Teddy Reed
|
cdb5b29bda
|
Merge pull request #303 from facebook/pretty_print_ptrs
Fix memset/memcpy for pretty print in osqueryi
|
2014-10-30 22:34:25 -07:00 |
|
Teddy Reed
|
bcca0824b0
|
Fix memset/memcpy for pretty print in osqueryi
|
2014-10-30 18:07:32 -07:00 |
|
Teddy Reed
|
fb81f9bedd
|
Merge pull request #300 from facebook/results_log_perms
Fix #290, add permissions to osqueryd logging
|
2014-10-30 16:44:18 -07:00 |
|
Teddy Reed
|
1554bf3295
|
Fix #290, add permissions to osqueryd logging
|
2014-10-30 15:03:05 -07:00 |
|
Teddy Reed
|
8cab68d2a3
|
Merge pull request #299 from facebook/fix_quotedsource
Fix #281, quote SOURCE_DIR for source and pip
|
2014-10-30 14:32:56 -07:00 |
|
Teddy Reed
|
5e15cd0b28
|
Fix #281, quote SOURCE_DIR for source and pip
|
2014-10-30 13:03:07 -07:00 |
|
Mike Arpaia
|
731e1c72ab
|
Merge pull request #296 from rjeczalik/master
Install libunwind8-dev for Ubuntu 14.10
|
2014-10-30 11:54:36 -07:00 |
|
Teddy Reed
|
403fe28ee0
|
Merge pull request #295 from yetanotherhacker/spellfix
Spelling fixes in comments and output.
|
2014-10-30 11:28:08 -07:00 |
|
Rafal Jeczalik
|
cf959cfc4f
|
Install libunwind8-dev for Ubuntu 14.10
|
2014-10-30 10:37:32 +01:00 |
|
yetanotherhacker
|
8cee7e0b3c
|
Spelling fixes in comments and output.
|
2014-10-30 04:27:00 -04:00 |
|
Teddy Reed
|
4ed61ff868
|
Merge pull request #288 from vmauge/NewLongType
Add new long type and migrate some vtables
|
2014-10-29 23:12:52 -07:00 |
|
Mike Arpaia
|
db2ab124fd
|
Merge pull request #292 from ecin/patch-1
Reference wiki install instructions in the README.
|
2014-10-29 19:36:25 -07:00 |
|
ecin
|
60d53617f9
|
Reference wiki install instructions in the README.
Could add `brew` and `apt-get` instructions once those are available.
|
2014-10-29 19:24:20 -07:00 |
|
Vincent Mauge
|
07bd114107
|
Change users table to used new long long int type for uid and gid
It is now possible to do a proper order on uid or gid, ie:
SELECT * FROM users ORDER BY uid;
|
2014-10-29 18:57:12 -07:00 |
|
Vincent Mauge
|
755d8c198e
|
Change groups table to used new long long int type for gid
It is now possible to do a proper order on gid, ie:
SELECT * FROM groups ORDER BY gid;
|
2014-10-29 18:57:00 -07:00 |
|
Vincent Mauge
|
7876d56219
|
Add support for long long int/BIGINT as a column type
|
2014-10-29 18:36:37 -07:00 |
|
Mike Arpaia
|
0f037d4082
|
Merge pull request #283 from facebook/fix_sockaddr_inc
Fix #277, add socket.h to interfaces on darwin
|
2014-10-29 17:41:36 -07:00 |
|
Teddy Reed
|
cd74544208
|
Fix #277, add socket.h to interfaces on darwin
|
2014-10-29 16:44:17 -07:00 |
|
Mike Arpaia
|
5f88d45efb
|
Merge pull request #275 from SimplyAhmazing/fix_brew_installation_verification_on_boxen_provisioned_macs
Improves bash code that verifies if homebrew is installed
|
2014-10-29 15:26:21 -07:00 |
|
Mike Arpaia
|
a6e624f79d
|
Merge pull request #276 from quad/patch-1
Fix a small typo.
|
2014-10-29 15:24:50 -07:00 |
|
Mike Arpaia
|
892b89eb42
|
Merge pull request #278 from yannick/master
add parenthesis for python3 compatibility
|
2014-10-29 15:24:23 -07:00 |
|
Yannick Koechlin
|
594cf346a9
|
add parenthesis for python3 compatibility
|
2014-10-29 22:37:54 +01:00 |
|
Scott Robinson
|
e57bfac5fb
|
Fix a small typo.
|
2014-10-30 08:25:25 +11:00 |
|
Ahmed Abdalla
|
825a55d0fb
|
improves bash code that verifies if homebrew is installed
|
2014-10-29 16:52:37 -04:00 |
|
Teddy Reed
|
eef4d31a93
|
Merge pull request #270 from facebook/process_envs
Add process_envs table for OSX and Linux for issue #99
|
2014-10-29 11:22:09 -07:00 |
|
James Pearce
|
372713724d
|
Update README.md
|
2014-10-29 11:18:35 -07:00 |
|
Mark Roberts
|
3b90184da3
|
Fix clang format error
|
2014-10-29 10:43:32 -07:00 |
|
Mark Roberts
|
0867c2b547
|
Add process_envs table for OSX and Linux for issue #99
|
2014-10-29 03:45:26 -07:00 |
|
Teddy Reed
|
6dee18c29c
|
Merge pull request #264 from facebook/cpuid_table
[vtables] CPUID asm call feature information
|
2014-10-29 03:40:46 -07:00 |
|
Teddy Reed
|
39f866387f
|
[vtables] CPUID asm call feature information
|
2014-10-29 03:09:34 -07:00 |
|
Teddy Reed
|
1f1b38976a
|
Merge pull request #261 from facebook/crontab
[vtables] Crontab parsing for system/users
|
2014-10-29 02:52:11 -07:00 |
|
Teddy Reed
|
6db0c67555
|
Merge pull request #269 from vmauge/suidbin
Add suid_bin vtable
|
2014-10-29 02:30:29 -07:00 |
|
Teddy Reed
|
8a9374d6e3
|
[vtables] Support linux crontab vars
|
2014-10-29 02:24:00 -07:00 |
|
Teddy Reed
|
94c64d80ce
|
Merge pull request #267 from facebook/kernel_modules
[vtables] Linux kernel modules from procfs
|
2014-10-29 02:03:46 -07:00 |
|
Teddy Reed
|
818b223806
|
Merge pull request #266 from facebook/homebrew
[vtables] Installed homebrew packages on OS X using paths
|
2014-10-29 02:00:26 -07:00 |
|
Vincent Mauge
|
471d5faaa0
|
Add suid_bin vtable
The vtabel report :
- path: full path of the file
- unix_user: name of the owner (if not available display the uid)
- unix_group: name of the groupe (if not available display the gid)
- permissions: report suid or guid
* S for suid bin
* G for guid bin
Example :
osquery> select * from suid_bin;
+----------------------------------------------------------------------------------------------------+-----------+---------------+-------------+
| path | unix_user | unix_group | permissions |
+----------------------------------------------------------------------------------------------------+-----------+---------------+-------------+
| "/bin/ps" | root | wheel | S |
| "/bin/rcp" | root | wheel | S |
| "/Users/vmauge/suid_test" | vmauge | 999 | SG |
| "/usr/bin/at" | root | wheel | S |
| "/usr/bin/atq" | root | wheel | S |
| "/usr/bin/atrm" | root | wheel | S |
| "/usr/bin/batch" | root | wheel | S |
| "/usr/bin/crontab" | root | wheel | S |
| "/usr/bin/ipcs" | root | wheel | S |
| "/usr/bin/lockfile" | root | mail | G |
| "/usr/bin/login" | root | wheel | S |
| "/usr/bin/newgrp" | root | wheel | S |
| "/usr/bin/procmail" | root | mail | G |
| "/usr/bin/quota" | root | wheel | S |
| "/usr/bin/rlogin" | root | wheel | S |
| "/usr/bin/rsh" | root | wheel | S |
| "/usr/bin/su" | root | wheel | S |
| "/usr/bin/sudo" | root | wheel | S |
| "/usr/bin/top" | root | wheel | S |
| "/usr/bin/wall" | root | tty | G |
| "/usr/bin/write" | root | tty | G |
| "/usr/sbin/postdrop" | root | _postdrop | G |
| "/usr/sbin/postqueue" | root | _postdrop | G |
| "/usr/sbin/rpc.net" | root | wheel | S |
| "/usr/sbin/rpcset" | root | wheel | S |
| "/usr/sbin/traceroute" | root | wheel | S |
| "/usr/sbin/traceroute6" | root | wheel | S |
+----------------------------------------------------------------------------------------------------+-----------+---------------+-------------+
This commit fixes issue #253.
|
2014-10-29 01:33:58 -07:00 |
|
Teddy Reed
|
339b63677e
|
[vtables] Rename homebrew files, some cleanup
|
2014-10-29 00:34:55 -07:00 |
|
Teddy Reed
|
c1991e94e5
|
[vtables] Add user crons and use files
|
2014-10-29 00:28:19 -07:00 |
|
Martin Majlis
|
d645dfc257
|
Initial implementation for the homebrew table.
|
2014-10-28 21:03:56 -07:00 |
|
Teddy Reed
|
9abcbcd485
|
[vtables] Linux kernel modules from procfs
|
2014-10-28 21:01:51 -07:00 |
|
Martin Majlis
|
f81975e90e
|
Merge branch 'crontab' of https://github.com/facebook/osquery into crontab
|
2014-10-28 19:44:13 -07:00 |
|
Martin Majlis
|
e8eb1e222f
|
Reformating the code with clang-formatter.
|
2014-10-28 19:43:13 -07:00 |
|
Martin Majlis
|
8b8ec7c644
|
Added initial implementation for crontab.
|
2014-10-28 17:52:03 -07:00 |
|
Martin Majlis
|
ad2340d919
|
Reformating the code with clang-formatter.
|
2014-10-28 17:49:51 -07:00 |
|
mimeframe
|
8578cb53f1
|
Update README.md
|
2014-10-28 17:36:22 -07:00 |
|
mimeframe
|
4341bd5448
|
Update README.md
|
2014-10-28 17:35:57 -07:00 |
|
mike@arpaia.co
|
332e9f3dd2
|
updating the username and repo [skip ci]
|
2014-10-28 19:32:24 -04:00 |
|
Martin Majlis
|
40b44a25e3
|
Added initial implementation for crontab.
|
2014-10-28 15:10:14 -07:00 |
|
Teddy Reed
|
2bb930f4d1
|
Merge pull request #251 from facebook/clang_format_3.5
Clang format 3.5
|
2014-10-28 09:05:17 -07:00 |
|
Teddy Reed
|
47d1f13966
|
Using Cpp03 to remove double right angle brackets
|
2014-10-27 17:56:55 -07:00 |
|