Commit Graph

799 Commits

Author SHA1 Message Date
secretsquirrel
4224c9fdc0 adding strict codesigning checks 2016-01-07 00:01:46 -05:00
Teddy Reed
6a1b08c4fe Use key_strength to support ECC 2016-01-05 18:48:34 -08:00
Teddy Reed
e311a47774 Add key_size to certificates table 2016-01-05 11:34:57 -08:00
Teddy Reed
5824b891d3 Only discovery SMBIOS tables once on Linux 2015-12-19 20:40:05 -08:00
Teddy Reed
ef5ee380b3 Merge pull request #1739 from theopolis/certificate_issuer
Add certificate issuer and self_signed columns
2015-12-17 22:30:43 -08:00
Teddy Reed
4af9d8d61c Add certificate issuer and self_signed columns 2015-12-17 19:36:31 -08:00
Teddy Reed
f9faf0bea7 [Fix #1735] Limit OPENED and access-related events 2015-12-17 15:42:32 -08:00
Teddy Reed
2ec5d34291 Bump non-OS X TSK builds to 4.2.0 2015-12-14 23:43:08 -08:00
Teddy Reed
63d12789b4 Fix regression in file content predicate refactor 2015-12-14 15:24:55 -08:00
Teddy Reed
31dfad2515 Fix unhelpful subscriber verbose error for process_file_events 2015-12-14 15:09:52 -08:00
Teddy Reed
e6a474a6f1 Fix Debian os_version detection 2015-12-14 15:09:40 -08:00
Teddy Reed
cfb44fdf09 Fix incorrect size of pointer in device_ tables
Limit max number of device_files to 10k
2015-12-14 15:09:34 -08:00
Teddy Reed
92719e7b48 Add OSX platform_info 2015-12-12 03:29:17 -08:00
Teddy Reed
70face8ac2 Add platform_info table for UEFI/ROM details 2015-12-12 01:55:14 -08:00
Teddy Reed
fdfe5f4d3f Add support for Linux SMBIOS/DMI EFI structure parsing 2015-12-11 23:18:04 -08:00
Teddy Reed
a99b62a31d Preserve atime and mtime by default for readFile 2015-12-11 22:18:45 -08:00
Teddy Reed
718ff77864 Extend fields of file_events 2015-12-11 10:26:36 -08:00
Teddy Reed
c6e9f0e321 Merge pull request #1724 from theopolis/faster_hashing
Speed up file hashing
2015-12-11 08:59:06 -08:00
Teddy Reed
98eb6a5055 Reorganize file_events into process_file_events 2015-12-11 00:58:22 -08:00
Teddy Reed
59750ec87d Speed up file hashing 2015-12-11 00:36:16 -08:00
Teddy Reed
1a1b07b5c6 Merge pull request #1716 from theopolis/pack_shards
[#1636] Add simple sharding to packs and pack queries
2015-12-10 17:37:57 -08:00
Lex Neva
e9c183d962 DRY for inotify event mask (we missed IN_MOVE) 2015-12-10 16:00:02 -05:00
Teddy Reed
9d394065e3 [#1636] Add simple sharding to packs and pack queries 2015-12-10 10:01:53 -08:00
Teddy Reed
309944c586 Configuration triggered publisher reconfiguration 2015-12-08 14:03:35 -08:00
Teddy Reed
6602a59b7d Change EventSubscriber API to include subscription references 2015-12-07 22:22:04 -08:00
Teddy Reed
b7650e5291 Remove passwd_changes and user_data from event callbacks 2015-12-07 17:47:38 -08:00
Teddy Reed
b88d6816f3 Additional TSK tables 2015-12-07 08:36:22 -08:00
Teddy Reed
ad07e07879 Make chrome extension identifiers easier to extract 2015-12-04 11:50:13 -08:00
Teddy Reed
1acba4dfa6 Merge pull request #1700 from theopolis/tsk2
TSK integration and example tables
2015-12-04 11:26:03 -08:00
Teddy Reed
373ce339dc TSK integration and example tables 2015-12-04 11:08:51 -08:00
Teddy Reed
e5bc6410ba Merge pull request #1697 from theopolis/fix_1660
[Fix #1660] Prevent spurious NETLINK recv retries
2015-12-02 23:56:39 -08:00
Teddy Reed
4dc6b9f0a3 [Fix #1660] Prevent spurious NETLINK recv retries 2015-12-02 23:33:20 -08:00
Teddy Reed
ffb5b7020e [Fix #1693, #1527] Add osquery-specific query planner output 2015-12-02 19:57:24 -08:00
Teddy Reed
ccff0c8c18 [Fix #1686] Add 'subject' and 'signing_algorithm' to certificates 2015-11-29 18:32:13 -08:00
Teddy Reed
2e57869d34 Merge pull request #1681 from theopolis/fix_1665
[#1665, #1615] Refactor user-based tables to act uniformly
2015-11-24 13:07:28 -08:00
Teddy Reed
35129a7af7 [#1665, #1615] Refactor user-based tables to act uniformly 2015-11-24 12:46:25 -08:00
Teddy Reed
5370fef950 Merge pull request #1678 from theopolis/audit_user_events
[#1497] Add user_events table based on audit user-type messages
2015-11-23 21:31:37 -08:00
Teddy Reed
07fd718e00 Add user_events table based on audit user-type messages 2015-11-23 18:13:31 -08:00
Teddy Reed
08c7911eb7 Merge pull request #1655 from theopolis/iokit_events
Rewrite OS X hardware events to use IOKit proper
2015-11-21 19:45:10 -08:00
Teddy Reed
6748fdb024 Rewrite OS X hardware events to use IOKit proper 2015-11-21 19:31:05 -08:00
Teddy Reed
7ca7974dfb Merge pull request #1668 from cdown/f/freebsd_uid
freebsd process table: Fix EUID/EGID to not use saved IDs
2015-11-21 11:19:36 -08:00
Teddy Reed
283f7c6d59 Fix clang analyze failures in signature table 2015-11-21 09:56:19 -08:00
Chris Down
d4d87a69ce freebsd process table: Fix EUID/EGID to not use saved IDs
It's not totally clear why saved IDs were used here. There is some precident in
sigar (https://github.com/hyperic/sigar), where they also use the saved UID,
but me and @wxsBSD are not really sure why. Maybe it's because kinfo_proc feels
different than similar structs on other Unices.

Fixes #1662.
2015-11-21 02:52:06 -08:00
Teddy Reed
8425010874 Merge pull request #1664 from stripe/andrew-better-homebrew
Determine Homebrew Cellar from binary
2015-11-20 16:06:30 -08:00
Andrew Dunham
161f8b9fd0 Determine Homebrew Cellar from binary
We look at the location of the Homebrew binary `brew` on disk, and use
the real path (i.e. path with all symlinks resolved) from that binary to
determine the Cellar.  This behavior mirrors that of Homebrew itself.
2015-11-20 15:15:18 -08:00
Teddy Reed
9ae53f2158 Merge pull request #1663 from cdown/f/saved_ids
Add saved UIDs and GIDs to process table
2015-11-20 14:35:20 -08:00
Teddy Reed
5cd040eb35 Merge pull request #1667 from theopolis/add_hash_check
Use a noexcept method of directory checking for hash
2015-11-20 14:24:43 -08:00
Teddy Reed
a72fa19536 Use a noexcept method of directory checking for hash 2015-11-20 13:32:56 -08:00
Teddy Reed
a673a793fe Merge pull request #1659 from PickmanSec/knownhosts
Added known_hosts table
2015-11-20 12:46:13 -08:00
Teddy Reed
16247f10e8 Merge pull request #1624 from PickmanSec/master
added authorized_keys table
2015-11-19 09:10:59 -08:00