The gpg-error and libgcrypt repositories often fail cloning.
We use our mirrored version on Github instead.
libcap repository does not support shallow cloning,
change the url to another official mirror which supports it.
Updating the unwanted-chrome-extensions query pack with three new extensions that were recently compromised and made tech news sites. Extensions have been removed by Google from Chrome Web Store. Since removal from the Chrome Web Store does not remove already installed extensions, this query will allow users of osquery to monitor their endpoints for these malicious extensions.
* deb_packages: Fix include order issue
* bpf_socket_events, bpf_process_events: Initial implementation
* BPF: Add process tracking to process events, remove sockets_event
* CMake: Upgrade the C++ standard to C++17
* BPF: Improve initial system state snapshot and event collection
* BPF: Add tests for SystemStateTracker
* BPF: Add tests for BPFEventPublisher
* BPF: Refactor, add tests for ProcessContextFactory
* Refactor: Improve initial scan/event handling, fix openat
* BPF: Improve event ordering
* BPF: Fix test issue in BPFEventPublisher::processOpenAt
* BPF: Mark WIP functions as deprecated
* BPF: Improve tests
* BPF: Add back bpf_socket_events and connect() support
* BPF: Add Netlink addr support, add bind()
* BPF: Add accept/accept4 support
* BPF: Add tests for BPFEventPublisher::processOpenat2Event
* BPF: Add remaining tests for BPFEventPublisher
* BPF: Add configuration flags for memory management
* BPF: Add cmdline support to ProcessContextFactory
* BPF: Add additional tests
* BPF: Add unit test for SystemStateTracker::accept
* BPF: Update cwd handling
* BPF: Add tests for bpf_socket_events
* BPF: Add tests for bpf_process_events
* BPF: Add json_cmdline hidden column to bpf_process_events
* BPF: Update all copyright headers
* BPF: Add syscall duration in socket_events/process_events
* BPF: Code review changes
* BPF: Update ebpfpub to the latest version
* BPF: Removed unused functions
* BPF: Code review changes
Add whitespace around namespaces
* BPF: Revert header changes in rot13.cpp
* BPF: Code review changes
Rename the bpf_ntime column in bpf_socket_events/bpf_process_events
to ntime and make it the last visible column
* BPF: Code review changes
Update the dependencies for the BPF tests
* BPF: Code review changes
Update the dependencies for the BPF table tests
* BPF: Code review changes
Update how characters are appended to strings in the
system state tracker class
* BPF: Code review changes
Update the string -> integer conversion utilities in the
process context factory class.
* BPF: Hide failed exec syscalls from bpf_process_events results
* BPF: Do not log an error for invalid sockaddr structures
* BPF: Code review changes
Remove clang-format ignore block
* BPF: Code review changes
Update log messages in the BPFEventPublisher class
* BPF: Code review changes
Remove clang-format ignore block around the function tracer
descriptors
* BPF: Code review changes
Document the IFilesystem interface
* BPF: Code review changes
Document the IProcessContextFactory interface
* BPF: Code review changes
Document the ISystemStateTracker interface
