Michael O'Farrell
77aa36fa0b
Constraint existence now check for constraints using specific operator types.
...
This change allows QueryContext constraints to be checked for based on
operator type. This makes checks for the existence of an equality
operator allow enumeration.
Example:
if (context.constraints["pid"].exists(EQUALS)) {
pids = context.constraints["pid"].getAll(EQUALS);
} else {
osquery::procProcesses(pids);
}
2015-05-29 13:47:04 -07:00
Teddy Reed
ce3ac8a7e3
Merge pull request #1164 from theopolis/packs
...
Pack and testing fixups
2015-05-28 16:47:35 -07:00
Teddy Reed
56fe564b4e
Merge pull request #1166 from theopolis/extensions_docs
...
[#1076 ] RTD wiki article on extensions autoloading
2015-05-28 16:47:29 -07:00
Teddy Reed
6591916fed
[ #1076 ] RTD wiki article on extensions autoloading
2015-05-28 16:27:29 -07:00
Teddy Reed
4064fa6eb5
Pack and testing fixups
2015-05-28 12:17:27 -07:00
Teddy Reed
e9ef8b7a4f
Merge pull request #1163 from mark-ignacio/x509-unixtime
...
Converted CFAbsoluteTime in X509 certificates to UNIX time
2015-05-27 17:21:53 -07:00
Mark Ignacio
84f8203dfd
Converted CFAbsoluteTime in X509 certificates to UNIX time
2015-05-27 15:23:46 -07:00
Teddy Reed
ff9243bce1
Merge pull request #1159 from mofarrell/user-groups-table
...
Wrote a user_groups table for darwin and linux based system.
2015-05-27 11:38:06 -07:00
Teddy Reed
f4823e7588
Merge pull request #1162 from theopolis/vagrant-aws
...
Amazon AWS/EC2 Vagrant support for RHEL/Amazon Linux
2015-05-27 11:37:19 -07:00
Teddy Reed
b405d9f24a
Build/vagrant wiki cleanup
...
1. Adding us-west-2
2. Support for VPC/subnet options
3. Excluding binary/git dirs from AWS rsync
2015-05-27 11:12:02 -07:00
Michael O'Farrell
80356b26f0
Wrote a user_groups table for darwin and linux based system.
...
The user_groups table represents the association between user ids and group ids.
Darwin Issue:
Issues arise in darwin systems with users that are members of many groups due
to a bug in Apple's implementation of getgrouplist. If the number of groups a
user is a member of is greater than 64 a truncated association table may
be returned.
2015-05-27 10:32:46 -07:00
Blake Frantz
28d9237b50
Amazon EC2-based vagrant targets for RHEL/Amazon Linux
...
1. added docs for vagrant-aws support in Vagrantfile
2. removed aws target that have local vagrant support. inline-string'd aws.user_data
3. support building rhel6/7 in aws
4. correct aws-rhel6.6 name. it should be rhel6.5
2015-05-26 21:03:10 -07:00
Teddy Reed
13673bb7a2
Merge pull request #1158 from theopolis/tls_workflow
...
TLS/Enroll plugin workflow optimizations
2015-05-26 20:12:56 -07:00
Teddy Reed
8b3686a58a
TLS plugin workflow tests
2015-05-26 19:55:00 -07:00
Teddy Reed
8b21a47710
Merge pull request #1157 from theopolis/cmake_cleanup
...
[Fix #1154 ] Clean up CMake messages and check TP
2015-05-23 17:38:17 -07:00
Teddy Reed
b90b21bc2d
[ Fix #1154 ] Clean up CMake messages and check TP
2015-05-23 17:15:28 -07:00
Teddy Reed
5e8c9b66d4
Merge pull request #1153 from theopolis/cleans
...
Detect TLS version from OpenSSL/CMake FIND_LIBRARY
2015-05-23 13:57:23 -07:00
Teddy Reed
69dc7e29ea
Merge pull request #1156 from theopolis/test_from_root
...
Allow unit tests execs from project root
2015-05-23 13:56:27 -07:00
Teddy Reed
4a6c002f62
Allow unit tests execs from project root
2015-05-23 13:12:31 -07:00
Teddy Reed
5969ae4fbf
Clean up TLS-version from OpenSSL detection
2015-05-23 13:04:36 -07:00
Teddy Reed
700384dedc
Minify tables namespace, extra CMake macros
2015-05-22 10:29:04 -07:00
Javier Marcos
9a4f611baf
Merge pull request #1155 from javuto/osquery_packs_table
...
Osquery packs table
2015-05-21 20:32:45 -07:00
Javier Marcos
f86b2bc6f3
Adding checks to avoid duplicated queries in the schedule
2015-05-21 19:23:38 -07:00
Mike Arpaia
6f30c40041
Merge pull request #1152 from sharvilshah/xattr_parse_where_from
...
More thorough where_from parsing in extended_attributes
2015-05-21 16:32:32 -07:00
Javier Marcos
2b834a401a
Fixing problem with extensions test, utility tables were added to core
2015-05-21 14:10:20 -07:00
Javier Marcos
886ad6e928
Added table for the packs and check for already scheduled queries
2015-05-21 13:42:45 -07:00
Sharvil Shah
a216ef2886
Use CoreServices Metadata API to parse kMDItemWhereFroms for file xattrs and now includes non-browser values too
2015-05-20 10:50:25 -07:00
Teddy Reed
4ff2fc1db2
Merge pull request #1151 from theopolis/crontab-fix
...
Include several search paths for user contabs
2015-05-20 10:47:32 -07:00
Javier Marcos
81819e3d64
Table for osquery packs
2015-05-19 18:45:04 -07:00
Javier Marcos
c6855fab43
Table for osquery packs
2015-05-19 18:44:28 -07:00
Teddy Reed
b3338dc5d2
Merge pull request #1146 from theopolis/tls
...
Towards TLS config/logging
2015-05-19 17:17:04 -07:00
Teddy Reed
2a1f496cc5
Towards TLS config/logging
2015-05-19 17:05:55 -07:00
Teddy Reed
983d107fe6
Search for cronstabs in /cron and /cron/crontabs
2015-05-19 15:51:03 -07:00
Teddy Reed
f32371f94f
Merge pull request #1150 from theopolis/mounts
...
Add mounts table support under FreeBSD
2015-05-19 15:45:01 -07:00
Ryan Steinmetz
949f84f3a8
Add mounts table support under FreeBSD
...
Cleanup blacklist entries for FreeBSD (mounts/users/groups)
2015-05-19 15:33:06 -07:00
Javier Marcos
65e6e38e0f
Merge pull request #1143 from javuto/pack_config_changes
...
Support to load query packs as scheduled queries
2015-05-16 15:37:27 -07:00
Javier Marcos
47e680e825
Adding tests and implementing version checker
2015-05-15 22:25:19 -07:00
Teddy Reed
7dd446ad56
Merge pull request #1137 from theopolis/oracle-2
...
[#1090 ] Oracle 5.11 (gateway to CentOS5.11, RHEL5.11)
2015-05-15 08:50:25 -07:00
Teddy Reed
f5945f98b4
Oracle 5.11
2015-05-14 22:44:01 -07:00
Teddy Reed
525c584a0b
Merge pull request #1141 from theopolis/static_cryptsetup
...
Build libcryptsetup statically
2015-05-14 22:33:56 -07:00
Teddy Reed
9ee839b265
Build libcryptsetup statically
2015-05-14 19:36:00 -07:00
Javier Marcos
aa27159bb8
Proper update of the schedule and iterate all the packs
2015-05-14 17:20:00 -07:00
Teddy Reed
9854897522
Merge pull request #1127 from blakefrantz/master
...
add support for amazon linux 2015.03
2015-05-14 15:58:38 -07:00
Javier Marcos
e170692db6
Top level key is packs
2015-05-13 23:10:44 -07:00
Javier Marcos
4d8b05d861
Adding parsed packs to schedule
2015-05-13 21:19:54 -07:00
Javier Marcos
9e9ab079ec
Adding support for packs in configuration files
2015-05-13 13:55:01 -07:00
Blake Frantz
4262dd502d
add install_iptables_dev
2015-05-13 11:52:49 -07:00
Blake Frantz
3a49fc46c8
Merge remote-tracking branch 'upstream/master'
2015-05-13 07:38:41 -07:00
Blake Frantz
410dec3a9c
update provision/lib.sh to support amazon linux
2015-05-13 07:37:59 -07:00
Teddy Reed
4d9d264600
Merge pull request #1136 from theopolis/zi0r-patch-1
...
Add first wave of support for building on FreeBSD
2015-05-12 23:57:23 -07:00