valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 18:33:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
745 Commits 2 Branches 109 Tags 25 MiB
6cddf4ad39
Commit Graph

745 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mike Goffin
6cddf4ad39 Mounts table for Darwin. 
Associated with #255, this adds Mounts table support for Darwin.
 2014-11-17 13:43:59 -05:00
Teddy Reed
0c675b23f2 Fix testing (only requireInstance) for DBHandle once 2014-11-13 09:33:13 -08:00
Teddy Reed
417bc8d222 Merge pull request #424 from vmauge/cpuid_default_value 
Set ouput_bit to 0 instead of cast error
 2014-11-12 23:17:22 -08:00
Vincent Mauge
632151d56a Set ouput_bit to 0 instead of cast error 2014-11-12 22:02:04 -08:00
Teddy Reed
be26c999ad Merge pull request #420 from theopolis/feature-better-logging 
More control over logging
 2014-11-12 17:27:03 -08:00
Teddy Reed
153cc7208f More control over logging 2014-11-12 18:19:22 -07:00
Teddy Reed
aa933491d2 Merge pull request #416 from theopolis/hack_fix_386 
[Fix #386] This is a hack to fix Ubuntu unwinding
 2014-11-12 16:43:18 -08:00
Teddy Reed
b419c79791 [Fix #386] This is a hack to fix Ubuntu unwinding 2014-11-12 17:12:37 -07:00
Mike Arpaia
10a4430f00 Merge pull request #419 from facebook/pretty-print-unicode 
Support for multi-byte characters in osqueryi results
 2014-11-12 16:51:48 -05:00
mike@arpaia.co
a8832482b3 implementation for #360 2014-11-12 16:51:14 -05:00
mike@arpaia.co
b423286297 failing test 2014-11-12 16:30:18 -05:00
Mike Arpaia
5f5b916ba9 Merge pull request #418 from facebook/homebrew-formula 
including the formula file
 2014-11-12 16:19:16 -05:00
mike@arpaia.co
b8566f557e including the formula file 2014-11-12 16:18:27 -05:00
Mike Arpaia
40f060a1c0 Merge pull request #417 from facebook/osx-crap 
only use most active version of a dependency
 2014-11-12 16:08:43 -05:00
mike@arpaia.co
019e9e25de only use most active version of a dependency 2014-11-12 16:07:31 -05:00
Teddy Reed
a5ef6a1f70 Merge pull request #414 from theopolis/feature-use-sqltypes 
Use SQLite types
 2014-11-12 11:07:50 -08:00
Teddy Reed
0d8b9d3eaa Use SQLite types 2014-11-12 11:07:24 -08:00
mike@arpaia.co
adb8bf7602 Merge branch 'master' of github.com:facebook/osquery 2014-11-12 10:57:14 -05:00
mike@arpaia.co
600027eb52 If the symlink is broken, delete it first. 2014-11-12 10:56:57 -05:00
Teddy Reed
578035caa6 Merge pull request #412 from theopolis/build_env 
Tons of new build features
 2014-11-12 00:58:18 -08:00
Teddy Reed
525a3b79a0 Tons of new build features 
* The OS/DISTRO are available as defines when writing tables:
  UBUNTU, UBUNTU_14_04, UBUNTU_12_04
  CENTOS, CENTOS_6_6
  DARWIN, DARWIN_10_10, DARWIN_10_9
* The table generation tooling now grabs virtual tables templates
  from ./osquery/tables/templates/<name>.cpp.in.
* The table generation tooling will detect reserved column names.
* suid_bin uses the new UBUNTU to restrict calls to root (fix #362).
 2014-11-12 00:57:47 -08:00
Mike Arpaia
dfa47cd7ab Merge pull request #410 from facebook/make-osx-pack 
build packages without config files
 2014-11-11 17:56:25 -05:00
mike@arpaia.co
535b1a0ef0 build packages without config files 
If you want to manage your osqueryd config via some other means than
this package creation logic, just leave off the `-c` flag and it won't
include the config in your package. Then you can distribute the config
however you'd like.
 2014-11-11 17:54:22 -05:00
Teddy Reed
3816173ae3 Merge pull request #408 from theopolis/spec_docs_examples 
Table spec documentation examples
 2014-11-11 11:26:27 -08:00
Teddy Reed
8e408f987e Table spec documentation examples 2014-11-11 11:26:11 -08:00
Mike Arpaia
a4444a0de4 Merge pull request #407 from facebook/nullptr-checks 
removing superfluous nullptr checks.
 2014-11-11 11:18:41 -05:00
mike@arpaia.co
88bec43d8a removing superfluous nullptr checks. close #404 2014-11-11 11:17:28 -05:00
mike@arpaia.co
77694a7b50 updating docs for 1.0.5 2014-11-11 11:04:53 -05:00
mike@arpaia.co
89222fe558 make deps warning shouldn't fatal 2014-11-11 10:59:42 -05:00
mike@arpaia.co
898c6e7a40 Revert "removing make deps check, as it causes automated builds to fail" 
This reverts commit acf02b679d.
 2014-11-11 10:55:04 -05:00
mike@arpaia.co
acf02b679d removing make deps check, as it causes automated builds to fail 2014-11-11 10:53:48 -05:00
Mike Arpaia
eb125589fb Merge pull request #406 from facebook/1.0.4-documentation 
Adding the website docs for 1.0.4
 2014-11-11 09:50:39 -05:00
mike@arpaia.co
4d2c2b4a95 Adding the website docs for 1.0.4 2014-11-11 09:49:50 -05:00
Mike Arpaia
e59233b305 Merge pull request #405 from facebook/centos-build 
include the newer kernel headers
 2014-11-11 09:31:40 -05:00
mike@arpaia.co
42b32d0bbf include the newer kernel headers. fix for #401 2014-11-11 09:28:04 -05:00
Mike Arpaia
fd363fbcdc Merge pull request #399 from vmauge/genapi_blacklist 
Fix genapi.py to handle new blacklist mechanism
 2014-11-11 08:20:37 -05:00
Vincent Mauge
3e9e5ffc69 Fix genapi.py to handle new blacklist mechanism 
For now we generate doc for blacklist tables.
We should report those tables with a specific flag on the html output.
 2014-11-11 00:51:13 -08:00
Mike Arpaia
6f6e4bfeca Merge pull request #397 from facebook/host-identifier 
Added --host_identifier option
 2014-11-10 16:52:01 -05:00
Bryan Eastes
ec081c9a54 Added --host_identifier option 
Conflicts:
	osquery/core/system.cpp
 2014-11-10 16:41:13 -05:00
Teddy Reed
08bbd47a02 Merge pull request #396 from theopolis/feature-vtable-blacklist 
Support USE_BLACKLIST=1 to remove tables from release
 2014-11-10 13:32:01 -08:00
Teddy Reed
8b1af689db Blacklist is now on by default 2014-11-10 13:30:38 -08:00
Teddy Reed
177229ead1 Add queries_from_config to profile 2014-11-10 13:30:38 -08:00
Teddy Reed
050e942d11 Support USE_BLACKLIST=1 to remove tables from release 2014-11-10 13:30:38 -08:00
Mike Arpaia
cbe56931ef Merge pull request #287 from astanway/master 
Socket_inode and port_inode tables to map PIDs->ports via netlink inet_diag
 2014-11-10 16:15:46 -05:00
mike@arpaia.co
9effc14903 FindBoost is busted 2014-11-10 16:14:48 -05:00
Abe Stanway
6a6dc8f997 linux-headers-generic 2014-11-10 15:02:31 -05:00
Abe Stanway
811d98c595 free(linkname) and no more 'self' 2014-11-10 15:02:31 -05:00
Abe Stanway
30149a70f9 Updated 2014-11-10 15:02:31 -05:00
Abe Stanway
322fde0121 Socket_inode and port_inode tables to map PIDs->ports via netlink inet_diag 
Example query:
```
SELECT port.local_port,
       port.remote_port,
       port.local_ip,
       port.remote_ip,
       socket.pid,
       process.name,
       process.cmdline
       process.path
       FROM socket_inode AS socket
       JOIN port_inode AS port
       ON socket.inode = port.inode
       INNER JOIN processes AS process
       ON socket.pid = process.pid;
```
 2014-11-10 15:02:31 -05:00
Teddy Reed
86d2ac208b Use leaks for OSX memory leak profiling 2014-11-10 11:34:17 -08:00