valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 18:33:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,030 Commits 2 Branches 109 Tags 25 MiB
58ec6415d3
Commit Graph

634 Commits

Author SHA1 Message Date
Teddy Reed
c58599057b [Fix #885] Use list directories for homebrew 2015-03-19 16:31:11 -07:00
Teddy Reed
79ddc5ba38 Remove unused shell functions 2015-03-19 16:14:29 -07:00
Teddy Reed
91dce32095 Speed up shell and add max value size 2015-03-18 15:07:13 -07:00
Teddy Reed
09790478b3 Nit, prefer boolean columns to not use 'is_' 2015-03-17 15:21:37 -07:00
Teddy Reed
3da2e09a5c [Fix #869] Rename safari_plugins is_native 2015-03-17 11:28:37 -07:00
Teddy Reed
4440b2f791 Renamed osx_version to os_version, include Linux versions 2015-03-15 16:07:49 -07:00
Teddy Reed
660c6ec53f Merge pull request #839 from theopolis/addons_vtable 
[#787] Add chrome, firefox, and safari related tables
 2015-03-13 11:01:25 -07:00
Teddy Reed
e281e6a214 [#787] Add chrome, firefox, and safari related tables 2015-03-13 10:48:14 -07:00
Teddy Reed
33cbdd42ba Merge pull request #834 from theopolis/keychain_items 
Add keychain_items to include basic item details
 2015-03-10 16:06:17 -07:00
Teddy Reed
6a81cec937 Organize kernel_extensions to add signatures 2015-03-09 11:43:06 -07:00
Teddy Reed
995a16d83f Add keychain_items to include basic item details 2015-03-08 01:59:59 -08:00
Teddy Reed
4916392aa8 Merge pull request #812 from theopolis/keychain 
Add more keychain search paths for certificates
 2015-03-07 23:27:50 -08:00
Don Husa
f6b5c5a2e3 Cleaned Up Time Table 2015-03-05 16:57:44 -08:00
Teddy Reed
0673900837 Registry modules 2015-03-04 20:33:10 -08:00
Teddy Reed
99beceaef6 Switch lazy=active concept for registry setup 2015-03-04 18:51:41 -08:00
Mitchell Grenier
d5e8fe61d2 Removed the checks 2015-03-04 11:27:11 -08:00
Mitchell Grenier
3d27fff697 Merge pull request #784 from jedi22/directory_monitoring 
Adding ability to monitor whole folders
 2015-03-02 17:21:24 -08:00
Mitchell Grenier
f50593f030 Less capitals 2015-03-02 17:01:05 -08:00
Mitchell Grenier
fc09924a59 clang format 2015-03-02 16:48:01 -08:00
Teddy Reed
a6bc9d6d97 Merge pull request #804 from theopolis/network_settings 
Add sysctl (system_controls) table
 2015-03-02 16:01:39 -08:00
Teddy Reed
e123f9f0a2 Add more keychain search paths for certificates 2015-03-01 21:15:42 -08:00
Teddy Reed
be9218ecf1 Add sysctl (system_control) table 2015-03-01 18:51:33 -07:00
Mitchell Grenier
0031c6ed57 Fixed many bugs. inotify and fsevents should be same now 2015-02-27 17:28:51 -08:00
Teddy Reed
74ae25f727 Merge pull request #801 from theopolis/openssl_x509 
Rename ca_certs to certificates
 2015-02-26 23:59:49 -08:00
Teddy Reed
2237f00c12 Rename ca_certs to certificates 2015-02-26 23:47:05 -08:00
Mitchell Grenier
70c82b5a40 Linux inotify more closely resembles fsevents and is generally more awesome 2015-02-25 16:43:37 -08:00
Mitchell Grenier
6548006d3e Adding ability to monitor whole folders 2015-02-25 16:28:24 -08:00
Teddy Reed
9031bad609 Extensions helpers, API additions 
Use --socket for extensions, limit help
Add an 'active' concept to registries, support a blank item call
Add osquery_registry to list the internal/external plugin details
 2015-02-25 01:02:05 -07:00
Teddy Reed
c7e4094c53 Merge pull request #795 from theopolis/fix_788 
[Fix #788] Lookup ppids on OS X using CTL_KERN
 2015-02-24 13:52:40 -08:00
Teddy Reed
a70873c8ea [Fix #788] Lookup ppids on OS X using CTL_KERN 2015-02-24 13:31:30 -08:00
Mike Arpaia
260375cc21 Merge pull request #793 from theopolis/fix_regex 
[Fix #792] Replace std::regex with string parsing gcc below 4.9
 2015-02-24 13:28:11 -08:00
Teddy Reed
148d7385f6 [Fix #792] Replace std::regex with string parsing gcc below 4.9 2015-02-24 13:19:27 -08:00
Teddy Reed
925deb8e74 [lints] Basic cpp linting 2015-02-24 03:47:12 -08:00
Teddy Reed
ace433e49d Allow external calls from within registry 2015-02-23 21:35:54 -08:00
Teddy Reed
a29addba61 Extensions integrations testing 2015-02-22 22:56:18 -07:00
Teddy Reed
5334b9650a Merge pull request #775 from theopolis/sdk_build 
Building example extension with SDK
 2015-02-19 14:26:48 -08:00
Mitchell Grenier
182c69d4af Added ability to specify files to watch with wildcards 2015-02-19 12:43:23 -08:00
Teddy Reed
451ef686ed Building example extension with SDK 2015-02-18 20:11:00 -08:00
Teddy Reed
6f155d63c5 Improve flag storage and printing 2015-02-16 16:26:06 -08:00
Teddy Reed
3c36c4196b Merge pull request #731 from jedi22/wildcard_events 
Added parsing of extra data along with its addition to the osqueryconfig structure
 2015-02-15 19:16:54 -08:00
Teddy Reed
95dd2a808f Merge pull request #762 from theopolis/startup_items 
[Fix #758] Parse startup_items Alias data
 2015-02-15 16:33:39 -08:00
Teddy Reed
1ea06a9d15 [Fix #758] Parse startup_items Alias data 2015-02-13 17:40:02 -08:00
Teddy Reed
3246b346dc Fix getProcList indexing 2015-02-13 14:38:49 -08:00
Teddy Reed
aa078895d3 CentOS7 clang without fortify 
1. _FORTIFY_SOURCE=1 will cause readlink/recv to hang when using
heap-allocated target buffers.
2. Install boost/rocksdb/thrift using source, similar to CentOS6.5
3. Remove boost::regex, prefer extended std::regex without static
link to boost_regex.
 2015-02-13 12:47:30 -08:00
Mitchell Grenier
54ef2045e5 Made config a meyers singleton. Load should now only ever have to happen once 2015-02-13 12:32:54 -08:00
Teddy Reed
340dcd775a Add 'cwd', 'root' to processes 2015-02-12 18:05:10 -08:00
Teddy Reed
b7160aae72 Merge pull request #750 from theopolis/file_directory 
Allow file table to use a directory constraint
 2015-02-12 15:57:20 -08:00
Teddy Reed
584a326f63 Merge pull request #748 from theopolis/improve_processes 
[#721] Add pid constraint checking to darwin procs
 2015-02-12 15:57:15 -08:00
Teddy Reed
b7734dcd3e Allow file table to use a directory constraint 2015-02-12 15:44:39 -08:00
Teddy Reed
11323a1487 [#721] Add pid constraint checking to darwin procs 2015-02-12 11:32:29 -08:00
Teddy Reed
65e0da4790 Merge pull request #743 from theopolis/env_ele_apps 
Add environment/element to OS X apps
 2015-02-11 18:38:11 -08:00
Teddy Reed
2e0f99432f Add environment/element to OS X apps 2015-02-11 18:28:56 -08:00
Teddy Reed
7fbb7ef48e Add plist/file parsing similar to OS X defaults 2015-02-11 17:48:01 -08:00
Teddy Reed
04fb33cbf2 Merge pull request #737 from theopolis/safe 
Safer compile flags
 2015-02-11 12:32:36 -08:00
Teddy Reed
7bab4a4706 Merge pull request #732 from theopolis/plist_defaults 
Added 'defaults' table called 'preferences'
 2015-02-11 12:03:23 -08:00
Teddy Reed
fd92f9cb4c Added 'defaults' table called 'preferences' 2015-02-11 11:39:25 -08:00
Teddy Reed
a59dcf01ee Add osquery_extensions table 2015-02-11 10:52:25 -08:00
Teddy Reed
2593e8f837 Add extensions status to osquery_info 2015-02-11 10:52:25 -08:00
Teddy Reed
9eeda1f02c Safer compile flags 2015-02-11 10:45:04 -08:00
Mitchell Grenier
4238eccdcd Adding test to make sure Apps table returns real data 2015-02-10 18:59:26 -08:00
Teddy Reed
74496c74d5 [Fix #733] Use directories instead of files in apps 2015-02-10 17:35:18 -08:00
Teddy Reed
55dfdfcace Move lsperms into filesystem 2015-02-10 03:00:29 -07:00
Javier Marcos
9f5b819967 Adding description to columns 2015-02-09 20:13:11 -08:00
Javier Marcos
a3e004bb62 Adding description to columns 2015-02-09 18:18:22 -08:00
Teddy Reed
94f97b93e8 Fix symbol rename regression in processes 2015-02-09 14:04:39 -08:00
Teddy Reed
6cc9fa4c3e Merge pull request #720 from theopolis/memory_tables 
Add shared_memory, memory_maps, process_memory_map table to Linux
 2015-02-09 12:59:43 -08:00
Teddy Reed
4b07479c3d Merge pull request #719 from theopolis/file_stat 
Add stat details to file table
 2015-02-09 12:59:35 -08:00
Teddy Reed
de868e6eb1 Merge pull request #715 from theopolis/more_descriptions 
Add more table descriptions for API generation
 2015-02-09 12:59:22 -08:00
Teddy Reed
4615019dd0 Merge pull request #711 from theopolis/harden_worker 
Harden watcher for more perf, use exec and watch from worker
 2015-02-09 12:59:14 -08:00
Teddy Reed
d2b18c05c9 Add watcher profiles 2015-02-09 12:38:50 -08:00
Teddy Reed
ca95e7c59a Add process_memory_map and remove path,name from process_envs 2015-02-09 01:37:59 -07:00
Teddy Reed
edc93fb81b Add Linux memory map table 2015-02-09 00:47:40 -07:00
Teddy Reed
653b3a19e5 Add shared_memory table to Linux 2015-02-08 21:32:30 -07:00
Teddy Reed
ff0da3dd19 Add stat details to file table 2015-02-08 20:41:31 -07:00
Teddy Reed
1252fa2663 Add more table descriptions for API generation 2015-02-08 18:40:35 -07:00
Teddy Reed
19998a001a Harden watcher for more perf, use exec and watch from worker 2015-02-08 00:06:44 -07:00
Javier Marcos
8bc0087bbc Addind all the missing descriptions for tables 2015-02-06 19:05:50 -08:00
Mitchell Grenier
4cf0fc859c Merge pull request #709 from jedi22/test_open_sockets 
Fixed open sockets on OS X
 2015-02-06 14:49:43 -08:00
Mitchell Grenier
898c0933e6 Fixed open sockets on OS X 
Minimal fix
 2015-02-06 14:41:38 -08:00
Teddy Reed
eb55c9e83a Adding table spec documentation 2015-02-04 22:47:02 -07:00
Teddy Reed
ed9bae29b7 Organizing headers/build for SDK 2015-02-03 14:59:32 -08:00
Mitchell Grenier
50eaccc40b Merge pull request #653 from jedi22/osx-xattr 
OS X Where From
 2015-02-03 11:55:35 -08:00
Mitchell Grenier
30e268b22b Can query for where a file came from using the OS X eXtended attributes 2015-02-03 11:34:29 -08:00
Zachary Wasserman
ac53637bcf Add getQueryColumns function to core 
This new getQueryColumns function allows us to determine what columns
will be returned by executing a given query. It is intended to be used
with the distributed query system, to determine a schema for the
results before sending the query.

Tested by unit tests. Also used valgrind and did not find errors that
looked related to this change (though there appear to be many errors
related to glog logging).
 2015-02-02 10:11:00 -08:00
Teddy Reed
e37b16ce2f Clang analyze fixups for Linux 2015-02-01 05:10:57 -07:00
Teddy Reed
bd620853aa Verbose log when table row is missing a column 2015-02-01 02:20:09 -07:00
Teddy Reed
d39f1fae95 Minor registry documentation, using macros for create/add 2015-02-01 02:20:09 -07:00
Teddy Reed
ab1cb942a8 Fix typo in passwd subscriber, merge vtable tests 2015-02-01 02:20:09 -07:00
Teddy Reed
ab08bc76a8 Towards a new registry 2015-02-01 02:20:09 -07:00
Teddy Reed
c4fb5d45ed Added make analyze (clang-analyze) and fixed output 2015-01-31 03:09:30 -08:00
schettino72
f7357dd4b8 add column info to CREATE VIRTUAL TABLE statement. 2015-01-30 01:08:36 +08:00
Mitchell Grenier
299bef0452 Fixing the last strcpy 2015-01-27 14:06:12 -08:00
Teddy Reed
72fcd44bf1 Fallback to /proc/net/ for open sockets in Linux 2015-01-25 18:44:10 -07:00
Teddy Reed
59b757c5d5 Adding block_devices to OSX 2015-01-23 13:47:20 -08:00
Teddy Reed
b3fa936156 Add kernel_info to OSX 2015-01-23 13:47:20 -08:00
Teddy Reed
22273b403d Adding kernel_info to Linux 2015-01-23 13:47:20 -08:00
Teddy Reed
ee44764098 Add libglog to OBJCXX targets 2015-01-21 23:43:50 -07:00
Teddy Reed
22a91e2bb2 All libraries depend on the external project(s) 2015-01-21 21:35:16 -07:00
Teddy Reed
9c1faec090 Isolate glog include and depend on libglog for #652 2015-01-21 13:37:06 -08:00
mike@arpaia.co
ba2e465472 migrating smbios to use new hash api 2015-01-20 15:54:00 -08:00
Teddy Reed
b7549e09ca SMBIOS parsing on Linux using mem 2015-01-20 15:10:19 -08:00
Teddy Reed
b7852650c2 SMBIOS structure tables for OSX 2015-01-20 15:06:34 -08:00
Teddy Reed
7b0f7f3c49 Rename ACPI length to size 2015-01-20 15:06:34 -08:00
Teddy Reed
64d82388e4 Update the md5 hashing callsites 2015-01-20 14:52:07 -08:00
Teddy Reed
11237d2397 Merge pull request #644 from theopolis/md5_macros 
Use API macro for hash algorithms
 2015-01-20 14:33:55 -08:00
Teddy Reed
a2d9236478 Use API macro for hash algorithms 2015-01-20 14:24:49 -08:00
Mike Arpaia
4937e5cd2e Merge pull request #641 from theopolis/iokit_registry 
Separate IOKit devicetree from registry
 2015-01-20 13:31:24 -08:00
Zachary Wasserman
ee798cdde7 Use sizeof with memcpy and memset 
I'd like to make sure we use expressions of sizeof to relate buffer
sizes to memcpy and memset. This should make modifying the code less
error prone.

Conflicts:
	osquery/tables/system/darwin/nvram.cpp
 2015-01-20 12:36:36 -08:00
Mitchell Grenier
053fcc28ef More minor changes to address marpias requests 2015-01-20 12:13:10 -08:00
Mitchell Grenier
b8b1837bd6 Replaced loop with auto iterator, eliminating need to dereference 2015-01-20 12:13:10 -08:00
Mitchell Grenier
d2fe1826ae Minor code change and clang-format 2015-01-20 12:13:10 -08:00
Mitchell Grenier
34e6bd45c3 Addressed @marpia s changes 2015-01-20 12:13:10 -08:00
Mitchell Grenier
b9c477080f NFS Table for darwin systems. 
Currently table readonly field is a string, this may change in the future to an
integer to stay consistent with other parts of osquery.
 2015-01-20 12:13:09 -08:00
Teddy Reed
416198732a Merge pull request #631 from jedi22/sha-hashs 
Added SHA1 and SHA256 in Hash Table
 2015-01-20 11:24:43 -08:00
Teddy Reed
716aa41c15 Separate IOKit devicetree from registry 2015-01-20 11:15:20 -08:00
Teddy Reed
5f8eccb3f3 Remove gotos from linux routes 2015-01-19 18:06:34 -08:00
Teddy Reed
8475522e76 Remove goto/sprintf from NVRAM parsing 2015-01-19 17:10:40 -08:00
Teddy Reed
066b7d78d9 Add basic acpi_tables hashing to Linux 2015-01-17 23:02:14 -08:00
Teddy Reed
09ce5099b2 Merge pull request #632 from theopolis/osx_boot_info 
OSX IOKit registry and ACPI table data
 2015-01-17 17:56:51 -08:00
Teddy Reed
1df958c583 ACPI tables for OSX 2015-01-15 21:37:02 -08:00
Mitchell Grenier
e6e722dd17 Modifed config.cpp to not use the old MD5 implementation 2015-01-15 17:40:42 -08:00
Mitchell Grenier
570c6a32f3 Moved hashing functions into core. #include<osquery/hash.h> 2015-01-15 17:16:05 -08:00
Mitchell Grenier
c13a0e79a5 Most hashing stuff working though rerun bug is still plaguing the queries 2015-01-15 15:06:30 -08:00
Teddy Reed
803204a9dd iokit_registry table 2015-01-15 12:53:46 -08:00
mike@arpaia.co
aef517a29e Fix for #628 2015-01-15 12:11:25 -08:00
Teddy Reed
4db7c90758 Merge pull request #608 from theopolis/linux_ports 
Moved socket_inode on Linux to process_open_files
 2015-01-13 14:54:35 -08:00
Teddy Reed
a709a34220 Merge pull request #605 from theopolis/fix_599 
[Fix #599] Rename kextstat->kernel_extensions
 2015-01-13 14:53:32 -08:00
Teddy Reed
ac0f2f96e4 Split OSX process_open_files into files/sockets 2015-01-13 11:05:54 -08:00
Teddy Reed
f0eec6fbe3 Adding listening_ports to Linux 2015-01-13 09:51:40 -08:00
Teddy Reed
bb6f313c6c Moved socket_inode on Linux to process_open_files 2015-01-13 08:26:47 -08:00
Teddy Reed
6deeba39c9 Merged Linux/OSX interfaces implementation 2015-01-11 01:39:16 -07:00
Teddy Reed
6dfc5d88f4 Added interfaces to Linux 2015-01-11 00:42:23 -07:00
Teddy Reed
a2cc1c85ea [Fix #599] Rename kextstat->kernel_extensions 2015-01-11 00:38:03 -07:00
Teddy Reed
45ee10f162 More complete make package 2015-01-07 16:07:19 -08:00
Teddy Reed
2ad15763e2 Provide example config, improve pid check 2015-01-07 15:22:50 -08:00
Teddy Reed
dbb7050376 Merge pull request #575 from theopolis/fix_574 
[Fix #574] Undef DEBUG for apt-pkg for make debug
 2015-01-06 07:29:02 -08:00
Teddy Reed
27541d4260 [Fix #574] Undef DEBUG for apt-pkg for make debug 2015-01-06 06:53:42 -08:00
Teddy Reed
f865647d0c [Fix #545] Simpler socket_info parsing in process_open_files 2015-01-06 06:23:48 -08:00
Norm MacLennan
7a6eb8255a renaming apt sources gen function 2015-01-05 18:02:55 -05:00
Norm MacLennan
38447838db merging upstream cmake changes 2015-01-05 17:43:07 -05:00
Teddy Reed
d2cea32644 Use CMake find_library for dependencies 2015-01-05 08:32:05 -08:00
Norm MacLennan
a6b769b6f4 a table to show apt package sources 2015-01-04 19:44:45 -05:00
Norm MacLennan
cf08d605f0 code review changes and adding revision field 2015-01-02 13:30:04 -05:00
Norm MacLennan
18f40b0952 fixing compatibility issues with 1204 dpkg version 2015-01-01 18:58:00 -05:00
Norm MacLennan
dd4a9d9d74 merging cmake changes for distro-specific tables 2014-12-31 13:06:54 -05:00
Teddy Reed
ed00c95dca Support centos/ubuntu-specific tables 2014-12-31 09:38:18 -08:00
Teddy Reed
914ae37a72 Move CMakeLibs and valgrind supp file 2014-12-31 08:32:23 -08:00
Norm MacLennan
beff9471f8 resolve merge conflict with upstream 2014-12-30 18:21:00 -05:00
Norm MacLennan
0191f1de29 resurrect the deb_packages table 2014-12-30 17:24:49 -05:00
Sean Williams
c54a568af3 Merge pull request #528 from facebook/linux-camb 
Initial linux kernel instrumentation bits
 2014-12-29 14:20:54 -08:00
Teddy Reed
8c6e45e9b5 Fix ca_certs memory leak 2014-12-25 12:49:45 -08:00
Teddy Reed
94811f3ee8 Removed 'core' tables as a build dependency 2014-12-25 12:46:59 -08:00
Teddy Reed
e4b60e883a Variable amalgamation output filename 2014-12-23 21:53:59 -07:00
Theodore M. Reed
b2be1fa383 Whole link tests and refactor flags_test 2014-12-23 20:38:16 -08:00
Teddy Reed
b2dca55539 Build leaner libosquery, allow control over spec/impl 2014-12-23 20:07:12 -08:00
Theodore M. Reed
01005c72b3 Moved crontab out of utility 2014-12-23 14:39:59 -08:00
Theodore M. Reed
53d683a3b3 Remove tables dependency from CMake build 2014-12-23 14:37:07 -08:00
Theodore M. Reed
7b0640e4eb Move table link dependencies into tables CMakeLists 2014-12-23 14:37:00 -08:00
Teddy Reed
ff7ca1e800 Merge pull request #557 from theopolis/xprotect_results 
OSX results of XProtect hits
 2014-12-18 13:04:08 -08:00
mike@arpaia.co
b9f732c31f Updating the license comment to be the correct open source header 
As per t5494224, all of the license headers in osquery needed to be updated
to reflect the correct open source header style.
 2014-12-18 10:52:55 -08:00
Teddy Reed
6a6851c4bc Merge pull request #544 from theopolis/events_2.0 
Events 2.0
 2014-12-17 20:17:02 -08:00
Teddy Reed
888f74de36 OSX results of XProtect hits 2014-12-17 18:35:01 -08:00
Teddy Reed
4453806dce Remove raw pattern from XProtect 2014-12-17 14:46:53 -08:00
Teddy Reed
7602d17de9 Move base64Decode from ca_certs testing to conversions 2014-12-17 14:03:52 -08:00
Teddy Reed
fefe6de824 OSX XProtect siganture DB as virtual table 2014-12-16 21:35:26 -08:00
Teddy Reed
8c38492b2a Add XProtect vtable to OSX 2014-12-16 17:59:07 -08:00
Teddy Reed
d5c5253bbc Add osquery_flags vtable 2014-12-16 02:07:50 -08:00
Teddy Reed
b5535256e6 [Fix #546] Rename md5 to config_md5 and add config_path to osquery_info 2014-12-16 01:52:02 -08:00
Teddy Reed
4425bed23e Merge pull request #504 from Anubisss/master 
Adding a table which maps services from /etc/services.
 2014-12-16 01:23:05 -08:00
Teddy Reed
6de14466db Events 2.0 using pbr 2014-12-15 11:55:05 -08:00
Teddy Reed
fcdf49d17f WIP migrating Linux Events 2014-12-15 00:43:28 -08:00
Teddy Reed
17efa0b3d6 Migrate subscribers on OSX 2014-12-15 00:25:28 -08:00
Teddy Reed
c1e37b73fb Non-static event type and name IDs 2014-12-14 18:03:41 -08:00
anuka
fa95ff09d8 Some fix for etc_services. 
Signed-off-by: anuka <david.vas1@gmail.com>
 2014-12-14 22:14:00 +01:00
anuka
375c837b74 Merge remote-tracking branch 'upstream/master' 2014-12-13 15:27:09 +01:00
Teddy Reed
00c88a19bc Add timeout to netlink socket read 2014-12-12 17:50:47 -08:00
Teddy Reed
acccfa94e2 IOKit HID events and OSX hardware_events table 2014-12-11 18:06:08 -08:00
Teddy Reed
7b56fa605d PCI/USB parity 2014-12-10 19:51:18 -08:00
Teddy Reed
a75fa3bf11 Merge pull request #538 from theopolis/improve_usb 
Improve usb_devices on OSX
 2014-12-10 19:51:08 -08:00
mike@arpaia.co
8f8bc6b772 osquery_info table 2014-12-10 18:38:41 -08:00
Teddy Reed
b08ad3cb14 Check USB property for CFString type 2014-12-10 09:12:12 -08:00
Teddy Reed
f29e0c17ca Update ca_certs_tests to use moved OSX conversions 2014-12-10 01:59:13 -08:00
Teddy Reed
4644c5e19b Simple usb_devices updates 2014-12-10 01:52:02 -08:00
Teddy Reed
7ba4fb31dd Merge pull request #536 from theopolis/suid_fix 
Suid fix
 2014-12-10 01:19:48 -08:00
Teddy Reed
0b5083bd0e Improve usb_devices on OSX 2014-12-10 01:17:24 -08:00
Teddy Reed
ab8df11818 Add filesystem_error catching and remove suid_bin from BL 2014-12-09 20:13:39 -08:00
Teddy Reed
9a9de67b93 Restrict suid_bin to common search paths 2014-12-09 16:38:14 -08:00
Teddy Reed
192224977d Add small delay if NL read = 0 2014-12-09 16:02:25 -08:00
Teddy Reed
22c9664ae1 [Fix #530] Continue to read from NL socket 2014-12-09 15:49:40 -08:00
Sean Williams
341fbc3b53 -Conform to new table function signature 
-Add proper include and fix brackets on macro
-Let osquery core do the integer cast for syscall_addr_modified
-Fix misc cruft
 2014-12-09 01:47:51 +00:00
Sean Williams
48bf3192e1 kernel_integrity vtable to use camb 2014-12-08 23:58:33 +00:00
Teddy Reed
2ebbbf6f98 Linux udev events 2014-12-08 14:13:47 -08:00
Teddy Reed
b890670be1 Replace linux cmdline tokens with spaces 2014-12-07 00:35:24 -07:00
Teddy Reed
7c738c8497 Codemod to improve include search paths 2014-12-03 15:14:02 -08:00
Teddy Reed
20dee9c274 Merge pull request #515 from theopolis/faster_generator 
Towards simple table generation
 2014-12-03 12:57:09 -08:00
Teddy Reed
a50400d34f Merge pull request #510 from wxsBSD/issue_475 
Implement signed columns for users and groups.
 2014-12-03 12:46:02 -08:00
Teddy Reed
5d99dc0325 Use a single class for Table plugins 2014-12-03 12:43:55 -08:00
Teddy Reed
ebd77d47c4 Amalgamate generated tables 2014-12-03 02:02:11 -08:00
Teddy Reed
343cdf8405 Organize /tools 2014-12-02 21:16:24 -08:00
Teddy Reed
f4337243ec Towards simple table generation 2014-12-02 20:36:46 -08:00