valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 09:58:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,384 Commits 2 Branches 109 Tags 25 MiB
4ac9317f64
Commit Graph

2384 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Teddy Reed
4ac9317f64 Merge pull request #1613 from theopolis/fix_1611 
[Fix #1611] Prevent fs links in inotify path search
 2015-10-29 23:47:28 -07:00
Teddy Reed
2cf7543181 [Fix #1611] Prevent fs links in inotify path search 2015-10-29 23:19:07 -07:00
Teddy Reed
03357d9554 Merge pull request #1610 from PickmanSec/master 
added sh_history
 2015-10-29 14:30:39 -07:00
Michael George
fb545bb85e added sh_history 2015-10-29 10:53:04 -07:00
Teddy Reed
f7c0d49f6a Merge pull request #1604 from theopolis/prevent_dup_execve 
Only emit process events for 0-status execve
 2015-10-28 17:54:25 -07:00
Teddy Reed
c25d75386a Merge pull request #1606 from theopolis/flaky_tests 
Mark flaky integration tests
 2015-10-28 17:54:03 -07:00
Teddy Reed
cd8f42844a Mark flaky integration tests 2015-10-28 09:40:17 -07:00
Teddy Reed
db58ec5e44 Only emit process events for 0-status execve 2015-10-27 17:12:23 -07:00
Teddy Reed
0589d0395e Merge pull request #1601 from theopolis/fix_audit_proc_events 
Fix auditd message parsing
 2015-10-27 17:10:55 -07:00
Teddy Reed
a3067fcbb5 Fix auditd message parsing 2015-10-27 16:56:42 -07:00
Teddy Reed
689ec53a71 Merge pull request #1603 from theopolis/inotify_mod_only 
[#1600] Put inotify into a mod-only watch mode
 2015-10-27 16:53:59 -07:00
Teddy Reed
ba4eeb6a80 [#1600] Put inotify into a mod-only watch mode 2015-10-27 16:42:21 -07:00
Teddy Reed
7b53044437 Merge pull request #1602 from theopolis/daemon_require_rw 
[Fix #1583] Require osqueryd to have R/W access to RocksDB
 2015-10-27 16:21:12 -07:00
Teddy Reed
8ca2925ef0 [Fix #1583] Require osqueryd to have R/W access to RocksDB 2015-10-27 16:09:24 -07:00
Teddy Reed
811d578739 Merge pull request #1599 from theopolis/socket_events 
Refactor a bit of config and add socket_events table to Linux
 2015-10-27 15:30:15 -07:00
Teddy Reed
b81b6de6ae This refactors a bit of config/packs and adds a socket_events table to Linux. 
The refactor of config/packs was initiated because event subscribers needed
a method for toggling `::init` based on some configurable option. In the case
of auditd, turning on the support with `--disable_audit=false` used to start
auditing the EXECVE syscall. It was understandable that this would cause
latency based on the number of processes executing per measure of time.

A new `socket_events` table will do the same but for `bind` and `connect`. These
are less-obvious and for now, require a scan of /proc for socket tuples. In the
future this file descriptor to socket tuple will be faster.
 2015-10-27 15:13:02 -07:00
Teddy Reed
34f5f2cec1 Merge pull request #1598 from theopolis/fix_readfile_toctou 
Fix readFile TOCTOU error
 2015-10-26 12:51:29 -07:00
Teddy Reed
b8087a1b26 Fix readFile TOCTOU error 2015-10-26 01:21:05 -07:00
Teddy Reed
654830cf11 Merge pull request #1594 from rcseacord/additional-sign-fixes 
eliminated some warnings from Clang 3.7 analyze mode
 2015-10-23 13:03:54 -03:00
Mike Arpaia
4f8e3b2656 Merge pull request #1597 from raphdev/kernel-configure-target-fix 
Fixing kernel-configure-target syntax error
 2015-10-22 16:57:11 -07:00
Raphael Salas
025348d9de fixing kernel-configure-target syntax error 2015-10-22 13:13:49 -04:00
Robert C. Seacord
09481d0381 Fixed some type problems, casting away const, integer types, old style casts, etc. 2015-10-21 20:56:58 +00:00
Robert C. Seacord
1d9695ac31 eliminated some warnings from Clang 3.7 analyze mode 2015-10-21 06:02:58 +00:00
Robert C. Seacord
7a87be9ada more sign coversion errors 2015-10-20 06:08:01 +00:00
Robert C. Seacord
bee99d4291 quieted noisey diagnostics (again) 2015-10-20 02:55:29 +00:00
Robert C. Seacord
1d7877d120 remmoved fanitize compiler option 2015-10-20 02:51:57 +00:00
Javier Marcos
f201b65ef6 Merge pull request #1592 from javuto/update_centos_readme 
Removing link to Package CI job
 2015-10-19 17:45:18 -07:00
Teddy Reed
7ca9ae89be Merge pull request #1591 from theopolis/fix_ubuntu12_dpkg 
Fix Ubuntu12 libdpkg version discovery
 2015-10-19 17:21:56 -07:00
Javier Marcos
bc5e492193 Removing link to Package CI job 2015-10-19 16:28:56 -07:00
Teddy Reed
be61f9355c Fix Ubuntu12 libdpkg version discovery 2015-10-19 16:09:19 -07:00
Teddy Reed
c0257aa7d1 Merge pull request #1589 from theopolis/fix_1578 
[Fix #1578] Support OPENSSL_NO_SSV3
 2015-10-19 11:25:46 -07:00
Teddy Reed
7ba87a88bb Merge pull request #1585 from rcseacord/additional-sign-fixes 
Additional sign fixes
 2015-10-19 11:25:18 -07:00
Teddy Reed
c81ac80dc1 Merge pull request #1587 from sroberts/osx-flags-default 
OSX Default Flags
 2015-10-19 11:12:03 -07:00
Teddy Reed
8214dd1309 Merge pull request #1584 from theopolis/fix_1580 
[Fix #1580] Handle exceptions in linux process_memory_map
 2015-10-19 09:28:16 -07:00
Teddy Reed
f891503cd9 Merge pull request #1577 from nemith/dpkg 
Support for newer versions of libdpkg
 2015-10-19 09:24:37 -07:00
Teddy Reed
30bcb66212 Merge pull request #1588 from theopolis/file_table_change 
Remove boolean type-columns from file in favor of 'type'
 2015-10-19 09:23:52 -07:00
Scott J Roberts
1258800279 basic flag added 
wrong thing on the clipboard

updated to ProgramArguments vs Program per theopolis
 2015-10-19 11:56:12 -04:00
Javier Marcos
d6f7d48fcc Merge pull request #1590 from javuto/update_readme 
Updating status icons for master builds
 2015-10-18 23:22:28 -07:00
Javier Marcos
60e4d4c444 Updating status icons for master builds 2015-10-18 23:14:34 -07:00
Teddy Reed
00875988dc Use native OS X version as min ABI 2015-10-18 20:47:09 -07:00
Teddy Reed
2bd6398b53 [Fix #1578] Support OPENSSL_NO_SSV3 2015-10-18 20:47:06 -07:00
Teddy Reed
bc50c053fb Remove boolean type-columns from file in favor of 'type' 2015-10-17 12:16:54 -07:00
Robert C. Seacord
e57828aac3 changes for integer sign problems 2015-10-17 00:18:35 +00:00
Teddy Reed
3cc7984cc2 [Fix #1580] Handle exceptions in linux process_memory_map 2015-10-16 16:59:23 -07:00
Robert C. Seacord
acb2f6f628 eliminating diagnostics, mostly for comparisons between signed and unsigned operations 2015-10-16 16:10:37 +00:00
Robert C. Seacord
37b8e83a9e fixes for problems related to unsigned to signed integer comparisons 2015-10-16 16:10:36 +00:00
Robert C. Seacord
0a6a36485c redeclared i from int to size_t in two locatoins to eliminate several signed to unsigned comparisons 2015-10-16 16:10:36 +00:00
Robert C. Seacord
8030866add Update reading-files.md 
The smaller example was not going to compile because kPath was not defined.
 2015-10-16 16:10:36 +00:00
Teddy Reed
3f8cb14fbb Merge pull request #1579 from nemith/segv 
Fix segfault on interfaces tables
 2015-10-15 17:58:04 -07:00
Brandon Bennett
f683871653 Fix segfault on interfaces tables 
getifaddrs(3) states that ifa_addr can be null. Check to make sure they are not null before accessing them
 2015-10-15 16:53:14 -06:00