valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 02:18:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,792 Commits 2 Branches 109 Tags 25 MiB
8235fd155f
Commit Graph

1011 Commits

Author SHA1 Message Date
Teddy Reed
8235fd155f Merge pull request #1122 from theopolis/relax_deps 
Relaxing iptables, EL-deps
 2015-05-09 23:52:28 -07:00
Teddy Reed
3e9f40f73f [Fix #1121] Minify shell table/schema, add meta tests 2015-05-09 19:48:28 -07:00
Teddy Reed
98b52c39a1 elaxing iptables, EL-deps 2015-05-09 18:16:13 -07:00
Teddy Reed
b5be0212e2 Merge pull request #1120 from theopolis/iptables_best 
Adding new table to display iptables filters, chains and rules
 2015-05-08 20:10:34 -07:00
Javier Marcos
4f21090fb8 Adding new table to display iptables filters, chains and rules 
Patching headers to avoid void pointers
Adding test for parsing ipt_ip entries
 2015-05-08 19:11:49 -07:00
Teddy Reed
1de7cfb331 Use CMake find_package for python, fix ifaddrs on FreeBSD 2015-05-08 18:49:01 -07:00
Teddy Reed
24a638eaaf Remove cpp-netlib from make install 2015-05-08 14:00:09 -07:00
Teddy Reed
434ace85d5 Merge pull request #1113 from theopolis/http_tests 
[Fix #1048] Cleaner additional tests
 2015-05-08 11:54:25 -07:00
Teddy Reed
258dd62b24 Merge pull request #1114 from theopolis/rhel_centos_tables 
RHEL table parity with CENTOS
 2015-05-08 11:54:20 -07:00
Teddy Reed
bf1de3b95e Merge pull request #1110 from theopolis/build_freebsd 
Towards building on FreeBSD/ports
 2015-05-08 10:53:07 -07:00
Teddy Reed
6919065b4b RHEL table parity with CENTOS 2015-05-07 23:23:32 -07:00
Teddy Reed
c7b9114975 Towards building on FreeBSD/ports 2015-05-07 23:12:30 -07:00
Teddy Reed
311f9bd55f Cleaner additional tests 2015-05-07 22:07:14 -07:00
Teddy Reed
a7daa0ace5 Apply a safe permissions check to worker 2015-05-07 00:19:10 -07:00
Teddy Reed
a64270f324 Merge pull request #1106 from theopolis/dispatcher_hardening 
Harden extensions/dispatcher tests
 2015-05-06 21:07:46 -07:00
Teddy Reed
c50838922f Merge pull request #1102 from theopolis/sync_builds 
Easier build host-based sync
 2015-05-06 21:06:53 -07:00
Teddy Reed
ee872d3fbe Harden events tests 2015-05-06 20:33:39 -07:00
Teddy Reed
23933cefe8 Harden extensions/dispatcher tests 2015-05-05 23:34:10 -07:00
Teddy Reed
e6c838131b Limit the number of RocksDB log files 2015-05-05 16:14:24 -07:00
Teddy Reed
70e3c190bb Easier build host-based sync 2015-05-05 15:15:45 -07:00
Teddy Reed
cdb112eccb Add a CMake variable for packages 2015-05-04 17:09:09 -07:00
Teddy Reed
d6eb63ae2f Merge pull request #1097 from theopolis/intel_perf_limits 
Limit memory checks to worker allocations
 2015-05-04 12:14:43 -07:00
Teddy Reed
fa35ee5f7b Merge pull request #1095 from theopolis/raw_sockets 
[Fix #1080] Remove netlink, support raw sockets
 2015-05-04 12:09:37 -07:00
Teddy Reed
5b60eb9fb8 Limit memory checks to worker allocations 2015-05-04 11:30:25 -07:00
Teddy Reed
893f678403 Linting and asan fixups 2015-05-04 11:00:21 -07:00
Teddy Reed
7da8b6f68a [Fix #1080] Remove netlink, support raw sockets 2015-05-04 10:57:49 -07:00
Teddy Reed
c63bf0451a Various exception hardening 2015-05-03 14:18:20 -07:00
Teddy Reed
e01a73b4f3 Schedule monitoring, doc updates, logger plugin fixes 2015-05-03 11:54:15 -07:00
Mike Arpaia
3311e17c06 [FIX #1082] Removing cpp-netlib from SDK 2015-05-01 14:00:10 -07:00
Sharvil Shah
2735e731de Implement --disable_tables runtime flag 2015-04-30 01:41:01 -07:00
Teddy Reed
13c4e27629 Merge pull request #1067 from theopolis/snapshots 
[#966] Allow snapshot scheduled items
 2015-04-29 18:47:24 -07:00
Teddy Reed
a4c3a869de Merge pull request #1073 from theopolis/file_events 
Rename file_changes to file_events
 2015-04-29 18:43:57 -07:00
Javier Marcos
e83b813399 Support RHEL6 
This enables support for building osquery in RHEL6
 2015-04-29 18:31:13 -07:00
Teddy Reed
9658d4377c Rename file_changes to file_events 2015-04-29 16:27:29 -07:00
Teddy Reed
c012d1c1d3 Merge pull request #1070 from wxsBSD/yara_relative 
Make YARA rule compiling handle relative paths.
 2015-04-29 15:56:17 -07:00
Teddy Reed
b66a350526 Allow snapshot scheduled items 2015-04-29 15:55:00 -07:00
Teddy Reed
d0bbb0bc4f Towards safer and shuffled unittests 2015-04-29 14:43:27 -07:00
Wesley Shields
546d298196 Move yara relative paths to /etc/osquery/yara. 2015-04-29 10:16:11 -04:00
Wesley Shields
82123d14d1 Make YARA rule compiling handle relative paths. 
Previously this only existed in the yara table, but it now exists in the
yara config parser land, which will compile signature groups upon
update. Now your signature groups can reference signature files using
paths relative to /var/osquery.
 2015-04-28 23:06:02 -04:00
Teddy Reed
467ecc20ae Merge pull request #1059 from theopolis/shell_improv 
Various shell fixups
 2015-04-27 17:29:02 -07:00
Teddy Reed
d5b9c0216b Merge pull request #1058 from theopolis/catching_registry 
Apply vegas-style rules to call
 2015-04-27 17:28:18 -07:00
Teddy Reed
2c5cbdee63 Various shell fixups 2015-04-27 16:40:05 -07:00
Teddy Reed
2b5b9683a4 Apply vegas-style rules to call 2015-04-27 15:08:03 -07:00
Teddy Reed
04f80f1ef3 Merge pull request #1057 from wxsBSD/yara_fix2 
Move YARA initialization to setUp().
 2015-04-27 14:42:32 -07:00
Teddy Reed
cd7d68c994 Use a fs glob in chrome-extensions searching 
Chrome (non-Opera) may use multiple profiles before the
extensions dir. Use a glob before searching for extensions/versions.
 2015-04-27 11:36:44 -07:00
Teddy Reed
beb28a3f96 Merge pull request #1051 from theopolis/slim_shell 
Remove unpopular features from shell
 2015-04-27 10:53:55 -07:00
Wesley Shields
bb392c42f6 Move YARA initialization to setUp(). 
This was causing a crash when executing a query using the yara table
from the command line, because YARA was never initialized properly, so
the thread index was whatever was left on the stack. Eventually YARA
would attempt to set a rule that matches using this thread index and
would explode in flames.

Fix it by moving the initialization to a place that is always called.
 2015-04-27 13:45:20 -04:00
Teddy Reed
be65922569 Fast tests 2015-04-27 09:40:31 -07:00
Teddy Reed
149cc8594b Remove unpopular features from shell. 
Remove modes: HTML, Tabs, Explain.
Remove stats (meaningless for virtual tables).

Use the osquery SQLite DB manager within meta and shell SQL
execution to allow registry/extensions non-locking access.

This allows existing runtime DB manipulators to prefer a locking
modifier. Currently these manipulators will fallback to a more
transient db instance. The effect was, no shell-accessible runtime
created virtual tables.
 2015-04-26 18:54:27 -07:00
Mike Arpaia
b3540034f8 Merge pull request #1038 from marpaia/file_wildcard 
[Fix #1013] wildcard support in file table
 2015-04-26 16:10:50 -07:00