valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 09:58:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,885 Commits 2 Branches 109 Tags 25 MiB
5c47e2b91e
Commit Graph

2885 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tim Zimmermann
5c47e2b91e Add InstallHistory table 
See #1922.
 2016-04-01 09:51:01 -07:00
Teddy Reed
97690b1b95 Merge pull request #1983 from theopolis/decorators 
Introduce decorator queries
 2016-03-30 21:04:31 -07:00
Teddy Reed
c727b6d015 Merge pull request #1961 from zwass/syslog_events 
Add syslog table for querying of rsyslog logs
 2016-03-30 14:22:34 -07:00
Zachary Wasserman
98cdd3643f Add linux syslog virtual table 
This commit adds an event-based virtual table implementation for
querying the linux syslog. It introduces an event publisher that
attaches to a named pipe to ingest CSV formatted syslog forwarded from
rsyslogd. An event subscriber/virtual table makes these log lines
available for queries. Currently, no additional processing is done on
the input data besides parsing.

Using this table requires a properly configured rsyslogd. Documentation
for this configuration is forthcoming in the wiki.
 2016-03-30 13:36:57 -07:00
Teddy Reed
e77bb97ba5 Merge pull request #2016 from justintime32/scientific 
Add build support for Scientific Linux
 2016-03-30 13:05:59 -07:00
Justin Gerace
0c07203121 Add more Scientific Linux conditionals 2016-03-29 23:56:11 -07:00
Justin Gerace
bdb17d7418 Add build support for Scientific Linux 2016-03-29 22:25:59 -07:00
Teddy Reed
6901aa644a Merge pull request #1976 from theopolis/more_scheduler_tests 
Add test for SchedulerRunner
 2016-03-29 17:37:14 -07:00
Teddy Reed
5953ec7a92 Merge pull request #2014 from marpaia/code-of-conduct 
Migrate from Open Code of Conduct to Contributor Covenant
 2016-03-29 17:36:47 -07:00
Mike Arpaia
e74c6468e7 Migrate from Open Code of Conduct to Contributor Covenant 
The Open Code of Conduct is no longer maintained or supported. Many
other projects have found success with Contributor Covenant and it's
quickly becoming a standard. This PR migrates osquery's code of conduct
to use Contributor Covenant.
 2016-03-29 16:22:06 -07:00
Teddy Reed
ba553c002f Merge pull request #2005 from theopolis/himanshudas_master 
Merge missing package dependencies for Debian wheezy
 2016-03-29 15:50:28 -07:00
Teddy Reed
4de0737ce4 Add test for SchedulerRunner 2016-03-29 15:27:07 -07:00
Teddy Reed
e3436c72ef Merge pull request #1981 from PoppySeedPlehzr/master 
Treating the disabled plugins as a folder
 2016-03-29 15:24:45 -07:00
Nick Anderson
7677494849 Treating the 'Disabled Plug-ins' as a folder as opposed to a plugin, and added a 'disabled' column to the table 2016-03-29 14:28:25 -07:00
himanshudas
10211d938b Merge missing package dependencies for Debian wheezy 2016-03-29 11:49:57 -07:00
Teddy Reed
70043f55a3 Merge pull request #1966 from marpaia/fix-1962 
[Fix #1962] Clear cache of distributed query results after flush
 2016-03-29 11:41:43 -07:00
Teddy Reed
fd0e520d20 Remove bashisms from CentOS7 systemd service 2016-03-29 10:12:04 -07:00
Teddy Reed
2379493721 Introduce decorator queries 2016-03-29 10:03:50 -07:00
Mike Arpaia
d70affe3d3 [Fix #1962] Clear cache of distributed query results after flush 
If the distributed plugin's `writeResults` method can be successfully
called, we must clear the local vector of results so that we're not
constantly growing it over time.
 2016-03-29 09:26:27 -07:00
Teddy Reed
c2a364c573 Merge pull request #1982 from zwass/asl_test_fix 
Update flaky test for ASL table
 2016-03-28 17:51:40 -07:00
Zachary Wasserman
91691f71d6 Update flaky test for ASL table 
Previously, this test relied on there being console messages available
to query for. Now, it actually writes a message to ASL, then verifies
that the message can be found. It also exercises a more complicated
query than previously. Also remove potentially high latency queries.

Fixes issue #1975
 2016-03-28 14:06:53 -07:00
Teddy Reed
d71fa5b46a Remove forking from systemd service 2016-03-27 15:11:20 -07:00
Teddy Reed
2a350afb10 Merge pull request #1974 from theopolis/sane_logging_disable 
[Fix #1973] Improve logging/extensions relays
 2016-03-27 01:00:16 -07:00
Teddy Reed
b9194026db [Fix #1973] Improve logging/extensions relays 2016-03-27 00:43:02 -07:00
Teddy Reed
e663d91f00 Merge pull request #1972 from theopolis/fix_1971 
[Fix #1971] Use recursive locks for config data predicates
 2016-03-26 22:27:45 -07:00
Teddy Reed
1b83ecb30b Merge pull request #1970 from Centurion89/add_adware_osxattacks 
Adding detection for new adware variants to osx-attacks
 2016-03-26 22:27:24 -07:00
Chris Long
de1c630850 Adding wildcards 2016-03-27 00:10:27 -05:00
Teddy Reed
a18444813b [Fix #1971] Use recursive locks for config data predicates 2016-03-26 21:52:22 -07:00
Teddy Reed
68f3eb5b43 Merge pull request #1967 from zwass/create_table_docfix 
Collection of doc fixes
 2016-03-26 21:08:59 -07:00
Chris Long
c9e4f8038d Adding detection for new adware variants to osx-attacks 2016-03-26 10:47:44 -05:00
Teddy Reed
7ea46759d1 Merge pull request #1968 from synapsis2112/osquery_systemd] 
systemd properly supervised
 2016-03-25 18:35:02 -07:00
Matt Moran
f1bdf23d88 systemd properly supervised 2016-03-25 14:12:48 -07:00
Zachary Wasserman
0eff0f2f4e Collection of doc fixes 
- Minor fix in creating tables documentation
- Fix docs for join
- Add note about config paths
- Update events docs
- Fix link to query packs
 2016-03-25 14:12:41 -07:00
Teddy Reed
9f237479dc Merge pull request #1965 from sroberts/patch-1 
Inconsistant Pathing for Flags File
 2016-03-25 12:32:16 -07:00
Scott J. Roberts
9653b81833 Inconsistant Pathing 
When I added the flag file switch it was aimed at `/var/osquery`, but the package is built such that everything exists in `/private/var/osquery`. This simply makes this more consistent.
 2016-03-25 13:55:52 -04:00
Teddy Reed
684697ba8d Merge pull request #1963 from theopolis/yara_move 
Add move events to yara_events
 2016-03-24 12:16:18 -07:00
Teddy Reed
339f142da4 Add move events to yara_events 2016-03-24 11:24:54 -07:00
Teddy Reed
6f034a7156 Merge pull request #1957 from theopolis/events_dispatcher 
Move dispatcher to public API
 2016-03-21 15:58:47 -07:00
Teddy Reed
d2d1431061 Move dispatcher to public API 2016-03-21 15:27:51 -07:00
Teddy Reed
52a3285c18 Merge pull request #1953 from theopolis/pgroup 
[Fix #1878] Rename processes 'group' to 'pgroup'
 2016-03-20 22:14:08 -07:00
Teddy Reed
5ae039ffb0 Merge pull request #1954 from theopolis/fix_#1928 
[Fix #1928] Reorder deps installs to build all with clang
 2016-03-20 20:11:36 -07:00
Teddy Reed
eb76fc1860 Rename processes 'group' to 'pgroup' 2016-03-20 19:35:49 -07:00
Teddy Reed
27f4754e5e [Fix #1928] Reorder deps installs to build all with clang 2016-03-20 19:15:44 -07:00
Teddy Reed
cddd2e2772 Merge pull request #1955 from theopolis/harden_udev 
Protect udev publisher from fast interrupts
 2016-03-20 19:15:33 -07:00
Teddy Reed
482eecfab1 Protect udev publisher from fast interrupts 2016-03-20 18:46:34 -07:00
Teddy Reed
59196b6f44 Merge pull request #1952 from theopolis/profile_fix 
Fix shell's --profile switch
 2016-03-20 16:37:46 -07:00
Teddy Reed
ebb0ab30ce Fix shell's --profile switch 2016-03-20 16:05:13 -07:00
Teddy Reed
89c32de89d Merge pull request #1950 from friedbutter/signature_multiple_results 
add feature to select multiple rows to signature table
 2016-03-20 13:53:09 -07:00
Teddy Reed
0ab1a156cd Merge pull request #1882 from waywardmonkeys/patch-1 
Fix typos in example conf.
 2016-03-20 12:02:23 -07:00
Teddy Reed
b2950c29c3 Merge pull request #1949 from theopolis/extensions_exit 
Use the default shutdown flow within extensions
 2016-03-20 10:55:29 -07:00