valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 02:18:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,088 Commits 2 Branches 109 Tags 25 MiB
66f4940456
Commit Graph

1088 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Teddy Reed
b5535256e6 [Fix #546] Rename md5 to config_md5 and add config_path to osquery_info 2014-12-16 01:52:02 -08:00
Teddy Reed
b442ef0fd3 Merge pull request #548 from theopolis/support_any_brew_openssl 
Use static openssl libs to support thrift 0.9.x
 2014-12-16 01:23:25 -08:00
Teddy Reed
4425bed23e Merge pull request #504 from Anubisss/master 
Adding a table which maps services from /etc/services.
 2014-12-16 01:23:05 -08:00
Teddy Reed
5bd8d9ac37 Use static openssl libs to support thrift 0.9.x 2014-12-16 01:15:58 -08:00
Teddy Reed
dd2eaf248a Fixing Linux syntax errors and tests for Events 2.0 2014-12-15 16:47:09 -08:00
Teddy Reed
6de14466db Events 2.0 using pbr 2014-12-15 11:55:05 -08:00
Teddy Reed
fcdf49d17f WIP migrating Linux Events 2014-12-15 00:43:28 -08:00
Teddy Reed
17efa0b3d6 Migrate subscribers on OSX 2014-12-15 00:25:28 -08:00
Teddy Reed
fbd56663d9 Migrate fsevents to events 2.0 2014-12-14 22:17:38 -08:00
Teddy Reed
d927495209 Support casted subscribes 2014-12-14 21:20:20 -08:00
Teddy Reed
c1e37b73fb Non-static event type and name IDs 2014-12-14 18:03:41 -08:00
Teddy Reed
d2a93cf8c1 Remove EventSubscriber macros 2014-12-14 17:05:07 -07:00
Teddy Reed
44dc60a740 Merge pull request #543 from theopolis/routes_timeout 
Add timeout to netlink socket read
 2014-12-14 13:43:35 -08:00
anuka
fa95ff09d8 Some fix for etc_services. 
Signed-off-by: anuka <david.vas1@gmail.com>
 2014-12-14 22:14:00 +01:00
Teddy Reed
0d00e4b0e9 Remove EventPublisher macros 2014-12-14 04:43:31 -07:00
anuka
375c837b74 Merge remote-tracking branch 'upstream/master' 2014-12-13 15:27:09 +01:00
Teddy Reed
00c88a19bc Add timeout to netlink socket read 2014-12-12 17:50:47 -08:00
Sean Williams
4faa10eba0 Move non-external API header files back to src dir 2014-12-12 14:45:29 -08:00
Teddy Reed
353b44c6cc Merge pull request #542 from theopolis/iokit_hid_events 
IOKit HID events and OSX hardware_events table
 2014-12-12 14:08:21 -08:00
Teddy Reed
cd20ed6b77 Prevent IOKitHID value subscriptions 2014-12-11 18:19:05 -08:00
Teddy Reed
acccfa94e2 IOKit HID events and OSX hardware_events table 2014-12-11 18:06:08 -08:00
Teddy Reed
8d1966f7ff Merge pull request #541 from theopolis/usb_parity 
PCI/USB parity
 2014-12-11 10:29:24 -08:00
Teddy Reed
7b56fa605d PCI/USB parity 2014-12-10 19:51:18 -08:00
Teddy Reed
a75fa3bf11 Merge pull request #538 from theopolis/improve_usb 
Improve usb_devices on OSX
 2014-12-10 19:51:08 -08:00
Teddy Reed
fcfac2174f Merge pull request #540 from facebook/osquery_info 
osquery_info table
 2014-12-10 19:50:45 -08:00
mike@arpaia.co
8f8bc6b772 osquery_info table 2014-12-10 18:38:41 -08:00
Teddy Reed
b08ad3cb14 Check USB property for CFString type 2014-12-10 09:12:12 -08:00
Teddy Reed
f29e0c17ca Update ca_certs_tests to use moved OSX conversions 2014-12-10 01:59:13 -08:00
Teddy Reed
4644c5e19b Simple usb_devices updates 2014-12-10 01:52:02 -08:00
Teddy Reed
7ba4fb31dd Merge pull request #536 from theopolis/suid_fix 
Suid fix
 2014-12-10 01:19:48 -08:00
Teddy Reed
b8f3d36754 Merge pull request #535 from theopolis/osqueryd_osquery 
Using osquery as the app ID
 2014-12-10 01:19:30 -08:00
Teddy Reed
0b5083bd0e Improve usb_devices on OSX 2014-12-10 01:17:24 -08:00
Bryan Eastes
bd97cb501a First draft of workaround for #520 2014-12-10 00:15:27 -08:00
Teddy Reed
ab8df11818 Add filesystem_error catching and remove suid_bin from BL 2014-12-09 20:13:39 -08:00
Teddy Reed
76d97f60ac Merge pull request #534 from theopolis/linux_netlink 
[Fix #530] Continue to read from NL socket
 2014-12-09 18:24:42 -08:00
Teddy Reed
5b029c96ec Using osquery as the app ID 2014-12-09 17:37:58 -08:00
Teddy Reed
9a9de67b93 Restrict suid_bin to common search paths 2014-12-09 16:38:14 -08:00
Teddy Reed
192224977d Add small delay if NL read = 0 2014-12-09 16:02:25 -08:00
Teddy Reed
22c9664ae1 [Fix #530] Continue to read from NL socket 2014-12-09 15:49:40 -08:00
Teddy Reed
f4a226f4cf Merge pull request #533 from theopolis/static_build_osx 
Link the brew dependencies statically on OSX
 2014-12-09 14:03:54 -08:00
Teddy Reed
2fae6c0d7c Link the brew dependencies statically on OSX 2014-12-09 13:40:53 -08:00
Teddy Reed
c26c3a6dfa Merge pull request #532 from arirubinstein/master 
Force git to return something if tags aren't found
 2014-12-09 10:12:19 -08:00
Ari Rubinstein
27b6fb021e Force git to return something if tags aren't found 
If there are no tags in the current repository, this command will fail leaving the OSQUERY_BUILD_VERSION blank, and therefore breaking the package building process (and presumably other things too) due to the empty version flag.  By adding the flag --always, this forces git to fallback to a commit id instead of returning nothing.
 2014-12-09 09:52:36 -08:00
Mike Arpaia
ee285fca91 Merge pull request #531 from facebook/pidfile-fix 
Fixing pidfile creation bug
 2014-12-09 02:21:01 -08:00
mike@arpaia.co
0846b6ddd5 Fixing pidfile creation bug 
If osqueryd was killed and another process was started with osqueryd's
old pid before a new osqueryd could start, osqueryd would encounter a
bug where osqueryd would never start.

This executes an osquery query to the processes table to make sure that
the name of the process is "osqueryd". Of course, you could perhaps
denial of service osqueryd this way, but that would require root
filesystem access (assuming that the last version of osqueryd was
ran as root). Thoughts?
 2014-12-08 23:52:38 -08:00
mike@arpaia.co
fda82f21ab TARGETS updates 2014-12-08 18:20:02 -08:00
Sean Williams
3984b8268f Merge branch 'linux-camb' of github.com:facebook/osquery into linux-camb 2014-12-09 01:50:47 +00:00
Sean Williams
341fbc3b53 -Conform to new table function signature 
-Add proper include and fix brackets on macro
-Let osquery core do the integer cast for syscall_addr_modified
-Fix misc cruft
 2014-12-09 01:47:51 +00:00
Sean Williams
1b89e07287 Let osquery core do the integer cast for syscall_addr_modified 2014-12-09 01:36:21 +00:00
Sean Williams
1fe8ce89c5 Add proper include and fix brackets on macro 2014-12-09 00:27:08 +00:00