valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 10:23:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,103 Commits 2 Branches 109 Tags 25 MiB
2d7ce9341a
Commit Graph

98 Commits

Author SHA1 Message Date
Teddy Reed
1caba72c30 Remove 'host' from OS X route types #483 2014-11-21 10:59:25 -08:00
Teddy Reed
a84c20a468 Merge pull request #472 from theopolis/cleanup-inode-tables 
Cleanup inode table implementations and unblacklist.
 2014-11-19 17:04:23 -08:00
Teddy Reed
b2debf509a Cleanup inode table implementations and unblacklist 2014-11-19 16:56:48 -08:00
Mike Arpaia
ac70916719 Merge pull request #434 from lwhsu/freebsd-build 
FreeBSD support of build infrastructure
 2014-11-19 09:23:17 -08:00
Li-Wen Hsu
4f8006ad02 Add dummy table implementations for FreeBSD 2014-11-19 05:07:59 +08:00
Teddy Reed
12a5daa225 Change user_name, group_name to username, groupname 2014-11-18 10:48:47 -08:00
Li-Wen Hsu
6c55b51c53 Merge branch 'master' into freebsd-build 
Conflicts:
	osquery/core/system.cpp
	tools/provision.sh
 2014-11-19 01:50:38 +08:00
Teddy
968f8027e6 Cleaner arp_table->arp_cache on Linux/OSX 2014-11-17 02:37:15 -08:00
Teddy Reed
ee015343f9 Simplify arp, move to arp_table 2014-11-16 19:49:40 -08:00
Pablo S. Torralba
65c4ed4a7d Fix boost split on linux to remove sscanf 2014-11-16 19:49:40 -08:00
Pablo S. Torralba
2b32673445 Some fixes: 
- clang-format on code
- NULL -> nullptr
- some (char *) changed in std::string favour
- Removed a memory leak.
- Moved struct inside the table namespace
 2014-11-16 19:49:40 -08:00
Pablo S. Torralba
778951d6a4 Remove osx dependency on system() call to get arp information 2014-11-16 19:49:40 -08:00
Pablo S. Torralba
c7fc2cee22 rename vtable field arp->mac 2014-11-16 19:49:40 -08:00
Pablo S. Torralba
4f524abbea arp vtable different implementation in osx and linux 2014-11-16 19:49:40 -08:00
Pablo S. Torralba
413d6f068b Change fgetln (osx specific) in favour of getline (both osx and linux) 2014-11-16 19:49:40 -08:00
Pablo S. Torralba
1843d80660 arp vtable with ip, arp and interface where it was seen 2014-11-16 19:49:40 -08:00
Li-Wen Hsu
a102a3273e Include proper headers for FreeBSD 2014-11-16 01:41:50 +08:00
Teddy Reed
02841f5e7f Add kernel userland-API inet_diag header 2014-11-14 01:42:34 -08:00
Teddy Reed
0d8b9d3eaa Use SQLite types 2014-11-12 11:07:24 -08:00
Abe Stanway
811d98c595 free(linkname) and no more 'self' 2014-11-10 15:02:31 -05:00
Abe Stanway
30149a70f9 Updated 2014-11-10 15:02:31 -05:00
Abe Stanway
322fde0121 Socket_inode and port_inode tables to map PIDs->ports via netlink inet_diag 
Example query:
```
SELECT port.local_port,
       port.remote_port,
       port.local_ip,
       port.remote_ip,
       socket.pid,
       process.name,
       process.cmdline
       process.path
       FROM socket_inode AS socket
       JOIN port_inode AS port
       ON socket.inode = port.inode
       INNER JOIN processes AS process
       ON socket.pid = process.pid;
```
 2014-11-10 15:02:31 -05:00
mike@arpaia.co
75ded8b881 Ensuring that listening_ports results are unique 2014-11-03 12:03:57 -08:00
Teddy Reed
cd74544208 Fix #277, add socket.h to interfaces on darwin 2014-10-29 16:44:17 -07:00
Teddy Reed
6e60612520 Using clang-format 3.5 2014-10-27 17:37:36 -07:00
Teddy Reed
53afc6b8b2 Merge pull request #240 from facebook/event_logs 
Change log formatting to individual events
 2014-10-26 14:53:58 -07:00
Teddy Reed
a82792b3f7 Log results as events 2014-10-24 17:05:17 -07:00
Teddy Reed
3d7c8b5684 [vtable] Unify routes table for OSX/Linux 2014-10-24 12:34:18 -07:00
Javier Marcos
5db9fa59a5 Adding support to build osquery in centos 6.5 2014-10-08 03:45:56 +00:00
mike@arpaia.co
627821abc1 Periodic clang-format 2014-09-21 14:29:28 -07:00
mike@arpaia.co
b5ee19f49f Removing the osquery::db namespace 2014-09-21 14:27:09 -07:00
Teddy Reed
9516bf8fd7 Regressions from core NS removal, linux includes 2014-09-17 10:29:22 -06:00
mike@arpaia.co
de426754d9 moving fs to the global namespace 2014-09-15 11:47:52 -07:00
mike@arpaia.co
ad9b0bb5c1 Doxyfile, for docs 2014-09-13 15:18:26 -07:00
mike@arpaia.co
c9fafc00d3 using '#pragma once' instead of '#ifndef HEADER' 
let's start using #pragma once for our headers. it's less lines of code,
clang supports it, headers become more movable, etc. it's all around a
better plan.
 2014-09-09 18:54:53 -07:00
mike@arpaia.co
df1332277d clang-format 2014-09-09 16:14:54 -07:00
Teddy Reed
825b50f932 [vtables] Routes table for Linux 2014-09-09 16:07:36 -07:00
mike@arpaia.co
8fcad82b35 periodic clang-format 2014-09-09 00:56:27 -07:00
mike@arpaia.co
f640bc23af updating include paths in networking utils 2014-08-27 11:39:36 -07:00
mike@arpaia.co
df580161f8 fixing leak of pids in listening_ports.cpp 2014-08-26 14:53:56 -07:00
Teddy Reed
f461605b94 [vtable_interfaces] Add interface_{details, addresses} vtables 2014-08-21 18:49:15 -07:00
Teddy Reed
42d7f982e9 [vtable_routes] Added vtable for various network routes 2014-08-19 21:39:16 -07:00
Teddy Reed
95ceb21ec5 [vtable_listening_ports] Listening sockets, IPv4, IPv6 2014-08-19 15:25:16 -07:00
mike@arpaia.co
e723306c13 Ran clang-format across the codebase 2014-08-15 12:29:51 -07:00
mike@arpaia.co
b0a5c9cfe4 changing forward decl signature in unit test 2014-08-07 13:28:16 -07:00
mike@arpaia.co
968a8a8355 forward declarations in table files 2014-08-07 13:14:06 -07:00
mike@arpaia.co
4bec86c534 zwass' comment on etc_host table 2014-08-06 15:55:46 -07:00
mike@arpaia.co
48c8ebed17 moving networking vtables into their own dir 2014-08-05 18:10:18 -07:00