valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 18:33:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,443 Commits 2 Branches 109 Tags 25 MiB
39bdec4c8d
Commit Graph

747 Commits

Author SHA1 Message Date
Chris Down
39bdec4c8d Add saved UIDs and GIDs to process table 2015-11-18 16:44:07 -08:00
Andrew Dunham
a0932105f6 Refactor how we determine the OS version in the signature table 2015-11-11 11:34:15 -08:00
Teddy Reed
aa4973a1b3 Merge pull request #1644 from stripe/andrew-add-timezone 
Add timezone field to time table
 2015-11-10 16:41:39 -08:00
Teddy Reed
daee71919a Merge pull request #1642 from stripe/andrew-add-codesign 
Add a `signature` table on Darwin
 2015-11-10 16:23:16 -08:00
Andrew Dunham
0ae380297f Add timezone field to time table 2015-11-10 15:17:49 -08:00
Andrew Dunham
dea93c8aa5 Add a signature table on Darwin 
This table allows verifying the signature of files (or bundles) on
Darwin.  It also provides the signing identifier that is a part of the
signature.
 2015-11-10 13:21:18 -08:00
Teddy Reed
0a6d334f27 Fix missed nullptr checks in wifi 2015-11-10 01:01:12 -08:00
Teddy Reed
57e8ef2ab3 [#1546] Add computer_name to system_info and extend to Linux 2015-11-04 10:31:16 -08:00
Teddy Reed
084ccaf080 Use default blank value for startup_items Alias 2015-11-03 22:58:00 -08:00
Teddy Reed
cd4de8023f Merge pull request #1630 from theopolis/fix_1626 
[Fix #1626] Add schedule blacklist and protect DBHandle
 2015-11-03 21:05:29 -08:00
Teddy Reed
edea3d6edd [Fix #1626] Add schedule blacklist and protect DBHandle 2015-11-03 20:50:22 -08:00
Teddy Reed
5aa225d4c3 Merge pull request #1619 from sharvilshah/wifi 
Implement wifi_networks tables for OS X
 2015-11-02 16:11:21 -08:00
Teddy Reed
15215cdbc0 Add persistent splays 2015-11-02 14:10:04 -08:00
Teddy Reed
5233d7dcf8 Add start time to osquery_info, remove md5/path 2015-11-02 10:57:01 -08:00
Teddy Reed
75bfcddc31 Merge pull request #1622 from theopolis/faster_sockets 
Faster socket_events on Linux
 2015-11-02 10:56:37 -08:00
Teddy Reed
a1a9131174 Optimize socket_events and Linux users 2015-11-02 10:37:56 -08:00
Teddy Reed
50550e607a Build and provision edits for FreeBSD CI 2015-11-02 01:47:09 -08:00
Sharvil Shah
9a6d6d1293 Implement wifi_networks tables for OS X 
If the option of remembering known Wi-Fi networks is enabled on a system,
they are persisted to disk as a preferences property list file.
This table is populated by parsing that file.
 2015-11-01 16:53:51 -08:00
Teddy Reed
d27a7ecc4c Fix clang warnings, promote warnings to errors 2015-11-01 02:12:07 -08:00
Teddy Reed
97a6521445 Merge pull request #1614 from theopolis/drop_around_files 
Expand the scope of permissions dropping
 2015-10-30 17:07:04 -07:00
Teddy Reed
09e4e3c42e Expand the scope of permissions dropping 2015-10-30 09:56:33 -07:00
Michael George
fb545bb85e added sh_history 2015-10-29 10:53:04 -07:00
Teddy Reed
db58ec5e44 Only emit process events for 0-status execve 2015-10-27 17:12:23 -07:00
Teddy Reed
b81b6de6ae This refactors a bit of config/packs and adds a socket_events table to Linux. 
The refactor of config/packs was initiated because event subscribers needed
a method for toggling `::init` based on some configurable option. In the case
of auditd, turning on the support with `--disable_audit=false` used to start
auditing the EXECVE syscall. It was understandable that this would cause
latency based on the number of processes executing per measure of time.

A new `socket_events` table will do the same but for `bind` and `connect`. These
are less-obvious and for now, require a scan of /proc for socket tuples. In the
future this file descriptor to socket tuple will be faster.
 2015-10-27 15:13:02 -07:00
Teddy Reed
654830cf11 Merge pull request #1594 from rcseacord/additional-sign-fixes 
eliminated some warnings from Clang 3.7 analyze mode
 2015-10-23 13:03:54 -03:00
Robert C. Seacord
09481d0381 Fixed some type problems, casting away const, integer types, old style casts, etc. 2015-10-21 20:56:58 +00:00
Robert C. Seacord
1d9695ac31 eliminated some warnings from Clang 3.7 analyze mode 2015-10-21 06:02:58 +00:00
Teddy Reed
7ba87a88bb Merge pull request #1585 from rcseacord/additional-sign-fixes 
Additional sign fixes
 2015-10-19 11:25:18 -07:00
Teddy Reed
8214dd1309 Merge pull request #1584 from theopolis/fix_1580 
[Fix #1580] Handle exceptions in linux process_memory_map
 2015-10-19 09:28:16 -07:00
Teddy Reed
f891503cd9 Merge pull request #1577 from nemith/dpkg 
Support for newer versions of libdpkg
 2015-10-19 09:24:37 -07:00
Teddy Reed
bc50c053fb Remove boolean type-columns from file in favor of 'type' 2015-10-17 12:16:54 -07:00
Robert C. Seacord
e57828aac3 changes for integer sign problems 2015-10-17 00:18:35 +00:00
Teddy Reed
3cc7984cc2 [Fix #1580] Handle exceptions in linux process_memory_map 2015-10-16 16:59:23 -07:00
Robert C. Seacord
acb2f6f628 eliminating diagnostics, mostly for comparisons between signed and unsigned operations 2015-10-16 16:10:37 +00:00
Robert C. Seacord
37b8e83a9e fixes for problems related to unsigned to signed integer comparisons 2015-10-16 16:10:36 +00:00
Teddy Reed
3f8cb14fbb Merge pull request #1579 from nemith/segv 
Fix segfault on interfaces tables
 2015-10-15 17:58:04 -07:00
Brandon Bennett
f683871653 Fix segfault on interfaces tables 
getifaddrs(3) states that ifa_addr can be null. Check to make sure they are not null before accessing them
 2015-10-15 16:53:14 -06:00
Brandon Bennett
65738a73c1 Support for newer versions of libdpkg 
Libdpkg has some breaking changes in newer versions which prevented
compiling the deb_packages table on Ubuntu 15.04.  This change looks for
the libpkg version user pkg-config and adds some preprocessor magic to
support the newer versions.
 2015-10-15 16:43:14 -06:00
Teddy Reed
3be0994933 [Fix #1570] Check for invalid apt sources 
This fixes a crash identified by @endrazine.
When apt sources data in /etc/apt/sources.list or /etc/apt/sources.list.d/{*}.list contain invalid data/lines the cache_file.GetPkgCache(); call will fail and cache will be nullptr. Subsequent usage results in a SIGSEV.

To reproduce the fault try:

$ zzuf -I /etc/ -r 0.01:0.1 -s 0:1000 -v \
 ./build/trusty/osquery/osqueryi --registry_exceptions=true --verbose \
 "select count(*) from apt_sources"

Signed-off-by: Jonathan Brossard
 2015-10-15 15:20:26 -07:00
Teddy Reed
34717fda29 Merge pull request #1554 from mlw/fix-lingering-socket-fds 
Close socket fds when finished with them
 2015-10-12 13:32:52 -07:00
Matthew White
2446b22a5f Close socket fds when finished with them 2015-10-12 09:59:09 -07:00
Teddy Reed
6b16720039 Fix kernel_info on OS X, remove md5 2015-10-11 11:43:42 -07:00
Teddy Reed
31b7966088 [Fix #1531] Use libarchive finish for safari_extension parsing 2015-09-28 17:33:42 -07:00
Teddy Reed
bbac2cf07f [#1529] Allow DB Readonly with RocksDB lite 2015-09-28 01:50:32 -07:00
Teddy Reed
64c18a70a9 Merge pull request #1525 from theopolis/process_adds 
Add state, group, and nice to processes
 2015-09-24 14:43:17 -07:00
Teddy Reed
5890901c00 Add state, group, and nice to processes 2015-09-24 13:11:46 -07:00
Mike Arpaia
327a9bcdb1 Merge pull request #1522 from marpaia/startup_items 
Include system startup items
 2015-09-22 16:06:20 -07:00
Mike Arpaia
b09031adda Include system startup items 
We were not parsing system startup items.
 2015-09-22 15:50:55 -07:00
Mike Arpaia
4021a742df Merge pull request #1507 from jacknagz/os_version_rhel 
RHEL os_version fix
 2015-09-21 18:03:03 -07:00
Teddy Reed
d042967f43 Fix YARA sigfile caching 2015-09-20 00:06:57 -07:00