There are 3 new options that control how files are read:
--read_max: controls the maximum size, in bytes, for file reads. If a file is larger than `read_max` the read will fail.
--read_user_max: similar to `read_max` but applies additional limitations to user-controlled files.
--read_user_links: a boolean control to enable/disable following symlinks for user-controlled files.
Important highlights:
If files exceed the configured max, those reads will fail.
The `read_max` will override `read_user_max` if it is set lower.
A default integer value of `0` will disable the limitations.
The default `read_max` is set to 50M and the default `read_user_max` is 10M.
1. Example queries will run with an (optional) integration test.
2. Fix bad accesses with OS X package BOMs
3. Move spec files from ./osquery/tables/specs to ./specs
4. Remove server parsers (netlib) from client builds.
1. added docs for vagrant-aws support in Vagrantfile
2. removed aws target that have local vagrant support. inline-string'd aws.user_data
3. support building rhel6/7 in aws
4. correct aws-rhel6.6 name. it should be rhel6.5
Mostly cleanup as it moved from a gist to get the word out to docs.
This does assume that the change from file_changes to file_events
in #1049 will happen.
Mostly minor documentation/wiki/guide fixes.
The breaks down the "using osqueryd" page into more of a summary
of what the daemon does from a schedule/logging perspective.
The bulk of the "using osqueryd" page now exists in the configuration
deployment page and the new "logging" deployment page.
