Teddy Reed
68e68b1d6a
deps: Add yara 3.5.0 and sleuthkit 4.3.0 bottles ( #2565 )
2016-09-28 17:39:33 -07:00
Nick Anderson
71bd3b6416
Adding gates to non-implemented windows tests ( #2563 )
2016-09-28 17:15:24 -07:00
Lennart Espe
ae4a09ac0f
Update yara to version 3.5.0 ( #2546 ) ( #2552 )
2016-09-28 14:16:39 -07:00
Teddy Reed
b895c6a988
Reduce several INFO logs to VLOGs and increase size-INTEGERs to BIGINT ( #2559 )
2016-09-28 12:38:35 -07:00
Fedor Sumkin
165e19e394
Fix for directories with spaces in path ( #2555 )
2016-09-28 12:01:58 -07:00
Daniel Bayerlein
80de6e3d3b
Update sleuthkit to v4.3.0 ( #2545 ) ( #2557 )
2016-09-28 12:00:07 -07:00
Liu Xinan
101574ad51
Fix sign-compare warnings in tests ( #2554 )
2016-09-28 08:47:24 -07:00
Michael McGrew
b77c217a80
Rename products.cpp to programs.cpp ( #2541 )
2016-09-27 19:43:24 -07:00
Teddy Reed
7e9088e008
[ #2542 ] Introduce --enable_syslog to explicit enable syslog ingestion ( #2543 )
2016-09-27 17:35:21 -07:00
Zachary Wasserman
666198909a
Add missing host_identifier in TLS enrollment request documentation ( #2538 )
2016-09-27 14:41:54 -07:00
Michael McGrew
0473043c3a
Rename programs table to correct file name ( #2537 )
2016-09-27 14:41:24 -07:00
yying
7b5365d986
Ability to parse arguments for Windows Services ( #2536 )
2016-09-27 14:40:44 -07:00
Teddy Reed
f21f931d40
Add option for status-only secondary logger plugins ( #2534 )
2016-09-27 03:33:58 -07:00
Teddy Reed
c95ca50870
[ #2532 ] Handle potential test errors 'Address family not supported' ( #2533 )
2016-09-27 02:40:10 -07:00
Teddy Reed
a3477aa5dd
docs: Windows 10 badge/install/flags ( #2531 )
2016-09-27 02:27:41 -07:00
Teddy Reed
ff2e1a182f
Initialize VirtualTableContent attributes ( #2530 )
2016-09-26 23:52:25 -07:00
Teddy Reed
6842797bf5
Create temp directory and fail over to user home ( #2529 )
2016-09-26 23:44:50 -07:00
Teddy Reed
257535e5a2
Correct config-loaded meaning to be has-run-load ( #2528 )
2016-09-26 22:34:03 -07:00
Teddy Reed
4d1451c9b4
Add extensions SDK incompatibility checking ( #2527 )
2016-09-26 17:32:41 -07:00
Zachary Wasserman
9216ed8275
Make syslog rate limit configurable by flag ( #2526 )
2016-09-26 17:31:22 -07:00
Teddy Reed
7aa1762f52
Promote host UUID to version 2 ( #2525 )
2016-09-26 12:30:05 -07:00
Nick Anderson
3a351ebf43
Adding windows system_info virtual table ( #2521 )
2016-09-26 11:08:57 -07:00
Teddy Reed
17b89fc182
Refactor events and remove 10/3600 indexes ( #2523 )
2016-09-25 22:19:31 -07:00
Teddy Reed
97bc369b6a
Attempt to query platform UUID on Linux ( #2522 )
2016-09-25 17:55:02 -07:00
Nick Anderson
8fd1ba9004
Adding the windows users virtual table ( #2506 )
2016-09-24 18:18:40 -07:00
Teddy Reed
64797ffadf
Restrict regular file checking of TLS pinned cert to Windows ( #2520 )
2016-09-23 20:44:06 -07:00
yying
bb7d558681
Update service status to prevent "Terminated Unexpectedly" error ( #2515 )
2016-09-23 20:05:56 -07:00
Teddy Reed
53b32b2aa0
deps: Update OS X asio, openssl, thrift ( #2519 )
2016-09-23 19:49:41 -07:00
lambda-conjecture
49d939b93d
Fix update of event plugins when config fails to load at startup ( #2507 )
2016-09-23 19:30:33 -07:00
Nick Anderson
e167619bfa
Adding kernel panics table ( #2488 )
2016-09-23 19:04:50 -07:00
Teddy Reed
2a7824e583
deps: Add ccache to provision ( #2518 )
2016-09-23 18:01:15 -07:00
Teddy Reed
bcd90070ae
Remove time-override for events add API ( #2508 )
...
This will remove the use of current time for syslog.time and introduce
a new column called 'datetime'.
Events now uses an "optimize_id" alongside "optimize" to prevent returning
colliding events added within the same second as the previous genTable call.
2016-09-23 16:46:02 -07:00
Teddy Reed
e663cb32b6
Gate the default dependency path to Linux ( #2512 )
2016-09-23 16:20:03 -07:00
Michael McGrew
30c17885ad
New windows tables ( #2451 )
2016-09-23 14:33:44 -07:00
Teddy Reed
bc09fee04d
deps: cppcheck and zzuf ( #2516 )
2016-09-23 13:25:16 -07:00
Jason Ogden
ee3ce66465
Extended crontab table to support files in /etc/cron.d/ ( #2517 )
...
merge dis in
2016-09-23 13:03:27 -07:00
Teddy Reed
62edfd46fe
Toggle --utc to true ( #2504 )
2016-09-23 10:14:27 -07:00
Teddy Reed
dabf025bd6
Update bottles: asio, libgpg-error, openssl, thrift, zlib ( #2511 )
2016-09-23 08:22:14 -07:00
Nick Anderson
83442532d7
Added flagfile to Windows service install ( #2509 )
2016-09-22 17:44:21 -07:00
Seshu Pasam
0f555c010d
Use special base value of '0' that can handle values starting with 0x ( #2505 )
2016-09-22 13:32:45 -07:00
Nick Anderson
2626f8cf46
Fixed Thrift exit verbosity in Windows ( #2500 )
2016-09-21 18:54:03 -07:00
Teddy Reed
53b73d99c7
[ Fix #2483 ] Lock registry manipulation while setting active plugins ( #2499 )
2016-09-21 18:04:58 -07:00
Teddy Reed
92a68b514e
Add PYTHONPATH to brew environment for Python postinstall ( #2502 )
2016-09-21 18:04:22 -07:00
Teddy Reed
6ac58f17d6
Remove extensions retry and introduce watcher retry ( #2498 )
2016-09-21 16:17:30 -07:00
Teddy Reed
1a43d4e4c3
Reorganize analysis tools/artifacts into analysis ( #2497 )
2016-09-21 15:15:25 -07:00
Teddy Reed
36cf429b0e
Prefer the osquery dependencies root for Python tests ( #2496 )
2016-09-21 13:36:07 -07:00
Teddy Reed
a6589c49e3
[ Fix #2482 ] Use atomic member in Dispatcher tests ( #2494 )
2016-09-21 10:52:52 -07:00
Teddy Reed
94df7cb691
Build OpenSSL with no-asm to remove AVX2 dependency ( #2493 )
...
To support machines without AVX2 features we need to avoid compiling
and linking the dependent instructions found the ASM implementations
of some OpenSSL crypto algorithms.
Additionally, we are removing the SSL3 methods from our OpenSSL build.
The osquery TLS plugins explicitly define a cipher list that excludes
SSL3, but as an extra measure (for plugins not using our transports)
we remove it from ASIO and Thrift too.
2016-09-21 10:37:07 -07:00
Teddy Reed
f87e9df38f
[ #2491 ] Add Homebrew contributors license ( #2492 )
2016-09-21 09:16:06 -07:00
Nick Anderson
2abdd120a7
Small fixes to PSScriptAnalyzer install verbosity ( #2489 )
2016-09-20 17:45:43 -07:00
