valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 09:58:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,158 Commits 2 Branches 109 Tags 25 MiB
5d0e4be6a1
Commit Graph

2158 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael O'Farrell
5d0e4be6a1 Merge pull request #1335 from mofarrell/kernel-file-events 
Added kernel file access events.
 2015-07-31 15:22:11 -07:00
Michael O'Farrell
9f2b318778 Added kernel file access events. 2015-07-31 15:06:46 -07:00
Mike Arpaia
fd15276820 Merge pull request #1415 from marpaia/build-10-9 
Build 10 9
 2015-07-31 13:38:51 -07:00
Mike Arpaia
a45c794f52 building on 10.9 2015-07-31 11:57:39 -07:00
osquery
ae8305e00e Revert "Remove OS X 10.9 code path since we no longer support it" 
This reverts commit 05bbe2ce06.
 2015-07-31 11:44:34 -07:00
Michael O'Farrell
b0289adcf5 Merge pull request #1414 from theopolis/env_limits 
Add optional environment variable whitelist to process_events
 2015-07-30 18:17:31 -07:00
Teddy Reed
dc82ffa636 Add optional environment variable whitelist to process_events 2015-07-30 16:05:11 -07:00
Michael O'Farrell
5b2e4242d5 Merge pull request #1413 from mofarrell/executable-size 
Executable size benchmark change.
 2015-07-30 15:45:27 -07:00
Michael O'Farrell
dda11ce74a Executable size benchmark change. 2015-07-30 15:44:25 -07:00
Michael O'Farrell
8c8c591195 Merge pull request #1404 from mofarrell/load-kernel 
Added loading of kernel.
 2015-07-30 15:20:33 -07:00
Michael O'Farrell
eaf7de08df Added loading of kernel. 2015-07-30 14:36:46 -07:00
Michael O'Farrell
9e20d5904d Merge pull request #1412 from theopolis/use_sigkill 
Use SIGKILL on OS X
 2015-07-30 10:55:56 -07:00
Michael O'Farrell
f694149584 Merge pull request #1411 from mofarrell/benchmark-means 
Benchmark using mean across 5 runs.
 2015-07-29 18:00:35 -07:00
Teddy Reed
8082a0b5ac Use SIGKILL on OS X 2015-07-29 17:05:45 -07:00
Michael O'Farrell
346743e87f Benchmark using mean across 5 runs. 2015-07-29 16:50:19 -07:00
Chris Down
7a66b7620b Merge branch 'cdown-allow_duplicate_uids_in_user_table' 2015-07-29 16:29:51 -07:00
Michael O'Farrell
1bbe961083 Merge pull request #1410 from mofarrell/executable-size 
Report bytes using `wc`
 2015-07-29 15:11:56 -07:00
Michael O'Farrell
5956e685e9 Report bytes using word count 2015-07-29 15:10:20 -07:00
Michael O'Farrell
53b39454e0 Merge pull request #1409 from mofarrell/executable-size 
Benchmark stripped binary size.
 2015-07-29 11:54:54 -07:00
Michael O'Farrell
46ee4b491c Benchmark stripped binary size. 2015-07-29 11:35:04 -07:00
Chris Down
260df0d6d0 linux users table: Do not drop users with duplicate UIDs 
See Github issue #1301. FreeBSD (which also uses this table) by default has two
users which are UID 0 -- both `toor` and `root`. 19a2d64959 made it so that we
would only get the first one from `getpwent`, but this feature is undesirable
in cases where two different users share the same UID.
 2015-07-29 09:00:47 -07:00
Michael O'Farrell
48ef62bda6 Merge pull request #1406 from mofarrell/executable-size-benchmark 
Added benchmark for executable size.
 2015-07-28 23:14:58 -07:00
Michael O'Farrell
0cb5730d55 Added benchmark for executable size. 2015-07-28 22:34:22 -07:00
Teddy Reed
fa36a8918b Merge pull request #1401 from theopolis/tests_and_benchmarks 
Various additional tests and benchmarks
 2015-07-28 13:20:46 -07:00
Teddy Reed
ff9cb71628 Various additional tests and benchmarks 2015-07-28 12:26:17 -07:00
Michael O'Farrell
93a65eaf04 Merge pull request #1400 from mofarrell/process-events-env-arg 
Adding environment variables and arguments for process events.
 2015-07-27 17:54:06 -07:00
Michael O'Farrell
3f87d5832f Adding environment variables and arguments for process events. 2015-07-27 15:48:47 -07:00
Mike Arpaia
2170c249fc Merge pull request #1399 from facebook/marpaia-patch-1 
Update an error in the incident response pack
 2015-07-27 15:39:34 -07:00
Teddy Reed
b89bfe9e93 Merge pull request #1394 from wxsBSD/yara_strings_and_tags 
Add tags and strings columns to YARA tables.
 2015-07-27 15:12:58 -07:00
Mike Arpaia
bad6481375 Update an error in the incident response pack 
#1398
 2015-07-27 11:38:51 -07:00
Wesley Shields
698e226b80 Add tags and strings columns to YARA tables. 
When strings match they will be populated into the "strings" column of
the table. The format is identifier:offset.

When a matching rule has tags defined the tags will be put into the
"tags" column of the table in a comma separated list.
 2015-07-27 08:20:24 -04:00
Teddy Reed
e07b053496 Merge pull request #1388 from glensc/platform 
don't qualify any system with lsb-release as ubuntu
 2015-07-26 18:11:42 -07:00
Teddy Reed
e2553e26b1 Merge pull request #1391 from theopolis/1374 
[Fix #1374] Allow subscription subclassing
 2015-07-26 13:46:19 -07:00
Mike Arpaia
d427f9b776 Merge pull request #1393 from alex/patch-1 
Fixed #1392 -- removed non-existant modes from .mode's help
 2015-07-26 13:18:57 -07:00
Alex Gaynor
e9dca0ef4d Fixed #1392 -- removed non-existant modes from .mode's help 2015-07-26 13:34:08 -04:00
Teddy Reed
d2effc539c [Fix #1374] Allow subscription subclassing 2015-07-26 01:48:27 -07:00
Teddy Reed
66d000fb29 Merge pull request #1389 from glensc/patch-1 
Update building.md
 2015-07-26 01:19:47 -07:00
Elan Ruusamäe
9a4bc7ede4 Update building.md 
fix doc link
 2015-07-25 16:49:31 +03:00
Elan Ruusamäe
bb40956844 don't qualify any system with lsb-release as ubuntu 2015-07-25 14:52:59 +03:00
Teddy Reed
267c0e1c3d Merge pull request #1386 from theopolis/silence_benchmark 
Silence google benchmark CMake output, remove benchmark tests
 2015-07-24 20:00:08 -07:00
Teddy Reed
af13c1b7ea Silence google benchmark CMake output, remove benchmark tests 2015-07-24 09:52:29 -07:00
Teddy Reed
5cd9adae15 [Fix ##1385] Remove com.yourcompany from packs due to high FPs 2015-07-24 01:48:47 -07:00
Teddy Reed
cce8a6aab3 Merge pull request #1384 from theopolis/table_cleanups 
Remove some non-warning/error log lines from tables
 2015-07-24 00:32:11 -07:00
Teddy Reed
2d7ce9341a Remove some non-warning/error log lines from tables 2015-07-24 00:09:06 -07:00
Teddy Reed
928f46c00f Merge pull request #1379 from theopolis/fix_1369 
[Fix #1369] Limit IOKit HID events
 2015-07-23 18:26:04 -07:00
Teddy Reed
5e3a86d2a8 Merge pull request #1376 from theopolis/fix_1367 
[Fix #1367] Disable user-controlled FIFO reads
 2015-07-23 18:25:52 -07:00
Teddy Reed
220fa0bd92 Merge pull request #1383 from theopolis/fix_1381 
[Fix #1381] Add documentation/install for daemon+Homebrew
 2015-07-23 18:25:40 -07:00
Teddy Reed
264ec99bd3 Merge pull request #1378 from mlw/fix-ubuntu10-string-concat-crash 
Support for older GCC compiler
 2015-07-23 18:25:05 -07:00
Michael O'Farrell
66b075a685 Merge pull request #1377 from mofarrell/benchmark 
Added benchmarking targets.
 2015-07-23 17:37:56 -07:00
Michael O'Farrell
a65f8dd93c Added benchmarking targets. 2015-07-23 17:07:42 -07:00