valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 02:18:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
392 Commits 2 Branches 109 Tags 25 MiB
1bdb60d6fc
Commit Graph

392 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
mike@arpaia.co
1bdb60d6fc sudo make install 2014-10-02 16:46:32 -07:00
mike@arpaia.co
9e59982f70 updating provision script to be runnable as not root 2014-10-02 16:33:23 -07:00
Javier Marcos
1401a279a2 Fixed Mac broken build and added building capabilities for Linux 2014-10-02 16:30:29 -07:00
Javier Marcos
84a79855e7 Using clang to build all and refactoring using functions 2014-10-02 16:30:29 -07:00
Javier Marcos
7f5d1eee8c Fixes broken build in Mac OSX 2014-10-02 16:30:29 -07:00
Javier Marcos
06b35c45f0 Adding support to build in Ubuntu 12 2014-10-02 16:30:29 -07:00
mike@arpaia.co
0f840d4ec4 install rocksdb from source 2014-10-02 15:24:59 -07:00
mike@arpaia.co
6d7992a6c1 installing lz4 on OS X 2014-10-02 15:11:54 -07:00
mike@arpaia.co
569545648d lz4 2014-10-02 14:51:18 -07:00
mike@arpaia.co
2348460ca4 Revert "Support for Ubuntu 12, precise" 
This reverts commit ed0e051eba.
 2014-10-01 23:00:23 -07:00
Javier Marcos
ed0e051eba Support for Ubuntu 12, precise 2014-10-02 01:24:23 +00:00
mike@arpaia.co
764619c849 Adding a function to read tomcat configs from disk 2014-09-30 19:59:52 -07:00
mike@arpaia.co
c8fded9498 comments for tomcat 2014-09-30 19:54:44 -07:00
Mike Arpaia
3fb8c8a5d4 Merge pull request #183 from facebook/tomcat-users 
Adding a function to parse the Tomcat users XML file
 2014-09-30 19:51:54 -07:00
mike@arpaia.co
196ec880ab Adding a function to parse the Tomcat users XML file 
This is apart of a bigger, better virtual table idea that @carnal0wnage
had.
 2014-09-30 19:49:38 -07:00
Teddy Reed
bf8209ca90 Merge pull request #182 from facebook/events_docs 
[events] Added remaining doxy comments
 2014-09-30 15:00:08 -07:00
Teddy Reed
ef044c4a72 [events] Added remaining doxy comments 2014-09-30 12:50:14 -07:00
Teddy Reed
5201fd8509 Merge pull request #181 from facebook/less_shared_ptrs2 
EventFactory, Dispatcher as singletons
 2014-09-29 21:44:06 -07:00
Teddy Reed
6eb9c5fd44 EventFactory, Dispatcher as singletons 2014-09-29 20:47:24 -07:00
Abe Stanway
5b3152230f Remove old generated table dir from gitignore 2014-09-27 19:15:27 +00:00
Teddy Reed
588f1198f3 Merge pull request #174 from facebook/passwd_changes_vtable 
[events] Events lifecycle complete, passwd_changes vtable
 2014-09-26 21:13:52 -07:00
Teddy Reed
ed338e8356 [events] Events lifecycle complete, passwd_changes vtable 2014-09-26 12:58:32 -07:00
Mike Arpaia
8e651f1140 Merge pull request #178 from facebook/sql-class 
SQL class for executing queries
 2014-09-26 00:40:43 -07:00
mike@arpaia.co
0c783ebf0a Migrating internal usage of osquery::query to osquery::SQL 2014-09-26 00:34:56 -07:00
mike@arpaia.co
7076aa813c SQL class for executing queries 
implements #141
 2014-09-26 00:28:18 -07:00
Mike Arpaia
2aafb3c843 Merge pull request #177 from facebook/shell_output 
Pretty shell results
 2014-09-25 21:41:39 -07:00
mike@arpaia.co
636ced854f Pretty shell results 
Example:

```
osquery> select name, program || program_arguments as executable from launchd limit 5;

+----------------------------------+-------------------------------------------------------------------------------+
| name                             | executable                                                                    |
+----------------------------------+-------------------------------------------------------------------------------+
| bootps.plist                     | /usr/libexec/bootpd                                                           |
| com.apple.afpfs_afpLoad.plist    | /System/Library/Filesystems/AppleShare/afpLoad                                |
| com.apple.afpfs_checkafp.plist   | /System/Library/Filesystems/AppleShare/check_afp.app/Contents/MacOS/check_afp |
| com.apple.AirPlayXPCHelper.plist | /usr/libexec/AirPlayXPCHelper                                                 |
| com.apple.airport.wps.plist      | /usr/libexec/wps                                                              |
+----------------------------------+-------------------------------------------------------------------------------+
osquery> .tables
  => alf
  => alf_exceptions
  => alf_explicit_auths
  => alf_services
  => apps
  => ca_certs
  => etc_hosts
  => interface_addresses
  => interface_details
  => kextstat
  => last
  => launchd
  => listening_ports
  => nvram
  => osx_version
  => processes
  => routes
  => time
```
 2014-09-25 21:39:07 -07:00
mike@arpaia.co
82bf365c5f Add space in error message 
[skip ci]
 2014-09-25 12:25:49 -07:00
Abe Stanway
663e6756d7 Add libboost_regex.a 2014-09-25 19:18:47 +00:00
Mike Arpaia
a0b3839d9f Merge pull request #173 from facebook/130 
Adding permissions check around setting default log directory #130
 2014-09-25 10:31:07 -07:00
mike@arpaia.co
0387fde8b8 Adding permissions check around setting default log directory #130 2014-09-25 10:26:39 -07:00
Mike Arpaia
4411969959 Merge pull request #172 from facebook/ci-script 
central build script
 2014-09-25 02:18:47 -07:00
mike@arpaia.co
4cd40c7f19 central build script 2014-09-25 02:00:16 -07:00
Mike Arpaia
2f8a8a3e08 Merge pull request #171 from facebook/perm_updates 
Adding some perm updates
 2014-09-25 00:44:14 -07:00
mike@arpaia.co
70eff22898 Adding some perm updates 2014-09-25 00:27:07 -07:00
Mike Arpaia
2c14b44fb4 Update README.md 2014-09-24 21:50:48 -07:00
Mike Arpaia
5bdd64ee97 Update README.md 2014-09-24 21:49:23 -07:00
Mike Arpaia
7475f9e728 Update README.md 2014-09-24 18:10:33 -07:00
Mike Arpaia
e1fa406096 Merge pull request #165 from facebook/travis 
travis
 2014-09-24 18:06:32 -07:00
mike@arpaia.co
135dd0dbe4 TravisCI configuration 2014-09-24 18:05:33 -07:00
Teddy Reed
86cad38784 Merge pull request #166 from facebook/events_updates 
Events updates
 2014-09-24 14:01:00 -07:00
Teddy Reed
8aaecefec0 Merge branch 'master' of github.com:facebook/osquery into events_updates 2014-09-24 13:55:42 -07:00
Teddy Reed
9220da7e3d [events] Registry integration 2014-09-24 12:43:14 -07:00
mike@arpaia.co
5f4108c503 Moving all boost smart pointers to std smart pointers 2014-09-24 10:54:59 -07:00
Teddy Reed
9a2d299424 [events] Events and registry coordination 2014-09-24 10:46:37 -07:00
mike@arpaia.co
d7546de036 Relocatable build 
Making it such that osquery doesn't need to be built in the repo "build"
subdirectory. gentable.py now accepts a positional argument which
indicates the output (which is calculated by cmake) so they don't have
to agree on a destination ahead of time.
 2014-09-24 01:58:12 -07:00
mike@arpaia.co
3753189e4a improving the makefile output 2014-09-24 01:28:34 -07:00
mike@arpaia.co
beeb6d827f moving make format to cmake 2014-09-23 23:38:23 -07:00
mike@arpaia.co
6ce42c39a7 updating third-party commit hash 2014-09-23 23:21:16 -07:00
mike@arpaia.co
ba4041f1fd clang format 2014-09-23 22:56:50 -07:00