valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 10:23:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,021 Commits 2 Branches 109 Tags 25 MiB
48cb4d555d
Commit Graph

3021 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Teddy Reed
48cb4d555d Add systemLog API (#2229) 
This includes a minor SDK refactor as it move quite a few specialized
functions and facilities from core.h into system.h. There was a breaking point
for needing to frequently update core includes.

The new logger systemLog function allows a call site to bypass logging config
and write a line to the OS logger (aka syslog).
 2016-07-07 15:16:28 -07:00
Michael George
f0108ac901 update osx_attacks with Backdoor.MAC.Eleanor with fixes (#2226) 2016-07-07 15:14:27 -07:00
Javier Marcos
43dd75eb59 Adding folder signature for iWorm OSX malware (#2231) 2016-07-07 15:14:01 -07:00
Teddy Reed
6852122af9 Force RocksDB to sync writes for non-event domains (#2228) 
RocksDB is the default "database" plugin. Writes are normally kept in an
in-memory memtable. Writes that are not part of the event pubsub system can
be forced to sync to disk.
 2016-07-07 14:08:12 -07:00
Chris Long
1e9aa1a49c Adding Aobo Keylogger and OSX_Keydnap to osx-attacks (#2230) 2016-07-07 14:04:05 -07:00
Ryan Holeman
88053a08b4 Optional top level decorator functionality (#2177) 2016-07-06 15:31:59 -07:00
Tony
aa714d4c77 Add ability to provision Arch Linux (#2215) 2016-07-06 15:02:58 -07:00
Zachary Wasserman
8909602a40 Increase block period in flaky BufferedForwarder test (#2222) 
This test was intermittently failing because it relies on the actual thread
scheduling. Our discussion in issue #2218 decided that it was worth keeping the
test around, while trying to mitigate the flakiness. The longer sleeps in this
test ran successfully hundreds of times in local testing.
 2016-07-06 14:59:24 -07:00
Teddy Reed
21d1fca37d Add shutdown method to extensions (#2224) 
This alters the osquery.thrift spec to add a ::shutdown method to the
Extension class. The ExtensionManager inherits from this but includes a
no-op shutdown method.

When an ExtensionManager (osquery core) stops, it optionally requests all
Extensions to shutdown immediately. This helps quit extensions processes
faster.
 2016-07-06 12:23:24 -07:00
artemdinaburg
bede048323 Merge posix/windows processes table into single entity (#2220) 2016-07-05 21:18:14 -07:00
Omer Katz
2eb4a75884 Bump AWS SDK to 0.12.17 (#2214) 2016-07-05 20:26:24 -07:00
Teddy Reed
24f757850e Add link_whole to generated TARGETS file (#2219) 2016-07-05 17:58:06 -07:00
Teddy Reed
f740a1f020 Fix SQLite access after ASIO usage (#2217) 
Using the boost ASIO libraries before calling SQLite open causes the
"file://" protocol to be rewritten with a prepended CWD.
 2016-07-05 12:56:38 -07:00
artemdinaburg
e6fbde820e Windows Daemon/Shell: Make osquery code more Windows-friendly (#2188) 2016-07-01 14:56:07 -07:00
Teddy Reed
8dfe79ad83 Use a noexcept lexical_cast for SQL type conversions (#2212) 2016-07-01 11:37:19 -07:00
Teddy Reed
3b2c489374 Use libuuid from e2fsprogs for codegen TARGETS (#2213) 2016-07-01 11:36:42 -07:00
Teddy Reed
662b1483d5 Remove unused variable in virtual_table (#2210) 2016-06-30 18:41:43 -07:00
Teddy Reed
ca3cc5cf03 Silence ccache and clang warnings (#2209) 2016-06-30 18:41:32 -07:00
Teddy Reed
1f9739eed4 [Fix #2203] Restore extension respawn limits to 20s (#2207) 2016-06-30 17:53:05 -07:00
Teddy Reed
753c023640 Fix milli/micro conversion when waiting for active plugins (#2205) 2016-06-30 13:31:32 -07:00
artemdinaburg
5292100c22 Use vector.data() to get internal vector buffers (#2204) 2016-06-30 12:32:26 -07:00
Teddy Reed
3422a44d83 Run profile on all POSIX tables (#2202) 2016-06-30 11:58:55 -07:00
Teddy Reed
9756713e36 Adds -fpermissive and fixes 'using' for anon struct (#2200) 2016-06-29 20:15:58 -07:00
Omer Katz
f848679b63 Use ccache when available to speed up compilation. (#2178) 2016-06-29 10:18:52 -07:00
artemdinaburg
c20c91f2e5 CMake changes to build Windows tables (#2194) 
This PR implements the CMake changes to build Windows tables, and serves as a follow-on to PR
 2016-06-28 11:19:32 -07:00
artemdinaburg
864d77b180 Windows Daemon/Shell: Windows Processes Table (#2184) 
Include table changes necessary for a Windows processes table and changes to other tables needed for daemon and shell to run. The Windows processes table uses WMI as a backend to gather information. This commit does not yet build these tables.
 2016-06-28 11:07:34 -07:00
Teddy Reed
47e1a5ba74 Use noexcept boost::filesystem overloads (#2195) 2016-06-27 16:39:04 -07:00
Teddy Reed
3472b7cc32 Add bash and python to make packages calls (#2193) 2016-06-27 16:19:08 -07:00
Nick Anderson
72df044ef5 Adding check for nullptr before dereferencing. This fixes #2185 (#2187) 2016-06-24 13:59:49 -07:00
artemdinaburg
b7aad5a2c3 Install new requires packages and link to them in CMake (#2183) 2016-06-24 08:47:48 -07:00
artemdinaburg
d4a3fe2452 Windows Daemon/Shell: Initial support for Windows tables (#2182) 
Preparation for Windows Tables. We need a Windows process table so that the daemon will run
 2016-06-23 16:04:11 -07:00
Teddy Reed
c8c67c455a Simplify watchdog limits configuration (#2173) 2016-06-19 23:27:16 -07:00
Teddy Reed
9a4b6ba1a8 [Fix #2161] Remove space and quotes from launch daemon (#2174) 2016-06-19 23:25:09 -07:00
d-yokoi
97f2850967 fix a typo error on the doc for building (#2172) 2016-06-19 23:24:42 -07:00
Ryan Holeman
b47f246ab4 Optional randomization of shard ids for AWS Kinesis load balancing (#2157) 2016-06-15 15:29:59 -07:00
Gary
498f64437a Copy service unit configuration to Ubuntu Xenial default location (#2163) 2016-06-15 13:21:33 -07:00
yying
d2d9a27845 [Fix #2165] Use noexcept boost methods in PlatformFile (#2167) 2016-06-15 10:23:48 -07:00
Teddy Reed
231000ca4b Add SQL and Process Auditing to wiki index (#2168) 2016-06-14 19:30:28 -07:00
Zachary Wasserman
79818c72ab Add newlines in firehose records (#2166) 2016-06-14 16:50:28 -07:00
Gary
5eee608f62 Fixed bash griefing over postifx-compatible conditional compounds (#2159) 2016-06-10 16:37:56 -07:00
Nick Anderson
cf30388705 Moved test_utils to it's own directory out of core. Updated references (#2154) 2016-06-09 10:49:26 -07:00
Teddy Reed
866ff13fc3 Fix OS X kernel extension autoload (#2151) 2016-06-08 11:14:36 -07:00
Teddy Reed
63db493e4f Update AWS-SDK build to 0.12.5 (#2148) 2016-06-07 19:04:22 -07:00
Ryan Holeman
deb9c56633 Changed stream validation from list streams to describe streams (#2141) 2016-06-07 17:17:15 -07:00
Teddy Reed
78c8e8eca9 Minor cleanups to extension autoloading (#2147) 2016-06-07 17:14:17 -07:00
Teddy Reed
91b34010df Allow table specs to use multiple row indexes (#2146) 2016-06-07 17:13:48 -07:00
Ryan Holeman
5dd2a54f39 Ability to add default configs and postinstall scripts to deb/rpm packages (#2142) 2016-06-07 15:09:08 -07:00
Zachary Wasserman
462cd8bdbf Update AWS logger code for AWS SDK 0.12.4 (#2140) 
The AWS SDK changed how custom HTTP clients are used, and this commit brings
compatibility with the new initialization style.
 2016-06-07 15:06:49 -07:00
yying
9879733867 Filesystem Abstractions - Integrations (#2128) 
* Integrated filesystem operation abstraction code into filesystem.cpp
* Modified filesystem unit tests to be more platform agnostic
* Added append mode for PlatformFile
* Minor bug fixes in filesystem operations
 2016-06-07 14:08:50 -07:00
Teddy Reed
a8d6bc7c58 Use self-process for query join tests (#2144) 2016-06-07 13:01:07 -07:00