valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 10:23:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,858 Commits 2 Branches 109 Tags 25 MiB
7b2f905f43
Commit Graph

2268 Commits

Author SHA1 Message Date
Teddy Reed
65bfcda995 linux: memory_map additional out of range check (#2984) 2017-02-07 19:06:13 -08:00
cmillikin
ce773648b6 linux: Fix memory_map bug line out of range (#2983) 2017-02-07 17:48:34 -08:00
Teddy Reed
f8c16b0316 extensions: Gate access to resource state within Handler (#2975) 2017-02-07 11:45:55 -08:00
Javier Marcos
d2e7295462 Catch exception when parsing carbon black ini/settings file (#2972) 2017-02-06 18:27:57 -08:00
Teddy Reed
78ed32a673 events: Add locks around publisher and subscriber name accesses (#2969) 2017-02-06 01:17:38 -08:00
Teddy Reed
952ddac9db tests: Reduce large file test to 20M (#2971) 2017-02-06 00:55:17 -08:00
Teddy Reed
f95b14ac95 worker: Prefer null character over spaces when clearing argv (#2968) 2017-02-06 00:51:05 -08:00
Teddy Reed
691aefe1f8 sql: Reorder SQLite manager mutex locking (#2965) 2017-02-03 22:58:09 -08:00
Teddy Reed
f54a974ff6 events: Fix locking around FSEvents (#2966) 2017-02-03 22:57:38 -08:00
Mike Arpaia
7a019d8226 Bundle cURL PEM into packages (#2950) 2017-02-02 20:46:13 -08:00
Nick Anderson
e961fc850e Adding the Windows event log publisher (#2937) 2017-02-02 17:05:58 -08:00
Nick Anderson
11da0674e6 Converting fileops to support Windows 7 (#2952) 2017-02-01 10:08:48 -08:00
Jonathan Lee
a1de136c1a Change logging level in certain cases (#2896) 2017-01-31 08:07:42 -08:00
Mitchell Grenier
9c3ef43806 Adding success awareness to TLS config plugin (#2877) 2017-01-30 14:08:37 -08:00
Teddy Reed
2e5662a4c4 Address the invalid uid for Linux processes (#2946) 2017-01-28 13:34:42 -08:00
Teddy Reed
73a0184ca4 Add externals subdirectory within osquery subdirectory (#2948) 2017-01-28 13:19:47 -08:00
Mike Arpaia
2ad1d8839f Introduce two new host identifier options (#2944) 2017-01-27 17:56:50 -08:00
lambda-conjecture
88d9ae8a3d Handle corrupted rocksdb database (#2884) 2017-01-27 16:21:07 -08:00
Teddy Reed
487f7ee59b extensions: Select ephemeral path for shell socket (#2945) 2017-01-27 15:56:40 -08:00
Teddy Reed
bdf65e360e Allow autoload extensions to retry loading (#2932) 2017-01-26 12:33:23 -08:00
Teddy Reed
58ed5cc628 Introduce scheduler reload feature (#2917) 2017-01-25 17:48:33 -08:00
Teddy Reed
976db066c0 Use logtostderr in initStatusLogger (#2936) 2017-01-25 14:52:58 -08:00
Samuel Keeley
743580f208 Add country_code to wifi_status and wifi_survey tables. (#2940) 2017-01-25 10:20:39 -08:00
Nick Anderson
476cd714f4 Adding warning line for registry queries against HKCU (#2938) 2017-01-24 15:09:40 -08:00
lambda-conjecture
721dd1ed62 Fix column order and repeated columns in distributed query (#2926) 2017-01-20 22:52:47 -08:00
Teddy Reed
cdb0bef64c Emit only ERROR logs to osqueryd stderr (#2928) 2017-01-19 23:22:41 -08:00
Teddy Reed
eb565bb8e1 Do not exit watcher after failed autoloaded extensions (#2927) 2017-01-19 21:00:49 -08:00
Teddy Reed
b2a90cd6e4 Do not control stderr teeing automatically (#2919) 2017-01-17 17:18:03 -08:00
Teddy Reed
2713926990 Fix deadlock in decorator execution (#2916) 2017-01-17 17:13:09 -08:00
Teddy Reed
aa5f52b5c7 Fix Darwin processes on_disk column (#2918) 2017-01-17 17:12:42 -08:00
Teddy Reed
f9599d60d0 Move Mutex to shared_timed_mutex and add ReadLock (#2915) 2017-01-15 02:16:40 -08:00
Teddy Reed
a6669409a1 Disable query caching in TLSServerRunner (#2914) 2017-01-15 02:05:26 -08:00
Teddy Reed
214eeca44a Allow POSIX to gracefully stop workers (#2909) 2017-01-15 01:25:59 -08:00
Teddy Reed
1d758b1d9a Allow watchdog watcher to wait for child exits (#2908) 2017-01-12 18:09:46 -08:00
Mike Arpaia
762e31a001 Uptime implementation on Windows (#2906) 2017-01-11 21:25:39 -08:00
Nick Anderson
57a6a9441e moving #pragma comment statements to CMakeLists (#2904) 2017-01-11 16:54:13 -08:00
Teddy Reed
5097dfe775 config: Add schedule lock during source update (#2902) 2017-01-11 00:05:01 -08:00
Teddy Reed
d665b9b759 homebrew_packages: Search above Homebrew for Cellars (#2901) 2017-01-10 21:15:05 -08:00
Teddy Reed
0178419085 Add a TLS config plugin test that runs the scheduler (#2898) 2017-01-10 19:52:58 -08:00
Dan Sedlacek
1d604fc1af [windows] arp_cache virtual table (#2839) 2017-01-10 19:09:46 -08:00
Nick Anderson
0307ec3f3a Adding the windows logged_in_users virtual table (#2891) 2017-01-08 13:19:09 -08:00
Teddy Reed
0e9733f94c Simplify Registry and plugin concepts (#2887) 2017-01-07 12:21:35 -08:00
Nick Anderson
91ecf22e44 Updating processes table to contain UID and GID (#2889) 2017-01-04 08:41:06 -08:00
Jonathan Lee
383e07e5be [Fix #2734] Remove OpenSSL link dependency for osquery core (#2750) 2016-12-22 00:37:59 -08:00
Teddy Reed
8fcb3659ee Fix OS X platform_info address column (#2880) 2016-12-16 18:20:24 -08:00
Teddy Reed
ae19b7797d Allow EINTR within ThriftTransport (#2879) 2016-12-16 18:12:02 -08:00
Zachary Wasserman
b855366c3b Generate random Kinesis partition keys per-record (#2872) 2016-12-16 16:34:02 -08:00
Teddy Reed
8bc2ad20cd [Fix #2874] Check apt_sources resource initialization (#2878) 2016-12-15 20:55:24 -08:00
Ryan Holeman
31e395a078 Removed stream name checking for aws kinesis and firehose setup (#2867) 2016-12-15 10:56:27 -08:00
lambda-conjecture
83f7ebd564 Fix cpu_time for centos 6.8 (#2870) 2016-12-15 09:35:26 -08:00
Teddy Reed
3f827e50bd Fix plist NSString raw pointer string conversion (#2865) 2016-12-12 18:00:49 -08:00
Phil Christensen
1c21fe4208 C++ conformance fixes (MSVC /permissive-) (#2860) 2016-12-12 00:23:08 -08:00
Teddy Reed
0017de5bf1 Add memory and utilization limit override flags (#2858) 2016-12-11 21:59:32 -08:00
Teddy Reed
eaf362fcb1 [#2849] Linux processes table cleanup (#2861) 2016-12-11 21:11:03 -08:00
Nick Anderson
b6b4ced56c Fixing python installation path in Chocolatey (#2857) 2016-12-09 17:18:44 -08:00
Teddy Reed
dcbb32f442 Allow autoload paths to include directories (#2855) 2016-12-08 18:24:01 -08:00
Marc LeBourdais
790aa06b51 Add a flag for prepending @cee: to json-logged messages to syslog (#2854) 2016-12-08 17:35:20 -08:00
Teddy Reed
272771acb8 Improve RocksDB thread usage and write stalls (#2835) 2016-12-07 20:20:40 -08:00
Marc LeBourdais
aa08d487c9 Keep a local reference to the process name to avoid memory corruption (#2847) 2016-12-07 20:20:17 -08:00
lambda-conjecture
6e1af3954e Add --enroll_always flag for TLS config plugin (#2827) 2016-12-06 21:56:56 -08:00
Nick Anderson
90e867de88 Fixed protocol values (#2846) 2016-12-06 15:09:30 -08:00
Nick Anderson
7f5345ec7e Adding process_open_ports and listening_sockets virtual tables to Windows (#2760) 2016-12-06 14:25:08 -08:00
Dan Sedlacek
0fb983fe9b add quickfixengineering patches virtual table (#2837) 2016-12-03 16:17:16 -08:00
Teddy Reed
5de5187657 Fix Linux processes table threads column (#2836) 2016-12-03 13:15:57 -08:00
Teddy Reed
e9bbe1d624 Add Linux audit benchmarks (#2834) 2016-12-03 12:36:55 -08:00
lambda-conjecture
cd761d1749 Fix deadlock in RocksDB log callback (#2749) 2016-12-02 23:24:08 -08:00
Jonathan Lee
e438971a08 Remove warning message during build (#2824) 2016-12-02 10:44:29 -08:00
Teddy Reed
5846c97d9e Fix innocuous memory leak when exiting osqueryi (#2825) 2016-12-02 10:43:43 -08:00
Teddy Reed
cefaf0cc59 [#2809] Emit verbose warning on column collisions (#2810) 2016-11-30 14:06:19 -08:00
Teddy Reed
bf2efcb8c0 Use syscalls for dropping effective gid/uid on POSIX (#2806) 2016-11-29 09:30:56 -08:00
Teddy Reed
555d59eff6 Remove fsuid permissions drop for OS X and Linux (#2805) 2016-11-28 22:05:08 -08:00
Mitchell Grenier
55efc33327 Fix for interface column in routes table (#2803) 2016-11-28 19:36:33 -08:00
Mitchell Grenier
d01a6b148e Adding a WiFi survey table (#2794) 2016-11-23 16:58:02 -08:00
Teddy Reed
0637f3c880 Manage queue configuration for Linux audit (#2792) 2016-11-23 15:40:14 -08:00
Mitchell Grenier
02b52005e0 Adding a table for currently connected WiFi information (#2793) 
* Adding a table for currently connected WiFi information

* make format

* make format

* make format

* make format

* reed changes

* format
 2016-11-22 23:37:14 -08:00
lambda-conjecture
ad4cf3ed90 Fix crash in FIM processing on Linux (#2751) 2016-11-22 17:53:07 -08:00
trizt
1cf5ef5a8a Add Gentoo as a build environment and portage tables (#2638) 2016-11-22 14:55:30 -08:00
Teddy Reed
0ee1bbe739 Improve process_events on Linux (#2790) 2016-11-22 09:37:16 -08:00
Teddy Reed
deed140080 [#1773] Introduce multi-pack configuration syntax (#2787) 2016-11-22 09:35:03 -08:00
Teddy Reed
93ce41b5e4 Rename augeas path column to node (#2788) 2016-11-20 14:13:55 -08:00
Teddy Reed
7f1dbd604e Remove readline from Linux provision (#2786) 2016-11-20 11:36:19 -08:00
Teddy Reed
d402a6ad45 Allow configuration JSON to include escaped newlines (#2785) 2016-11-19 15:01:40 -08:00
Teddy Reed
f111d4e10d Sanity check Linux memory_map offsets (#2783) 2016-11-19 12:11:55 -08:00
Serey Ty
148eb41e4e add drop fields to interface details (#2778) 2016-11-19 12:11:25 -08:00
Jonathan Lee
10d61c71b8 [Fix #2175] New test: zero permission file operations (#2711) 2016-11-18 08:12:27 -08:00
yying
ef3de3d030 Improved platformAccess functionality and improved formatting in fileops (#2743) 2016-11-18 00:15:23 -08:00
Teddy Reed
4fdea34a9d [Fix #2446] Consolidate namedPipe into socketExists (#2712) 2016-11-16 19:32:22 -08:00
Nick Anderson
1a0aa988f1 Updating bytes written and read cursor index (#2767) 2016-11-16 17:04:17 -08:00
Teddy Reed
d3db14337e deps: Linux: apt-pkg 1.3.1 (#2761) 2016-11-15 01:19:08 -08:00
Teddy Reed
d324504703 OS X: bypass ASL tests on 10.12 (#2759) 2016-11-14 22:17:48 -08:00
Nick Anderson
602f413950 [Fix #2733] Updated users table to parse all user profiles (#2737) 2016-11-12 19:49:33 -05:00
Jonathan Lee
b63b60e967 New table: sudoers (#2686) 2016-11-12 16:32:42 -05:00
Omer Katz
5b7655b96f Add augeas table and libxml2 dependency (#2181) 2016-11-11 08:00:59 -08:00
knqyf263
6dd8d31ff4 Use decorateFileEvent for file_accesses without hashing (#2739) 2016-11-10 16:25:32 -08:00
Teddy Reed
10462b75f8 Add SGX CPU feature and availability detection to cpuid (#2738) 2016-11-09 22:32:15 -08:00
yying
d573cf8e16 Improvements to platformChmod for closer POSIX behavior on Windows (#2725) 2016-11-08 14:40:53 -08:00
Mohamed El-Shahawi
4935e84b17 Add virtual table: Windows Drivers (#2675) 2016-11-08 10:50:12 -08:00
Ryan Holeman
0b62245848 Fix for sending only failed data to kinesis on full or partial failed uploads (#2703) 2016-11-07 09:57:47 -08:00
Teddy Reed
62608f9a08 Minor reorganization of osqueryi linking (#2724) 2016-11-06 01:17:48 -08:00
Teddy Reed
59f0bad67c Additional compiler checks, including shadow (#2486) 2016-11-06 01:17:04 -08:00
Teddy Reed
6ead016cbb [Fix #2656] Refactor events_optimize to act per-query (#2665) 2016-11-05 22:03:45 -07:00
Nick Anderson
7d3d726ca6 Reduced size of 'large' test file (#2722) 2016-11-04 16:11:22 -07:00
Teddy Reed
530f2933e3 [Fix #2704] Various distributed code cleanups (#2719) 2016-11-03 23:54:55 -07:00
Nick Anderson
8e77cfe545 Fixing windows related warnings for linux builds (#2720) 2016-11-03 23:52:51 -07:00
Teddy Reed
05413008fb [Fix #2702] Use libxar for safari_extensions parsing (#2714) 2016-11-03 11:04:02 -07:00
Nick Anderson
50305e3ef5 filled in additional os_version columns for Windows (#2715) 2016-11-03 10:07:28 -07:00
Teddy Reed
e775fe1ea2 [Fix #2579] Remove database_in_memory flag (#2716) 2016-11-03 09:55:10 -07:00
Teddy Reed
5277e82ec8 Require an extension socket with extensions_require (#2713) 2016-11-02 23:28:17 -07:00
Nick Anderson
afbde7641a Adding large file write/read test for fileops (#2706) 2016-11-02 18:27:03 -07:00
Teddy Reed
06cbafdeb6 Update os_version table on OS X (#2709) 2016-11-02 17:27:19 -07:00
Teddy Reed
a3acf2a3e5 Fix Config TLS plugin default verb (#2708) 2016-11-02 17:08:44 -07:00
Jonathan Lee
e3efde68d8 Request daemon shutdown when logger_path becomes invalid (#2700) 2016-11-02 08:37:31 -07:00
Teddy Reed
909db4f2db Add .features and .summary meta commands (#2695) 2016-10-30 16:23:22 -07:00
Teddy Reed
4c8fdf5d17 Fix UDEV publisher unit tests LSAN bug (#2693) 2016-10-30 11:15:55 -07:00
Teddy Reed
8fc8134d17 Allow TableOptions::Additional to influence cost (#2694) 
This also allows LIKE for OS X's preferences table.
 2016-10-29 23:19:54 -07:00
Mitchell Grenier
ed13157fe5 Set active distributed plugin within extensions (#2692) 2016-10-28 23:28:04 -07:00
Teddy Reed
2efd7dfe8c Fix Linux routes table inconsistencies (#2684) 2016-10-26 00:03:51 -04:00
Teddy Reed
b59cfd6949 [Fix #2681] Use subscriber setUp result to enable/disable (#2682) 2016-10-25 10:23:10 -07:00
Teddy Reed
b04736631a Add --extensions_require feature (#2672) 2016-10-24 18:13:44 -07:00
Teddy Reed
b814fd54dc [Fix #2674] Add SQLite prepare lock to shell_exec (#2677) 2016-10-24 08:25:38 -07:00
Teddy Reed
df25f27efb Prefer /etc/os-release for Linux os_version (#2667) 2016-10-22 16:58:32 -07:00
Teddy Reed
5bb5ae1030 Add optional default flagfile /etc/osquery/osquery.flags.default (#2673) 2016-10-22 16:56:32 -07:00
Teddy Reed
6fc536a809 Add --extension to osqueryi for quick autoloading (#2671) 2016-10-22 00:29:29 -07:00
Teddy Reed
93b260025a Allow distributed plugin changes and reduce ifdefs (#2670) 2016-10-22 00:27:04 -07:00
Jonathan Lee
f529fc3a30 [Fix #2652] Shorten long lines (#2664) 2016-10-21 22:08:59 -07:00
Ryan Holeman
d76310da2c Random partition keys assigned per batch in kinesis plugin (#2662) 2016-10-21 19:43:31 -07:00
Nick Anderson
87c9a6ae24 Adding cppcheck analysis script (#2661) 2016-10-21 14:27:10 -07:00
Teddy Reed
b00118a293 Fix regression in Requests/TLS APIs related to verb detection (#2660) 2016-10-21 12:58:40 -07:00
Aditya Srivastava
ef4f8af3b8 Issue #2651 : Changed all NULLs to nullptrs (#2657) 2016-10-21 11:20:28 -07:00
Teddy Reed
215933622f [Fix #2658] Increase max interval to 1 week (#2659) 2016-10-20 19:35:22 -07:00
Teddy Reed
f0ed918087 [Fix #2644] Check constraint requiremens regardless of expression (#2654) 2016-10-20 09:47:19 -07:00
yying
e5ba82993a Fixes PlatformFile issue with sharing (#2640) 2016-10-19 11:11:10 -07:00
Nick Anderson
81d2794b26 platformGetUid returns 0 for Administrator user (#2643) 2016-10-19 10:25:32 -07:00
Teddy Reed
ab57130178 [Fix #2630] Remove 'definition' TablePlugin action (#2633) 2016-10-18 00:15:38 -07:00
Teddy Reed
0003e72c63 [Fix #2631] osqueryd: Ignore pidfile parsing errors (#2634) 2016-10-18 00:14:48 -07:00
Zachary Wasserman
09d5a5475e Prioritize reading node_invalid over error for host re-enrollment (#2621) 2016-10-14 18:54:40 -07:00
Zachary Wasserman
42fb80f40b Fix TLS logger plugin handling of re-enrollment scenarios (#2627) 2016-10-14 16:31:51 -07:00
Teddy Reed
02b21d00c3 Add dropToUser method to privileges dropper interface (#2624) 2016-10-14 15:25:54 -07:00
Michael McGrew
55d29505a3 Fix missing column in wmi_event_filters table (#2625) 2016-10-14 15:10:37 -07:00
Nick Anderson
208d2324d5 Extending chrome browser extension table to Windows (#2619) 2016-10-14 10:23:37 -07:00
Nick Anderson
2048d17931 Fixed pidfile read error on server 2k12 (#2617) 2016-10-13 15:18:42 -07:00
Michael McGrew
21f797c811 add table for appcompat shims (#2618) 2016-10-13 13:31:05 -07:00
Mohamed El-Shahawi
a3e8bac776 Add virtual table: Windows services (#2600) 2016-10-12 09:10:05 -07:00
Nick Anderson
616d9f5953 Adding support for Windows platform_info table (#2611) 2016-10-12 09:01:32 -07:00
Teddy Reed
9a0c5c4556 deps: Use linenoise-ng for all platforms (#2613) 2016-10-11 22:16:21 -07:00
Teddy Reed
b7c5ee31b2 Return hardware UUIDs without potential trailing NULL bytes (#2616) 2016-10-11 17:55:48 -07:00
Mohamed El-Shahawi
498a040ee6 Add virtual table: Windows Kernel_info (#2610) 2016-10-11 17:46:26 -07:00
Zachary Wasserman
e78c1358bb Add LIKE support to hash virtual table (#2615) 2016-10-11 10:48:57 -07:00
Teddy Reed
665c4fb9bc [Fix #2599] Read from Linux SMI sysfs node for SMBIOS (#2612) 
This also fixes odd behavior in Linux when reading a 'regular' file
from /sys that only returns a max of a page-read in bytes.
 2016-10-11 09:55:01 -07:00
Ryan Holeman
d1240f05e5 Fix for AWS ami role auth with cpp-netlib custom redirect condition (#2596) 2016-10-09 12:11:56 -07:00
Stephen Lester
a970b0ca42 Use 'namespace' instead of '#define' for boost::filesystem (#2597) 2016-10-07 14:59:42 -07:00
Stephen Lester
0a02532b99 [Fixes #2594] windows: Implement the etc_services table (#2595) 2016-10-06 14:06:44 -07:00
Teddy Reed
0b1713423c [Fix #1690] Use INDEX options in constraint cost evaluation (#2593) 2016-10-05 15:44:21 -07:00
Teddy Reed
a7f1be1a36 Add test for processes table to verify mem/cpu units (#2589) 2016-10-05 12:08:45 -07:00
Mohamed El-Shahawi
c83afe01d6 Add virtual table: Windows etc_protocols (#2590) 2016-10-04 19:08:27 -07:00
yying
2845898b18 Efficiency improvements to processes table on Windows (#2587) 2016-10-03 12:23:46 -07:00
Mohamed El-Shahawi
c446746a3a Add virtual table os_version for windows (#2586) 2016-10-03 12:06:05 -07:00
Nick Anderson
07a2a3c292 Updating processes table to include memory (#2573) 2016-10-02 22:41:05 -07:00
lambda-conjecture
e33002e922 Change memory_info fields to BIGINT to handle 4G and larger sizes (#2584) 2016-10-02 18:12:35 -07:00
Nick Anderson
b69981584f Fixing COM memory leak (#2583) 2016-10-02 12:15:17 -07:00
Rogelio Domínguez Hernández
5a0fbaf3b5 Fix memory leak at osquery/devtools/shell.cpp (#2562) 2016-09-29 09:31:56 -07:00
Nick Anderson
71bd3b6416 Adding gates to non-implemented windows tests (#2563) 2016-09-28 17:15:24 -07:00
Teddy Reed
b895c6a988 Reduce several INFO logs to VLOGs and increase size-INTEGERs to BIGINT (#2559) 2016-09-28 12:38:35 -07:00
Liu Xinan
101574ad51 Fix sign-compare warnings in tests (#2554) 2016-09-28 08:47:24 -07:00
Michael McGrew
b77c217a80 Rename products.cpp to programs.cpp (#2541) 2016-09-27 19:43:24 -07:00
Teddy Reed
7e9088e008 [#2542] Introduce --enable_syslog to explicit enable syslog ingestion (#2543) 2016-09-27 17:35:21 -07:00
yying
7b5365d986 Ability to parse arguments for Windows Services (#2536) 2016-09-27 14:40:44 -07:00
Teddy Reed
f21f931d40 Add option for status-only secondary logger plugins (#2534) 2016-09-27 03:33:58 -07:00
Teddy Reed
c95ca50870 [#2532] Handle potential test errors 'Address family not supported' (#2533) 2016-09-27 02:40:10 -07:00
Teddy Reed
6842797bf5 Create temp directory and fail over to user home (#2529) 2016-09-26 23:44:50 -07:00
Teddy Reed
257535e5a2 Correct config-loaded meaning to be has-run-load (#2528) 2016-09-26 22:34:03 -07:00
Teddy Reed
4d1451c9b4 Add extensions SDK incompatibility checking (#2527) 2016-09-26 17:32:41 -07:00
Zachary Wasserman
9216ed8275 Make syslog rate limit configurable by flag (#2526) 2016-09-26 17:31:22 -07:00
Teddy Reed
7aa1762f52 Promote host UUID to version 2 (#2525) 2016-09-26 12:30:05 -07:00
Nick Anderson
3a351ebf43 Adding windows system_info virtual table (#2521) 2016-09-26 11:08:57 -07:00
Teddy Reed
17b89fc182 Refactor events and remove 10/3600 indexes (#2523) 2016-09-25 22:19:31 -07:00
Teddy Reed
97bc369b6a Attempt to query platform UUID on Linux (#2522) 2016-09-25 17:55:02 -07:00
Nick Anderson
8fd1ba9004 Adding the windows users virtual table (#2506) 2016-09-24 18:18:40 -07:00
Teddy Reed
64797ffadf Restrict regular file checking of TLS pinned cert to Windows (#2520) 2016-09-23 20:44:06 -07:00
yying
bb7d558681 Update service status to prevent "Terminated Unexpectedly" error (#2515) 2016-09-23 20:05:56 -07:00
lambda-conjecture
49d939b93d Fix update of event plugins when config fails to load at startup (#2507) 2016-09-23 19:30:33 -07:00
Nick Anderson
e167619bfa Adding kernel panics table (#2488) 2016-09-23 19:04:50 -07:00
Teddy Reed
bcd90070ae Remove time-override for events add API (#2508) 
This will remove the use of current time for syslog.time and introduce
a new column called 'datetime'.

Events now uses an "optimize_id" alongside "optimize" to prevent returning
colliding events added within the same second as the previous genTable call.
 2016-09-23 16:46:02 -07:00
Michael McGrew
30c17885ad New windows tables (#2451) 2016-09-23 14:33:44 -07:00
Jason Ogden
ee3ce66465 Extended crontab table to support files in /etc/cron.d/ (#2517) 
merge dis in
 2016-09-23 13:03:27 -07:00
Teddy Reed
62edfd46fe Toggle --utc to true (#2504) 2016-09-23 10:14:27 -07:00
Nick Anderson
83442532d7 Added flagfile to Windows service install (#2509) 2016-09-22 17:44:21 -07:00
Seshu Pasam
0f555c010d Use special base value of '0' that can handle values starting with 0x (#2505) 2016-09-22 13:32:45 -07:00
Nick Anderson
2626f8cf46 Fixed Thrift exit verbosity in Windows (#2500) 2016-09-21 18:54:03 -07:00
Teddy Reed
53b73d99c7 [Fix #2483] Lock registry manipulation while setting active plugins (#2499) 2016-09-21 18:04:58 -07:00
Teddy Reed
6ac58f17d6 Remove extensions retry and introduce watcher retry (#2498) 2016-09-21 16:17:30 -07:00
Teddy Reed
a6589c49e3 [Fix #2482] Use atomic member in Dispatcher tests (#2494) 2016-09-21 10:52:52 -07:00
yying
a7af70d021 Adding remote config/logging capabilities to Windows build (#2469) 2016-09-20 14:18:58 -07:00
Teddy Reed
ef10e93d60 Improve scheduled/differential query performance and logging (#2476) 2016-09-19 16:45:13 -07:00
Zachary Wasserman
9701c55d96 Add active column to osquery_packs table (#2475) 2016-09-19 13:00:11 -07:00
Nick Anderson
5877c3d464 Removing service start functionality (#2464) 2016-09-16 15:17:03 -07:00
Nick Anderson
386f123e03 Changing windows service name for parity with other platforms (#2465) 2016-09-16 15:16:48 -07:00
Bryon Gloden, CISSP®
0ef69c6b1d [windows] fix deallocation mismatches (#2468) 2016-09-15 15:13:05 -07:00
Teddy Reed
366b5f08ca Limit Linux package dependencies (#2463) 2016-09-14 10:31:21 -07:00
Teddy Reed
c7ee4f9ca4 Add librpm build and RPM tables (#2456) 2016-09-12 22:43:36 -07:00
Teddy Reed
53364b3cb5 Check for plist existance before attempting parsing (#2450) 2016-09-12 22:41:23 -07:00
Teddy Reed
a6ea7d6f6e Fix potential cast issue in memory_info (#2457) 2016-09-12 22:40:51 -07:00
Mitchell Grenier
072a93ccac Accelerated checkins (#2454) 2016-09-12 16:53:42 -07:00
yying
a27d6567e4 Core and Additional Tests (#2441) 2016-09-12 09:46:52 -07:00
Teddy Reed
817cb7ebd4 Fix minor sandboxes performance issues and plist parsing exceptions (#2455) 2016-09-09 19:45:37 -07:00
Nick Anderson
5060392b06 Multiple bug fixes in crashes (#2447) 2016-09-09 15:10:11 -07:00
Teddy Reed
71fff517e5 Add warning for event-based table without events (#2449) 2016-09-08 15:44:32 -07:00
Mitchell Grenier
61c9da1c42 Buffer the distributed queries to RocksDB for greater reliability (#2452) 2016-09-08 15:40:14 -07:00
Nick Anderson
467f9b3409 Adding Bool and String Array WMI Wrapper functions (#2430) 2016-09-07 18:04:33 -07:00
Teddy Reed
ea9ef3211c Change schedule and distributed log execution status text (#2445) 2016-09-07 15:35:28 -07:00
Teddy Reed
1bc52f8a50 [Fix #2443] Restore shellstaticFunc argument names (#2444) 2016-09-07 14:28:56 -07:00
Nick Anderson
01011f4d0f Fixed bug in MULTI_SZ processing (#2439) 2016-09-06 16:41:57 -07:00
Teddy Reed
81d8a4aa68 Emit warnings for improper 'osquery' table usage (#2432) 2016-09-02 19:13:37 -07:00
yying
84e6a3401a Reducing compiler warnings and fails on warn in VS (#2433) 2016-09-02 15:04:03 -07:00
Nick Anderson
7c90823a0c Upgrade LLVM to 3.8.1 on Linux (#2436) (#2435) 2016-09-02 14:53:04 -07:00
Teddy Reed
b61bbdbae3 Remove OpenSSL and cpp-netlib old version exceptions (#2413) 2016-08-31 17:32:50 -07:00
yying
d347c847e1 Support for extensions (#2363) 2016-08-31 16:45:06 -07:00
Teddy Reed
65dd56e113 Introduce table 'attributes' (#2431) 2016-08-31 15:32:20 -07:00
Teddy Reed
d6e20279d8 Use LOG(INFO) and set INFO as default logging mode (#2420) 
This is fairly important, it changes the default mode for what status
events are logged to INFO. It had been set to WARNING and INFO was relatively
unused.

This also removes expected support for RocksDB 'in-memory' databases.
If a shell-user requests a database via CLI flags it will now work.
 2016-08-31 15:09:01 -07:00
Teddy Reed
080bc5ed88 Improve verbose logging for several linux event publishers (#2421) 2016-08-29 14:26:25 -07:00
Teddy Reed
49ee904aea Add .list and .socket to shell meta command set (#2418) 2016-08-29 12:37:04 -07:00
Teddy Reed
0b3f6af306 Improve status logging when using multi-loggers (#2422) 2016-08-29 06:59:55 -07:00
Teddy Reed
05a795d80a Count subscriber events correctly in osquery_events (#2419) 
This also changes the osquery_events API by renaming restarts to refreshes.
 2016-08-29 06:57:24 -07:00
Teddy Reed
9824e6bd58 Rename phys_footprint to total_size and add threads (#2412) 2016-08-29 06:56:38 -07:00
Teddy Reed
6d1e73d729 Handle empty Linux pwd members (#2417) 2016-08-29 06:55:22 -07:00
Teddy Reed
89b1b6f3ff Fix Linux memory_map printing and use IOMEM instead (#2416) 2016-08-29 06:54:10 -07:00
Teddy Reed
1bff276fcf Increase TLS client timeout from 4s to 32s (#2410) 2016-08-27 13:12:48 +01:00
Teddy Reed
132fa3a753 Display flags in alphabetical order (#2407) 2016-08-24 17:44:16 +01:00
Nick Anderson
e6d4f36ebb Adding etc_hosts virtual table to windows (#2381) 2016-08-24 17:02:14 +01:00
Michael McGrew
a14961d868 Minor fixes to cb_info table (#2399) 2016-08-22 23:29:22 +01:00
yying
2f1cad864d Support for building static osquery executable (#2398) 2016-08-22 23:27:12 +01:00
Nick Anderson
f1d6686735 Fixed type bug with DWORD registry values (#2383) 2016-08-18 10:12:30 -07:00
Nick Anderson
fe7b8d98f9 Adding getSystemRoot function (#2386) 
Adding a cross platform function for getting the OS root
and returning it as a boost::fs::path
 2016-08-18 09:32:34 -07:00
Teddy Reed
1b75972181 [Fix #2387] Attempt to create user's osquery homedir (#2395) 2016-08-17 17:27:46 -07:00
Teddy Reed
e969b92a2e Fix code auditing job and disable Homebrew auto-update (#2392) 2016-08-17 16:00:30 -07:00
Nick Anderson
feb18c6173 Adding install/uninstall flags to daemon (#2379) 2016-08-17 09:23:11 -07:00
Michael McGrew
a0e83466d2 Add table for pulling back carbon black sensor info (#2377) 2016-08-16 21:56:29 -07:00
Teddy Reed
0eb696f1b3 Build POSIX applications tables (#2378) 2016-08-16 18:04:43 -07:00
Nick Anderson
9786b0efed Adding the windows registry virtual table (#2356) 2016-08-16 12:37:53 -07:00
Teddy Reed
a227c0cf3b Fix dep_packages and apply to all Linux (#2373) 2016-08-15 22:11:01 -07:00
Teddy Reed
a2540a2614 Update to AWS-SDK-CPP version 0.14.x (#2371) 2016-08-15 21:30:39 -07:00
Teddy Reed
f93253ec48 Nitpicks and style formatting 2016-08-15 16:07:51 -07:00
Ryan Holeman
a217035d12 Add AWS STS assume role authentication capability 2016-08-15 16:07:51 -07:00
Teddy Reed
987368221f Remove several raw strings that confuse static analysis (#2367) 2016-08-15 14:52:11 -07:00
Gary
8f57d2ea81 Change second FLAGS_pofile_delay to seconds (#2359) 2016-08-15 08:30:20 -07:00
Teddy Reed
a2017f68f1 Add clang-format rules from 3.6 (#2360) 2016-08-15 01:33:17 -07:00
Teddy Reed
58fd284f05 Improve dispatcher tests (#2358) 
This improves dispatcher tests by allowing units to act like component
tests and use embedded std::thread-based osquery APIs. A unit may force
a 'service' to run by joining the Dispatcher before deconstructing.
 2016-08-14 15:41:53 -07:00
Teddy Reed
7f54dca7e7 [Fix #2112] Remove forced benchmark skip (#2349) 
Google benchmark 1.0.0 is included with the 1.8.0 build redesign.
 2016-08-13 19:38:55 -07:00
Teddy Reed
f88d404e6d Add 'type' to logged_in_users (#2343) 2016-08-12 22:09:57 -07:00
Teddy Reed
a4ffa9d02a Fix shared library build and introduce FAST (#2344) 2016-08-12 19:25:28 -07:00
Teddy Reed
dd3020df79 [Fix #2319] Emit verbose log when Linux audit is immutable (#2347) 2016-08-12 18:30:21 -07:00
Teddy Reed
791dd4038a [Fix #2342] Use seconds for --profile_delay precision (#2348) 2016-08-11 07:49:55 -07:00
Teddy Reed
e6fec935c7 Move lz4 link order for RH-based hosts (#2341) 2016-08-10 17:03:54 -07:00
artemdinaburg
6e3f4b8e13 Copy required DLLs into the build directory (#2339) 2016-08-10 16:48:33 -07:00
artemdinaburg
d8bfe962aa Fix Windows under 1.8 build system (#2333) 2016-08-10 14:06:47 -07:00
Teddy Reed
33c1afa4b8 Allow the non-blocking kernel-test publisher to drop 5% (#2336) 2016-08-10 08:45:37 -07:00
Teddy Reed
1c4d6397fa OS X IOKit utilities refactor to allow SKIP_TABLES (#2335) 2016-08-09 20:49:56 -07:00
Teddy Reed
f3f605e26a Introduce a PLATFORM_MASK and isPlatform (#2334) 
Along with the platform defines and platform string defines provided by
CMake to the build, add a PLATFORM_MASK define.

Use this define as a platform-type mask with the PlatformType enum.
 2016-08-09 20:27:42 -07:00
artemdinaburg
7509e6c848 Fix make sdk with Packages CMake gate (#2327) 2016-08-09 14:44:48 -07:00
Teddy Reed
3d6fad00cf [Fix #2330] Add size check to package_bom variable address (#2331) 2016-08-08 15:36:38 -07:00
Zachary Wasserman
8aa9d63c42 Properly intialize BufferedLogForwarder for TLS output plugin (#2328) 
Missing initialization of the BufferedLogForwarder was causing an underflow in
the count of buffered logs, and error messages as described in #2324. This
commit brings the initialization of the forwarder for TLS in line with
aws_kinesis and aws_firehose, removing that error.
 2016-08-08 15:20:25 -07:00
Teddy Reed
1d2be3d962 Speed up osquery_additional_tests by restoring cache intervals (#2312) 2016-08-01 00:38:43 -07:00
Teddy Reed
7eab0f39bd Fix race conditions in Linux inotify publisher (#2309) 
1. This adds several mutexes to the inotify publisher and its tests.
2. A fix for Linux 4.1 and LLVM TSAN is applied to CMake logic.
 2016-07-31 22:41:37 -07:00
Teddy Reed
7c1ecc6871 Brew-based build redesign (#2251) 2016-07-31 11:32:31 -07:00
Zachary Wasserman
1074aad471 Use TLSTransport HTTP client in aws_util (#2299) 2016-07-28 23:09:28 -04:00
yying
50487c6880 Changes to make pidfile work on Windows (#2297) 2016-07-28 16:04:34 -07:00
Zachary Wasserman
129ec81853 Add release valve for purging buffered logs in BufferedLogForwarder (#2244) 2016-07-27 15:26:45 -07:00
nerddotcat
e015c132f6 Added memory_info table for Linux (#2282) 2016-07-27 15:20:07 -07:00
Nick Anderson
df9a33e0ec Rearranged virtual tables for Windows (#2291) 2016-07-25 17:15:19 -07:00
yying
6eb3cc4f9a Refactored timer functionality in osquery shell (#2290) 2016-07-25 15:35:34 -07:00
Teddy Reed
c99a1e15a0 Refactor system into POSIX and add CPUID to Windows (#2288) 2016-07-25 15:34:17 -07:00
Teddy Reed
14230d7bfa Port utilities/file to Windows (#2286) 2016-07-25 15:13:41 -07:00
Teddy Reed
42dbbd92ba Print UTC for blank timezones in utilities/time (#2287) 2016-07-25 14:46:14 -07:00
yying
0ef284b8e7 Changes to make osqueryd/osqueryi mostly build sans cputime/uptime tables (#2283) 2016-07-25 11:58:55 -07:00
Nick Anderson
10719e5cff Fixed 'off the end' bug in crashes table (#2285) 2016-07-23 11:06:56 -07:00
yying
2fb3797c53 Changes to support building a osquery Windows service. (#2278) 2016-07-22 13:29:37 -07:00
Teddy Reed
870c5bd9f9 Clean up verbose logging for OS X kernel extension (#2276) 2016-07-21 14:29:17 -07:00
Teddy Reed
c22f6147ea Move OSQUERY_HOME into core and use as filesystem config default (#2275) 2016-07-21 13:28:23 -07:00
Teddy Reed
6fc0ddb31d Add watcher column to osquery_info (#2261) 2016-07-21 13:07:24 -07:00
Teddy Reed
6df4c8c4d4 The watcher process should apply memory limits to itself (#2263) 2016-07-21 12:33:14 -07:00
yying
547e8f961c CMake configuration file changes to support Windows (#2258) 2016-07-20 23:48:55 -07:00
Teddy Reed
1e4dcb121b Introduce --audit_allow_sockets for Linux socket_events (#2270) 2016-07-20 23:47:54 -07:00
Zachary Wasserman
f1f00cec2b Enable DB in osqueryi when --database_path specified (#2268) 
Prior to this change, both --disable_database=false and --database_path had to
be specified together. Now, if the user specifies --database_path the database
is enabled automatically.
 2016-07-20 17:44:50 -07:00
Teddy Reed
edc3fa5a25 Remove process_file_events subscriber from Linux (#2267) 2016-07-20 17:20:23 -07:00
Teddy Reed
5be180a8f9 Swap removed and added for logs (#2260) 2016-07-20 12:25:10 -07:00
nerddotcat
ebf3ae378d added ssh_keys table for id_rsa files. (#2245) 2016-07-19 09:21:01 -07:00
artemdinaburg
78e1cf7ab4 Transition __attribute__((constructor)) to a more platform independent approach (#2233) 2016-07-14 14:19:33 -07:00
Zachary Wasserman
8161a5f0a8 Add autocompletion of table names in osqueryi (#2236) 2016-07-14 14:15:32 -07:00
Nick Anderson
8d97d06b89 Crashes table now grabs all register values (#2243) 2016-07-13 11:29:07 -07:00
Marcin Wielgoszewski
805e24928d Log execution of a distributed query (#2241) 2016-07-12 19:22:06 -07:00
Teddy Reed
45530c0496 Slight performance improvments (#2242) 2016-07-12 19:16:50 -07:00
Teddy Reed
7f304a0934 Various fixups and best practices (#2237) 2016-07-11 09:45:57 -07:00
Zachary Wasserman
b5c129f324 Fix process path parsing (#2234) 
This commit fixes two issues with `path` in the linux processes table:

(1) Fixes a bug in which `on_disk` is set to `NULL` instead of `0` when the
binary is not on disk.

(2) Fixes a bug in which a filename ending in ` (deleted)` could cause osquery
to return an incorrect value for `on_disk`. See
https://github.com/facebook/osquery/issues/1607
 2016-07-08 12:06:56 -07:00
Teddy Reed
54557b16e7 [Fix #2196] Fix osquery home directory checking (#2232) 2016-07-07 17:33:52 -07:00
Teddy Reed
48cb4d555d Add systemLog API (#2229) 
This includes a minor SDK refactor as it move quite a few specialized
functions and facilities from core.h into system.h. There was a breaking point
for needing to frequently update core includes.

The new logger systemLog function allows a call site to bypass logging config
and write a line to the OS logger (aka syslog).
 2016-07-07 15:16:28 -07:00
Teddy Reed
6852122af9 Force RocksDB to sync writes for non-event domains (#2228) 
RocksDB is the default "database" plugin. Writes are normally kept in an
in-memory memtable. Writes that are not part of the event pubsub system can
be forced to sync to disk.
 2016-07-07 14:08:12 -07:00
Ryan Holeman
88053a08b4 Optional top level decorator functionality (#2177) 2016-07-06 15:31:59 -07:00
Zachary Wasserman
8909602a40 Increase block period in flaky BufferedForwarder test (#2222) 
This test was intermittently failing because it relies on the actual thread
scheduling. Our discussion in issue #2218 decided that it was worth keeping the
test around, while trying to mitigate the flakiness. The longer sleeps in this
test ran successfully hundreds of times in local testing.
 2016-07-06 14:59:24 -07:00
Teddy Reed
21d1fca37d Add shutdown method to extensions (#2224) 
This alters the osquery.thrift spec to add a ::shutdown method to the
Extension class. The ExtensionManager inherits from this but includes a
no-op shutdown method.

When an ExtensionManager (osquery core) stops, it optionally requests all
Extensions to shutdown immediately. This helps quit extensions processes
faster.
 2016-07-06 12:23:24 -07:00
artemdinaburg
bede048323 Merge posix/windows processes table into single entity (#2220) 2016-07-05 21:18:14 -07:00