valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 09:58:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,293 Commits 2 Branches 109 Tags 25 MiB
26c796f340
Commit Graph

417 Commits

Author SHA1 Message Date
Teddy Reed
4c4cba73c8 [Implement #593] Add a RLOG, TLOG helper macro 2015-03-08 15:20:36 -07:00
Teddy Reed
6e7f3dbbbd Move logger/config to use Registry getActive 2015-03-08 14:52:13 -07:00
Teddy Reed
4916392aa8 Merge pull request #812 from theopolis/keychain 
Add more keychain search paths for certificates
 2015-03-07 23:27:50 -08:00
Theodore M. Reed
4803b441a2 Move preprocessor defines before compile flags 2015-03-06 12:11:21 -08:00
Teddy Reed
95a9716e02 Remove shell tools from daemon 2015-03-04 23:21:16 -08:00
Teddy Reed
0673900837 Registry modules 2015-03-04 20:33:10 -08:00
Teddy Reed
99beceaef6 Switch lazy=active concept for registry setup 2015-03-04 18:51:41 -08:00
Teddy Reed
8efa07e520 Watcher process will fail if DB path is incorrect 2015-03-04 18:51:41 -08:00
Teddy Reed
3c02806cd8 Extensions autoloading prequel 2015-03-04 18:51:41 -08:00
Mitchell Grenier
3d27fff697 Merge pull request #784 from jedi22/directory_monitoring 
Adding ability to monitor whole folders
 2015-03-02 17:21:24 -08:00
Teddy Reed
e123f9f0a2 Add more keychain search paths for certificates 2015-03-01 21:15:42 -08:00
Mitchell Grenier
0031c6ed57 Fixed many bugs. inotify and fsevents should be same now 2015-02-27 17:28:51 -08:00
Mitchell Grenier
70c82b5a40 Linux inotify more closely resembles fsevents and is generally more awesome 2015-02-25 16:43:37 -08:00
Mitchell Grenier
6548006d3e Adding ability to monitor whole folders 2015-02-25 16:28:24 -08:00
Teddy Reed
9031bad609 Extensions helpers, API additions 
Use --socket for extensions, limit help
Add an 'active' concept to registries, support a blank item call
Add osquery_registry to list the internal/external plugin details
 2015-02-25 01:02:05 -07:00
Teddy Reed
925deb8e74 [lints] Basic cpp linting 2015-02-24 03:47:12 -08:00
Teddy Reed
ace433e49d Allow external calls from within registry 2015-02-23 21:35:54 -08:00
Teddy Reed
a29addba61 Extensions integrations testing 2015-02-22 22:56:18 -07:00
Teddy Reed
dd6283b6fe Merge pull request #779 from theopolis/events_strict 
Removed reinterpret plugin casts
 2015-02-19 17:56:59 -08:00
Teddy Reed
5334b9650a Merge pull request #775 from theopolis/sdk_build 
Building example extension with SDK
 2015-02-19 14:26:48 -08:00
Teddy Reed
247e57f2d6 Removed reinterpret plugin casts 2015-02-19 14:23:15 -08:00
Mitchell Grenier
182c69d4af Added ability to specify files to watch with wildcards 2015-02-19 12:43:23 -08:00
Teddy Reed
451ef686ed Building example extension with SDK 2015-02-18 20:11:00 -08:00
mike@arpaia.co
552a663f0d fixing teh compiler errorz 2015-02-18 10:51:26 -08:00
mike@arpaia.co
843fe3a302 syncing sdk with codemod and targets 2015-02-18 09:02:04 -08:00
Teddy Reed
0ae7cd3cc9 Merge pull request #769 from theopolis/extension_table_socket_fix 
Fix osquery_extensions listing .0 for the core
 2015-02-17 19:18:49 -08:00
Teddy Reed
8aefe1a110 Add thrift 'query' endpoint 
This allows extensions to execute SQL through the extensions API.
 2015-02-17 18:42:09 -08:00
Teddy Reed
7c8ae07559 Fix osquery_extensions listing .0 for the core 2015-02-17 16:32:26 -08:00
Teddy Reed
1f8dacec3c Add flag aliasing, logger/flag tests 2015-02-17 16:26:14 -08:00
Teddy Reed
6f155d63c5 Improve flag storage and printing 2015-02-16 16:26:06 -08:00
Teddy Reed
6994361f26 Improved logging control 2015-02-16 14:42:22 -08:00
Teddy Reed
3c36c4196b Merge pull request #731 from jedi22/wildcard_events 
Added parsing of extra data along with its addition to the osqueryconfig structure
 2015-02-15 19:16:54 -08:00
Zachary Wasserman
1f450fb1ef Merge pull request #710 from zwass/distributed 
POC for client side of distributed queries.
 2015-02-13 14:25:52 -08:00
Zachary Wasserman
79034111a5 POC for client side of distributed queries. 
This introduces the notion of a DistributedQueryHandler that uses a "provider" to read/write requests and results to and from the master. The full flow is exercised via integration tests, and unit tests for each component.

It is intended to foster discussion around this client side interface, as well as provide a base to build from.
 2015-02-13 13:01:02 -08:00
Teddy Reed
aa078895d3 CentOS7 clang without fortify 
1. _FORTIFY_SOURCE=1 will cause readlink/recv to hang when using
heap-allocated target buffers.
2. Install boost/rocksdb/thrift using source, similar to CentOS6.5
3. Remove boost::regex, prefer extended std::regex without static
link to boost_regex.
 2015-02-13 12:47:30 -08:00
Mitchell Grenier
54ef2045e5 Made config a meyers singleton. Load should now only ever have to happen once 2015-02-13 12:32:54 -08:00
Mitchell Grenier
0448afbd91 Asynchronously resolve the wildcards of all the files we want to monitor 2015-02-11 19:35:57 -08:00
Mitchell Grenier
dca2f9d7bb Added parsing of extra data along with its addition to the osqueryconfig structure 
Added tests as well
 2015-02-11 19:35:57 -08:00
Teddy Reed
04fb33cbf2 Merge pull request #737 from theopolis/safe 
Safer compile flags
 2015-02-11 12:32:36 -08:00
Teddy Reed
7bab4a4706 Merge pull request #732 from theopolis/plist_defaults 
Added 'defaults' table called 'preferences'
 2015-02-11 12:03:23 -08:00
Teddy Reed
fd92f9cb4c Added 'defaults' table called 'preferences' 2015-02-11 11:39:25 -08:00
Teddy Reed
a59dcf01ee Add osquery_extensions table 2015-02-11 10:52:25 -08:00
Teddy Reed
2593e8f837 Add extensions status to osquery_info 2015-02-11 10:52:25 -08:00
Teddy Reed
9eeda1f02c Safer compile flags 2015-02-11 10:45:04 -08:00
Teddy Reed
7f7b2acd37 Merge pull request #728 from theopolis/pubs_as_runnables 
[Fix #704] Events sleep with dispatcher's interruptableSleep
 2015-02-10 13:06:16 -08:00
Teddy Reed
23864f220d [Fix #704] Events sleep with dispatcher's interruptableSleep 2015-02-10 12:51:26 -08:00
Teddy Reed
55dfdfcace Move lsperms into filesystem 2015-02-10 03:00:29 -07:00
Teddy Reed
d2b18c05c9 Add watcher profiles 2015-02-09 12:38:50 -08:00
Teddy Reed
19998a001a Harden watcher for more perf, use exec and watch from worker 2015-02-08 00:06:44 -07:00
Teddy Reed
993e2c4577 Changes to flags, extensions now loaded with shell/daemon 2015-02-06 09:40:49 -08:00
Teddy Reed
4f10a35f80 Adding thrift extension API 2015-02-06 09:40:49 -08:00
Teddy Reed
ed9bae29b7 Organizing headers/build for SDK 2015-02-03 14:59:32 -08:00
Zachary Wasserman
ac53637bcf Add getQueryColumns function to core 
This new getQueryColumns function allows us to determine what columns
will be returned by executing a given query. It is intended to be used
with the distributed query system, to determine a schema for the
results before sending the query.

Tested by unit tests. Also used valgrind and did not find errors that
looked related to this change (though there appear to be many errors
related to glog logging).
 2015-02-02 10:11:00 -08:00
Teddy Reed
e37b16ce2f Clang analyze fixups for Linux 2015-02-01 05:10:57 -07:00
Teddy Reed
5072b40997 Fix missing virtual destructors for event APIs 2015-02-01 04:32:18 -07:00
Teddy Reed
f96b498ae3 Remove EventFactory::deregister... in favor of ::end 2015-02-01 02:20:09 -07:00
Teddy Reed
d39f1fae95 Minor registry documentation, using macros for create/add 2015-02-01 02:20:09 -07:00
Teddy Reed
ab1cb942a8 Fix typo in passwd subscriber, merge vtable tests 2015-02-01 02:20:09 -07:00
Teddy Reed
ab08bc76a8 Towards a new registry 2015-02-01 02:20:09 -07:00
Teddy Reed
38a757c7f0 Merge pull request #673 from theopolis/fork 
Adding a watcher/worker model for osqueryd
 2015-01-30 19:09:55 -08:00
Zachary Wasserman
d840fb8896 Merge pull request #685 from zwass/status_enhancements 
Add useful operator implementations to Status
 2015-01-30 10:03:41 -08:00
Zachary Wasserman
5a2296b91b Add useful operator implementations to Status 2015-01-29 17:33:41 -08:00
Mitchell Grenier
dcfaeda4ca Merge pull request #674 from jedi22/filesystem_wild 
Adding recursive directory traversal functionality
 2015-01-29 17:28:35 -08:00
Mitchell Grenier
0ab10f9982 Added the ability to search through directories using wildcards 2015-01-29 17:18:39 -08:00
schettino72
f7357dd4b8 add column info to CREATE VIRTUAL TABLE statement. 2015-01-30 01:08:36 +08:00
Teddy Reed
8fd56417fd Adding a watcher/worker model for osqueryd 2015-01-26 01:22:50 -07:00
Zachary Wasserman
f61488bbc9 Fix typo in core.h comment 2015-01-22 14:00:35 -08:00
Teddy Reed
9c1faec090 Isolate glog include and depend on libglog for #652 2015-01-21 13:37:06 -08:00
mike@arpaia.co
10d5aabd36 config-check command in osqueryd 
This addresses #585
 2015-01-21 12:59:39 -08:00
Mike Arpaia
778789d74e Merge pull request #648 from marpaia/hash-docs 
hash.h documentation
 2015-01-20 16:04:32 -08:00
mike@arpaia.co
ecfe29282b hash.h documentation 
I added some doxygen docs for hash.h
 2015-01-20 15:36:53 -08:00
Teddy Reed
b7549e09ca SMBIOS parsing on Linux using mem 2015-01-20 15:10:19 -08:00
Teddy Reed
6b6649bbd4 Adding mem to Linux filesystem lib 2015-01-20 15:06:34 -08:00
Teddy Reed
64d82388e4 Update the md5 hashing callsites 2015-01-20 14:52:07 -08:00
Teddy Reed
a2d9236478 Use API macro for hash algorithms 2015-01-20 14:24:49 -08:00
Mitchell Grenier
8f407a1e8f Moving commits around for efficientcy 2015-01-20 10:49:58 -08:00
Mitchell Grenier
c1a1013e5a Minor code changes and namespacing 2015-01-16 12:03:23 -08:00
Mitchell Grenier
570c6a32f3 Moved hashing functions into core. #include<osquery/hash.h> 2015-01-15 17:16:05 -08:00
Teddy Reed
4db7c90758 Merge pull request #608 from theopolis/linux_ports 
Moved socket_inode on Linux to process_open_files
 2015-01-13 14:54:35 -08:00
Teddy Reed
bb6f313c6c Moved socket_inode on Linux to process_open_files 2015-01-13 08:26:47 -08:00
Teddy Reed
15c3551bdd Remove gtest include from tables 2015-01-12 15:30:32 -08:00
Teddy Reed
376a438516 Moving splay to scheduler and adding config logging 2015-01-12 12:53:05 -08:00
Teddy Reed
84ef94ce9d Testing for table query constraints 2015-01-12 12:52:29 -08:00
Teddy Reed
465db46628 Fix shouldFire pubsub virtual 2015-01-11 19:51:54 -08:00
Teddy Reed
9b0adcc47f [Fix #560] Improve config tests 2015-01-01 22:05:03 -08:00
Bryan Eastes
93cb303abc Merge branch 'master' of github.com:facebook/osquery into 520_pt_json_workaround 2014-12-20 18:24:33 -08:00
Bryan Eastes
5ad8d3ec55 Changes from CR 2014-12-20 18:19:33 -08:00
mike@arpaia.co
b9f732c31f Updating the license comment to be the correct open source header 
As per t5494224, all of the license headers in osquery needed to be updated
to reflect the correct open source header style.
 2014-12-18 10:52:55 -08:00
Teddy Reed
6a6851c4bc Merge pull request #544 from theopolis/events_2.0 
Events 2.0
 2014-12-17 20:17:02 -08:00
Teddy Reed
fa7a1fe4f1 Add more docs to Events 2.0 2014-12-17 21:10:51 -07:00
Teddy Reed
d5c5253bbc Add osquery_flags vtable 2014-12-16 02:07:50 -08:00
Teddy Reed
6de14466db Events 2.0 using pbr 2014-12-15 11:55:05 -08:00
Teddy Reed
17efa0b3d6 Migrate subscribers on OSX 2014-12-15 00:25:28 -08:00
Teddy Reed
fbd56663d9 Migrate fsevents to events 2.0 2014-12-14 22:17:38 -08:00
Teddy Reed
d927495209 Support casted subscribes 2014-12-14 21:20:20 -08:00
Teddy Reed
c1e37b73fb Non-static event type and name IDs 2014-12-14 18:03:41 -08:00
Teddy Reed
d2a93cf8c1 Remove EventSubscriber macros 2014-12-14 17:05:07 -07:00
Teddy Reed
0d00e4b0e9 Remove EventPublisher macros 2014-12-14 04:43:31 -07:00
mike@arpaia.co
8f8bc6b772 osquery_info table 2014-12-10 18:38:41 -08:00
Bryan Eastes
bd97cb501a First draft of workaround for #520 2014-12-10 00:15:27 -08:00
Teddy Reed
2ebbbf6f98 Linux udev events 2014-12-08 14:13:47 -08:00
Teddy Reed
a0866c0972 Merge pull request #524 from theopolis/events_expiry 
Events expiry
 2014-12-06 19:52:16 -08:00
Teddy Reed
19695d40aa Add expiration to events 2014-12-06 18:28:03 -07:00
Teddy Reed
78ecc73d81 Add -json output mode for shell 2014-12-06 18:22:48 -07:00
Teddy Reed
7b16e45f55 Improve pubsub unittests 2014-12-05 16:18:05 -07:00
Teddy Reed
b7765a6af0 Codemod to improve include search paths for includes 2014-12-03 15:31:09 -08:00
Teddy Reed
f4337243ec Towards simple table generation 2014-12-02 20:36:46 -08:00
Teddy Reed
366c646cb8 Merge pull request #507 from theopolis/config_options 
Read arguments/options from config
 2014-12-01 23:57:53 -08:00
Teddy Reed
8db44f70f3 [Fix #500] Add virtual dtors to event pub/subs 2014-12-01 02:44:35 -07:00
Teddy Reed
43b4debd47 Read arguments/options from config 2014-12-01 02:05:46 -07:00
Teddy Reed
e33443d354 clang-format on feature-predicate updates 2014-11-29 22:36:07 -08:00
Teddy Reed
76780aa6f0 Improve OSX apps table 2014-11-29 22:36:07 -08:00
Teddy Reed
b1cf8f1e61 Improve and use constraints for various OSX tables 2014-11-29 22:36:07 -08:00
Teddy Reed
56014b9c31 Moving tables definitions into core/tables.cpp 2014-11-29 22:36:06 -08:00
Teddy Reed
b18068f114 Improve kextstat/startup_items code and perf 2014-11-29 22:36:06 -08:00
Teddy Reed
ba86d68e68 Rebuild generated files when templates change. 2014-11-29 22:36:06 -08:00
Teddy Reed
b4be08a702 Updating table generators to use QueryContext 2014-11-29 22:36:05 -08:00
Teddy Reed
cd8413d483 Organizing affinity types into tables. 2014-11-29 22:36:05 -08:00
mike@arpaia.co
e29e808358 build tooling 
adding build files for some random build systems
 2014-11-25 17:38:16 -08:00
Teddy Reed
44181b7aeb Add basic support for unsigned long long int 2014-11-21 10:32:56 -08:00
Teddy Reed
b2debf509a Cleanup inode table implementations and unblacklist 2014-11-19 16:56:48 -08:00
mike@arpaia.co
e7fedd8833 throw in ctor if an error occurs 2014-11-17 19:47:44 -08:00
Mike Arpaia
49da6387ea Merge pull request #454 from facebook/pidfile 
pidfile for osqueryd
 2014-11-17 19:27:08 -08:00
mike@arpaia.co
c56b663261 pidfile for osqueryd 
close #442
 2014-11-17 18:42:36 -08:00
mike@arpaia.co
f8c27bde85 Add a splay of 10% to scheduled queries so that they don't stack 
close #446
 2014-11-17 14:19:09 -08:00
mike@arpaia.co
ca2c63419a incorrect namespacing 2014-11-17 13:47:44 -08:00
Teddy Reed
565bce3c07 Fix unwind exception catching 2014-11-14 01:42:00 -08:00
Teddy Reed
153cc7208f More control over logging 2014-11-12 18:19:22 -07:00
Teddy Reed
aa933491d2 Merge pull request #416 from theopolis/hack_fix_386 
[Fix #386] This is a hack to fix Ubuntu unwinding
 2014-11-12 16:43:18 -08:00
Teddy Reed
b419c79791 [Fix #386] This is a hack to fix Ubuntu unwinding 2014-11-12 17:12:37 -07:00
mike@arpaia.co
a8832482b3 implementation for #360 2014-11-12 16:51:14 -05:00
Teddy Reed
0d8b9d3eaa Use SQLite types 2014-11-12 11:07:24 -08:00
Teddy Reed
8e408f987e Table spec documentation examples 2014-11-11 11:26:11 -08:00
Bryan Eastes
ec081c9a54 Added --host_identifier option 
Conflicts:
	osquery/core/system.cpp
 2014-11-10 16:41:13 -05:00
Teddy Reed
bc05f5de78 Merge pull request #383 from theopolis/fix_rpm_packages 
[Fix #367] Check RPMTAG class before cast
 2014-11-10 01:59:13 -08:00
Teddy Reed
b0ff403d3d Fixing librpm API usage leaks 2014-11-10 01:48:07 -08:00
Teddy Reed
ea0d210ad3 Fix newline warning in flags 2014-11-09 13:24:57 -07:00
Teddy Reed
f7667ec440 Remove Threads requirement, cleanup flags 2014-11-09 00:00:57 -08:00
Teddy Reed
078d4cf7d2 Refector shell flags/versioning 2014-11-08 20:27:28 -08:00
Teddy Reed
62d6472cfe Rethinking some build improvements 2014-11-08 19:28:35 -08:00
Veres Lajos
afc82c722f typo fixes - https://github.com/vlajos/misspell_fixer 2014-11-07 22:18:02 +00:00
mike@arpaia.co
896a4f2957 generic users function and some general cleanups 2014-11-04 11:40:54 -08:00
Mike Arpaia
a9e636af9f Merge pull request #349 from facebook/329 
Ensuring that listening_ports results are unique
 2014-11-03 14:08:04 -08:00
mike@arpaia.co
1ce7f7b486 adding a comment denoting performance 2014-11-03 12:16:39 -08:00
Zachary Wasserman
c559f0e1d2 Refactor osquery::fileystem to use boost::filesystem::path rather than std::string 2014-11-03 12:08:46 -08:00
mike@arpaia.co
75ded8b881 Ensuring that listening_ports results are unique 2014-11-03 12:03:57 -08:00
Teddy Reed
24b7be320c Fix #328, add gflags defines for shell-internal flags 2014-11-02 15:40:35 -08:00
Teddy Reed
1554bf3295 Fix #290, add permissions to osqueryd logging 2014-10-30 15:03:05 -07:00
yetanotherhacker
8cee7e0b3c Spelling fixes in comments and output. 2014-10-30 04:27:00 -04:00
Teddy Reed
8a9374d6e3 [vtables] Support linux crontab vars 2014-10-29 02:24:00 -07:00
Teddy Reed
47d1f13966 Using Cpp03 to remove double right angle brackets 2014-10-27 17:56:55 -07:00
Teddy Reed
6e60612520 Using clang-format 3.5 2014-10-27 17:37:36 -07:00
Teddy Reed
cc31e93762 Version bump, 1.0.3 2014-10-27 12:29:51 -07:00
Teddy Reed
0a1925200e Clean flags usage in daemon/shell and dbhandle 2014-10-27 12:09:35 -07:00
Teddy Reed
6d50d762ce Changing flag infra, reducing config testing, adding debug macro 2014-10-27 10:30:02 -07:00
Teddy Reed
991cbdfb00 Fix permissions on DB handle 2014-10-27 10:05:08 -07:00
Teddy Reed
a82792b3f7 Log results as events 2014-10-24 17:05:17 -07:00
mike@arpaia.co
0033e9bd02 cleaning up some memory leak supps 2014-10-09 22:06:55 -07:00
Teddy Reed
ded0717e94 [events] Additional INotify tests 2014-10-07 12:27:25 -07:00
Teddy Reed
8213e7dcbc [events] Improve inotify 2014-10-06 14:37:44 -07:00
Teddy Reed
c553a59745 [events] Use pub/sub diction for events 2014-10-03 11:30:51 -07:00
Teddy Reed
1e36b494b4 [events] Rename MonitorContext to SubscriptionContext 2014-10-03 08:26:41 -07:00
Teddy Reed
b2474b49eb [events] Renamed EventType to EventPublisher 2014-10-03 08:14:36 -07:00
Teddy Reed
e77ae22fe2 [events] Rename EventModule to EventSubscriber 2014-10-03 08:08:06 -07:00
Teddy Reed
69bfb92905 [events] Fleshing out OSX FSEvent framework 2014-10-02 21:30:14 -07:00
mike@arpaia.co
764619c849 Adding a function to read tomcat configs from disk 2014-09-30 19:59:52 -07:00
mike@arpaia.co
c8fded9498 comments for tomcat 2014-09-30 19:54:44 -07:00
Mike Arpaia
3fb8c8a5d4 Merge pull request #183 from facebook/tomcat-users 
Adding a function to parse the Tomcat users XML file
 2014-09-30 19:51:54 -07:00
mike@arpaia.co
196ec880ab Adding a function to parse the Tomcat users XML file 
This is apart of a bigger, better virtual table idea that @carnal0wnage
had.
 2014-09-30 19:49:38 -07:00
Teddy Reed
bf8209ca90 Merge pull request #182 from facebook/events_docs 
[events] Added remaining doxy comments
 2014-09-30 15:00:08 -07:00
Teddy Reed
ef044c4a72 [events] Added remaining doxy comments 2014-09-30 12:50:14 -07:00
Teddy Reed
6eb9c5fd44 EventFactory, Dispatcher as singletons 2014-09-29 20:47:24 -07:00
Teddy Reed
588f1198f3 Merge pull request #174 from facebook/passwd_changes_vtable 
[events] Events lifecycle complete, passwd_changes vtable
 2014-09-26 21:13:52 -07:00
Teddy Reed
ed338e8356 [events] Events lifecycle complete, passwd_changes vtable 2014-09-26 12:58:32 -07:00
mike@arpaia.co
0c783ebf0a Migrating internal usage of osquery::query to osquery::SQL 2014-09-26 00:34:56 -07:00
mike@arpaia.co
7076aa813c SQL class for executing queries 
implements #141
 2014-09-26 00:28:18 -07:00
mike@arpaia.co
636ced854f Pretty shell results 
Example:

```
osquery> select name, program || program_arguments as executable from launchd limit 5;

+----------------------------------+-------------------------------------------------------------------------------+
| name                             | executable                                                                    |
+----------------------------------+-------------------------------------------------------------------------------+
| bootps.plist                     | /usr/libexec/bootpd                                                           |
| com.apple.afpfs_afpLoad.plist    | /System/Library/Filesystems/AppleShare/afpLoad                                |
| com.apple.afpfs_checkafp.plist   | /System/Library/Filesystems/AppleShare/check_afp.app/Contents/MacOS/check_afp |
| com.apple.AirPlayXPCHelper.plist | /usr/libexec/AirPlayXPCHelper                                                 |
| com.apple.airport.wps.plist      | /usr/libexec/wps                                                              |
+----------------------------------+-------------------------------------------------------------------------------+
osquery> .tables
  => alf
  => alf_exceptions
  => alf_explicit_auths
  => alf_services
  => apps
  => ca_certs
  => etc_hosts
  => interface_addresses
  => interface_details
  => kextstat
  => last
  => launchd
  => listening_ports
  => nvram
  => osx_version
  => processes
  => routes
  => time
```
 2014-09-25 21:39:07 -07:00
Teddy Reed
9220da7e3d [events] Registry integration 2014-09-24 12:43:14 -07:00
mike@arpaia.co
5f4108c503 Moving all boost smart pointers to std smart pointers 2014-09-24 10:54:59 -07:00
Teddy Reed
9a2d299424 [events] Events and registry coordination 2014-09-24 10:46:37 -07:00
Teddy Reed
94953df90e [events] Flesh out inotify eventtype 2014-09-23 13:01:03 -07:00
Teddy Reed
bb7097a255 [events] EventType threads for each run loop 2014-09-22 18:35:12 -07:00
mike@arpaia.co
ebfc47b399 Edits to https://github.com/facebook/osquery/pull/148/ 2014-09-22 14:35:59 -07:00
mike@arpaia.co
16122544f5 Reorganizing tests so that the public headers don't have to include gtest 2014-09-22 14:30:52 -07:00
Teddy Reed
9b42c060ea [events] Linux inotify event type 2014-09-22 01:47:50 -07:00
mike@arpaia.co
627821abc1 Periodic clang-format 2014-09-21 14:29:28 -07:00
mike@arpaia.co
b5ee19f49f Removing the osquery::db namespace 2014-09-21 14:27:09 -07:00
Teddy Reed
eee37034b4 [events] Intro of non-async event framework 2014-09-18 15:05:41 -07:00
mike@arpaia.co
f06a4ba52e cleaning up the plugin interfaces 2014-09-16 01:34:39 -07:00
mike@arpaia.co
5998dbd1c5 clang-format 2014-09-16 00:36:49 -07:00
mike@arpaia.co
d9edc81041 Updating the format of doxygen comment blocks 2014-09-16 00:28:23 -07:00
mike@arpaia.co
b36b5c8f29 fixing documentation error 2014-09-15 23:26:22 -07:00
mike@arpaia.co
0eab76a20c refactored aggregateQuery to query 2014-09-15 23:07:03 -07:00
mike@arpaia.co
9147eb541f fixing up some misdocumented parameters 2014-09-15 18:54:18 -07:00
mike@arpaia.co
011d38a767 moving namespace documentation into the doxygen directory 2014-09-15 18:53:04 -07:00
mike@arpaia.co
441ca7bb36 better namespace documentation 2014-09-15 18:11:49 -07:00
mike@arpaia.co
019efb923a namespace documentation 2014-09-15 17:24:29 -07:00
mike@arpaia.co
4a048db278 database namespace documentation 2014-09-15 17:13:22 -07:00
mike@arpaia.co
8d1714841a plugin docs 2014-09-15 14:37:57 -07:00
mike@arpaia.co
e295630d32 Accidental comment 2014-09-15 13:37:20 -07:00
mike@arpaia.co
6f940fb827 Status docs 2014-09-15 13:23:28 -07:00
mike@arpaia.co
6985d4bfa5 scheduler documentation 2014-09-15 13:11:39 -07:00
mike@arpaia.co
1f42458bfb registry docs 2014-09-15 13:09:16 -07:00
mike@arpaia.co
3ca56b42a9 config documentation updates 2014-09-15 13:02:30 -07:00
mike@arpaia.co
798a8aa02a logger documentation 2014-09-15 13:02:23 -07:00
mike@arpaia.co
e0b385aa95 filesystem.h docs 2014-09-15 12:47:00 -07:00
mike@arpaia.co
42afd04bec docs for devtools.h 2014-09-15 12:28:41 -07:00
mike@arpaia.co
7d97186a26 comments for core.h 2014-09-15 12:23:07 -07:00
mike@arpaia.co
de426754d9 moving fs to the global namespace 2014-09-15 11:47:52 -07:00
mike@arpaia.co
d29c58f795 moving scheduler to global namespace 2014-09-15 11:26:16 -07:00
mike@arpaia.co
05f4bc513c down with scheduledQueries_t 2014-09-15 11:17:48 -07:00
mike@arpaia.co
b7f8f5f72a moving logger to the global namespace 2014-09-15 11:14:17 -07:00
mike@arpaia.co
fb2591d82a #143 2014-09-15 11:09:33 -07:00
mike@arpaia.co
68318f816b doxygen docs for Dispatcher 2014-09-14 23:02:50 -07:00
mike@arpaia.co
ad9b0bb5c1 Doxyfile, for docs 2014-09-13 15:18:26 -07:00
mike@arpaia.co
6a0e5b7ddb Removing the unimplemented transaction locking methods in DBHandle 2014-09-13 13:53:12 -07:00
mike@arpaia.co
e838110e84 Moving header to include 2014-09-12 17:50:03 -07:00