valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 02:18:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,682 Commits 2 Branches 109 Tags 25 MiB
3db60378f4
Commit Graph

1682 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mike Arpaia
3db60378f4 [Fix #1013] wildcard support in file table 
Now you can run a query like:

```
[localhost] linux (file_wildcard) * ./osquery/osqueryi
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
osquery - being built, with love, at Facebook
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Connected to a transient in-memory database.
osquery> select path from file where wildcard = "/home/%/git/osquery/%";
+--------------------------------------------+
| path                                       |
+--------------------------------------------+
| /home/marpaia/git/osquery/.clang-format    |
| /home/marpaia/git/osquery/osquery.thrift   |
| /home/marpaia/git/osquery/PATENTS          |
| /home/marpaia/git/osquery/README.md        |
| /home/marpaia/git/osquery/Vagrantfile      |
| /home/marpaia/git/osquery/CONTRIBUTING.md  |
| /home/marpaia/git/osquery/mkdocs.yml       |
| /home/marpaia/git/osquery/Doxyfile         |
| /home/marpaia/git/osquery/.gitmodules      |
| /home/marpaia/git/osquery/requirements.txt |
| /home/marpaia/git/osquery/Makefile         |
| /home/marpaia/git/osquery/LICENSE          |
| /home/marpaia/git/osquery/.gitignore       |
| /home/marpaia/git/osquery/CMakeLists.txt   |
+--------------------------------------------+
```
 2015-04-23 23:39:32 -07:00
Teddy Reed
85b6d979d7 Merge pull request #1035 from steven-hilder/fixCsvFlag 
Fix --csv flag in osqueryi shell
 2015-04-23 16:57:14 -07:00
Teddy Reed
bfb8f64d37 Merge pull request #1024 from sharvilshah/faster_vagrant 
Use all available CPUs when provisioning a Vagrant box
 2015-04-23 16:56:03 -07:00
Steven Hilder
0937a92cd1 Fix --csv flag in osqueryi shell 2015-04-23 21:32:14 +00:00
Sharvil Shah
6383a9917f Support setting v.cpus via ENV variable, default fallback to 2 
Update docs: mention V_CPUS ENV variable for vagrant

Use OSQUERY_BUILD_CPUS as the ENV var instead of V_CPUS
 2015-04-23 14:15:16 -07:00
Javier Marcos
6f447ffedb Merge pull request #1031 from javuto/etc_protocols_table 
Adding new table for /etc/protocols
 2015-04-22 18:18:03 -07:00
Teddy Reed
328bc062aa Merge pull request #1034 from theopolis/fix_cmake_centos7 
Build cmake with gcc to avoid gnu++1y
 2015-04-22 18:14:54 -07:00
Teddy Reed
b2dc8b7264 Build cmake with gcc to avoid gnu++1y 2015-04-22 17:58:08 -07:00
Javier Marcos
ddb41ae84a Adding tests to the prototocols table 2015-04-22 17:49:27 -07:00
Javier Marcos
93d2b58b60 Adding new table for /etc/protocols 2015-04-22 15:46:29 -07:00
Mike Arpaia
e1c5b5b596 Merge pull request #1028 from arirubinstein/master 
Add a missing Page attribute to fix broken mkdocs build
 2015-04-22 11:00:41 -07:00
Ari Rubinstein
7f50484f1d Add a missing Page attribute to fix broken mkdocs build 2015-04-22 10:01:42 -07:00
Teddy Reed
b8a54dbcc9 Merge pull request #1026 from sharvilshah/doc_updates 
Minor doc updates
 2015-04-22 08:36:55 -07:00
Sharvil Shah
b14874aacd update links to osquery.rtfd and better formatting 2015-04-21 20:36:35 -07:00
Teddy Reed
ab4e78f875 Merge pull request #1005 from theopolis/osx_memmap 
Towards OS X memory maps
 2015-04-20 22:18:36 -07:00
Mike Arpaia
b409049050 Merge pull request #1010 from marpaia/readme 
Changing read the docs URL to be https
 2015-04-19 21:59:52 -07:00
Mike Arpaia
8e7d10b956 Changing read the docs URL to be https 2015-04-19 12:49:33 -07:00
Teddy Reed
767ac367b6 Merge pull request #1008 from theopolis/docs_3 
Documentation updates, separate config/logging pages
 2015-04-19 08:23:07 -07:00
Teddy Reed
8930f9e692 Documentation updates, separate config/logging pages 
Mostly minor documentation/wiki/guide fixes.
The breaks down the "using osqueryd" page into more of a summary
of what the daemon does from a schedule/logging perspective.

The bulk of the "using osqueryd" page now exists in the configuration
deployment page and the new "logging" deployment page.
 2015-04-18 22:09:25 -07:00
Teddy Reed
b8db4359f3 Merge pull request #1004 from theopolis/fix_bugs 
Lint fixes and clang analyze
 2015-04-18 14:31:39 -07:00
Teddy Reed
6b9f412caa Towards OS X memory maps 2015-04-18 14:20:40 -07:00
Mitchell Grenier
cf6457ae94 Merge pull request #986 from jedi22/config_remote 
Creating interfaces for remote logging
 2015-04-17 16:28:15 -07:00
Mitchell Grenier
c47790d87d Creating interfaces for remote logging 
First draft of the enrollment plugin and part of the config plugin.

Please comment on potential structure and functionality.

They way it's designed to work is this:
Both the config and logger plugins will call the enroll getKey function. getKey
is in charge of maintaining the state of having a key and doing the enrollment.

If enroll has a key, then it will instantly return doing no HTTP requests, if it
doesn't, then it will try a few times to get a key, if it's not successful, it
fails and returns an empty string, if it succeeds, then it will return the
client enrollment key for the requester to use.
 2015-04-17 14:48:46 -07:00
Teddy Reed
c59ce0e4e4 Lint fixes and clang analyze 2015-04-17 09:18:46 -07:00
Javier Marcos
470d63c283 Merge pull request #1002 from javuto/osquery_scheduled_table 
Adding osquery_scheduled table
 2015-04-16 15:48:33 -07:00
Javier Marcos
1e505fe023 Adding renamed file 2015-04-16 15:29:10 -07:00
Javier Marcos
3c86ecd31c Changing name to osquery_schedule 2015-04-16 15:26:20 -07:00
Javier Marcos
6f2afd7be8 Adding osquery_scheduled table 2015-04-16 14:48:21 -07:00
Teddy Reed
1236f22501 Merge pull request #999 from theopolis/launchd_overrides_2 
Add launchd_overrides table
 2015-04-16 13:35:22 -07:00
Teddy Reed
cf479abdc8 [Fix #1000] Bump third-party SQLite 3.8.9 2015-04-16 12:53:12 -07:00
Teddy Reed
c9e07ec2ba Add launchd_overrides table 2015-04-15 23:19:23 -07:00
Mike Arpaia
a8506d15e8 Merge pull request #997 from facebook/platform_osquery_info 
[#989] Adding distro and version to osquery_info
 2015-04-15 21:28:35 -07:00
Javier Marcos
4763d2a5ff Removing commented ifdef 2015-04-15 20:46:06 -07:00
Javier Marcos
7a2716b4b6 Adding distro and version to osquery_info 2015-04-15 16:34:12 -07:00
Teddy Reed
1e584c9b93 Merge pull request #992 from theopolis/debug_target 
[Fix #991] Use separate targets for opt/debug builds
 2015-04-15 12:19:21 -07:00
Teddy Reed
8fe0a214b2 Merge pull request #994 from theopolis/ubuntu_version 
Fix Ubuntu os_version regex
 2015-04-15 12:18:46 -07:00
Mike Arpaia
c37be342ec updating wiki link to read the docs 2015-04-15 01:02:58 -07:00
Teddy Reed
f7f1819a67 Fix Ubuntu-version regex 2015-04-14 22:43:44 -06:00
Teddy Reed
e6a436fc51 Merge pull request #988 from theopolis/config_parsers 
Add a ConfigParserPlugin to extend config keys
 2015-04-14 21:27:56 -07:00
Teddy Reed
338a14e8db [Fix #991] Use separate targets for opt/debug builds 2015-04-14 22:25:00 -06:00
Teddy Reed
2d3de51510 Restrict permissions on RocksDB paths 2015-04-14 21:07:21 -07:00
Teddy Reed
c3958259b8 Add a ConfigParserPlugin to extend config keys 2015-04-14 20:30:06 -07:00
Teddy Reed
b7d060bc9d Merge pull request #985 from theopolis/rhel_clang3.4 
Cross compile with LLVM 3.4 using gcc 4.9 on RHEL6.5
 2015-04-14 19:54:59 -07:00
Mike Arpaia
af0caac22c Merge pull request #984 from marpaia/requests 
Request template classes
 2015-04-13 11:33:25 -07:00
mike@arpaia.co
233f672655 Request template classes 
As discussed in the comments of #961. Included is an HTTP transport
(which works for HTTPS also) and a JSON serializer.
 2015-04-13 10:32:56 -07:00
Teddy Reed
595e94547d Build LLVM 3.4 using gcc 4.9 on RHEL6.5 2015-04-13 09:19:09 -07:00
Teddy Reed
739d91c361 Performance linting 2015-04-11 19:50:35 -07:00
Teddy Reed
e1f0106710 Various fixes, checks 2015-04-11 15:57:12 -07:00
Teddy Reed
a8ced9a647 Merge pull request #977 from theopolis/process_parsing 
[Fix #968] Refactor launchd
 2015-04-11 14:18:58 -07:00
Mike Arpaia
0745017233 missing quote in docs 2015-04-10 23:31:10 -07:00