
Javier Marcos
0dabad43af Merge pull request #471 from facebook/apt_get_update_errors 
Fix problem with apt-get update and hash mismatch
 2014-11-19 13:08:03 -08:00
Javier Marcos
e585fffacb Fix problem with apt-get update and hash mismatch 2014-11-19 12:59:40 -08:00
Mike Arpaia
ac70916719 Merge pull request #434 from lwhsu/freebsd-build 
FreeBSD support of build infrastructure
 2014-11-19 09:23:17 -08:00
Li-Wen Hsu
babb13240d Install build dependencies and fix checksum command for FreeBSD 2014-11-19 17:58:31 +08:00
mike@arpaia.co
7c1bf8457f new no-launchd option 2014-11-18 12:54:05 -08:00
Li-Wen Hsu
6c55b51c53 Merge branch 'master' into freebsd-build 
Conflicts:
	osquery/core/system.cpp
	tools/provision.sh
 2014-11-19 01:50:38 +08:00
Teddy Reed
8fd957dd65 Add throttle to LD plist 2014-11-17 19:35:37 -07:00
Javier Marcos
0c59fc9d9f Support of osx 10.8 broke the other builds with the -E parameter 2014-11-17 15:48:27 -08:00
Teddy Reed
1116d6a928 Merge pull request #438 from theopolis/feature-arp-table 
arp_cache vtable for OSX and Linux
 2014-11-17 11:36:46 -08:00
Teddy
968f8027e6 Cleaner arp_table->arp_cache on Linux/OSX 2014-11-17 02:37:15 -08:00
Javier Marcos
5db8dcbae6 Fixes building in CentOS, sudo was missing from some commands 2014-11-16 22:46:12 -08:00
Teddy Reed
d50d1cf3a7 Faster build on Ubuntu 2014-11-16 19:49:41 -08:00
Li-Wen Hsu
15335695a1 Use uname -r for better backward compatibility 2014-11-17 04:28:55 +08:00
mike@arpaia.co
2e49debd70 Customizable LaunchDaemon via a command-line flag 
This is in response to #411. Allowing you to specify arguments on the
command-line has more edge-cases than I'd prefer, so I think this is a
bit more of a sustainable solution, especially given that you're already
supplying the tool with a path to your config file (now you can just
track one additional file).
 2014-11-16 11:07:52 -08:00
Li-Wen Hsu
d4fc9b405a Use uname -s to determine non-Linux platform 2014-11-16 01:41:50 +08:00
Li-Wen Hsu
cf2e376744 $DISTRO will be used for C macro, truncate unnecessary part 2014-11-16 01:41:50 +08:00
Li-Wen Hsu
76fa17e19c Let provision script know FreeBSD 2014-11-16 01:41:40 +08:00
Teddy Reed
816faec3db Merge pull request #429 from cdown/llvm_license 
Add missing LLVM license referenced in git-clang-format.py
 2014-11-14 18:46:22 -08:00
Chris Down
8082313cce Revert removal of unused symbols in genapi per @theopolis' comment: 
At https://github.com/cdown/osquery/commit/2a93de#commitcomment-8583208:
> Although the removed symbols aren't referenced in this script they are
> used in the spec evaluation.
 2014-11-15 01:39:29 +00:00
Chris Down
2a93def805 Add PEP8 and general lint conformance to in-house scripts 
My intent in this diff was mostly style linting, so I disabled
non-stylistic pylint linters that fired in the interests of making this
a sane diff with one purpose: stylistic consistency and conformance. If
I disabled them it means they were thrown somewhere and should probably
be looked into some time :-)

This diff adds:
- PEP8 conformance (tested with pep8)
- A cleanup of stuff shown by `pylint`, with quite a few linters
  disabled. See above for rationale to disable these -- in the end this
  was mostly unused variables, unused imports, etc). These are the
  linters I disabled:
  - attribute-defined-outside-init
  - bad-classmethod-argument
  - bare-except
  - broad-except
  - exec-used
  - invalid-name
  - logging-not-lazy
  - method-hidden
  - missing-docstring
  - redefined-outer-name
  - too-few-public-methods
  - too-many-instance-attributes
  - too-many-locals
  - unused-argument
- flake8 warnings fixed (warnings were about redefinition of previous
  variables in a listcomp)

I didn't do anything with git-clang-format since it's from an external
project and it's possible that there may be a wish to merge it in again
later if it gets updated upstream, but you could, of course, apply this
to that script as well if you so wish. Right now it's not at all PEP8
conformant.
 2014-11-14 23:36:36 +00:00
Chris Down
3554a65885 Add missing LLVM license referenced in git-clang-format.py 2014-11-14 23:07:48 +00:00
Teddy Reed
565bce3c07 Fix unwind exception catching 2014-11-14 01:42:00 -08:00
Vincent Mauge
73d7500b8d Fix genapi to support DataType 
PR #414 (commit a5ef6a1) changed column type from string to Datatype
 2014-11-13 22:43:06 -08:00
mike@arpaia.co
b8566f557e including the formula file 2014-11-12 16:18:27 -05:00
mike@arpaia.co
019e9e25de only use most active version of a dependency 2014-11-12 16:07:31 -05:00
Teddy Reed
a5ef6a1f70 Merge pull request #414 from theopolis/feature-use-sqltypes 
Use SQLite types
 2014-11-12 11:07:50 -08:00
Teddy Reed
0d8b9d3eaa Use SQLite types 2014-11-12 11:07:24 -08:00
mike@arpaia.co
adb8bf7602 Merge branch 'master' of github.com:facebook/osquery 2014-11-12 10:57:14 -05:00
mike@arpaia.co
600027eb52 If the symlink is broken, delete it first. 2014-11-12 10:56:57 -05:00
Teddy Reed
525a3b79a0 Tons of new build features 
* The OS/DISTRO are available as defines when writing tables:
  UBUNTU, UBUNTU_14_04, UBUNTU_12_04
  CENTOS, CENTOS_6_6
  DARWIN, DARWIN_10_10, DARWIN_10_9
* The table generation tooling now grabs virtual tables templates
  from ./osquery/tables/templates/<name>.cpp.in.
* The table generation tooling will detect reserved column names.
* suid_bin uses the new UBUNTU to restrict calls to root (fix #362).
 2014-11-12 00:57:47 -08:00
mike@arpaia.co
535b1a0ef0 build packages without config files 
If you want to manage your osqueryd config via some other means than
this package creation logic, just leave off the `-c` flag and it won't
include the config in your package. Then you can distribute the config
however you'd like.
 2014-11-11 17:54:22 -05:00
Teddy Reed
8e408f987e Table spec documentation examples 2014-11-11 11:26:11 -08:00
mike@arpaia.co
42b32d0bbf include the newer kernel headers. fix for #401 2014-11-11 09:28:04 -05:00
Vincent Mauge
3e9e5ffc69 Fix genapi.py to handle new blacklist mechanism 
For now we generate doc for blacklist tables.
We should report those tables with a specific flag on the html output.
 2014-11-11 00:51:13 -08:00
Teddy Reed
8b1af689db Blacklist is now on by default 2014-11-10 13:30:38 -08:00
Teddy Reed
177229ead1 Add queries_from_config to profile 2014-11-10 13:30:38 -08:00
Teddy Reed
050e942d11 Support USE_BLACKLIST=1 to remove tables from release 2014-11-10 13:30:38 -08:00
Abe Stanway
6a6dc8f997 linux-headers-generic 2014-11-10 15:02:31 -05:00
Teddy Reed
86d2ac208b Use leaks for OSX memory leak profiling 2014-11-10 11:34:17 -08:00
Teddy Reed
19aa99583e Linux processes vtable use freeproc 2014-11-10 10:12:47 -08:00
Teddy Reed
22cf9909ec [Fix #388] Check for 0 in profile tooling 2014-11-10 02:03:58 -08:00
Teddy Reed
b0ff403d3d Fixing librpm API usage leaks 2014-11-10 01:48:07 -08:00
Teddy Reed
62d6472cfe Rethinking some build improvements 2014-11-08 19:28:35 -08:00
Teddy Reed
131dca2673 [tools] Performance monitoring tooling 2014-11-06 17:37:26 -08:00
Teddy Reed
51f434f6b9 Merge pull request #366 from facebook/site_tables 
[site] Add tables API page
 2014-11-05 10:57:28 -08:00
Teddy Reed
b79f512a9a [site] Add tables API page 2014-11-05 02:19:20 -08:00
Justin Gerace
40367dc054 Ensure that libblkid-devel is installed on CentOS 2014-11-04 19:33:43 -08:00
mike@arpaia.co
8c8c26a4c2 two threads for travis 2014-11-04 02:04:39 -08:00
Teddy Reed
b9cc1e6eca Merge pull request #355 from facebook/travis 
hard coding travis threads
 2014-11-03 23:39:32 -08:00
Mike Arpaia
37734bc5a4 Merge pull request #351 from LTD-Beget/blockdev_table 
Blockdev table for linux
 2014-11-03 22:29:35 -08:00
mike@arpaia.co
c9bdd0f124 hard coding travis threads 2014-11-03 22:22:47 -08:00
Mike Arpaia
12485f4345 Merge pull request #342 from theopolis/feature-depcheck 
Adding pip, git dependencies to provision
 2014-11-03 14:23:45 -08:00
Alexander Polyakov
cfa9c99a6f Add libblkid to provision.sh 2014-11-04 01:23:24 +03:00
Zachary Wasserman
07c8671ede Use relative path from argv[0] 2014-11-03 11:24:38 -08:00
Teddy
cedbb17075 Adding pip, git dependencies to provision 2014-11-03 09:33:26 -08:00
Akshay Dixit
afd9d5e160 changed lspci to be a linux only virtual table, and added udev dependency to provisions.sh 2014-11-02 21:07:35 -07:00
Teddy Reed
422cdbb3e9 Change make format to use git-clang-format 2014-11-02 11:30:56 -08:00
Teddy Reed
bb7f8b6519 Bump, change mode on provision 2014-11-02 02:07:29 -08:00
Teddy Reed
a98c7b1252 Add rpm-devel to centos deps 2014-11-02 01:33:11 -08:00
Mike Arpaia
77d4777eed Merge pull request #262 from facebook/rpmstuff 
RPM Package Listing - In Progress
 2014-11-01 00:24:03 -07:00
Teddy Reed
eb240ac527 RPM table and more robust Linux building 2014-10-31 21:59:10 -07:00
Denis Zhdanov
8e1b499b18 No, reverting back to getconf _NPROCESSORS_ONLN 
much simplier
 2014-10-31 18:31:06 +01:00
Denis Zhdanov
0539746a9b Update provision.sh 
Hm, jenkins do not likes getconf _NPROCESSORS_ONLN
trying more complex
$([[ $(uname) = 'Darwin' ]] && sysctl -n hw.logicalcpu_max || lscpu -p | egrep -v '^#' | wc -l)
 2014-10-31 18:22:03 +01:00
Denis Zhdanov
a2863efce1 Fixing number of cores detection for boost builds 
This way of cores detection:
```bash
cat /proc/cpuinfo | grep "cpu cores" | uniq | awk '{print $NF}'
```
is cumbersome and didn't work in some cases, e.g. for VM on VirtualBox with one CPU.
It's much better to use something else, e.g.
```bash
getconf _NPROCESSORS_ONLN
```
as stated in
https://stackoverflow.com/questions/6481005/obtain-the-number-of-cpus-cores-in-linux
```nproc``` also works well but didn't compatible with MacOS X.
 2014-10-31 18:04:55 +01:00
Teddy Reed
5e15cd0b28 Fix #281, quote SOURCE_DIR for source and pip 2014-10-30 13:03:07 -07:00
Rafal Jeczalik
cf959cfc4f Install libunwind8-dev for Ubuntu 14.10 2014-10-30 10:37:32 +01:00
Teddy Reed
4ed61ff868 Merge pull request #288 from vmauge/NewLongType 
Add new long type and migrate some vtables
 2014-10-29 23:12:52 -07:00
Vincent Mauge
7876d56219 Add support for long long int/BIGINT as a column type 2014-10-29 18:36:37 -07:00
Mike Arpaia
5f88d45efb Merge pull request #275 from SimplyAhmazing/fix_brew_installation_verification_on_boxen_provisioned_macs 
Improves bash code that verifies if homebrew is installed
 2014-10-29 15:26:21 -07:00
Yannick Koechlin
594cf346a9 add parenthesis for python3 compatibility 2014-10-29 22:37:54 +01:00
Ahmed Abdalla
825a55d0fb improves bash code that verifies if homebrew is installed 2014-10-29 16:52:37 -04:00
Teddy Reed
5b2510784e Build into platform-specific build dirs 2014-10-23 14:39:15 -07:00
Javier Marcos
bf1ffb1537 Removing old code for generating virtual tables 2014-10-13 21:58:26 -07:00
Javier Marcos
e66a4d8873 Install package depending on arch and better comments 2014-10-08 23:09:02 +00:00
Javier Marcos
b01806b412 Changes to the darwin build, to enable centos support 2014-10-08 04:11:50 +00:00
Javier Marcos
5db9fa59a5 Adding support to build osquery in centos 6.5 2014-10-08 03:45:56 +00:00
mike@arpaia.co
12a60acd9b working osx package maker 2014-10-03 18:09:37 -07:00
mike@arpaia.co
4e3979bce1 install root 2014-10-03 14:51:03 -07:00
mike@arpaia.co
e9b56e5d10 removing superfluous logging 2014-10-03 14:51:03 -07:00
mike@arpaia.co
d214901d57 OS X package maker via relocating homebrew packages 2014-10-03 14:51:03 -07:00
mike@arpaia.co
134c6ee1af removing wget from os x build 2014-10-03 13:49:33 -07:00
mike@arpaia.co
7d2fae033e rocksdb from brew 2014-10-03 13:48:54 -07:00
mike@arpaia.co
44f2cc9c39 brew update 2014-10-03 13:48:31 -07:00
Mike Arpaia
1d062bb038 Merge pull request #185 from facebook/ubuntu12_precise_build_support 
Adding support to build in Ubuntu 12
 2014-10-03 12:57:25 -07:00
Javier Marcos
97d44067ee Merge branch 'ubuntu12_precise_build_support' of https://github.com/facebook/osquery into ubuntu12_precise_build_support 2014-10-03 18:59:47 +00:00
mike@arpaia.co
fd141c26bf removing flag test 2014-10-03 12:01:08 -07:00
Javier Marcos
a495fab1ca Remove support of erlang, java and python for thrift 2014-10-03 18:58:03 +00:00
Javier Marcos
d15da03c67 Support of go fails 2014-10-03 17:59:39 +00:00
Javier Marcos
53360155fd Using source to import script 2014-10-03 17:23:17 +00:00
Teddy Reed
368ab483a7 Merge pull request #184 from facebook/fsevents 
[events] Fleshing out OSX FSEvent framework
 2014-10-03 07:54:17 -07:00
Teddy Reed
69bfb92905 [events] Fleshing out OSX FSEvent framework 2014-10-02 21:30:14 -07:00
Javier Marcos
4823fa2a56 Merge branch 'ubuntu12_precise_build_support' of https://github.com/facebook/osquery into ubuntu12_precise_build_support 2014-10-03 00:49:28 +00:00
Javier Marcos
c827065c01 Fix for building thrift in Linux 2014-10-03 00:48:45 +00:00
mike@arpaia.co
1bdb60d6fc sudo make install 2014-10-02 16:46:32 -07:00
mike@arpaia.co
9e59982f70 updating provision script to be runnable as not root 2014-10-02 16:33:23 -07:00
Javier Marcos
1401a279a2 Fixed Mac broken build and added building capabilities for Linux 2014-10-02 16:30:29 -07:00
Javier Marcos
84a79855e7 Using clang to build all and refactoring using functions 2014-10-02 16:30:29 -07:00
Javier Marcos
06b35c45f0 Adding support to build in Ubuntu 12 2014-10-02 16:30:29 -07:00
Javier Marcos
692da4127b Fixed Mac broken build and added building capabilities for Linux 2014-10-02 23:25:39 +00:00
Javier Marcos
126f66bfa3 Using clang to build all and refactoring using functions 2014-10-02 22:54:55 +00:00
mike@arpaia.co
0f840d4ec4 install rocksdb from source 2014-10-02 15:24:59 -07:00
mike@arpaia.co
6d7992a6c1 installing lz4 on OS X 2014-10-02 15:11:54 -07:00
Javier Marcos
7c1afd1558 Adding support to build in Ubuntu 12 2014-10-02 17:58:56 +00:00
mike@arpaia.co
2348460ca4 Revert "Support for Ubuntu 12, precise" 
This reverts commit ed0e051eba.
 2014-10-01 23:00:23 -07:00
Javier Marcos
ed0e051eba Support for Ubuntu 12, precise 2014-10-02 01:24:23 +00:00
Teddy Reed
588f1198f3 Merge pull request #174 from facebook/passwd_changes_vtable 
[events] Events lifecycle complete, passwd_changes vtable
 2014-09-26 21:13:52 -07:00
Teddy Reed
ed338e8356 [events] Events lifecycle complete, passwd_changes vtable 2014-09-26 12:58:32 -07:00
mike@arpaia.co
82bf365c5f Add space in error message 
[skip ci]
 2014-09-25 12:25:49 -07:00
mike@arpaia.co
4cd40c7f19 central build script 2014-09-25 02:00:16 -07:00
mike@arpaia.co
70eff22898 Adding some perm updates 2014-09-25 00:27:07 -07:00
mike@arpaia.co
135dd0dbe4 TravisCI configuration 2014-09-24 18:05:33 -07:00
mike@arpaia.co
d7546de036 Relocatable build 
Making it such that osquery doesn't need to be built in the repo "build"
subdirectory. gentable.py now accepts a positional argument which
indicates the output (which is calculated by cmake) so they don't have
to agree on a destination ahead of time.
 2014-09-24 01:58:12 -07:00
mike@arpaia.co
3753189e4a improving the makefile output 2014-09-24 01:28:34 -07:00
mike@arpaia.co
71bdb9e9a4 shebang 2014-09-23 22:14:28 -07:00
mike@arpaia.co
670957ab41 git submodules into provision.sh 2014-09-23 21:22:42 -07:00
mike@arpaia.co
6b25a216c9 periodic clang-format 2014-09-23 20:15:41 -07:00
mike@arpaia.co
e5d5423480 removing genpackage 2014-09-23 18:49:00 -07:00
mike@arpaia.co
9dc4c50fe4 moving generated tables to build subdir 2014-09-23 18:44:42 -07:00
mike@arpaia.co
6beb5d1247 Moving table generation to CMake 
CMake now handles building all of the generated code.
 2014-09-23 17:55:54 -07:00
mike@arpaia.co
77429c08e2 precise 2014-09-23 00:28:45 -07:00
mike@arpaia.co
4218a4c2ab cmake cleanups 2014-09-22 21:23:16 -07:00
mike@arpaia.co
1e774e50bf static build on OS X and Linux 2014-09-22 19:27:19 -07:00
mike@arpaia.co
2498abe024 commiting os x perms update 2014-09-22 15:44:23 -07:00
mike@arpaia.co
b5ee19f49f Removing the osquery::db namespace 2014-09-21 14:27:09 -07:00
mike@arpaia.co
4c08f4eec3 cleaning up OS X deps 2014-09-20 16:46:27 -07:00
mike@arpaia.co
fbc7c0aca6 rocksdb include files 2014-09-20 16:42:20 -07:00
mike@arpaia.co
e660334465 rocksdb fix 2014-09-20 16:36:04 -07:00
mike@arpaia.co
76193b6b39 fixing a path resolution bug for python deps 2014-09-20 16:31:26 -07:00
mike@arpaia.co
1f6ebd4cf7 fixing bug in dependency building 2014-09-20 16:26:40 -07:00
mike@arpaia.co
04f7a34dc1 Dependency building in repo 2014-09-20 16:19:51 -07:00
mike@arpaia.co
20bbef53b6 Cross platform build environment maker 
Currently works on Ubuntu 14.04 and Mac OS X 10.9. There are more
supported operating systems coming soon to a theater near you.
 2014-09-20 16:01:47 -07:00
mike@arpaia.co
0eab76a20c refactored aggregateQuery to query 2014-09-15 23:07:03 -07:00
mike@arpaia.co
ad9b0bb5c1 Doxyfile, for docs 2014-09-13 15:18:26 -07:00
Mike Arpaia
db0f0105dd Revert "Skip tests when making 'fast'" 2014-09-09 21:37:08 -07:00
Teddy Reed
2e150ef8a9 Skip tests when making 'fast' 2014-09-09 16:25:22 -07:00
Teddy Reed
7e470747b4 Moving sublibs to single libosquery 2014-09-08 01:58:29 -07:00
Teddy Reed
4ffd184eaf Changes for Linux (Ubuntu 14.04) build 2014-09-05 10:58:58 -07:00
mike@arpaia.co
63070a0d49 migrating project to use CMake's CTest to run unit tests 2014-09-02 11:14:21 -07:00
mike@arpaia.co
376d1779db adding an 'iterations' flag to the run tool to look at memory usage trends 2014-09-01 14:07:53 -07:00
mike@arpaia.co
47bfe57272 clang-format 2014-08-30 04:06:31 -07:00
mike@arpaia.co
2b293a9c90 new run tool to help test memory leaks in tables 2014-08-30 02:44:02 -07:00
mike@arpaia.co
0e806eff83 Proper ARC in Objective-C++ code 2014-08-30 00:22:26 -07:00
mike@arpaia.co
d75ec8fa2f removing old tools 2014-08-29 00:25:38 -07:00
mike@arpaia.co
1da3fab7b7 fix memory leak in sqlite3_attach_tables #74 2014-08-28 21:33:44 -07:00
mike@arpaia.co
726dcea112 removing superfluous code from the tools binaries 2014-08-28 17:36:59 -07:00
mike@arpaia.co
15519b348e Adding LaunchDaemon and flagfile to the repo/package 2014-08-26 11:26:52 -07:00
mike@arpaia.co
666be2a301 Fixing a typo in tools/gentable.py 2014-08-20 01:19:10 -07:00
mike@arpaia.co
9c11fec7ed Moving packaging infrastructure to packages/darwin instead of packages/osx 2014-08-20 01:16:56 -07:00
mike@arpaia.co
c9fb930ee4 OS specific table specs directory structure 2014-08-20 01:14:20 -07:00
mike@arpaia.co
3e73e641df Adding tools C++ files to the make format target 2014-08-20 00:58:27 -07:00
Mike Arpaia
ca37f1a278 Merge pull request #56 from facebook/osx-deploy 
Deployment infrastructure for OS X
 2014-08-20 00:53:06 -07:00
mike@arpaia.co
9451cef6e5 Deploy infrastructure for OS X 2014-08-20 00:47:14 -07:00
mike@arpaia.co
47f43bb24b updating gentable to accept the correct parameters 2014-08-19 01:26:51 -07:00
mike@arpaia.co
3760e4cce5 Apple virtual table for LaunchAgents and LaunchDaemons 2014-08-15 13:46:09 -07:00
mike@arpaia.co
e91b2dabe2 making function that should be camel cased camel cased 2014-08-07 13:50:40 -07:00
mike@arpaia.co
8a8db8d267 merging vtable into a single impl file 2014-08-07 13:19:56 -07:00
mike@arpaia.co
968a8a8355 forward declarations in table files 2014-08-07 13:14:06 -07:00
mike@arpaia.co
1a114c4f18 bug fixes 2014-08-05 17:42:24 -07:00
mike@arpaia.co
e261f1b6d4 more cleanups 2014-08-05 02:21:24 -07:00
mike@arpaia.co
f7a88ad771 automatic table loading 2014-08-05 01:21:28 -07:00
mike@arpaia.co
3ab7342c24 Fixing the generation path in the gentable.py script 
Uploading the code to GitHub caused a bit of a directory structure
reorganization. I needed to update the path at which generated files are
put on disk to account for this.
 2014-07-30 17:41:01 -07:00
mike@arpaia.co
73a32b7294 Initial commit 2014-07-30 17:35:19 -07:00