valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 10:23:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,405 Commits 2 Branches 109 Tags 25 MiB
7b270af6b2
Commit Graph

1349 Commits

Author SHA1 Message Date
Teddy Reed
7b270af6b2 Merge pull request #1623 from theopolis/simple_errors 
Remove specific filenames from RocksDB IOErrors
 2015-11-02 16:12:00 -08:00
Teddy Reed
5aa225d4c3 Merge pull request #1619 from sharvilshah/wifi 
Implement wifi_networks tables for OS X
 2015-11-02 16:11:21 -08:00
Teddy Reed
5728c93392 Remove specific filenames from RocksDB IOErrors 2015-11-02 15:12:52 -08:00
Teddy Reed
15215cdbc0 Add persistent splays 2015-11-02 14:10:04 -08:00
Teddy Reed
402490e75b Attempt to improve DB/query performance 2015-11-02 10:57:01 -08:00
Teddy Reed
6aae4c9aa0 Fix tests and shell escape errors (faults) 2015-11-02 10:57:01 -08:00
Teddy Reed
425e5e5596 Change the watcher limits to default=loose 2015-11-02 10:57:01 -08:00
Teddy Reed
5233d7dcf8 Add start time to osquery_info, remove md5/path 2015-11-02 10:57:01 -08:00
Teddy Reed
19427b1854 Add database benchmarks 2015-11-02 10:57:01 -08:00
Teddy Reed
75bfcddc31 Merge pull request #1622 from theopolis/faster_sockets 
Faster socket_events on Linux
 2015-11-02 10:56:37 -08:00
Teddy Reed
a1a9131174 Optimize socket_events and Linux users 2015-11-02 10:37:56 -08:00
Teddy Reed
50550e607a Build and provision edits for FreeBSD CI 2015-11-02 01:47:09 -08:00
Sharvil Shah
9a6d6d1293 Implement wifi_networks tables for OS X 
If the option of remembering known Wi-Fi networks is enabled on a system,
they are persisted to disk as a preferences property list file.
This table is populated by parsing that file.
 2015-11-01 16:53:51 -08:00
Teddy Reed
b97a2bcdb9 Merge pull request #1618 from theopolis/clang_addr_sanitize_3.7 
Passing clang Address/Leak Sanitize version 3.7
 2015-11-01 16:23:31 -08:00
Teddy Reed
6a07135648 Passing clang Address/Leak Sanitize version 3.7 2015-11-01 04:00:21 -08:00
Teddy Reed
d27a7ecc4c Fix clang warnings, promote warnings to errors 2015-11-01 02:12:07 -08:00
Teddy Reed
97a6521445 Merge pull request #1614 from theopolis/drop_around_files 
Expand the scope of permissions dropping
 2015-10-30 17:07:04 -07:00
Teddy Reed
09e4e3c42e Expand the scope of permissions dropping 2015-10-30 09:56:33 -07:00
Teddy Reed
4ac9317f64 Merge pull request #1613 from theopolis/fix_1611 
[Fix #1611] Prevent fs links in inotify path search
 2015-10-29 23:47:28 -07:00
Teddy Reed
2cf7543181 [Fix #1611] Prevent fs links in inotify path search 2015-10-29 23:19:07 -07:00
Michael George
fb545bb85e added sh_history 2015-10-29 10:53:04 -07:00
Teddy Reed
db58ec5e44 Only emit process events for 0-status execve 2015-10-27 17:12:23 -07:00
Teddy Reed
a3067fcbb5 Fix auditd message parsing 2015-10-27 16:56:42 -07:00
Teddy Reed
689ec53a71 Merge pull request #1603 from theopolis/inotify_mod_only 
[#1600] Put inotify into a mod-only watch mode
 2015-10-27 16:53:59 -07:00
Teddy Reed
ba4eeb6a80 [#1600] Put inotify into a mod-only watch mode 2015-10-27 16:42:21 -07:00
Teddy Reed
8ca2925ef0 [Fix #1583] Require osqueryd to have R/W access to RocksDB 2015-10-27 16:09:24 -07:00
Teddy Reed
811d578739 Merge pull request #1599 from theopolis/socket_events 
Refactor a bit of config and add socket_events table to Linux
 2015-10-27 15:30:15 -07:00
Teddy Reed
b81b6de6ae This refactors a bit of config/packs and adds a socket_events table to Linux. 
The refactor of config/packs was initiated because event subscribers needed
a method for toggling `::init` based on some configurable option. In the case
of auditd, turning on the support with `--disable_audit=false` used to start
auditing the EXECVE syscall. It was understandable that this would cause
latency based on the number of processes executing per measure of time.

A new `socket_events` table will do the same but for `bind` and `connect`. These
are less-obvious and for now, require a scan of /proc for socket tuples. In the
future this file descriptor to socket tuple will be faster.
 2015-10-27 15:13:02 -07:00
Teddy Reed
b8087a1b26 Fix readFile TOCTOU error 2015-10-26 01:21:05 -07:00
Teddy Reed
654830cf11 Merge pull request #1594 from rcseacord/additional-sign-fixes 
eliminated some warnings from Clang 3.7 analyze mode
 2015-10-23 13:03:54 -03:00
Robert C. Seacord
09481d0381 Fixed some type problems, casting away const, integer types, old style casts, etc. 2015-10-21 20:56:58 +00:00
Robert C. Seacord
1d9695ac31 eliminated some warnings from Clang 3.7 analyze mode 2015-10-21 06:02:58 +00:00
Robert C. Seacord
7a87be9ada more sign coversion errors 2015-10-20 06:08:01 +00:00
Robert C. Seacord
1d7877d120 remmoved fanitize compiler option 2015-10-20 02:51:57 +00:00
Teddy Reed
c0257aa7d1 Merge pull request #1589 from theopolis/fix_1578 
[Fix #1578] Support OPENSSL_NO_SSV3
 2015-10-19 11:25:46 -07:00
Teddy Reed
7ba87a88bb Merge pull request #1585 from rcseacord/additional-sign-fixes 
Additional sign fixes
 2015-10-19 11:25:18 -07:00
Teddy Reed
8214dd1309 Merge pull request #1584 from theopolis/fix_1580 
[Fix #1580] Handle exceptions in linux process_memory_map
 2015-10-19 09:28:16 -07:00
Teddy Reed
f891503cd9 Merge pull request #1577 from nemith/dpkg 
Support for newer versions of libdpkg
 2015-10-19 09:24:37 -07:00
Teddy Reed
00875988dc Use native OS X version as min ABI 2015-10-18 20:47:09 -07:00
Teddy Reed
2bd6398b53 [Fix #1578] Support OPENSSL_NO_SSV3 2015-10-18 20:47:06 -07:00
Teddy Reed
bc50c053fb Remove boolean type-columns from file in favor of 'type' 2015-10-17 12:16:54 -07:00
Robert C. Seacord
e57828aac3 changes for integer sign problems 2015-10-17 00:18:35 +00:00
Teddy Reed
3cc7984cc2 [Fix #1580] Handle exceptions in linux process_memory_map 2015-10-16 16:59:23 -07:00
Robert C. Seacord
acb2f6f628 eliminating diagnostics, mostly for comparisons between signed and unsigned operations 2015-10-16 16:10:37 +00:00
Robert C. Seacord
37b8e83a9e fixes for problems related to unsigned to signed integer comparisons 2015-10-16 16:10:36 +00:00
Robert C. Seacord
0a6a36485c redeclared i from int to size_t in two locatoins to eliminate several signed to unsigned comparisons 2015-10-16 16:10:36 +00:00
Teddy Reed
3f8cb14fbb Merge pull request #1579 from nemith/segv 
Fix segfault on interfaces tables
 2015-10-15 17:58:04 -07:00
Brandon Bennett
f683871653 Fix segfault on interfaces tables 
getifaddrs(3) states that ifa_addr can be null. Check to make sure they are not null before accessing them
 2015-10-15 16:53:14 -06:00
Brandon Bennett
65738a73c1 Support for newer versions of libdpkg 
Libdpkg has some breaking changes in newer versions which prevented
compiling the deb_packages table on Ubuntu 15.04.  This change looks for
the libpkg version user pkg-config and adds some preprocessor magic to
support the newer versions.
 2015-10-15 16:43:14 -06:00
Teddy Reed
3be0994933 [Fix #1570] Check for invalid apt sources 
This fixes a crash identified by @endrazine.
When apt sources data in /etc/apt/sources.list or /etc/apt/sources.list.d/{*}.list contain invalid data/lines the cache_file.GetPkgCache(); call will fail and cache will be nullptr. Subsequent usage results in a SIGSEV.

To reproduce the fault try:

$ zzuf -I /etc/ -r 0.01:0.1 -s 0:1000 -v \
 ./build/trusty/osquery/osqueryi --registry_exceptions=true --verbose \
 "select count(*) from apt_sources"

Signed-off-by: Jonathan Brossard
 2015-10-15 15:20:26 -07:00