valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 18:08:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,440 Commits 2 Branches 109 Tags 25 MiB
52f310a5a8
Commit Graph

131 Commits

Author SHA1 Message Date
yying
6eb3cc4f9a Refactored timer functionality in osquery shell (#2290) 2016-07-25 15:35:34 -07:00
yying
0ef284b8e7 Changes to make osqueryd/osqueryi mostly build sans cputime/uptime tables (#2283) 2016-07-25 11:58:55 -07:00
Teddy Reed
c4acfe89e5 Introduce table aliases (#2104) 2016-05-19 09:40:43 -07:00
Teddy Reed
0ffe0c9d16 Add --pack flag to the shell (#2093) 
This introduces a new testing-related flag to the osqueryi shell.
The --pack flag takes a single argument, the name of a configured pack.

To list the configured packs try:
$ osqueryi -A osquery_packs

To run all queries, immediately and serially, try:
$ osqueryi --pack NAME_OF_PACK
 2016-05-12 09:22:05 -07:00
Teddy Reed
ebb0ab30ce Fix shell's --profile switch 2016-03-20 16:05:13 -07:00
Teddy Reed
15a998e54f Use the default shutdown flow within extensions 2016-03-20 01:45:49 -07:00
Teddy Reed
a6c147700f Allow NULL values, stop using -1 as int/double invalid values 2016-03-09 18:24:17 -08:00
Teddy Reed
677c448dea Merge pull request #1897 from theopolis/remove_rdb 
Refactor backing storage
 2016-03-06 21:09:23 -08:00
Teddy Reed
afd17f8134 1. Reorganize RocksDB database handle into a plugin 
2. Introduce a SQLite-based database plugin
3. Refactor database usage to include local 'fast-calls'
4. Introduce an 'ephemeral' database plugin for testing (like a mock)
 2016-03-06 20:40:16 -08:00
Teddy Reed
8c3d2387e9 Add define to enable SQLite WHERETRACE 2016-03-04 20:41:06 -08:00
Teddy Reed
b21c2ed943 [#1816] Refactor DB instance management 2016-02-25 19:07:52 -08:00
Teddy Reed
15b037542e Merge pull request #1850 from theopolis/consolidate_conversions 
Consolidate string/text conversions outside of API
 2016-02-13 09:53:03 -08:00
Teddy Reed
8dc0fc1c95 Consolidate string/text conversions outside of API 2016-02-12 11:38:15 -08:00
Teddy Reed
dfbe049357 Exit shell with CTRL+C 2016-02-11 22:04:53 -08:00
Baraa Hamodi
21c2237eca [osquery] Update copyright headers to new format. 2016-02-11 11:48:58 -08:00
Teddy Reed
cf22d4c60e Fix -A/.all contention via do_meta_command 2016-02-06 19:20:25 -08:00
Teddy Reed
7f37304c77 Refactor dispatcher shutdown logic 2016-02-05 01:29:42 -08:00
Teddy Reed
3004df5a50 Use custom logger for RocksDB 2015-12-15 20:49:33 -08:00
Teddy Reed
d27a7ecc4c Fix clang warnings, promote warnings to errors 2015-11-01 02:12:07 -08:00
Robert C. Seacord
0a6a36485c redeclared i from int to size_t in two locatoins to eliminate several signed to unsigned comparisons 2015-10-16 16:10:36 +00:00
Sharvil Shah
fc6865b8a9 Remove unused functions/macros/variables from shell and misc hardening 2015-08-29 22:08:01 -07:00
Alex Gaynor
e9dca0ef4d Fixed #1392 -- removed non-existant modes from .mode's help 2015-07-26 13:34:08 -04:00
Teddy Reed
6011ad06eb Fix small issue with printing 2015-06-28 11:18:35 -07:00
Teddy Reed
e7ab2fc47b Limit scope of git/tag version defines. 
Harden plist parsing against internal fuzzing tests.
Improve file/stream read speeds.
 2015-06-12 10:10:20 -07:00
Teddy Reed
8b3686a58a TLS plugin workflow tests 2015-05-26 19:55:00 -07:00
Teddy Reed
2a1f496cc5 Towards TLS config/logging 2015-05-19 17:05:55 -07:00
Mike Arpaia
fff36af0af Removing trailing whitespace 2015-05-11 23:31:13 -07:00
Teddy Reed
3e9f40f73f [Fix #1121] Minify shell table/schema, add meta tests 2015-05-09 19:48:28 -07:00
Teddy Reed
893f678403 Linting and asan fixups 2015-05-04 11:00:21 -07:00
Teddy Reed
2c5cbdee63 Various shell fixups 2015-04-27 16:40:05 -07:00
Teddy Reed
beb28a3f96 Merge pull request #1051 from theopolis/slim_shell 
Remove unpopular features from shell
 2015-04-27 10:53:55 -07:00
Teddy Reed
be65922569 Fast tests 2015-04-27 09:40:31 -07:00
Teddy Reed
149cc8594b Remove unpopular features from shell. 
Remove modes: HTML, Tabs, Explain.
Remove stats (meaningless for virtual tables).

Use the osquery SQLite DB manager within meta and shell SQL
execution to allow registry/extensions non-locking access.

This allows existing runtime DB manipulators to prefer a locking
modifier. Currently these manipulators will fallback to a more
transient db instance. The effect was, no shell-accessible runtime
created virtual tables.
 2015-04-26 18:54:27 -07:00
Steven Hilder
0937a92cd1 Fix --csv flag in osqueryi shell 2015-04-23 21:32:14 +00:00
Teddy Reed
c59ce0e4e4 Lint fixes and clang analyze 2015-04-17 09:18:46 -07:00
Teddy Reed
79ddc5ba38 Remove unused shell functions 2015-03-19 16:14:29 -07:00
Teddy Reed
91dce32095 Speed up shell and add max value size 2015-03-18 15:07:13 -07:00
Teddy Reed
95a9716e02 Remove shell tools from daemon 2015-03-04 23:21:16 -08:00
Teddy Reed
16832ba72c Merge pull request #766 from theopolis/logs 
Improved logging control
 2015-02-17 16:37:50 -08:00
Teddy Reed
1f8dacec3c Add flag aliasing, logger/flag tests 2015-02-17 16:26:14 -08:00
Mitchell Grenier
e3a1c0638d Added osquery version to .version because it makes sense 2015-02-17 11:18:28 -08:00
Teddy Reed
ed9bae29b7 Organizing headers/build for SDK 2015-02-03 14:59:32 -08:00
Teddy Reed
9c1faec090 Isolate glog include and depend on libglog for #652 2015-01-21 13:37:06 -08:00
Theodore M. Reed
53d683a3b3 Remove tables dependency from CMake build 2014-12-23 14:37:07 -08:00
mike@arpaia.co
b9f732c31f Updating the license comment to be the correct open source header 
As per t5494224, all of the license headers in osquery needed to be updated
to reflect the correct open source header style.
 2014-12-18 10:52:55 -08:00
Teddy Reed
f8cc579d36 Fix json results clear 2014-12-07 15:53:37 -07:00
Teddy Reed
78ecc73d81 Add -json output mode for shell 2014-12-06 18:22:48 -07:00
Teddy Reed
7c738c8497 Codemod to improve include search paths 2014-12-03 15:14:02 -08:00
Teddy Reed
f4337243ec Towards simple table generation 2014-12-02 20:36:46 -08:00
Teddy Reed
fc69ccf22a [Fix #422] Workaround for multiple selects 2014-12-01 02:27:51 -07:00
mike@arpaia.co
8f50cae3aa clang-format on the codebase 
Periodic clang-format run.
 2014-11-25 09:05:16 -08:00
mike@arpaia.co
a8832482b3 implementation for #360 2014-11-12 16:51:14 -05:00
mike@arpaia.co
b423286297 failing test 2014-11-12 16:30:18 -05:00
Teddy Reed
b0ff403d3d Fixing librpm API usage leaks 2014-11-10 01:48:07 -08:00
Teddy Reed
84cc45a366 SQLite DBfile not needed 2014-11-09 01:01:17 -08:00
Teddy Reed
078d4cf7d2 Refector shell flags/versioning 2014-11-08 20:27:28 -08:00
Teddy Reed
dc77df602e [format] Cleanup various PRs not run through clang-format 2014-11-03 17:57:01 -08:00
Teddy Reed
24b7be320c Fix #328, add gflags defines for shell-internal flags 2014-11-02 15:40:35 -08:00
Teddy Reed
0604b3a5e0 Fix 301, pragma cols pretty print 2014-10-31 10:19:49 -07:00
Teddy Reed
bcca0824b0 Fix memset/memcpy for pretty print in osqueryi 2014-10-30 18:07:32 -07:00
yetanotherhacker
8cee7e0b3c Spelling fixes in comments and output. 2014-10-30 04:27:00 -04:00
mike@arpaia.co
ce5d53e169 fixing the shell text [skip ci] 2014-10-13 17:23:20 -07:00
mike@arpaia.co
660ef01777 iostream in shell 2014-10-03 13:48:31 -07:00
mike@arpaia.co
7076aa813c SQL class for executing queries 
implements #141
 2014-09-26 00:28:18 -07:00
mike@arpaia.co
636ced854f Pretty shell results 
Example:

```
osquery> select name, program || program_arguments as executable from launchd limit 5;

+----------------------------------+-------------------------------------------------------------------------------+
| name                             | executable                                                                    |
+----------------------------------+-------------------------------------------------------------------------------+
| bootps.plist                     | /usr/libexec/bootpd                                                           |
| com.apple.afpfs_afpLoad.plist    | /System/Library/Filesystems/AppleShare/afpLoad                                |
| com.apple.afpfs_checkafp.plist   | /System/Library/Filesystems/AppleShare/check_afp.app/Contents/MacOS/check_afp |
| com.apple.AirPlayXPCHelper.plist | /usr/libexec/AirPlayXPCHelper                                                 |
| com.apple.airport.wps.plist      | /usr/libexec/wps                                                              |
+----------------------------------+-------------------------------------------------------------------------------+
osquery> .tables
  => alf
  => alf_exceptions
  => alf_explicit_auths
  => alf_services
  => apps
  => ca_certs
  => etc_hosts
  => interface_addresses
  => interface_details
  => kextstat
  => last
  => launchd
  => listening_ports
  => nvram
  => osx_version
  => processes
  => routes
  => time
```
 2014-09-25 21:39:07 -07:00
mike@arpaia.co
4218a4c2ab cmake cleanups 2014-09-22 21:23:16 -07:00
mike@arpaia.co
627821abc1 Periodic clang-format 2014-09-21 14:29:28 -07:00
mike@arpaia.co
ad9b0bb5c1 Doxyfile, for docs 2014-09-13 15:18:26 -07:00
mike@arpaia.co
e838110e84 Moving header to include 2014-09-12 17:50:03 -07:00
Mike Arpaia
d6699bd0fe Adding header files to CMakeLists.txt so that other build tools can perform better introspection into the codebase. 2014-09-09 10:53:59 -07:00
Teddy Reed
7e470747b4 Moving sublibs to single libosquery 2014-09-08 01:58:29 -07:00
Teddy Reed
4ffd184eaf Changes for Linux (Ubuntu 14.04) build 2014-09-05 10:58:58 -07:00
mike@arpaia.co
0e806eff83 Proper ARC in Objective-C++ code 2014-08-30 00:22:26 -07:00
mike@arpaia.co
e723306c13 Ran clang-format across the codebase 2014-08-15 12:29:51 -07:00
mike@arpaia.co
845cb6ef3b more sane formatting by default in the repl 2014-08-11 22:38:51 -07:00
mike@arpaia.co
2862407079 fixing a spacing issue in the repl so that multi-line SQL statements are aligned properly 2014-08-11 21:57:16 -07:00
mike@arpaia.co
e7a65b21c7 readline support in the repl 2014-08-11 21:55:45 -07:00
mike@arpaia.co
7a56756073 moving sqlite to third-party 2014-08-11 17:37:49 -07:00
mike@arpaia.co
9a9ae03506 renaming CMakeLists.txt 2014-08-10 02:07:15 -07:00
mike@arpaia.co
f7a88ad771 automatic table loading 2014-08-05 01:21:28 -07:00
mike@arpaia.co
73a32b7294 Initial commit 2014-07-30 17:35:19 -07:00