osquery-1

mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 02:18:53 +00:00

Author	SHA1	Message	Date
Pablo S. Torralba	42c73897bf	Some minor stetic changes to keep the code clean	2014-10-31 14:27:15 -07:00
Mark Roberts	534999b396	Whitespace	2014-10-31 13:49:25 -07:00
Pablo S. Torralba	366274504b	Feedback fixes to clean the code a bit	2014-10-31 13:44:00 -07:00
Teddy Reed	8ad192d448	Merge pull request #312 from facebook/pretty_print_cols Fix 301, pragma cols pretty print	2014-10-31 11:36:02 -07:00
Mark Roberts	f38bcd390e	Add file_type to process_open_files	2014-10-31 11:13:35 -07:00
Denis Zhdanov	8e1b499b18	No, reverting back to getconf _NPROCESSORS_ONLN much simplier	2014-10-31 18:31:06 +01:00
Denis Zhdanov	0539746a9b	Update provision.sh Hm, jenkins do not likes getconf _NPROCESSORS_ONLN trying more complex $([[ $(uname) = 'Darwin' ]] && sysctl -n hw.logicalcpu_max \|\| lscpu -p \| egrep -v '^#' \| wc -l)	2014-10-31 18:22:03 +01:00
Teddy Reed	0604b3a5e0	Fix 301, pragma cols pretty print	2014-10-31 10:19:49 -07:00
Denis Zhdanov	a2863efce1	Fixing number of cores detection for boost builds This way of cores detection: ```bash cat /proc/cpuinfo \| grep "cpu cores" \| uniq \| awk '{print $NF}' ``` is cumbersome and didn't work in some cases, e.g. for VM on VirtualBox with one CPU. It's much better to use something else, e.g. ```bash getconf _NPROCESSORS_ONLN ``` as stated in https://stackoverflow.com/questions/6481005/obtain-the-number-of-cpus-cores-in-linux ```nproc``` also works well but didn't compatible with MacOS X.	2014-10-31 18:04:55 +01:00
Pablo S. Torralba	a6e04efdd7	Add quarantine vtable for OSX The tables reports: - path: The file in quarantine - creator: The application that created the file Example: osquery> select * from quarantine limit 10; +----------------------------------------------------------------------------+---------------+ \| path \| creator \| +----------------------------------------------------------------------------+---------------+ \| /Applications/Adium.app \| Google Chrome \| \| /Applications/Adium.app/Contents \| Google Chrome \| \| /Applications/Adium.app/Contents/_CodeSignature \| Google Chrome \| \| /Applications/Adium.app/Contents/_CodeSignature/CodeResources \| Google Chrome \| \| /Applications/Adium.app/Contents/Frameworks \| Google Chrome \| \| /Applications/Adium.app/Contents/Frameworks/Adium.framework \| Google Chrome \| \| /Applications/Adium.app/Contents/Frameworks/Adium.framework/Adium \| Google Chrome \| \| /Applications/Adium.app/Contents/Frameworks/Adium.framework/Headers \| Google Chrome \| \| /Applications/Adium.app/Contents/Frameworks/Adium.framework/PrivateHeaders \| Google Chrome \| \| /Applications/Adium.app/Contents/Frameworks/Adium.framework/Resources \| Google Chrome \| +----------------------------------------------------------------------------+---------------+ Fixes issue #231	2014-10-31 06:10:51 -07:00
Mark Roberts	3cf5aa4bae	Add lsof for #28 functionality to Darwin, refactor to use shared infra for process_envs	2014-10-31 03:28:14 -07:00
Teddy Reed	cdb5b29bda	Merge pull request #303 from facebook/pretty_print_ptrs Fix memset/memcpy for pretty print in osqueryi	2014-10-30 22:34:25 -07:00
Teddy Reed	bcca0824b0	Fix memset/memcpy for pretty print in osqueryi	2014-10-30 18:07:32 -07:00
Teddy Reed	fb81f9bedd	Merge pull request #300 from facebook/results_log_perms Fix #290, add permissions to osqueryd logging	2014-10-30 16:44:18 -07:00
Teddy Reed	1554bf3295	Fix #290 , add permissions to osqueryd logging	2014-10-30 15:03:05 -07:00
Teddy Reed	8cab68d2a3	Merge pull request #299 from facebook/fix_quotedsource Fix #281, quote SOURCE_DIR for source and pip	2014-10-30 14:32:56 -07:00
Teddy Reed	5e15cd0b28	Fix #281 , quote SOURCE_DIR for source and pip	2014-10-30 13:03:07 -07:00
Mike Arpaia	731e1c72ab	Merge pull request #296 from rjeczalik/master Install libunwind8-dev for Ubuntu 14.10	2014-10-30 11:54:36 -07:00
Teddy Reed	403fe28ee0	Merge pull request #295 from yetanotherhacker/spellfix Spelling fixes in comments and output.	2014-10-30 11:28:08 -07:00
Rafal Jeczalik	cf959cfc4f	Install libunwind8-dev for Ubuntu 14.10	2014-10-30 10:37:32 +01:00
yetanotherhacker	8cee7e0b3c	Spelling fixes in comments and output.	2014-10-30 04:27:00 -04:00
Teddy Reed	4ed61ff868	Merge pull request #288 from vmauge/NewLongType Add new long type and migrate some vtables	2014-10-29 23:12:52 -07:00
Mike Arpaia	db2ab124fd	Merge pull request #292 from ecin/patch-1 Reference wiki install instructions in the README.	2014-10-29 19:36:25 -07:00
ecin	60d53617f9	Reference wiki install instructions in the README. Could add `brew` and `apt-get` instructions once those are available.	2014-10-29 19:24:20 -07:00
Vincent Mauge	07bd114107	Change users table to used new long long int type for uid and gid It is now possible to do a proper order on uid or gid, ie: SELECT * FROM users ORDER BY uid;	2014-10-29 18:57:12 -07:00
Vincent Mauge	755d8c198e	Change groups table to used new long long int type for gid It is now possible to do a proper order on gid, ie: SELECT * FROM groups ORDER BY gid;	2014-10-29 18:57:00 -07:00
Vincent Mauge	7876d56219	Add support for long long int/BIGINT as a column type	2014-10-29 18:36:37 -07:00
Mike Arpaia	0f037d4082	Merge pull request #283 from facebook/fix_sockaddr_inc Fix #277, add socket.h to interfaces on darwin	2014-10-29 17:41:36 -07:00
Teddy Reed	cd74544208	Fix #277 , add socket.h to interfaces on darwin	2014-10-29 16:44:17 -07:00
Mike Arpaia	5f88d45efb	Merge pull request #275 from SimplyAhmazing/fix_brew_installation_verification_on_boxen_provisioned_macs Improves bash code that verifies if homebrew is installed	2014-10-29 15:26:21 -07:00
Mike Arpaia	a6e624f79d	Merge pull request #276 from quad/patch-1 Fix a small typo.	2014-10-29 15:24:50 -07:00
Mike Arpaia	892b89eb42	Merge pull request #278 from yannick/master add parenthesis for python3 compatibility	2014-10-29 15:24:23 -07:00
Yannick Koechlin	594cf346a9	add parenthesis for python3 compatibility	2014-10-29 22:37:54 +01:00
Scott Robinson	e57bfac5fb	Fix a small typo.	2014-10-30 08:25:25 +11:00
Ahmed Abdalla	825a55d0fb	improves bash code that verifies if homebrew is installed	2014-10-29 16:52:37 -04:00
Teddy Reed	eef4d31a93	Merge pull request #270 from facebook/process_envs Add process_envs table for OSX and Linux for issue #99	2014-10-29 11:22:09 -07:00
James Pearce	372713724d	Update README.md	2014-10-29 11:18:35 -07:00
Mark Roberts	3b90184da3	Fix clang format error	2014-10-29 10:43:32 -07:00
Mark Roberts	0867c2b547	Add process_envs table for OSX and Linux for issue #99	2014-10-29 03:45:26 -07:00
Teddy Reed	6dee18c29c	Merge pull request #264 from facebook/cpuid_table [vtables] CPUID asm call feature information	2014-10-29 03:40:46 -07:00
Teddy Reed	39f866387f	[vtables] CPUID asm call feature information	2014-10-29 03:09:34 -07:00
Teddy Reed	1f1b38976a	Merge pull request #261 from facebook/crontab [vtables] Crontab parsing for system/users	2014-10-29 02:52:11 -07:00
Teddy Reed	6db0c67555	Merge pull request #269 from vmauge/suidbin Add suid_bin vtable	2014-10-29 02:30:29 -07:00
Teddy Reed	8a9374d6e3	[vtables] Support linux crontab vars	2014-10-29 02:24:00 -07:00
Teddy Reed	94c64d80ce	Merge pull request #267 from facebook/kernel_modules [vtables] Linux kernel modules from procfs	2014-10-29 02:03:46 -07:00
Teddy Reed	818b223806	Merge pull request #266 from facebook/homebrew [vtables] Installed homebrew packages on OS X using paths	2014-10-29 02:00:26 -07:00
Vincent Mauge	471d5faaa0	Add suid_bin vtable The vtabel report : - path: full path of the file - unix_user: name of the owner (if not available display the uid) - unix_group: name of the groupe (if not available display the gid) - permissions: report suid or guid * S for suid bin * G for guid bin Example : osquery> select * from suid_bin; +----------------------------------------------------------------------------------------------------+-----------+---------------+-------------+ \| path \| unix_user \| unix_group \| permissions \| +----------------------------------------------------------------------------------------------------+-----------+---------------+-------------+ \| "/bin/ps" \| root \| wheel \| S \| \| "/bin/rcp" \| root \| wheel \| S \| \| "/Users/vmauge/suid_test" \| vmauge \| 999 \| SG \| \| "/usr/bin/at" \| root \| wheel \| S \| \| "/usr/bin/atq" \| root \| wheel \| S \| \| "/usr/bin/atrm" \| root \| wheel \| S \| \| "/usr/bin/batch" \| root \| wheel \| S \| \| "/usr/bin/crontab" \| root \| wheel \| S \| \| "/usr/bin/ipcs" \| root \| wheel \| S \| \| "/usr/bin/lockfile" \| root \| mail \| G \| \| "/usr/bin/login" \| root \| wheel \| S \| \| "/usr/bin/newgrp" \| root \| wheel \| S \| \| "/usr/bin/procmail" \| root \| mail \| G \| \| "/usr/bin/quota" \| root \| wheel \| S \| \| "/usr/bin/rlogin" \| root \| wheel \| S \| \| "/usr/bin/rsh" \| root \| wheel \| S \| \| "/usr/bin/su" \| root \| wheel \| S \| \| "/usr/bin/sudo" \| root \| wheel \| S \| \| "/usr/bin/top" \| root \| wheel \| S \| \| "/usr/bin/wall" \| root \| tty \| G \| \| "/usr/bin/write" \| root \| tty \| G \| \| "/usr/sbin/postdrop" \| root \| _postdrop \| G \| \| "/usr/sbin/postqueue" \| root \| _postdrop \| G \| \| "/usr/sbin/rpc.net" \| root \| wheel \| S \| \| "/usr/sbin/rpcset" \| root \| wheel \| S \| \| "/usr/sbin/traceroute" \| root \| wheel \| S \| \| "/usr/sbin/traceroute6" \| root \| wheel \| S \| +----------------------------------------------------------------------------------------------------+-----------+---------------+-------------+ This commit fixes issue #253.	2014-10-29 01:33:58 -07:00
Teddy Reed	339b63677e	[vtables] Rename homebrew files, some cleanup	2014-10-29 00:34:55 -07:00
Teddy Reed	c1991e94e5	[vtables] Add user crons and use files	2014-10-29 00:28:19 -07:00
Martin Majlis	d645dfc257	Initial implementation for the homebrew table.	2014-10-28 21:03:56 -07:00

... 3 4 5 6 7 ...

778 Commits