valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 18:08:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,937 Commits 2 Branches 109 Tags 25 MiB
53c407781f
Commit Graph

1937 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mike Arpaia
53c407781f Merge pull request #1224 from theopolis/duti_table 
OS X application duti/scheme listing table
 2015-06-22 09:33:06 -07:00
Teddy Reed
37188f788b Fixups in tables, add DOUBLE, shell extensions 2015-06-22 04:17:23 -04:00
Mike Arpaia
1cd0adaaeb fixing the type in the keychain_acls table for real 2015-06-21 23:34:53 -07:00
Teddy Reed
55f270ff97 OS X application duti/scheme listing table 2015-06-21 14:08:21 -04:00
Mike Arpaia
be85046d32 typo in keychain_acls table where path was being returned as app_path 2015-06-21 13:52:01 -04:00
Mike Arpaia
e194558560 Merge pull request #1217 from marpaia/keychain_acl 
Table to enumerate keychain ACLs
 2015-06-21 11:09:03 -04:00
Mike Arpaia
9df7c3b2ea Merge pull request #1222 from marpaia/remove-clion 
Remove CLion files
 2015-06-20 16:10:01 -04:00
Mike Arpaia
a326df3e92 Remove CLion files 
These files are ten months old, nobody uses CLion on the team to verify
that these still work properly, etc. If someone uses CLion and default
project settings would be useful, please add and maintain new project
files.
 2015-06-20 16:08:24 -04:00
Mike Arpaia
2944725ae0 Merge pull request #1221 from marpaia/contributing-docs 
Update the contributing docs git workflow
 2015-06-20 16:04:05 -04:00
Mike Arpaia
e4d804f575 Update the contributing docs git workflow 
The git workflow has been severely out of date for a long time. I made a
few updates to reflect the current state of affairs.
 2015-06-20 15:55:44 -04:00
Mike Arpaia
0a83572f08 Table to enumerate keychain ACLs 2015-06-20 14:59:07 -04:00
Mike Arpaia
fe8b25f443 Merge pull request #1218 from theopolis/osx_sandboxes 
Add application sandbox container metadata
 2015-06-19 11:01:03 -04:00
Teddy Reed
09ea12a2a7 Add application sandbox container metadata 2015-06-19 01:53:09 -04:00
Teddy Reed
fcc875ca47 Merge pull request #1212 from theopolis/syslog_plugin 
[#1207] Add syslog plugin
 2015-06-18 19:49:16 -04:00
Teddy Reed
b24cf6f20d Add syslog plugin 2015-06-18 15:59:40 -04:00
Teddy Reed
2b5747075c Merge pull request #1211 from theopolis/fix_1205 
[Fix #1205] Prevent wrapping when calculating average schedule memory
 2015-06-14 00:28:49 -07:00
Teddy Reed
f74af5a063 [Fix #1205] Prevent wrapping when calculating average schedule memory 2015-06-13 02:25:24 -07:00
Teddy Reed
46ceb7aa6d Merge pull request #1213 from theopolis/certs2 
Update testing x509 certs
 2015-06-13 02:24:29 -07:00
Teddy Reed
87f198453d Merge pull request #1203 from theopolis/versions 
Limit scope of git/tag version defines
 2015-06-13 02:23:24 -07:00
Teddy Reed
2fb774218a Update testing x509 certs 2015-06-13 02:13:31 -07:00
Teddy Reed
0e3fef9a38 Merge pull request #1210 from theopolis/fixups2 
Various quality control fixes
 2015-06-12 12:49:27 -07:00
Teddy Reed
e7ab2fc47b Limit scope of git/tag version defines. 
Harden plist parsing against internal fuzzing tests.
Improve file/stream read speeds.
 2015-06-12 10:10:20 -07:00
Teddy Reed
0c6c1e3a62 Various quality control fixes 2015-06-12 01:32:24 -07:00
Teddy Reed
bc37d43158 Merge pull request #1209 from theopolis/meaningful_argv0 
[Fix #1202] Replace argv[*] with spaces, fallback to path in [0]
 2015-06-11 21:12:54 -07:00
Teddy Reed
d143b22cfa [Fix #1202] Replace argv[*] with spaces, fallback to path in [0] 2015-06-11 20:58:17 -07:00
Teddy Reed
b56e9efd47 Merge pull request #1199 from theopolis/fix_open_sockets 
Process open sockets on Linux needs '['
 2015-06-07 14:04:45 -07:00
Teddy Reed
49eb22ef44 Process open sockets on Linux was added '[' 2015-06-07 13:28:17 -07:00
Teddy Reed
e57d15da86 Merge pull request #1195 from theopolis/feature-nice 
Various table perf improvements and TLS docs
 2015-06-06 15:19:31 -07:00
Teddy Reed
727f5b091f Various table perf improvements and TLS docs 2015-06-05 22:03:15 -07:00
Teddy Reed
02a22b4cde Merge pull request #1197 from theopolis/fix_multiplexed_fsevents 
Fix FSEvents multiplexing actions
 2015-06-05 21:32:18 -07:00
Teddy Reed
4c80891010 Fix FSEvents multiplexing actions 2015-06-05 17:36:29 -07:00
Teddy Reed
b1b71d5fd0 Merge pull request #1193 from theopolis/fix_scheduler 
Fix the watchdog/scheduler limit tracking
 2015-06-04 18:01:32 -07:00
Teddy Reed
1168b6ef3b Fix the watchdog/scheduler limit tracking 2015-06-04 17:43:37 -07:00
Teddy Reed
4e59bcf4c1 Merge pull request #1191 from theopolis/feature-backoffs 
[#1190] Schedule queries without logging removed results
 2015-06-04 14:58:19 -07:00
Teddy Reed
a678f8f46a Merge pull request #1192 from theopolis/rocksdb-from-homebrew 
[Fix #1185, #1183] Use RocksDB from Homebrew on OS X
 2015-06-04 14:34:52 -07:00
Teddy Reed
650a43d053 [Fix #1185, #1183] Use RocksDB from Homebrew on OS X 2015-06-04 13:56:58 -07:00
Teddy Reed
e244883ea4 [#1190] Schedule queries without logging removed results 2015-06-04 13:53:55 -07:00
Mike Arpaia
ea70781f25 Merge pull request #1188 from marpaia/msr_format 
Formatting the callback function in the model_specific_register table
 2015-06-04 12:17:19 -07:00
Mike Arpaia
388bfda4e6 Renaming model_specific_register to msr 2015-06-03 23:39:49 -07:00
Teddy Reed
a70828c2a4 Merge pull request #1187 from sharvilshah/xattr_update 
Extended Attributes: Use LaunchServices API for quarantine data
 2015-06-03 22:38:17 -07:00
Sharvil Shah
065fe6412d Use LaunchServices (part of CoreServices) to grab quarantine properties instead of manually parsing the colon separated attribute data. 
Fall back to deprecated LaunchService API for OS X 10.9 Mavericks.

Added tests for extended_attributes

Better error handling and cleanup
 2015-06-03 22:18:45 -07:00
Teddy Reed
8e2b7e1281 Merge pull request #1189 from theopolis/tooling 
Update tooling/profiling paths and use a better random seed
 2015-06-03 22:15:22 -07:00
Teddy Reed
c934ad0df3 Update tooling/profiling paths 2015-06-03 21:22:12 -07:00
Mike Arpaia
657731b11c Formatting the callback function in the model_specific_register table 
`int osquery::filter(const struct dirent*)` seemed like a pretty generic
symbol to have in our symbol table, so I changed it to
`int msrScandirFilter(const struct dirent*)`
 2015-06-03 20:56:16 -07:00
Teddy Reed
aaedb48a8f Merge pull request #1168 from mofarrell/model-specific-register-table 
Created a table for information in the model specific register.
 2015-06-03 17:56:44 -07:00
Michael O'Farrell
5e9383a16b Created a table for information in the model specific register. 
This infomation is primarily related to the performance of processor
cores.  The information given constitutes only a small portion of
the information in the model specific register, but this table
has been designed so that more information may easily be added.
The table requires osquery be run as the root, and that the msr
kernel module is loaded.  The table reads the msr data from /dev
 2015-06-03 15:55:57 -07:00
Teddy Reed
95dbd11636 Merge pull request #1186 from theopolis/pack_platforms 
Query pack platform binds should match any/all
 2015-06-03 14:32:26 -07:00
Teddy Reed
8aacaca7eb Query pack platform binds should match any/all 2015-06-03 13:56:39 -07:00
Teddy Reed
be0803adb0 Merge pull request #1178 from theopolis/move_specs 
Move specs to a top-level path, add query examples
 2015-06-03 13:40:32 -07:00
Teddy Reed
a105924804 Move specs to a top-level path, add query examples 
1. Example queries will run with an (optional) integration test.
2. Fix bad accesses with OS X package BOMs
3. Move spec files from ./osquery/tables/specs to ./specs
4. Remove server parsers (netlib) from client builds.
 2015-06-03 10:39:05 -07:00