valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 18:33:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,330 Commits 2 Branches 109 Tags 25 MiB
4bca1c52e0
Commit Graph

1330 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mike Arpaia
93c117db67 Merge pull request #643 from marpaia/sizeof-rebase 
Use sizeof with memcpy and memset
 2015-01-20 13:30:44 -08:00
Zachary Wasserman
ee798cdde7 Use sizeof with memcpy and memset 
I'd like to make sure we use expressions of sizeof to relate buffer
sizes to memcpy and memset. This should make modifying the code less
error prone.

Conflicts:
	osquery/tables/system/darwin/nvram.cpp
 2015-01-20 12:36:36 -08:00
Mike Arpaia
f8cccc4528 Merge pull request #642 from marpaia/nfs-foobar 
NFS table for darwin systems
 2015-01-20 12:26:02 -08:00
Mitchell Grenier
053fcc28ef More minor changes to address marpias requests 2015-01-20 12:13:10 -08:00
Mitchell Grenier
b8b1837bd6 Replaced loop with auto iterator, eliminating need to dereference 2015-01-20 12:13:10 -08:00
Mitchell Grenier
d2fe1826ae Minor code change and clang-format 2015-01-20 12:13:10 -08:00
Mitchell Grenier
34e6bd45c3 Addressed @marpia s changes 2015-01-20 12:13:10 -08:00
Mitchell Grenier
b9c477080f NFS Table for darwin systems. 
Currently table readonly field is a string, this may change in the future to an
integer to stay consistent with other parts of osquery.
 2015-01-20 12:13:09 -08:00
Teddy Reed
416198732a Merge pull request #631 from jedi22/sha-hashs 
Added SHA1 and SHA256 in Hash Table
 2015-01-20 11:24:43 -08:00
Teddy Reed
716aa41c15 Separate IOKit devicetree from registry 2015-01-20 11:15:20 -08:00
Mitchell Grenier
8f407a1e8f Moving commits around for efficientcy 2015-01-20 10:49:58 -08:00
Teddy Reed
6083de7618 Merge pull request #639 from theopolis/routes_cleanup 
Remove gotos from linux routes
 2015-01-19 18:54:26 -08:00
Teddy Reed
5f8eccb3f3 Remove gotos from linux routes 2015-01-19 18:06:34 -08:00
Teddy Reed
d3a5e41f46 Merge pull request #638 from theopolis/nvram_cleanup 
Remove goto/sprintf from NVRAM parsing
 2015-01-19 17:34:05 -08:00
Teddy Reed
8475522e76 Remove goto/sprintf from NVRAM parsing 2015-01-19 17:10:40 -08:00
Teddy Reed
9f4c36bab9 Merge pull request #636 from theopolis/linux_acpi 
Add basic acpi_tables hashing to Linux
 2015-01-18 00:16:04 -08:00
Teddy Reed
066b7d78d9 Add basic acpi_tables hashing to Linux 2015-01-17 23:02:14 -08:00
Teddy Reed
b8cb9b69b7 Merge pull request #635 from theopolis/simple_compiler 
Use clang for C/C++ compiler
 2015-01-17 20:33:31 -08:00
Teddy Reed
f3341c0f72 Use clang for C/C++ compiler 2015-01-17 18:44:17 -08:00
Javier Marcos
29325cf893 Merge pull request #634 from facebook/removing_glog_install 
Fix for #611, CentOS compilation error and removing system wide glog install
 2015-01-17 18:35:52 -08:00
Teddy Reed
09ce5099b2 Merge pull request #632 from theopolis/osx_boot_info 
OSX IOKit registry and ACPI table data
 2015-01-17 17:56:51 -08:00
Teddy Reed
545a6b0930 Merge pull request #629 from marpaia/cmdline-whitespace-fix 
Fix for #628
 2015-01-17 17:51:06 -08:00
Teddy Reed
380e680064 Merge pull request #633 from theopolis/qc_stacking 
[Fix #630] Clear stacking index plans
 2015-01-17 17:49:47 -08:00
Javier Marcos
a324a22fbc Fix for #611, CentOS compilation 2015-01-17 17:23:41 -08:00
Mitchell Grenier
c1a1013e5a Minor code changes and namespacing 2015-01-16 12:03:23 -08:00
Teddy Reed
ba716712cf [Fix #630] Clear stacking index plans 2015-01-16 06:47:32 -08:00
Teddy Reed
1df958c583 ACPI tables for OSX 2015-01-15 21:37:02 -08:00
Mitchell Grenier
e6e722dd17 Modifed config.cpp to not use the old MD5 implementation 2015-01-15 17:40:42 -08:00
Mitchell Grenier
570c6a32f3 Moved hashing functions into core. #include<osquery/hash.h> 2015-01-15 17:16:05 -08:00
Mitchell Grenier
c13a0e79a5 Most hashing stuff working though rerun bug is still plaguing the queries 2015-01-15 15:06:30 -08:00
mike@arpaia.co
cdc3bfa6e0 Adding whitehat information to README 
close #627
 2015-01-15 13:59:46 -08:00
Teddy Reed
803204a9dd iokit_registry table 2015-01-15 12:53:46 -08:00
mike@arpaia.co
aef517a29e Fix for #628 2015-01-15 12:11:25 -08:00
Teddy Reed
7eba35514e Merge pull request #621 from theopolis/qc_join 
[Fix #620] Add query plan estimates bias toward constraints
 2015-01-14 00:52:34 -08:00
Teddy Reed
663e481d9e [Fix #620] Add query plan estimates bias toward constraints 2015-01-13 21:17:15 -08:00
Teddy Reed
6bd6fce8f5 Merge pull request #614 from maus-/initscript 
Added basic init script
 2015-01-13 19:06:13 -08:00
Teddy Reed
dc292a867e Merge pull request #618 from theopolis/iokit_silence 
Treat IOKit HID failures as warnings
 2015-01-13 19:04:28 -08:00
Teddy Reed
367709429e Treat IOKit HID failures as warnings 2015-01-13 17:25:11 -08:00
maus-
93e03b5553 Rename osquery.initd to osqueryd.initd 2015-01-13 16:39:00 -08:00
maus-
d5e6d3eab8 Delete osqueryd.initd 2015-01-13 16:38:49 -08:00
maus-
d16af10d23 Cleaned up wording 2015-01-13 16:38:11 -08:00
Teddy Reed
4db7c90758 Merge pull request #608 from theopolis/linux_ports 
Moved socket_inode on Linux to process_open_files
 2015-01-13 14:54:35 -08:00
Teddy Reed
a709a34220 Merge pull request #605 from theopolis/fix_599 
[Fix #599] Rename kextstat->kernel_extensions
 2015-01-13 14:53:32 -08:00
Teddy Reed
47d5a795a9 Merge pull request #613 from theopolis/qc_tests 
QueryContext unit tests and splay/config updates
 2015-01-13 14:28:25 -08:00
Teddy Reed
b6e72c2f01 Merge pull request #615 from theopolis/centos_makeinfo 
Add texinfo to CentOS provision
 2015-01-13 14:19:35 -08:00
Teddy Reed
ac0f2f96e4 Split OSX process_open_files into files/sockets 2015-01-13 11:05:54 -08:00
Teddy Reed
f0eec6fbe3 Adding listening_ports to Linux 2015-01-13 09:51:40 -08:00
Teddy Reed
bb6f313c6c Moved socket_inode on Linux to process_open_files 2015-01-13 08:26:47 -08:00
maus-
112425feed Updated as per your notes 
A couple of things to note

The script still makes the assumption of having a config in /etc/osquery/osquery.conf however it now checks to see if there is the default example config in /usr/share/osquery/osquery.example.conf and alerts the user that it's using the default. 

To prevent having the pidfile being set in two different locations, it would be nice if the osqueryd application settings could be stored with the standard key=value approach. This would allow the init script to source the config at runtime. The downside however would that the init script still makes the assumption that the location of osquery.conf is standardized. 

I'm not really sure why the pidfile needs to go in the osquery directory anyway, considering most pidfiles for daemons like this typically exists in /var/run/$program.pid which actually would be a nicer default as it removes the requirement of having the folder there in /var. I'd prefer to not keep osquery in /var anyway. 

same goes for the lockfile. Typically you'd never bother with this setting and you'd keep it in /var/lock/subsys/$progname
 2015-01-12 16:25:38 -08:00
Teddy Reed
eaad95b181 Add texinfo to CentOS provision 2015-01-12 15:38:16 -08:00