Commit Graph

1894 Commits

Author SHA1 Message Date
Mike Arpaia
657731b11c Formatting the callback function in the model_specific_register table
`int osquery::filter(const struct dirent*)` seemed like a pretty generic
symbol to have in our symbol table, so I changed it to
`int msrScandirFilter(const struct dirent*)`
2015-06-03 20:56:16 -07:00
Teddy Reed
aaedb48a8f Merge pull request #1168 from mofarrell/model-specific-register-table
Created a table for information in the model specific register.
2015-06-03 17:56:44 -07:00
Michael O'Farrell
5e9383a16b Created a table for information in the model specific register.
This infomation is primarily related to the performance of processor
cores.  The information given constitutes only a small portion of
the information in the model specific register, but this table
has been designed so that more information may easily be added.
The table requires osquery be run as the root, and that the msr
kernel module is loaded.  The table reads the msr data from /dev
2015-06-03 15:55:57 -07:00
Teddy Reed
95dbd11636 Merge pull request #1186 from theopolis/pack_platforms
Query pack platform binds should match any/all
2015-06-03 14:32:26 -07:00
Teddy Reed
8aacaca7eb Query pack platform binds should match any/all 2015-06-03 13:56:39 -07:00
Teddy Reed
be0803adb0 Merge pull request #1178 from theopolis/move_specs
Move specs to a top-level path, add query examples
2015-06-03 13:40:32 -07:00
Teddy Reed
a105924804 Move specs to a top-level path, add query examples
1. Example queries will run with an (optional) integration test.
2. Fix bad accesses with OS X package BOMs
3. Move spec files from ./osquery/tables/specs to ./specs
4. Remove server parsers (netlib) from client builds.
2015-06-03 10:39:05 -07:00
Teddy Reed
c70cddd258 Merge pull request #1184 from theopolis/devmapper-1.02.90
[Fix #1176] Merge Redhat-based package dependencies
2015-06-03 10:26:51 -07:00
Teddy Reed
e2599aaa19 Merge Redhat-based package dependencies 2015-06-02 18:10:43 -07:00
Teddy Reed
5899bbb8f5 Merge pull request #1182 from theopolis/osx_rocksdb_portable
Build RocksDB from source on Darwin
2015-06-02 15:50:15 -07:00
Teddy Reed
eeab588d8f Build RocksDB from source on Darwin 2015-06-02 15:25:16 -07:00
Teddy Reed
31ee0e35c0 Merge pull request #1177 from sharvilshah/fix_deallocation_build_error
Fix OS X build: Deallocate array with delete[] instead of delete
2015-06-02 15:24:24 -07:00
Javier Marcos
64c94f9043 Merge pull request #1179 from javuto/fix_platform_packs_schedule
Fix that checks the right platform to schedule packs
2015-06-02 15:22:11 -07:00
Javier Marcos
b87f9f6a50 Final fix for the platform check 2015-06-02 15:11:57 -07:00
Sharvil Shah
4ab79a8bd6 deallocate array with delete[] instead of delete 2015-06-02 15:09:22 -07:00
Teddy Reed
420b4edcef Merge pull request #1181 from theopolis/rhel_6.5_automake
[Fix #1165] Remove package-manager installed automake for older distros
2015-06-02 03:19:29 -07:00
Teddy Reed
f41fb6b107 Remove package-manager installed autoconf tools for older distros 2015-06-02 03:05:47 -07:00
Teddy Reed
0669d8205e Merge pull request #1174 from theopolis/remote_logger
TLS/HTTPS-based logger plugin
2015-06-02 02:59:34 -07:00
Teddy Reed
db8213c83d Merge pull request #1180 from theopolis/db_check_fix
Fix DBHandle checking with concurrent processes.
2015-06-02 02:59:18 -07:00
Teddy Reed
33f53809ad Fix DBHandle checking with concurrent processes.
`make tests` fails with another osquery process running.
The backing-store check happens after a config plugin is setUp and
the initial load occures. This may involve calls to cached keys, the
check should occur pre-config initialize.
2015-06-02 02:50:04 -07:00
Teddy Reed
da9bd5801b Migrate HTTP remote logger to TLS logger 2015-06-01 10:12:31 -07:00
Teddy Reed
7d4142b28c Merge pull request #1172 from wxsBSD/freebsd_build_fixes
Fix build on FreeBSD.
2015-05-29 21:43:35 -07:00
Wesley Shields
80749c3531 Chase constraint changes introduced in #1170.
The changes done in #1170 broke some of the tables on FreeBSD.
2015-05-30 01:42:44 +00:00
Wesley Shields
571fd65796 Fix build on FreeBSD.
Missing osquery/tables.h include in routes.cpp and need to add gen_users
to blacklist on FreeBSD.
2015-05-30 01:14:08 +00:00
Teddy Reed
f954e2c7e8 Merge pull request #1170 from mofarrell/exists-all
Constraint existence now check for constraints using specific operator types.
2015-05-29 16:10:30 -07:00
Michael O'Farrell
77aa36fa0b Constraint existence now check for constraints using specific operator types.
This change allows QueryContext constraints to be checked for based on
operator type.  This makes checks for the existence of an equality
operator allow enumeration.

Example:
  if (context.constraints["pid"].exists(EQUALS)) {
    pids = context.constraints["pid"].getAll(EQUALS);
  } else {
    osquery::procProcesses(pids);
  }
2015-05-29 13:47:04 -07:00
Teddy Reed
4647b8737b Merge pull request #1167 from wxsBSD/freebsd_processes
Implement process related tables on FreeBSD.
2015-05-29 12:55:24 -07:00
Wesley Shields
6558f605ff Implement process related tables on FreeBSD.
This implements the following tables on FreeBSD:

process_envs
process_memory_map
process_open_files
process_open_sockets
processes

All the heavy lifting is done with libprocstat(3). All the tables follow
the same general principle. Use the common function, getProcesses() in
procstat.cpp, to get the processes and then generate the rows for each
process returned. There is also a procstatCleanup() function commonly
used across all the tables.

The one thing I am not able to test is the process_open_sockets table on
an IPv6 machine.
2015-05-29 19:17:49 +00:00
Mitchell Grenier
418e6495c0 Adding a remote logger for osquery
The first draft of the remote logger for osquery. This should give a rough idea
of how the code will be structured and function. RFC please.

At the advice of @theopolis, I removed the category type and added the
http_logger key. We figure this should be more efficient and doesn't have to
be known at compile time.
2015-05-28 17:14:56 -07:00
Teddy Reed
ce3ac8a7e3 Merge pull request #1164 from theopolis/packs
Pack and testing fixups
2015-05-28 16:47:35 -07:00
Teddy Reed
56fe564b4e Merge pull request #1166 from theopolis/extensions_docs
[#1076] RTD wiki article on extensions autoloading
2015-05-28 16:47:29 -07:00
Teddy Reed
6591916fed [#1076] RTD wiki article on extensions autoloading 2015-05-28 16:27:29 -07:00
Teddy Reed
4064fa6eb5 Pack and testing fixups 2015-05-28 12:17:27 -07:00
Teddy Reed
e9ef8b7a4f Merge pull request #1163 from mark-ignacio/x509-unixtime
Converted CFAbsoluteTime in X509 certificates to UNIX time
2015-05-27 17:21:53 -07:00
Mark Ignacio
84f8203dfd Converted CFAbsoluteTime in X509 certificates to UNIX time 2015-05-27 15:23:46 -07:00
Teddy Reed
ff9243bce1 Merge pull request #1159 from mofarrell/user-groups-table
Wrote a user_groups table for darwin and linux based system.
2015-05-27 11:38:06 -07:00
Teddy Reed
f4823e7588 Merge pull request #1162 from theopolis/vagrant-aws
Amazon AWS/EC2 Vagrant support for RHEL/Amazon Linux
2015-05-27 11:37:19 -07:00
Teddy Reed
b405d9f24a Build/vagrant wiki cleanup
1. Adding us-west-2
2. Support for VPC/subnet options
3. Excluding binary/git dirs from AWS rsync
2015-05-27 11:12:02 -07:00
Michael O'Farrell
80356b26f0 Wrote a user_groups table for darwin and linux based system.
The user_groups table represents the association between user ids and group ids.

Darwin Issue:
Issues arise in darwin systems with users that are members of many groups due
to a bug in Apple's implementation of getgrouplist.  If the number of groups a
user is a member of is greater than 64 a truncated association table may
be returned.
2015-05-27 10:32:46 -07:00
Blake Frantz
28d9237b50 Amazon EC2-based vagrant targets for RHEL/Amazon Linux
1. added docs for vagrant-aws support in Vagrantfile
2. removed aws target that have local vagrant support. inline-string'd aws.user_data
3. support building rhel6/7 in aws
4. correct aws-rhel6.6 name. it should be rhel6.5
2015-05-26 21:03:10 -07:00
Teddy Reed
13673bb7a2 Merge pull request #1158 from theopolis/tls_workflow
TLS/Enroll plugin workflow optimizations
2015-05-26 20:12:56 -07:00
Teddy Reed
8b3686a58a TLS plugin workflow tests 2015-05-26 19:55:00 -07:00
Teddy Reed
8b21a47710 Merge pull request #1157 from theopolis/cmake_cleanup
[Fix #1154] Clean up CMake messages and check TP
2015-05-23 17:38:17 -07:00
Teddy Reed
b90b21bc2d [Fix #1154] Clean up CMake messages and check TP 2015-05-23 17:15:28 -07:00
Teddy Reed
5e8c9b66d4 Merge pull request #1153 from theopolis/cleans
Detect TLS version from OpenSSL/CMake FIND_LIBRARY
2015-05-23 13:57:23 -07:00
Teddy Reed
69dc7e29ea Merge pull request #1156 from theopolis/test_from_root
Allow unit tests execs from project root
2015-05-23 13:56:27 -07:00
Teddy Reed
4a6c002f62 Allow unit tests execs from project root 2015-05-23 13:12:31 -07:00
Teddy Reed
5969ae4fbf Clean up TLS-version from OpenSSL detection 2015-05-23 13:04:36 -07:00
Teddy Reed
700384dedc Minify tables namespace, extra CMake macros 2015-05-22 10:29:04 -07:00
Javier Marcos
9a4f611baf Merge pull request #1155 from javuto/osquery_packs_table
Osquery packs table
2015-05-21 20:32:45 -07:00