valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 10:23:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,068 Commits 2 Branches 109 Tags 25 MiB
7241becda1
Commit Graph

2068 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Teddy Reed
0854c3ddc3 Merge pull request #1292 from theopolis/memory_tweaks 
Some tweaks to estimated scratch/heap for SQLite and RocksDB
 2015-07-07 08:11:30 -07:00
Teddy Reed
f48619ed28 [#1285, #1276] Faster, optimized subscriber results 2015-07-07 00:59:28 -07:00
Teddy Reed
41002b829c Merge pull request #1299 from timzimmermann/date 
Add date information to time table
 2015-07-07 00:46:32 -07:00
Teddy Reed
d2685cfa41 [#1142] Move path resolution into publisher logic 2015-07-07 00:45:55 -07:00
Teddy Reed
bf65e3d2d6 Event index time and streaming 2015-07-07 00:44:57 -07:00
Teddy Reed
f30ef54097 Merge pull request #1305 from mlw/master 
Minor fixes to support building on Ubuntu 10.04
 2015-07-07 00:04:43 -07:00
Tim Zimmermann
0c3b123cb1 Add date information to time table 
The fix also includes the time in ISO 8601 format
as well as the format returned by C++'s asctime().
See #1297.
 2015-07-07 00:00:50 -07:00
Teddy Reed
0e3eb388de Merge pull request #1308 from arirubinstein/master 
Fix version string for TLS plugins
 2015-07-06 23:52:55 -07:00
Ari Rubinstein
be72e42bf1 Fix version string for TLS plugins 
Before, osqueryd would send `osquery/OSQUERY_BUILD_VERSION` as the user agent and appeared broken.  I copied the logic from the osquery version table and used that var here also so the user agent now reads 1.4.7
 2015-07-06 22:12:26 -07:00
Mike Arpaia
8fe1c4029d Add google group email to the wiki 
Let's start using our google group for long-form questions so that we
can leave issues for implementation tasks.
 2015-07-06 17:24:27 -07:00
Matthew White
11f447a959 Minor fixes to support building on Ubuntu 10.04 2015-07-06 15:18:11 -07:00
Teddy Reed
efe1ff18ee Merge pull request #1274 from theopolis/read_limits 
[Fix #1171, #1089] Add configurable max reads
 2015-07-06 01:06:12 -07:00
Teddy Reed
dd9fa25d78 [Fix #1171, #1089] Add configurable max reads 
There are 3 new options that control how files are read:
--read_max: controls the maximum size, in bytes, for file reads. If a file is larger than `read_max` the read will fail.
--read_user_max: similar to `read_max` but applies additional limitations to user-controlled files.
--read_user_links: a boolean control to enable/disable following symlinks for user-controlled files.

Important highlights:
If files exceed the configured max, those reads will fail.
The `read_max` will override `read_user_max` if it is set lower.
A default integer value of `0` will disable the limitations.

The default `read_max` is set to 50M and the default `read_user_max` is 10M.
 2015-07-06 00:49:43 -07:00
Teddy Reed
33ea79b8f7 Merge pull request #1300 from zi0r/freebsdfixes 
Fix build under FreeBSD
 2015-07-03 18:59:16 -07:00
Ryan Steinmetz
6f6bd8cabc - Fix build under FreeBSD 2015-07-03 19:47:47 -04:00
Teddy Reed
e73a867b75 Merge pull request #1269 from theopolis/fsevents_symlinks 
[Fix #1063] Allow configure-time symlink resolution in FSEvents
 2015-07-03 00:37:58 -07:00
Mike Arpaia
4f94c0034c Merge pull request #1290 from timzimmermann/uptime 
Uptime
 2015-07-03 00:23:44 -07:00
Tim Zimmermann
fa988b4e56 Add uptime table 
The table contains information about the time passed since the last boot.
 2015-07-02 22:32:48 -07:00
Michael O'Farrell
4e93902932 Merge pull request #1296 from mofarrell/processes-table-fix 
[Fix #1295] `processes` table to report gid correctly.
 2015-07-02 17:28:03 -07:00
Michael O'Farrell
a712cd5036 Fix processes table to report gid correctly. 2015-07-02 17:03:25 -07:00
Teddy Reed
546aaa885d [Fix #1063] Allow configure-time symlink resolution in FSEvents 2015-07-02 16:50:27 -07:00
Teddy Reed
66e5802818 Merge pull request #1266 from theopolis/glob 
Replace custom wildcarding with POSIX-glob
 2015-07-02 16:46:37 -07:00
Teddy Reed
7aac5fd358 Replace custom wildcarding with POSIX-glob 
POSIX-globbing will allow event publishers/subscribers to post-check
results against glob-syntax, fnpath matching, and POSIX C-regex.
These checks are anecdotally speedy.
 2015-07-02 13:53:16 -07:00
Teddy Reed
a8813ab7d8 Some tweaks to estimated scratch/heap for SQLite and RocksDB 2015-07-02 13:52:39 -07:00
Teddy Reed
64e4afa136 Merge pull request #1294 from theopolis/relax_test_timesouts 
Relax extensions and shell timeouts
 2015-07-02 13:50:07 -07:00
Teddy Reed
89e5b6c729 Relax extensions and shell timeouts 2015-07-02 12:14:44 -07:00
Teddy Reed
409414d8aa Merge pull request #1283 from Rasoran/master 
add epoch number to device-mapper version
 2015-07-02 10:39:16 -07:00
Teddy Reed
e24614c959 Merge pull request #1286 from theopolis/relay_status_logs 
[#1277] Forward status logs to osqueryd workers
 2015-07-02 10:33:58 -07:00
Mike Arpaia
4ef32fc343 Merge pull request #1291 from marpaia/readme-cleaning 
README updates
 2015-07-01 23:50:06 -07:00
Mike Arpaia
1a6a6d4a1c README updates 
Moving platform specific build instructions to the wiki, to keep the
README brief.
 2015-07-01 23:47:41 -07:00
Nicholas Sun
df716fb589 manually specify device-mapper, treating amazon as rhel7 2015-07-01 22:06:08 -04:00
Nicholas Sun
82db123f6a changed to only set epoch number for cent7 2015-07-01 21:16:19 -04:00
Michael O'Farrell
8625851bfb Merge pull request #1281 from mofarrell/kernel-event-publisher 
Kernel event publisher
 2015-07-01 17:51:01 -07:00
Michael O'Farrell
a00fb638c2 Added kernel event publisher. 2015-07-01 17:40:42 -07:00
Mike Arpaia
51f594e2bf Merge pull request #1284 from marpaia/whats-snappenin 
Install snappy headers instead of just the library
 2015-07-01 16:25:04 -07:00
Mike Arpaia
ba89b67cc5 Install snappy headers instead of just the library 
We found that not installing the headers for snappy caused RocksDB's
snappy detection to not find that snappy was installed:
https://goo.gl/YOWJl0

The snippet there requires that the headers are installed, not just the
library. By installing the headers, we can ensure that snappy is linked.

OR, alternatively, we could just leave it and not link snappy. It's
uncertain what the specific benefits of including snappy are for our
use-case. (CC @igorcanadi)
 2015-07-01 16:14:06 -07:00
Teddy Reed
79de0a5def [#1277] Forward status logs to osqueryd workers 
If watcher processes generate warning or error status logs they
will "relay" to the worker processes upon successful sanity check.
 2015-07-01 15:26:26 -07:00
Michael O'Farrell
859d34a3af Merge pull request #1280 from mofarrell/kernel-daemon-shutdown-fix 
Kernel extension fixes for daemon shutdown process.
 2015-07-01 11:00:51 -07:00
Nicholas Sun
1389b5e8f9 add epoch number to device-mapper version 2015-07-01 14:47:22 +00:00
Michael O'Farrell
1ab7040d83 Kernel extension fixes for daemon shutdown process. 2015-06-30 18:00:25 -07:00
Michael O'Farrell
c06d2db77c Merge pull request #1279 from mofarrell/kernel 
Added unloading make target for kernel.
 2015-06-30 14:44:49 -07:00
Michael O'Farrell
e1ccd78ba1 Added unloading make target for kernel. 2015-06-30 14:41:54 -07:00
Michael O'Farrell
a7bd4bd3db Merge pull request #1278 from facebook/master 
Merge branch 'master' into kernel
 2015-06-30 13:12:16 -07:00
Michael O'Farrell
d7aeaecf93 Merge pull request #1252 from theopolis/kernel-build 
Towards CMake-based OS X kernel extension building
 2015-06-30 12:30:36 -07:00
Teddy Reed
757940fe6f Towards CMake-powered kernel extension building 2015-06-30 00:49:16 -07:00
Mike Arpaia
5ef01b4075 Merge pull request #1272 from marpaia/getConfig 
rename osquery::getConfig to osquery::makeTLSConfigRequest
 2015-06-29 23:45:15 -07:00
Mike Arpaia
a2ec9d5885 rename osquery::getConfig to osquery::makeTLSConfigRequest 2015-06-29 23:33:40 -07:00
Mike Arpaia
06793f9d00 Merge pull request #1267 from marpaia/osquery-latest-no-more 
Remove "latest" from the osquery package names
 2015-06-29 15:09:31 -07:00
Teddy Reed
0e4962fde0 Merge pull request #1268 from theopolis/fix_yara_events_cmake 
Yara events was not building
 2015-06-29 14:58:30 -07:00
Teddy Reed
0d6ab16281 Yara events was not building 2015-06-29 14:45:31 -07:00