valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 02:18:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,373 Commits 2 Branches 109 Tags 25 MiB
555d59eff6
Commit Graph

379 Commits

Author SHA1 Message Date
Teddy Reed
555d59eff6 Remove fsuid permissions drop for OS X and Linux (#2805) 2016-11-28 22:05:08 -08:00
Teddy Reed
59f0bad67c Additional compiler checks, including shadow (#2486) 2016-11-06 01:17:04 -08:00
Teddy Reed
b04736631a Add --extensions_require feature (#2672) 2016-10-24 18:13:44 -07:00
Teddy Reed
5bb5ae1030 Add optional default flagfile /etc/osquery/osquery.flags.default (#2673) 2016-10-22 16:56:32 -07:00
Teddy Reed
93b260025a Allow distributed plugin changes and reduce ifdefs (#2670) 2016-10-22 00:27:04 -07:00
Aditya Srivastava
ef4f8af3b8 Issue #2651 : Changed all NULLs to nullptrs (#2657) 2016-10-21 11:20:28 -07:00
Nick Anderson
81d2794b26 platformGetUid returns 0 for Administrator user (#2643) 2016-10-19 10:25:32 -07:00
Teddy Reed
ab57130178 [Fix #2630] Remove 'definition' TablePlugin action (#2633) 2016-10-18 00:15:38 -07:00
Teddy Reed
0003e72c63 [Fix #2631] osqueryd: Ignore pidfile parsing errors (#2634) 2016-10-18 00:14:48 -07:00
Teddy Reed
02b21d00c3 Add dropToUser method to privileges dropper interface (#2624) 2016-10-14 15:25:54 -07:00
Nick Anderson
208d2324d5 Extending chrome browser extension table to Windows (#2619) 2016-10-14 10:23:37 -07:00
Nick Anderson
616d9f5953 Adding support for Windows platform_info table (#2611) 2016-10-12 09:01:32 -07:00
Teddy Reed
b7c5ee31b2 Return hardware UUIDs without potential trailing NULL bytes (#2616) 2016-10-11 17:55:48 -07:00
Nick Anderson
07a2a3c292 Updating processes table to include memory (#2573) 2016-10-02 22:41:05 -07:00
Nick Anderson
b69981584f Fixing COM memory leak (#2583) 2016-10-02 12:15:17 -07:00
Teddy Reed
4d1451c9b4 Add extensions SDK incompatibility checking (#2527) 2016-09-26 17:32:41 -07:00
Teddy Reed
7aa1762f52 Promote host UUID to version 2 (#2525) 2016-09-26 12:30:05 -07:00
Nick Anderson
3a351ebf43 Adding windows system_info virtual table (#2521) 2016-09-26 11:08:57 -07:00
Teddy Reed
97bc369b6a Attempt to query platform UUID on Linux (#2522) 2016-09-25 17:55:02 -07:00
Teddy Reed
62edfd46fe Toggle --utc to true (#2504) 2016-09-23 10:14:27 -07:00
Teddy Reed
6ac58f17d6 Remove extensions retry and introduce watcher retry (#2498) 2016-09-21 16:17:30 -07:00
Teddy Reed
a6589c49e3 [Fix #2482] Use atomic member in Dispatcher tests (#2494) 2016-09-21 10:52:52 -07:00
yying
a7af70d021 Adding remote config/logging capabilities to Windows build (#2469) 2016-09-20 14:18:58 -07:00
Mitchell Grenier
072a93ccac Accelerated checkins (#2454) 2016-09-12 16:53:42 -07:00
yying
a27d6567e4 Core and Additional Tests (#2441) 2016-09-12 09:46:52 -07:00
yying
84e6a3401a Reducing compiler warnings and fails on warn in VS (#2433) 2016-09-02 15:04:03 -07:00
Nick Anderson
7c90823a0c Upgrade LLVM to 3.8.1 on Linux (#2436) (#2435) 2016-09-02 14:53:04 -07:00
yying
d347c847e1 Support for extensions (#2363) 2016-08-31 16:45:06 -07:00
Teddy Reed
65dd56e113 Introduce table 'attributes' (#2431) 2016-08-31 15:32:20 -07:00
Teddy Reed
d6e20279d8 Use LOG(INFO) and set INFO as default logging mode (#2420) 
This is fairly important, it changes the default mode for what status
events are logged to INFO. It had been set to WARNING and INFO was relatively
unused.

This also removes expected support for RocksDB 'in-memory' databases.
If a shell-user requests a database via CLI flags it will now work.
 2016-08-31 15:09:01 -07:00
Teddy Reed
132fa3a753 Display flags in alphabetical order (#2407) 2016-08-24 17:44:16 +01:00
Teddy Reed
1b75972181 [Fix #2387] Attempt to create user's osquery homedir (#2395) 2016-08-17 17:27:46 -07:00
Teddy Reed
f3f605e26a Introduce a PLATFORM_MASK and isPlatform (#2334) 
Along with the platform defines and platform string defines provided by
CMake to the build, add a PLATFORM_MASK define.

Use this define as a platform-type mask with the PlatformType enum.
 2016-08-09 20:27:42 -07:00
yying
50487c6880 Changes to make pidfile work on Windows (#2297) 2016-07-28 16:04:34 -07:00
yying
2fb3797c53 Changes to support building a osquery Windows service. (#2278) 2016-07-22 13:29:37 -07:00
Teddy Reed
c22f6147ea Move OSQUERY_HOME into core and use as filesystem config default (#2275) 2016-07-21 13:28:23 -07:00
Teddy Reed
6df4c8c4d4 The watcher process should apply memory limits to itself (#2263) 2016-07-21 12:33:14 -07:00
Zachary Wasserman
f1f00cec2b Enable DB in osqueryi when --database_path specified (#2268) 
Prior to this change, both --disable_database=false and --database_path had to
be specified together. Now, if the user specifies --database_path the database
is enabled automatically.
 2016-07-20 17:44:50 -07:00
artemdinaburg
78e1cf7ab4 Transition __attribute__((constructor)) to a more platform independent approach (#2233) 2016-07-14 14:19:33 -07:00
Teddy Reed
45530c0496 Slight performance improvments (#2242) 2016-07-12 19:16:50 -07:00
Teddy Reed
7f304a0934 Various fixups and best practices (#2237) 2016-07-11 09:45:57 -07:00
Teddy Reed
48cb4d555d Add systemLog API (#2229) 
This includes a minor SDK refactor as it move quite a few specialized
functions and facilities from core.h into system.h. There was a breaking point
for needing to frequently update core includes.

The new logger systemLog function allows a call site to bypass logging config
and write a line to the OS logger (aka syslog).
 2016-07-07 15:16:28 -07:00
Teddy Reed
1f9739eed4 [Fix #2203] Restore extension respawn limits to 20s (#2207) 2016-06-30 17:53:05 -07:00
Teddy Reed
753c023640 Fix milli/micro conversion when waiting for active plugins (#2205) 2016-06-30 13:31:32 -07:00
artemdinaburg
5292100c22 Use vector.data() to get internal vector buffers (#2204) 2016-06-30 12:32:26 -07:00
Teddy Reed
47e1a5ba74 Use noexcept boost::filesystem overloads (#2195) 2016-06-27 16:39:04 -07:00
Teddy Reed
c8c67c455a Simplify watchdog limits configuration (#2173) 2016-06-19 23:27:16 -07:00
Nick Anderson
cf30388705 Moved test_utils to it's own directory out of core. Updated references (#2154) 2016-06-09 10:49:26 -07:00
Teddy Reed
91b34010df Allow table specs to use multiple row indexes (#2146) 2016-06-07 17:13:48 -07:00
Teddy Reed
763f4e9437 Use SQLite 3.14.0 to support LIKE and EQUALS (#2137) 
This commit bumps the third-party SQLite to the 3.14.0 pre-release (18:59).
With 3.14.0 the LIKE and EQUALS constraint operators may be mixed within a
query. Previously these would fail to produce a valid set.

As part of the support, each virtual table should choose to bypass rowid-based
deduplication using the new "WITHOUT ROWID" create table epilog. This will
be appended to the schema if the table defines a PRIMARY KEY using index=True.
 2016-06-06 09:36:53 -07:00