Commit Graph

798 Commits

Author SHA1 Message Date
Wesley Shields
550bf15c74 First pass at macro usage in tables. 2014-11-18 19:25:34 -05:00
Mike Arpaia
49da6387ea Merge pull request #454 from facebook/pidfile
pidfile for osqueryd
2014-11-17 19:27:08 -08:00
Mike Arpaia
27e1612fb0 Merge pull request #452 from theopolis/feature-ld-timeout
Add throttle to LD plist
2014-11-17 19:25:36 -08:00
mike@arpaia.co
a680e173dd i'm not ok 2014-11-17 19:25:06 -08:00
mike@arpaia.co
89da66458c making the name of the flag more concise 2014-11-17 19:17:07 -08:00
Mike Arpaia
a028b15858 Merge pull request #449 from facebook/config-splay
Add a splay of 10% to scheduled queries so that they don't stack
2014-11-17 19:09:50 -08:00
mike@arpaia.co
81ace6a890 adding some better logging 2014-11-17 19:08:51 -08:00
mike@arpaia.co
c56b663261 pidfile for osqueryd
close #442
2014-11-17 18:42:36 -08:00
Teddy Reed
8fd957dd65 Add throttle to LD plist 2014-11-17 19:35:37 -07:00
Teddy Reed
7287ad5e63 Fix process free regression for libprocps 2014-11-17 16:52:20 -08:00
Javier Marcos
27c1147f75 Merge pull request #451 from facebook/sudo_env_support_mountain_lion
Support of osx 10.8 broke the other builds with the -E parameter
2014-11-17 15:54:45 -08:00
Javier Marcos
0c59fc9d9f Support of osx 10.8 broke the other builds with the -E parameter 2014-11-17 15:48:27 -08:00
Teddy Reed
00de10db95 Merge pull request #440 from mgoffin/mounts_table
Mounts table for OSX
2014-11-17 15:43:33 -08:00
mike@arpaia.co
f8c27bde85 Add a splay of 10% to scheduled queries so that they don't stack
close #446
2014-11-17 14:19:09 -08:00
mike@arpaia.co
ca2c63419a incorrect namespacing 2014-11-17 13:47:44 -08:00
Mike Goffin
57faad63fa Merge branch 'master' into mounts_table 2014-11-17 15:03:50 -05:00
Mike Goffin
2ce6882317 Format fixes.
- ran clang-format.
- lowercased column names for table.
- removed include for boost as it's no longer being used.
2014-11-17 15:02:33 -05:00
Mike Arpaia
3c2059227e Merge pull request #448 from facebook/444
Change glog max log size to 10MB
2014-11-17 11:39:50 -08:00
mike@arpaia.co
715e10a738 Change glog max log size to 10MB
close #444
2014-11-17 11:39:35 -08:00
Teddy Reed
1116d6a928 Merge pull request #438 from theopolis/feature-arp-table
arp_cache vtable for OSX and Linux
2014-11-17 11:36:46 -08:00
Mike Arpaia
c56d045f7a Merge pull request #447 from facebook/445
Get rid of superfluous logging in launchQueries
2014-11-17 11:29:55 -08:00
mike@arpaia.co
f707253537 close #445 2014-11-17 11:29:14 -08:00
Mike Arpaia
c5e50ff26e Merge pull request #439 from wxsBSD/macros
Use INTEGER macro.
2014-11-17 11:19:08 -08:00
Mike Goffin
0b4e382e96 Merge branch 'master' into mounts_table 2014-11-17 13:46:59 -05:00
Mike Goffin
6cddf4ad39 Mounts table for Darwin.
Associated with #255, this adds Mounts table support for Darwin.
2014-11-17 13:43:59 -05:00
Wesley Shields
c764226b77 Use INTEGER macro.
This makes the code match the example at:

https://github.com/facebook/osquery/wiki/creating-a-new-table
2014-11-17 13:30:46 -05:00
Teddy
968f8027e6 Cleaner arp_table->arp_cache on Linux/OSX 2014-11-17 02:37:15 -08:00
Javier Marcos
093c857aea Merge pull request #437 from facebook/centos_build_fix
Fixes building in CentOS, sudo was missing from some commands
2014-11-16 22:51:06 -08:00
Javier Marcos
5db8dcbae6 Fixes building in CentOS, sudo was missing from some commands 2014-11-16 22:46:12 -08:00
Teddy Reed
d50d1cf3a7 Faster build on Ubuntu 2014-11-16 19:49:41 -08:00
Teddy Reed
ee015343f9 Simplify arp, move to arp_table 2014-11-16 19:49:40 -08:00
Pablo S. Torralba
65c4ed4a7d Fix boost split on linux to remove sscanf 2014-11-16 19:49:40 -08:00
Pablo S. Torralba
2b32673445 Some fixes:
- clang-format on code
- NULL -> nullptr
- some (char *) changed in std::string favour
- Removed a memory leak.
- Moved struct inside the table namespace
2014-11-16 19:49:40 -08:00
Pablo S. Torralba
778951d6a4 Remove osx dependency on system() call to get arp information 2014-11-16 19:49:40 -08:00
Pablo S. Torralba
c7fc2cee22 rename vtable field arp->mac 2014-11-16 19:49:40 -08:00
Pablo S. Torralba
4f524abbea arp vtable different implementation in osx and linux 2014-11-16 19:49:40 -08:00
Pablo S. Torralba
413d6f068b Change fgetln (osx specific) in favour of getline (both osx and linux) 2014-11-16 19:49:40 -08:00
Pablo S. Torralba
1843d80660 arp vtable with ip, arp and interface where it was seen 2014-11-16 19:49:40 -08:00
Mike Arpaia
c594c67dae Merge pull request #436 from facebook/launchd-customization
Customizable LaunchDaemon via a command-line flag
2014-11-16 13:01:17 -08:00
Mike Arpaia
a4b9920ed9 Merge pull request #435 from facebook/blacklist-inode
blacklisting port_inode and socket_inode
2014-11-16 13:01:01 -08:00
mike@arpaia.co
2e49debd70 Customizable LaunchDaemon via a command-line flag
This is in response to #411. Allowing you to specify arguments on the
command-line has more edge-cases than I'd prefer, so I think this is a
bit more of a sustainable solution, especially given that you're already
supplying the tool with a path to your config file (now you can just
track one additional file).
2014-11-16 11:07:52 -08:00
mike@arpaia.co
bfceaf8453 blacklisting port_inode and socket_inode
port_inode and socket_inode have caused a few issues lately and, as of
right now, they both have open issues against them. For the time being,
I'm going to blacklist them. When the tables are production-ready, we
can re-add them back in to the base linux build.
2014-11-16 09:42:57 -08:00
Teddy Reed
816faec3db Merge pull request #429 from cdown/llvm_license
Add missing LLVM license referenced in git-clang-format.py
2014-11-14 18:46:22 -08:00
Teddy Reed
f725e1c01d Merge pull request #431 from cdown/its_lintmas
Add PEP8 and general lint conformance to in-house scripts
2014-11-14 18:46:11 -08:00
Chris Down
8082313cce Revert removal of unused symbols in genapi per @theopolis' comment:
At https://github.com/cdown/osquery/commit/2a93de#commitcomment-8583208:
> Although the removed symbols aren't referenced in this script they are
> used in the spec evaluation.
2014-11-15 01:39:29 +00:00
Chris Down
2a93def805 Add PEP8 and general lint conformance to in-house scripts
My intent in this diff was mostly style linting, so I disabled
non-stylistic pylint linters that fired in the interests of making this
a sane diff with one purpose: stylistic consistency and conformance. If
I disabled them it means they were thrown somewhere and should probably
be looked into some time :-)

This diff adds:
- PEP8 conformance (tested with pep8)
- A cleanup of stuff shown by `pylint`, with quite a few linters
  disabled. See above for rationale to disable these -- in the end this
  was mostly unused variables, unused imports, etc). These are the
  linters I disabled:
  - attribute-defined-outside-init
  - bad-classmethod-argument
  - bare-except
  - broad-except
  - exec-used
  - invalid-name
  - logging-not-lazy
  - method-hidden
  - missing-docstring
  - redefined-outer-name
  - too-few-public-methods
  - too-many-instance-attributes
  - too-many-locals
  - unused-argument
- flake8 warnings fixed (warnings were about redefinition of previous
  variables in a listcomp)

I didn't do anything with git-clang-format since it's from an external
project and it's possible that there may be a wish to merge it in again
later if it gets updated upstream, but you could, of course, apply this
to that script as well if you so wish. Right now it's not at all PEP8
conformant.
2014-11-14 23:36:36 +00:00
Teddy Reed
0cb30d8ccb Merge pull request #430 from theopolis/fix-biging
Check tables row vector size before access
2014-11-14 15:25:39 -08:00
Teddy Reed
a1898ef03b Check tables row vector size before access 2014-11-14 15:18:25 -08:00
Chris Down
3554a65885 Add missing LLVM license referenced in git-clang-format.py 2014-11-14 23:07:48 +00:00
Teddy Reed
c0dc2720fb Merge pull request #425 from theopolis/feature-catching-exceptions
Fix unwind exception catching
2014-11-14 01:43:55 -08:00