valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 02:18:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,983 Commits 2 Branches 109 Tags 25 MiB
79818c72ab
Commit Graph

191 Commits

Author SHA1 Message Date
Nick Anderson
cf30388705 Moved test_utils to it's own directory out of core. Updated references (#2154) 2016-06-09 10:49:26 -07:00
Teddy Reed
0bb79c83e0 Remove the logHealth method from logger plugins (#2079) 2016-05-10 08:34:55 -07:00
Teddy Reed
9053a1f125 Include decorations within results events (#2068) 
Currently, the decorations are applied to statuses and results in batch format.
This seems like an oversight, decorations should be on all results.
 2016-05-05 13:19:10 -07:00
Teddy Reed
b6f09a7ecb Add action for snapshot query results (#2061) 2016-05-03 11:16:22 -07:00
Teddy Reed
a98e483ef5 Reset configuration state in relative tests 2016-04-12 13:06:02 -07:00
Teddy Reed
2379493721 Introduce decorator queries 2016-03-29 10:03:50 -07:00
Teddy Reed
a18444813b [Fix #1971] Use recursive locks for config data predicates 2016-03-26 21:52:22 -07:00
Teddy Reed
d2d1431061 Move dispatcher to public API 2016-03-21 15:27:51 -07:00
Teddy Reed
15a998e54f Use the default shutdown flow within extensions 2016-03-20 01:45:49 -07:00
Teddy Reed
3576189281 Check for interrupt requests in TLS config refresher 2016-03-18 12:03:27 -07:00
Teddy Reed
0ba2861cf9 [Fix #1920] Detach thread before joining/clearing (terminate) 2016-03-13 12:15:18 -07:00
Teddy Reed
3de52846d0 Remove boost::thread 2016-03-11 11:50:44 -08:00
Zachary Wasserman
c91798b083 Add path to error message when config file not found 
Example:
```
$ sudo ./build/darwin/osquery/osqueryd --allow_unsafe --config_path
/foo/bar
W0310 13:34:40.473743 1955008512 init.cpp:506] Error reading config:
config file does not exist: /foo/bar
```
 2016-03-10 14:13:08 -08:00
Teddy Reed
afd17f8134 1. Reorganize RocksDB database handle into a plugin 
2. Introduce a SQLite-based database plugin
3. Refactor database usage to include local 'fast-calls'
4. Introduce an 'ephemeral' database plugin for testing (like a mock)
 2016-03-06 20:40:16 -08:00
Teddy Reed
50440ddea5 [Fix #1866] Emit warning log with unknown options 2016-02-22 21:39:17 -08:00
Baraa Hamodi
21c2237eca [osquery] Update copyright headers to new format. 2016-02-11 11:48:58 -08:00
Teddy Reed
4031e299bb Cleanup/stabilize file_events-related APIs 2016-02-10 22:50:38 -08:00
Teddy Reed
02eb57fc47 Merge pull request #1832 from theopolis/pack_valid 
Valid bool in packs for shard/plaform/version checking
 2016-02-06 20:29:55 -08:00
Teddy Reed
a2754a01ef Valid bool in packs for shard/plaform/version checking 2016-02-06 17:54:56 -08:00
Teddy Reed
7f37304c77 Refactor dispatcher shutdown logic 2016-02-05 01:29:42 -08:00
Teddy Reed
21b3af199e Allow packs to add file_path categories 2016-01-08 17:59:19 -08:00
Teddy Reed
98eb6a5055 Reorganize file_events into process_file_events 2015-12-11 00:58:22 -08:00
Teddy Reed
9d394065e3 [#1636] Add simple sharding to packs and pack queries 2015-12-10 10:01:53 -08:00
Teddy Reed
fe234f8f96 Merge pull request #1711 from theopolis/fix_refresh_config 
Fix quick regression with config refresh runner
 2015-12-08 16:11:37 -08:00
Teddy Reed
1436d9d73a Fix quick regression with config refresh runner 2015-12-08 15:53:19 -08:00
Teddy Reed
309944c586 Configuration triggered publisher reconfiguration 2015-12-08 14:03:35 -08:00
Teddy Reed
12716496aa [Fix #1694] Expire results for 'old' scheduled queries 2015-12-07 12:23:43 -08:00
Teddy Reed
c020bb87b4 Merge pull request #1705 from theopolis/dump 
[#1702] Add config and database dumping to stdout
 2015-12-06 21:41:31 -08:00
Teddy Reed
eeff5d0bf0 [#1676] Clear node key on node_invalid 2015-12-06 14:28:00 -08:00
Teddy Reed
fef53fa0d0 Add config and database dumping to stdout 2015-12-06 11:01:26 -08:00
Teddy Reed
f687a84840 [Fix #1689] Remove C-style comments from config examples 2015-12-04 11:08:54 -08:00
Teddy Reed
2bad9d6a74 Changes to suport node-based configs 2015-11-24 14:44:56 -08:00
Sharvil Shah
4ac0e68c08 Fix clang-analyzer warning -- Use uint32_t instead of size_t for uniform_int_distribution 2015-11-24 00:56:37 -08:00
Teddy Reed
c441de27aa Merge pull request #1643 from theopolis/fix_wifi_analysis 
Fix missed nullptr checks in wifi
 2015-11-10 12:56:45 -08:00
Teddy Reed
0a6d334f27 Fix missed nullptr checks in wifi 2015-11-10 01:01:12 -08:00
Teddy Reed
18b1947e5b Config/Schedule should not populate in extensions 2015-11-06 09:52:10 -08:00
Teddy Reed
7c70183a87 Merge pull request #1625 from theopolis/pack_delim 
Add pack_delimiter option
 2015-11-03 21:05:44 -08:00
Teddy Reed
edea3d6edd [Fix #1626] Add schedule blacklist and protect DBHandle 2015-11-03 20:50:22 -08:00
Teddy Reed
15c4673c5a Add pack_delimiter option 2015-11-02 18:05:46 -08:00
Teddy Reed
15215cdbc0 Add persistent splays 2015-11-02 14:10:04 -08:00
Teddy Reed
5233d7dcf8 Add start time to osquery_info, remove md5/path 2015-11-02 10:57:01 -08:00
Teddy Reed
a3067fcbb5 Fix auditd message parsing 2015-10-27 16:56:42 -07:00
Teddy Reed
b81b6de6ae This refactors a bit of config/packs and adds a socket_events table to Linux. 
The refactor of config/packs was initiated because event subscribers needed
a method for toggling `::init` based on some configurable option. In the case
of auditd, turning on the support with `--disable_audit=false` used to start
auditing the EXECVE syscall. It was understandable that this would cause
latency based on the number of processes executing per measure of time.

A new `socket_events` table will do the same but for `bind` and `connect`. These
are less-obvious and for now, require a scan of /proc for socket tuples. In the
future this file descriptor to socket tuple will be faster.
 2015-10-27 15:13:02 -07:00
Robert C. Seacord
09481d0381 Fixed some type problems, casting away const, integer types, old style casts, etc. 2015-10-21 20:56:58 +00:00
Robert C. Seacord
7a87be9ada more sign coversion errors 2015-10-20 06:08:01 +00:00
Robert C. Seacord
e57828aac3 changes for integer sign problems 2015-10-17 00:18:35 +00:00
Robert C. Seacord
37b8e83a9e fixes for problems related to unsigned to signed integer comparisons 2015-10-16 16:10:36 +00:00
Teddy Reed
c7ff3dfb4f Merge pull request #1549 from theopolis/more_11 
Bumb RocksDB to ERROR, fix OS X kernel_info, silence compile warnings
 2015-10-11 20:39:56 +01:00
Teddy Reed
fb56646623 Restrict RocksDB log level to ERROR 2015-10-11 10:50:56 -07:00
Mike Arpaia
5789d889f4 Merge pull request #1538 from marpaia/discovery_queries 
[fix #1536] Schedule iteration pass-by-reference
 2015-09-30 15:50:05 -07:00