valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 18:33:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,047 Commits 2 Branches 109 Tags 25 MiB
263090e8f2
Commit Graph

428 Commits

Author SHA1 Message Date
Javier Marcos
cf12156c09 Building in RHEL with g++ 
Using clang won't work
 2015-04-28 18:13:12 -07:00
Teddy Reed
be65922569 Fast tests 2015-04-27 09:40:31 -07:00
Teddy Reed
ed69536c06 Update ubuntu.sh 2015-04-26 17:41:08 -07:00
Teddy Reed
337a20cc75 Install cmake 3.2.1 on 14.04 
The repo-provided CMake is at 2.x, which will build extra cpp-netlib tests.
 2015-04-26 17:41:08 -07:00
Teddy Reed
a972b1b0b0 Merge pull request #1027 from sharvilshah/fde_linux 
[Implement #933] Add LUKS/dm-crypt disk_encryption support for Linux
 2015-04-25 12:43:05 -07:00
Teddy Reed
5e2ce5c2e9 Merge pull request #1039 from theopolis/fix_flags 
Fix dameon flags loading from options
 2015-04-25 01:28:30 -07:00
Sharvil Shah
f72dcb5d96 add libcrypysetup-dev library 
moved disk_ecryption table spec to crossplatform

link libcryptsetup

implemented get cipher type and cipher_mode:

more idiomatic c++11

no need to explicitly call std::string constructor to convert char * to std::string

update cryptsetup sources for centos

add function prototype for older libcryptsetup which is in centos6

ifdef check for centos6 which uses older libcryptsetup

remove forward declared functions defined in libcryptsetup, stylistic changes
 2015-04-24 17:01:14 -07:00
Teddy Reed
5e08b8bf60 Simpler RHEL6 provision 2015-04-24 14:25:59 -07:00
Teddy Reed
b90aeab2fe Fix dameon flags loading from options 2015-04-24 11:37:51 -07:00
Javier Marcos
6f447ffedb Merge pull request #1031 from javuto/etc_protocols_table 
Adding new table for /etc/protocols
 2015-04-22 18:18:03 -07:00
Teddy Reed
b2dc8b7264 Build cmake with gcc to avoid gnu++1y 2015-04-22 17:58:08 -07:00
Javier Marcos
ddb41ae84a Adding tests to the prototocols table 2015-04-22 17:49:27 -07:00
Teddy Reed
8930f9e692 Documentation updates, separate config/logging pages 
Mostly minor documentation/wiki/guide fixes.
The breaks down the "using osqueryd" page into more of a summary
of what the daemon does from a schedule/logging perspective.

The bulk of the "using osqueryd" page now exists in the configuration
deployment page and the new "logging" deployment page.
 2015-04-18 22:09:25 -07:00
Teddy Reed
c59ce0e4e4 Lint fixes and clang analyze 2015-04-17 09:18:46 -07:00
Teddy Reed
c9e07ec2ba Add launchd_overrides table 2015-04-15 23:19:23 -07:00
Teddy Reed
595e94547d Build LLVM 3.4 using gcc 4.9 on RHEL6.5 2015-04-13 09:19:09 -07:00
Teddy Reed
4a299c1fac Remove php from thrift provision 
The only thrift bindings we need for osquery are cpp/python.
Python is used for the integration tests.
 2015-04-10 17:15:31 -07:00
Teddy Reed
d30455893f Merge pull request #941 from theopolis/rhel_fun 
[Implement #926] RHEL6 provisioning
 2015-04-08 14:37:48 -07:00
Teddy Reed
1305a2764a [Fix #964] Restrict apt-sources to arch=amd64 2015-04-08 14:13:01 -07:00
Teddy Reed
78ec6fb305 Merge pull request #956 from sharvilshah/bug/etc_hosts_comment_parsing 
[Fix #955] Fix etc_hosts hostname parsing so that inline comments are now ignored
 2015-04-07 00:27:58 -07:00
Teddy Reed
41ce00e573 RHEL6 provisioning 2015-04-06 23:43:01 -07:00
Sharvil Shah
e7a3d24ece Fix etc_hosts hostname parsing so that inline comments are now ignored; update tests 2015-04-06 23:32:56 -07:00
Mitchell Grenier
f5b7f921d3 Fing crashes from bad JSON 
There are a couple places where this was an issue.

The first place was in the filesystem plugin where it was only checked that it
existed, and not that it was an actual file.

The second was a lack of try and catch on the parse call in config.cpp.

Both of those issues are addressed in this diff.
 2015-04-06 16:00:26 -07:00
Teddy Reed
2df9a6558e Add some osquery-theme to API docs 2015-04-06 01:21:10 -07:00
Teddy Reed
e87ab14246 Update provision.sh and os-specific deps 
Remove some repeated or unused conditionals.
Make sure autoconf is at least version 2.69.
 2015-04-04 16:15:40 -07:00
Mike Arpaia
367d695d77 Merge pull request #938 from facebook/theopolis-patch-1 
[Fix #937] Return non-0 for status
 2015-04-04 00:12:52 -07:00
Teddy Reed
652ca19862 [Fix #937] Return non-0 for status 2015-04-03 17:24:10 -07:00
Javier Marcos
b0e69b7074 Support for RHEL building 2015-04-03 16:53:06 -07:00
Teddy Reed
ddc02f6867 Update provisioning to include yara installs 2015-04-03 00:49:29 -07:00
Teddy Reed
2b20d3dde0 Merge yara subscribers 2015-04-03 00:48:13 -07:00
Javier Marcos
4a1aced53a Breaking provision.sh into multiple scripts 2015-04-02 21:34:55 -07:00
mtmcgrew
da0ce578da correct chkconfig level 
3 is not needed twice
 2015-04-02 13:53:25 -07:00
Teddy Reed
b1640a9c0c Merge pull request #906 from eastebry/902_clean_option 
Added clean options, general osqueryctl cleanups
 2015-03-31 22:17:38 -07:00
Bryan Eastes
afe76d4f6e Added clean options, general osqueryctl cleanups 2015-03-31 21:50:28 -07:00
Teddy Reed
fc623d98d5 Declare extension registries 'external' 2015-03-30 02:03:26 -07:00
Teddy Reed
d9d068bb5d Merge pull request #910 from theopolis/centos_pkgs 
Remove snappy/libproc from CentOS deps
 2015-03-27 20:04:45 -07:00
Teddy Reed
c37474775c Remove snappy/libproc from CentOS deps 2015-03-27 19:19:55 -07:00
Teddy Reed
38bfed3414 Remove libprocps(ng) in favor of parsing proc manually 2015-03-27 12:37:16 -07:00
Teddy Reed
709723efda Merge pull request #880 from theopolis/shell_db 
Remove unused shell functions
 2015-03-19 21:33:37 -07:00
Teddy Reed
4721205b25 [Fix #884] Remove return 1s when no action needed in init 2015-03-19 16:34:35 -07:00
Teddy Reed
79ddc5ba38 Remove unused shell functions 2015-03-19 16:14:29 -07:00
Teddy Reed
91dce32095 Speed up shell and add max value size 2015-03-18 15:07:13 -07:00
Mike Arpaia
b8c658ec71 Update make_linux_package.sh 2015-03-17 15:59:33 -07:00
Javier Marcos
c122ca4e6e Merge pull request #872 from facebook/wget_and_packages 
Fix for centos7 targets
 2015-03-17 12:01:50 -07:00
Javier Marcos
52ad62cb04 Fix for centos7 targets 2015-03-17 11:53:10 -07:00
Teddy Reed
afd11fe1f3 Set osquery_extensions for worker child 2015-03-17 10:36:19 -07:00
Teddy Reed
1a0334ec9a Use a .load file instead of delimited dirs 2015-03-17 10:11:43 -07:00
Teddy Reed
363bef2b98 [Fix #861] Allow initscript to read gflags flagfile 2015-03-16 11:59:04 -07:00
Teddy Reed
bf863097f8 [Fix #833] Add NDEBUG to provision for gflags/thrift 2015-03-14 22:27:54 -07:00
Teddy Reed
fd3083fb43 [Fix #846] Extension flag aliases are limited to strings 2015-03-14 20:36:27 -07:00
Teddy Reed
6fee50be78 Merge pull request #851 from theopolis/better_ext_testing 
Improve extensions integration testing
 2015-03-14 11:25:24 -07:00
Teddy Reed
1170887d56 Improve extensions integration testing 2015-03-13 18:33:55 -07:00
Mitchell Grenier
637336f8c9 Ability to configure osquery from multiple files 2015-03-13 17:19:02 -07:00
Teddy Reed
fe0f369af0 Extension-dependent config/logger plugins 2015-03-13 12:01:30 -07:00
Teddy Reed
6a81cec937 Organize kernel_extensions to add signatures 2015-03-09 11:43:06 -07:00
Theodore M. Reed
4803b441a2 Move preprocessor defines before compile flags 2015-03-06 12:11:21 -08:00
Teddy Reed
0673900837 Registry modules 2015-03-04 20:33:10 -08:00
Teddy Reed
8efa07e520 Watcher process will fail if DB path is incorrect 2015-03-04 18:51:41 -08:00
Teddy Reed
3c02806cd8 Extensions autoloading prequel 2015-03-04 18:51:41 -08:00
Teddy Reed
5b5eb7f693 [Fix #823] Install cmake/boost after clang on centos 2015-03-04 17:32:19 -08:00
Teddy Reed
41ab6f3161 Organizing osquery python testing 
Move /osquery/python_tests/* to /tools/tests
Move test_extensions process controls to test_base module
Use test_base.Testing to implement each module's main()
  - This applies a default argparse with --build
  - test_base.ARGS is the argparse-parsed namespace
  - Use test_base.ARGS.build for the platform-specific dir
Move WatchdogTests to /tools/tests/test_watchdog.py
 2015-03-02 16:23:22 -08:00
Teddy Reed
722cf3b59c Merge pull request #813 from theopolis/no_osx_symlinks_pkg 
[#808] Prefer /private/var for PKG install structure
 2015-03-02 16:02:30 -08:00
Teddy Reed
40e167d7b7 Merge pull request #810 from theopolis/respect_cflags 
Respect external CMake C/CXX flags
 2015-03-02 16:01:53 -08:00
Teddy Reed
e0eff0478b [#808] Prefer /private/var for PKG install structure 2015-03-02 00:19:52 -08:00
Teddy Reed
dcff476807 Respect external CMake C/CXX flags 
Use osquery-C flags for every object compile.
Add CXX flags without conditional logic.
Move the `python-thrift` target into the CPP generation command.
Remove verbose option for extensions python unittest.
Add thrift as a pip install requirement (for unittests).
 2015-03-01 21:19:31 -07:00
Teddy Reed
ff1f1c086b [Fix #805] Add symlink to gmake for gflags 2015-02-27 19:45:18 -07:00
Teddy Reed
2237f00c12 Rename ca_certs to certificates 2015-02-26 23:47:05 -08:00
Teddy Reed
b9dbcb2545 Fix some tooling regressions 2015-02-25 00:09:43 -08:00
mike@arpaia.co
451f990e80 adding osqueryctl to OS X 2015-02-24 12:27:06 -08:00
mike@arpaia.co
7d212f80fd osquery ctl script 
Addresses #585
 2015-02-24 11:13:27 -08:00
Teddy Reed
f173fb6e0a Working on sync using new non-macro decisions 2015-02-23 23:15:04 -08:00
Teddy Reed
ace433e49d Allow external calls from within registry 2015-02-23 21:35:54 -08:00
Teddy Reed
a29addba61 Extensions integrations testing 2015-02-22 22:56:18 -07:00
Teddy Reed
2529d652be Merge pull request #782 from theopolis/mkdir_generated 
Move sync to CMake and remove generated mkdir
 2015-02-19 17:56:45 -08:00
Teddy Reed
59a5e017b2 Move sync to CMake and remove generated mkdir 2015-02-19 17:00:43 -08:00
Teddy Reed
451ef686ed Building example extension with SDK 2015-02-18 20:11:00 -08:00
Mike Arpaia
441fd17e58 include the OSQUERY_BUILD_SDK flag when compiling the SDK 2015-02-18 16:13:52 -08:00
mike@arpaia.co
843fe3a302 syncing sdk with codemod and targets 2015-02-18 09:02:04 -08:00
Teddy Reed
3c36c4196b Merge pull request #731 from jedi22/wildcard_events 
Added parsing of extra data along with its addition to the osqueryconfig structure
 2015-02-15 19:16:54 -08:00
Javier Marcos
a9025679de Downloading dependencies from S3 2015-02-13 18:54:59 -08:00
Mitchell Grenier
de5ac74fab All changes addressed 2015-02-13 16:52:11 -08:00
Javier Marcos
92b1fbeb8b Using gcc 4.8 and fix on the provision script 2015-02-13 15:27:18 -08:00
Teddy Reed
aa078895d3 CentOS7 clang without fortify 
1. _FORTIFY_SOURCE=1 will cause readlink/recv to hang when using
heap-allocated target buffers.
2. Install boost/rocksdb/thrift using source, similar to CentOS6.5
3. Remove boost::regex, prefer extended std::regex without static
link to boost_regex.
 2015-02-13 12:47:30 -08:00
Javier Marcos
13fbc6f514 Logic to check packages was wrong 2015-02-13 08:38:35 -08:00
Javier Marcos
5da83051a4 bug in provision when checking for packages 2015-02-12 20:18:28 -08:00
Javier Marcos
431ee195b1 We need libudev for CentOS 6 2015-02-12 17:20:52 -08:00
Javier Marcos
7517af8cad Adding needed dependencies for packages in CentOS 7 2015-02-12 17:01:10 -08:00
Javier Marcos
c46584af4e Adding rpm-build to provision 2015-02-12 00:49:47 -08:00
Javier Marcos
715f894c1c Fix for the CentOS 7 support 2015-02-11 22:07:25 -08:00
Mitchell Grenier
0448afbd91 Asynchronously resolve the wildcards of all the files we want to monitor 2015-02-11 19:35:57 -08:00
Mitchell Grenier
dca2f9d7bb Added parsing of extra data along with its addition to the osqueryconfig structure 
Added tests as well
 2015-02-11 19:35:57 -08:00
Javier Marcos
bcad687ea2 Adding support for CentOS 7 2015-02-11 17:19:45 -08:00
Teddy Reed
de868e6eb1 Merge pull request #715 from theopolis/more_descriptions 
Add more table descriptions for API generation
 2015-02-09 12:59:22 -08:00
Mike Arpaia
bb6550f1da type in example config 2015-02-09 10:12:43 -08:00
Teddy Reed
1252fa2663 Add more table descriptions for API generation 2015-02-08 18:40:35 -07:00
Teddy Reed
9a9fd208d6 Update osquery.example.conf 
Update logger/config options to new "plugin" naming.
 2015-02-07 01:48:24 -08:00
Teddy Reed
0586b92fa5 GenAPI should output JSON instead of React JS 2015-02-04 21:02:32 -07:00
mike@arpaia.co
b0398eb745 fix #698 2015-02-03 16:34:42 -08:00
Bryan Eastes
636717989b Added --autostart flag to osx packaging script 2015-02-02 18:22:25 -08:00
mike@arpaia.co
137f7d9a43 ignore ds_store on table generation 
fix for #695
 2015-02-02 12:58:37 -08:00
Teddy Reed
e37b16ce2f Clang analyze fixups for Linux 2015-02-01 05:10:57 -07:00
Teddy Reed
f96b498ae3 Remove EventFactory::deregister... in favor of ::end 2015-02-01 02:20:09 -07:00
Teddy Reed
a146d7f4e9 Improve profile.py to error when exit !=0 2015-02-01 02:20:09 -07:00
Teddy Reed
ab08bc76a8 Towards a new registry 2015-02-01 02:20:09 -07:00
Teddy Reed
c4fb5d45ed Added make analyze (clang-analyze) and fixed output 2015-01-31 03:09:30 -08:00
Javier Marcos
031499165f Adding latest to package names 2015-01-29 19:37:24 -08:00
Teddy Reed
ac08ef441a Merge pull request #661 from theopolis/hash_tests 
Fix #646] Add unit testing to hashing
 2015-01-21 20:13:23 -08:00
Teddy Reed
d912009569 Add unit testing to hashing 2015-01-21 16:24:40 -08:00
Mike Arpaia
b4b42d8cc5 Update make_linux_package.sh 2015-01-21 15:41:24 -08:00
Mike Arpaia
27e2248fa5 Merge pull request #655 from theopolis/tools 
Add table API changes to genapi, leaks summary view
 2015-01-21 13:34:10 -08:00
Teddy Reed
48dfee2af7 Add table API changes to genapi, leaks summary view 2015-01-21 11:50:42 -08:00
Javier Marcos
d4c955b408 gflags should install after cmake 2015-01-20 17:17:01 -08:00
Teddy Reed
ef495c3dc4 Merge pull request #649 from theopolis/genapi_change 
Ignore ',' add support Linux-only categories in genapi.py
 2015-01-20 17:15:18 -08:00
Javier Marcos
0cedf1de70 Provision fails in Ubuntu systems because doxygen and gflags missing, fixing that 2015-01-20 16:06:22 -08:00
Teddy Reed
13884c4bd3 Ignore ',' add support Linux-only categories 2015-01-20 16:04:58 -08:00
Teddy Reed
b7549e09ca SMBIOS parsing on Linux using mem 2015-01-20 15:10:19 -08:00
Teddy Reed
b7852650c2 SMBIOS structure tables for OSX 2015-01-20 15:06:34 -08:00
Javier Marcos
a324a22fbc Fix for #611, CentOS compilation 2015-01-17 17:23:41 -08:00
Teddy Reed
6bd6fce8f5 Merge pull request #614 from maus-/initscript 
Added basic init script
 2015-01-13 19:06:13 -08:00
maus-
93e03b5553 Rename osquery.initd to osqueryd.initd 2015-01-13 16:39:00 -08:00
maus-
d5e6d3eab8 Delete osqueryd.initd 2015-01-13 16:38:49 -08:00
maus-
d16af10d23 Cleaned up wording 2015-01-13 16:38:11 -08:00
maus-
112425feed Updated as per your notes 
A couple of things to note

The script still makes the assumption of having a config in /etc/osquery/osquery.conf however it now checks to see if there is the default example config in /usr/share/osquery/osquery.example.conf and alerts the user that it's using the default. 

To prevent having the pidfile being set in two different locations, it would be nice if the osqueryd application settings could be stored with the standard key=value approach. This would allow the init script to source the config at runtime. The downside however would that the init script still makes the assumption that the location of osquery.conf is standardized. 

I'm not really sure why the pidfile needs to go in the osquery directory anyway, considering most pidfiles for daemons like this typically exists in /var/run/$program.pid which actually would be a nicer default as it removes the requirement of having the folder there in /var. I'd prefer to not keep osquery in /var anyway. 

same goes for the lockfile. Typically you'd never bother with this setting and you'd keep it in /var/lock/subsys/$progname
 2015-01-12 16:25:38 -08:00
Teddy Reed
eaad95b181 Add texinfo to CentOS provision 2015-01-12 15:38:16 -08:00
a wizard named upfish
7686104e27 added init script 2015-01-12 14:56:47 -08:00
Javier Marcos
d9b41f81b9 Installing gems in Ubuntu 12 to avoid error 2015-01-12 11:32:48 -08:00
Teddy Reed
10fafa6299 Support make package 2015-01-10 23:02:32 -08:00
Teddy Reed
c7f92598ad Building glog on CentOS 6.6 2015-01-10 22:12:38 -08:00
Teddy Reed
c5cbf992ad Remove installed unwind headers 2015-01-10 20:38:31 -07:00
mike@arpaia.co
a0a404acc1 removing the dependency on unwind 
Moving glog to third-party so that we can custom compile it so that
we no longer have the dependency on libunwind. #578
 2015-01-10 13:02:30 -07:00
Teddy Reed
18d93d8cbc Building DEB/RPM package dependencies 2015-01-09 12:24:54 -08:00
Teddy Reed
a4e236e16a Simpler OSX package building 2015-01-07 20:01:33 -08:00
Teddy Reed
2ad15763e2 Provide example config, improve pid check 2015-01-07 15:22:50 -08:00
Teddy Reed
182cdb713e Small fix for a make jobserver race in gentable 2015-01-05 18:11:10 -08:00
Norm MacLennan
a6b769b6f4 a table to show apt package sources 2015-01-04 19:44:45 -05:00
Teddy Reed
51425c898a Remove brew-dependent pkg build 2015-01-03 22:51:09 -08:00
Teddy Reed
2cef8d6f9f Merge pull request #564 from maclennann/deb_packages 
deb_packages table
 2015-01-02 11:15:56 -08:00
Teddy Reed
9b0adcc47f [Fix #560] Improve config tests 2015-01-01 22:05:03 -08:00
Norm MacLennan
dd4a9d9d74 merging cmake changes for distro-specific tables 2014-12-31 13:06:54 -05:00
Teddy Reed
914ae37a72 Move CMakeLibs and valgrind supp file 2014-12-31 08:32:23 -08:00
Norm MacLennan
beff9471f8 resolve merge conflict with upstream 2014-12-30 18:21:00 -05:00
Norm MacLennan
0191f1de29 resurrect the deb_packages table 2014-12-30 17:24:49 -05:00
Teddy Reed
94811f3ee8 Removed 'core' tables as a build dependency 2014-12-25 12:46:59 -08:00
Teddy Reed
e4b60e883a Variable amalgamation output filename 2014-12-23 21:53:59 -07:00
Theodore M. Reed
b2be1fa383 Whole link tests and refactor flags_test 2014-12-23 20:38:16 -08:00
Teddy Reed
b2dca55539 Build leaner libosquery, allow control over spec/impl 2014-12-23 20:07:12 -08:00
Theodore M. Reed
53d683a3b3 Remove tables dependency from CMake build 2014-12-23 14:37:07 -08:00
mike@arpaia.co
b9f732c31f Updating the license comment to be the correct open source header 
As per t5494224, all of the license headers in osquery needed to be updated
to reflect the correct open source header style.
 2014-12-18 10:52:55 -08:00
Teddy Reed
fefe6de824 OSX XProtect siganture DB as virtual table 2014-12-16 21:35:26 -08:00
Teddy Reed
a75fa3bf11 Merge pull request #538 from theopolis/improve_usb 
Improve usb_devices on OSX
 2014-12-10 19:51:08 -08:00