Mitchell Grenier
92045900aa
[ Fix #2696 ] Add kernel development mode check to OS X ( #2735 )
2016-11-09 22:07:19 -08:00
Evan
d89d4bad6a
Fixed type in function description ( #2688 )
2016-10-28 13:04:29 -07:00
Teddy Reed
172363d3f5
Fix debug-kernel build and deploy dependencies ( #2266 )
2016-07-20 17:21:20 -07:00
Teddy Reed
57c6b2a521
Revive the OS X kernel-based publishers ( #2083 )
...
The OS X kernel subscribers have not been starting because they expect the
publisher thread to run before they begin configuration. Due to some recent
refactors the publisher thread creation now occurs after configuration.
The subscriber logic to check for a valid kernel connection is still valid.
This commit has two additional side-effects:
- The RocksDB plugin is modified to use 3 background merge threads.
- The OS X kernel publisher syncing thread is now non-blocking.
2016-05-11 11:47:42 -07:00
Sahal Sajjad
3e7bf22c4a
Merge pull request #1877 from sahalsajjad/master
...
Corrected typo in OS X kernel extension debug output
2016-04-04 11:29:04 -07:00
Baraa Hamodi
21c2237eca
[osquery] Update copyright headers to new format.
2016-02-11 11:48:58 -08:00
Teddy Reed
dfa32d9e7e
Update OS X kernel building to include distro
2016-01-19 16:20:16 -08:00
Teddy Reed
b7650e5291
Remove passwd_changes and user_data from event callbacks
2015-12-07 17:47:38 -08:00
Teddy Reed
50550e607a
Build and provision edits for FreeBSD CI
2015-11-02 01:47:09 -08:00
Teddy Reed
b81b6de6ae
This refactors a bit of config/packs and adds a socket_events table to Linux.
...
The refactor of config/packs was initiated because event subscribers needed
a method for toggling `::init` based on some configurable option. In the case
of auditd, turning on the support with `--disable_audit=false` used to start
auditing the EXECVE syscall. It was understandable that this would cause
latency based on the number of processes executing per measure of time.
A new `socket_events` table will do the same but for `bind` and `connect`. These
are less-obvious and for now, require a scan of /proc for socket tuples. In the
future this file descriptor to socket tuple will be faster.
2015-10-27 15:13:02 -07:00
Raphael Salas
025348d9de
fixing kernel-configure-target syntax error
2015-10-22 13:13:49 -04:00
Teddy Reed
b7a2d861bf
Build Glog with OS X ABI, add SKIP_BENCHMARK
2015-10-11 14:37:49 -07:00
Teddy Reed
333f2ce8c8
[ #1506 ] Silent kext loading messages from syslog
2015-09-16 13:13:56 -07:00
Teddy Reed
2813d3ab87
Add a Linux audit event publisher
2015-09-03 08:45:02 -07:00
Teddy Reed
b9ded9e7af
[ #1402 ] Add notes around pack paths in example.conf
2015-08-12 17:15:42 -07:00
Michael O'Farrell
9f2b318778
Added kernel file access events.
2015-07-31 15:06:46 -07:00
Michael O'Farrell
93a65eaf04
Merge pull request #1400 from mofarrell/process-events-env-arg
...
Adding environment variables and arguments for process events.
2015-07-27 17:54:06 -07:00
Michael O'Farrell
3f87d5832f
Adding environment variables and arguments for process events.
2015-07-27 15:48:47 -07:00
Teddy Reed
af13c1b7ea
Silence google benchmark CMake output, remove benchmark tests
2015-07-24 09:52:29 -07:00
Michael O'Farrell
a65f8dd93c
Added benchmarking targets.
2015-07-23 17:07:42 -07:00
Teddy Reed
270b4da540
[ Fix #1339 ] Add kernel-build to packages when used
2015-07-16 15:23:29 -07:00
Michael O'Farrell
58ec6415d3
Created a basic publisher system for kernel events in the kernel extension.
2015-07-13 16:42:55 -07:00
Teddy Reed
0e49a3a9a1
Build separate OS X packages
2015-07-13 15:44:16 -07:00
Michael O'Farrell
dd1f0af0ff
Build system changes for kernel extension testing and deployment.
2015-07-09 11:50:23 -07:00
Michael O'Farrell
4bbb591b37
Added kernel process events table.
2015-07-08 13:47:07 -07:00
Michael O'Farrell
a00fb638c2
Added kernel event publisher.
2015-07-01 17:40:42 -07:00
Michael O'Farrell
1ab7040d83
Kernel extension fixes for daemon shutdown process.
2015-06-30 18:00:25 -07:00
Michael O'Farrell
e1ccd78ba1
Added unloading make target for kernel.
2015-06-30 14:41:54 -07:00
Michael O'Farrell
d7aeaecf93
Merge pull request #1252 from theopolis/kernel-build
...
Towards CMake-based OS X kernel extension building
2015-06-30 12:30:36 -07:00
Teddy Reed
757940fe6f
Towards CMake-powered kernel extension building
2015-06-30 00:49:16 -07:00
Michael O'Farrell
680ffd3bc8
Added a gangsta test (gtest) for the kernel communications.
...
This test does not evaluate the functionality of the kernel
communication unless the KERNEL_TEST flag was set during the build.
The test will not succeed unless the tests are being run as root.
2015-06-29 12:12:54 -07:00
Michael O'Farrell
89fb4fbaf0
Moved kernel userland code into the osquery directory structure.
...
Test cpp files are dead.
2015-06-25 12:38:39 -07:00
Michael O'Farrell
7adf170540
Base kernel module with circular queue and test.
2015-06-23 16:16:19 -07:00
Mike Arpaia
3103843e68
removing old unused kernel code
2015-05-05 11:39:41 -07:00
Sean Williams
51c2adae02
Function doc return value clarity
2014-12-20 21:42:00 -08:00
Sean Williams
9bb8efb9d9
Explicitly move out of osquery proper
2014-12-18 16:45:32 -08:00