valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 10:23:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,895 Commits 2 Branches 109 Tags 25 MiB
8e2b7e1281
Commit Graph

1071 Commits

Author SHA1 Message Date
mike@arpaia.co
20bbef53b6 Cross platform build environment maker 
Currently works on Ubuntu 14.04 and Mac OS X 10.9. There are more
supported operating systems coming soon to a theater near you.
 2014-09-20 16:01:47 -07:00
Teddy Reed
eee37034b4 [events] Intro of non-async event framework 2014-09-18 15:05:41 -07:00
Teddy Reed
9516bf8fd7 Regressions from core NS removal, linux includes 2014-09-17 10:29:22 -06:00
mike@arpaia.co
f06a4ba52e cleaning up the plugin interfaces 2014-09-16 01:34:39 -07:00
mike@arpaia.co
5998dbd1c5 clang-format 2014-09-16 00:36:49 -07:00
mike@arpaia.co
d9edc81041 Updating the format of doxygen comment blocks 2014-09-16 00:28:23 -07:00
mike@arpaia.co
0eab76a20c refactored aggregateQuery to query 2014-09-15 23:07:03 -07:00
mike@arpaia.co
65ec7685f1 doxygenifying conversion header 2014-09-15 22:56:11 -07:00
mike@arpaia.co
4a048db278 database namespace documentation 2014-09-15 17:13:22 -07:00
mike@arpaia.co
7d97186a26 comments for core.h 2014-09-15 12:23:07 -07:00
mike@arpaia.co
de426754d9 moving fs to the global namespace 2014-09-15 11:47:52 -07:00
mike@arpaia.co
d29c58f795 moving scheduler to global namespace 2014-09-15 11:26:16 -07:00
mike@arpaia.co
05f4bc513c down with scheduledQueries_t 2014-09-15 11:17:48 -07:00
mike@arpaia.co
b7f8f5f72a moving logger to the global namespace 2014-09-15 11:14:17 -07:00
mike@arpaia.co
fb2591d82a #143 2014-09-15 11:09:33 -07:00
mike@arpaia.co
ad9b0bb5c1 Doxyfile, for docs 2014-09-13 15:18:26 -07:00
mike@arpaia.co
d11bf05167 casting google::int32 to size_t 2014-09-13 14:19:14 -07:00
mike@arpaia.co
7953bce125 fixing a typo in a variable name 2014-09-13 14:18:54 -07:00
mike@arpaia.co
6a0e5b7ddb Removing the unimplemented transaction locking methods in DBHandle 2014-09-13 13:53:12 -07:00
mike@arpaia.co
e838110e84 Moving header to include 2014-09-12 17:50:03 -07:00
Mike Arpaia
7534dc60f9 Merge pull request #134 from facebook/queue 
osquery thread pool
 2014-09-12 17:45:20 -07:00
mike@arpaia.co
073dd2d5c4 osquery thread pool 
this is an implementation of a thread pool, using thrift's thread
manager class.
 2014-09-12 08:18:25 -07:00
Abe Stanway
516b7b4563 Intervals at a second instead of a minute (#131) 2014-09-10 17:29:59 -04:00
Mike Arpaia
db0f0105dd Revert "Skip tests when making 'fast'" 2014-09-09 21:37:08 -07:00
mike@arpaia.co
c9fafc00d3 using '#pragma once' instead of '#ifndef HEADER' 
let's start using #pragma once for our headers. it's less lines of code,
clang supports it, headers become more movable, etc. it's all around a
better plan.
 2014-09-09 18:54:53 -07:00
mike@arpaia.co
cec7b33afb removing unused header includes 2014-09-09 18:43:41 -07:00
Teddy Reed
2e150ef8a9 Skip tests when making 'fast' 2014-09-09 16:25:22 -07:00
mike@arpaia.co
df1332277d clang-format 2014-09-09 16:14:54 -07:00
mike@arpaia.co
4f2298ef33 improving the organization of command line flag parsing 2014-09-09 16:10:57 -07:00
Teddy Reed
bb33e4b6e8 Merge pull request #120 from facebook/linux-routes-vtable 
[vtables] Routes table for Linux
 2014-09-09 16:08:00 -07:00
Teddy Reed
825b50f932 [vtables] Routes table for Linux 2014-09-09 16:07:36 -07:00
Mike Arpaia
d71478ea29 Merge pull request #121 from facebook/osquery-84 
override --help flag and print custom help
 2014-09-09 15:59:34 -07:00
mike@arpaia.co
4f223766fc osquery-84 override --help flag and print custom help 2014-09-09 15:35:34 -07:00
Teddy Reed
bfba3d491d Merge pull request #117 from facebook/linux-processes-vtable 
[vtables] Processes table for Linux (procps3)
 2014-09-09 14:43:26 -07:00
mike@arpaia.co
d4c7673011 re-adding the scheduler tests 2014-09-09 11:17:09 -07:00
mike@arpaia.co
509aba53bb re-adding registry_tests after getting apparently disabled 2014-09-09 11:13:21 -07:00
Mike Arpaia
79c964a641 Update status.h 2014-09-09 11:03:23 -07:00
mike@arpaia.co
130fe2ad41 updates to status.h 
making it such that all the return values are const. added a few method
comments.
 2014-09-09 11:02:17 -07:00
Teddy Reed
2bcd89d70f [vtables] Adding cmdline, path to Linux processes 2014-09-09 10:59:16 -07:00
Mike Arpaia
d6699bd0fe Adding header files to CMakeLists.txt so that other build tools can perform better introspection into the codebase. 2014-09-09 10:53:59 -07:00
mike@arpaia.co
8fcad82b35 periodic clang-format 2014-09-09 00:56:27 -07:00
Teddy Reed
c6a7e86b18 [vtables] Processes table for Linux (procps3) 2014-09-08 22:42:17 -07:00
mike@arpaia.co
c72d069689 vagrant and make deps on linux 2014-09-08 19:24:23 -07:00
Teddy Reed
26e83f8ee9 Merging for linux build and libosquery compiling options 2014-09-08 17:17:30 -07:00
Teddy Reed
7e470747b4 Moving sublibs to single libosquery 2014-09-08 01:58:29 -07:00
mike@arpaia.co
7d387ec605 status default constructor 2014-09-06 03:41:10 -07:00
Teddy Reed
e23e7bdab8 Merge pull request #102 from facebook/linux-build 
Changes for Linux (Ubuntu 14.04) build
 2014-09-05 14:52:35 -07:00
Teddy Reed
4ffd184eaf Changes for Linux (Ubuntu 14.04) build 2014-09-05 10:58:58 -07:00
mike@arpaia.co
cc3985b275 clang-format 2014-09-05 01:01:09 -07:00
Javier Marcos
344ca31f26 Adding last virtual table 2014-09-04 16:42:18 -07:00
mike@arpaia.co
c1c9284079 example unit test 2014-09-03 23:46:24 -07:00
mike@arpaia.co
ebc746eef2 0.0.1 Release 2014-09-02 18:40:51 -07:00
mike@arpaia.co
66a2a6fdec Fix performance issue with the disk serializer 
This is the issue noted in #76. Keeping all historical results of
queries in the HistoricalQueryResults struct makes serializing and
deserializing those structs very, very slow as time goes on. By only
storing the last execution of the query, we keep the performance
constant, but we kill the feature where osquery can rebuild timelines
without accessing logs. After talking it over, we decided that this
isn't actually that big of a deal because, if you really wanted to
rebuild the old data, you should be able to process the logs, similarly
to bin log replication in MySQL.
 2014-09-02 13:13:12 -07:00
mike@arpaia.co
2b08ba60e3 Fixing #67 
Escaping spaces in the Program field of the launchd table since it
represents a path
 2014-09-02 12:22:12 -07:00
mike@arpaia.co
c6b7c04626 Fixing #65 
The column name was misspelled in the table spec, causing the column to
look blank.
 2014-09-02 12:15:45 -07:00
mike@arpaia.co
63070a0d49 migrating project to use CMake's CTest to run unit tests 2014-09-02 11:14:21 -07:00
mike@arpaia.co
b1291879f1 Moving osquery cmake code into the source tree. 
I like the pattern of the root CMakeLists.txt being the parent file
which sets global parameters and the children doing their level of
compilation.

I also updated the OS X pkg creator.
 2014-09-02 01:00:58 -07:00
mike@arpaia.co
6498f45924 renaming the cacerts table to ca_certs 2014-09-01 18:46:16 -07:00
Mike Arpaia
8332e3577f Merge pull request #87 from facebook/nvram_memleak 
[vtable_nvram] Fixing type description memory leak, and re-org
 2014-09-01 18:40:27 -07:00
Teddy Reed
c653e0b1be [vtable_nvram] Fixing type description memory leak, and re-org 2014-09-01 18:32:49 -07:00
mike@arpaia.co
e673b7a127 more robust filesystem logging 2014-09-01 18:15:17 -07:00
Mike Arpaia
e5f4d5f64b Merge pull request #83 from facebook/glog-to-file 
Log files to disk close #78
 2014-09-01 17:15:59 -07:00
mike@arpaia.co
303e73e9ba Log files to disk close #78 2014-09-01 17:13:04 -07:00
Mike Arpaia
ffaa763209 Update registry.h 2014-08-30 15:03:31 -07:00
Mike Arpaia
8cff961173 Update registry.h 2014-08-30 15:03:06 -07:00
mike@arpaia.co
468f88645d more sane comments in registry.h 2014-08-30 15:02:43 -07:00
mike@arpaia.co
8649951fab minimum possible linkages 2014-08-30 14:29:45 -07:00
mike@arpaia.co
f174c4dbd0 enabling unit tests for tables 2014-08-30 14:26:24 -07:00
mike@arpaia.co
2e5810ae9a proper ordering in tables/CMakeLists.txt 2014-08-30 04:28:49 -07:00
mike@arpaia.co
f5402d5035 query time count is a ulong not a long 2014-08-30 04:26:40 -07:00
mike@arpaia.co
47bfe57272 clang-format 2014-08-30 04:06:31 -07:00
mike@arpaia.co
f1e3b7443d more verbose logging by default 2014-08-30 03:55:26 -07:00
mike@arpaia.co
b7f9ecc6e1 add an extra char for the \0 2014-08-30 03:53:32 -07:00
mike@arpaia.co
d2b96401a4 was closing the db in the middle of the loop instead of after it, causing subsequent queries to fail 2014-08-30 03:49:49 -07:00
mike@arpaia.co
b1f86466e0 alphabetizing the order of sources in the tables cmake file 2014-08-30 03:46:08 -07:00
mike@arpaia.co
5b904cca26 moving the table_sources blob down to just above where it's used 2014-08-30 03:43:02 -07:00
mike@arpaia.co
dd909ed39d breaking out the implementation of os x specific virtual tables into their own cmake library 2014-08-30 03:24:35 -07:00
mike@arpaia.co
3b05ffb97d breaking out objective-c tables such that they use arc 2014-08-30 03:19:16 -07:00
mike@arpaia.co
92845146d7 re-adding all of the virtual tables that depended on performant objective-c interop 2014-08-30 03:09:04 -07:00
mike@arpaia.co
1ff68cabf3 making sure the db is closed in sqlite_util_tests 2014-08-30 03:07:14 -07:00
mike@arpaia.co
0e806eff83 Proper ARC in Objective-C++ code 2014-08-30 00:22:26 -07:00
mike@arpaia.co
123dcc2cff improved scheduler, now with developer features 2014-08-29 00:36:33 -07:00
mike@arpaia.co
bb46cd31b4 fixing a dirty memory overwrite 2014-08-29 00:24:48 -07:00
mike@arpaia.co
da7ec74840 new time virtual table. it's pretty useful to have a light weight table that doesn't leak at all which returns data that's always changing. 2014-08-28 23:15:45 -07:00
mike@arpaia.co
1da3fab7b7 fix memory leak in sqlite3_attach_tables #74 2014-08-28 21:33:44 -07:00
mike@arpaia.co
eaed8c2dec const reference iteration of kDomains vector (since it's const itself) 2014-08-28 19:21:52 -07:00
mike@arpaia.co
a4eb0bbaf9 Decomplexifying the scheduler, as to close #73 2014-08-28 17:33:03 -07:00
mike@arpaia.co
eed24a7615 removing logging of full plist data 2014-08-27 12:52:58 -07:00
mike@arpaia.co
f640bc23af updating include paths in networking utils 2014-08-27 11:39:36 -07:00
mike@arpaia.co
969b694e23 memory improvements to plist parsing 2014-08-26 21:18:24 -07:00
mike@arpaia.co
194127bf08 more memory leak fixed 2014-08-26 16:27:33 -07:00
mike@arpaia.co
648303b1a0 CFReleasing options_dict 2014-08-26 14:58:22 -07:00
mike@arpaia.co
6279f5cb96 setting property to null in the event that the property type is unknown 2014-08-26 14:58:10 -07:00
mike@arpaia.co
df580161f8 fixing leak of pids in listening_ports.cpp 2014-08-26 14:53:56 -07:00
mike@arpaia.co
3d3271a625 kextstat allocation clarity 2014-08-26 13:34:08 -07:00
mike@arpaia.co
7e3a2772a2 autorelease whaaaaaat 2014-08-26 11:39:27 -07:00
mike@arpaia.co
15519b348e Adding LaunchDaemon and flagfile to the repo/package 2014-08-26 11:26:52 -07:00
Teddy Reed
02fc4538d7 [Fix #66] Moving not_valid fields in cacerts to std string 2014-08-22 23:14:44 -07:00
Teddy Reed
f461605b94 [vtable_interfaces] Add interface_{details, addresses} vtables 2014-08-21 18:49:15 -07:00
mike@arpaia.co
c9fb930ee4 OS specific table specs directory structure 2014-08-20 01:14:20 -07:00
mike@arpaia.co
807a3617c2 Removing example table 2014-08-19 21:49:42 -07:00
Mike Arpaia
f08ab26841 Merge pull request #60 from facebook/vtable_routes 
[vtable_routes] Added vtable for various network routes
 2014-08-19 21:46:36 -07:00
Teddy Reed
42d7f982e9 [vtable_routes] Added vtable for various network routes 2014-08-19 21:39:16 -07:00
mike@arpaia.co
fbc37d9399 clang-format on objective-c++ files 2014-08-19 20:18:49 -07:00
Mike Arpaia
b8e823f190 Merge pull request #58 from facebook/plist_parsing 
fixing an issue with json serializing raw data attributes in plists
 2014-08-19 20:09:14 -07:00
mike@arpaia.co
745b74c7de fixing an issue with json serializing raw data attributes in plists 2014-08-19 18:54:03 -07:00
Teddy Reed
95ceb21ec5 [vtable_listening_ports] Listening sockets, IPv4, IPv6 2014-08-19 15:25:16 -07:00
Teddy Reed
444cea0649 [vtable_cacerts] New CA certificates table. 2014-08-19 13:47:09 -07:00
mike@arpaia.co
3760e4cce5 Apple virtual table for LaunchAgents and LaunchDaemons 2014-08-15 13:46:09 -07:00
mike@arpaia.co
9973335e49 OS X virtual tables for currently installed applications 2014-08-15 12:58:19 -07:00
mike@arpaia.co
e723306c13 Ran clang-format across the codebase 2014-08-15 12:29:51 -07:00
mike@arpaia.co
f1b0bef782 listFilesInDirectory 2014-08-14 16:27:20 -07:00
mike@arpaia.co
f6e6629d98 fixing include path in osx_version.mm 2014-08-14 11:35:30 -07:00
Mike Arpaia
3161e8cfeb Merge pull request #48 from facebook/firewall 
Virtual table for Apple's application level firewall
 2014-08-14 11:33:53 -07:00
mike@arpaia.co
1a381e0feb Virtual tables for Apple's application level firewall 2014-08-14 11:33:20 -07:00
mike@arpaia.co
2311022e7f moving cocoa backports to core/osx 2014-08-13 23:20:58 -07:00
mike@arpaia.co
826f9d9905 adding an example of what happens when you pt::ptree::get something that doesn't exist 2014-08-13 12:12:24 -07:00
mike@arpaia.co
7d1ce83183 fixing the unit test in filesystem 2014-08-13 11:55:29 -07:00
Mike Arpaia
5f9a24202f Merge pull request #42 from facebook/kexts 
Loaded kernel extensions vtable
 2014-08-13 11:49:48 -07:00
mike@arpaia.co
e2bd07008d [kextstat] osquery virtual table which uses the Core Foundation APIs to 
expose kernel extension information.

For information about memory managament in Core Foudnation, see:
https://developer.apple.com/library/ios/documentation/CoreFoundation/Conceptual/CFMemoryMgmt/Concepts/Ownership.html#//apple_ref/doc/uid/20001148-103029
 2014-08-13 11:48:53 -07:00
Mike Arpaia
702d53af10 Merge pull request #47 from facebook/system_version 
osx_version table which exposes the major, minor and patch version of the operating system
 2014-08-13 11:44:14 -07:00
Mike Arpaia
609f0bbf07 Merge pull request #46 from facebook/plist_parsing 
property list parsing with native C++ data types
 2014-08-13 11:43:27 -07:00
mike@arpaia.co
b65f96d666 osx_version table which exposes the major, minor and patch version of 
the operating system
 2014-08-13 11:02:17 -07:00
mike@arpaia.co
3b85618ae0 property list parsing with native C++ data types 2014-08-13 11:00:28 -07:00
Teddy Reed
1b6ef08611 Silencing various compiler errors for goto statements. 2014-08-13 08:56:39 -07:00
Mike Arpaia
25ecc35a98 Merge pull request #44 from facebook/vtable_nvram 
[vtable_nvram] Added NVRAM variables vtable (name, variable type, value).
 2014-08-12 18:09:31 -07:00
Teddy Reed
83dc09bca3 [vtable_nvram] Various code cleanups 2014-08-12 11:43:38 -07:00
Teddy Reed
1888150596 [vtable_nvram] Added NVRAM variables vtable (name, variable type, value). 2014-08-12 00:02:38 -07:00
mike@arpaia.co
845cb6ef3b more sane formatting by default in the repl 2014-08-11 22:38:51 -07:00
mike@arpaia.co
2862407079 fixing a spacing issue in the repl so that multi-line SQL statements are aligned properly 2014-08-11 21:57:16 -07:00
mike@arpaia.co
e7a65b21c7 readline support in the repl 2014-08-11 21:55:45 -07:00
mike@arpaia.co
2a571d8aae making sure that database objects aren't built before rocksdb is 2014-08-11 18:03:25 -07:00
mike@arpaia.co
7a56756073 moving sqlite to third-party 2014-08-11 17:37:49 -07:00
mike@arpaia.co
9a9ae03506 renaming CMakeLists.txt 2014-08-10 02:07:15 -07:00
mike@arpaia.co
98942a7b3c whitespace inconsistency in base.h 2014-08-07 13:35:49 -07:00
mike@arpaia.co
b0a5c9cfe4 changing forward decl signature in unit test 2014-08-07 13:28:16 -07:00
mike@arpaia.co
968a8a8355 forward declarations in table files 2014-08-07 13:14:06 -07:00
mike@arpaia.co
a72e87805f adding objcxx support to tables 2014-08-06 17:42:35 -07:00
mike@arpaia.co
d32a7a8037 moving the example table to an examples directory 2014-08-06 16:33:54 -07:00
mike@arpaia.co
a453db8a09 merging etc_hosts with master 2014-08-06 16:26:33 -07:00
mike@arpaia.co
7d9dc341ce getting rid of bind1st and relevant headers 2014-08-06 16:24:44 -07:00
mike@arpaia.co
21afc0b75b raw string literals in etc_hosts test content 2014-08-06 16:08:16 -07:00
mike@arpaia.co
4bec86c534 zwass' comment on etc_host table 2014-08-06 15:55:46 -07:00
mike@arpaia.co
b048b699d4 a zwass special, unordered_set::find 2014-08-06 15:24:08 -07:00
mike@arpaia.co
64bf1db2fe more intelligent sizing of data structures 2014-08-06 15:17:51 -07:00
mike@arpaia.co
5a4517cfe6 removing range based for loop for pids and removing memsets for chars 2014-08-06 15:02:14 -07:00
mike@arpaia.co
a5edef6782 string::length instead of strlen 2014-08-06 14:13:37 -07:00
mike@arpaia.co
5863fb2948 unordered set 2014-08-06 14:09:37 -07:00
mike@arpaia.co
9cb52eb1e1 unordered_map and better logic around on_disk 2014-08-06 14:07:19 -07:00
mike@arpaia.co
e6a38a2b71 num_pids lower case and comment on negative pids 2014-08-06 13:58:23 -07:00
mike@arpaia.co
b0863e1af5 reorder of headers 2014-08-05 18:16:27 -07:00
mike@arpaia.co
32808d5830 moving processes table into systems dir 2014-08-05 18:14:32 -07:00
mike@arpaia.co
48c8ebed17 moving networking vtables into their own dir 2014-08-05 18:10:18 -07:00
mike@arpaia.co
ee3d9948ea removing generated code 2014-08-05 17:53:59 -07:00
mike@arpaia.co
14c20204a6 more columns 2014-08-05 17:53:59 -07:00
mike@arpaia.co
8b7282bd60 initial commit of processes table 
Tasks #31 and #14
 2014-08-05 17:53:59 -07:00
mike@arpaia.co
0a83a04b40 removing header 2014-08-05 17:42:25 -07:00
mike@arpaia.co
0e33308803 removing generated code 2014-08-05 17:42:24 -07:00
mike@arpaia.co
346b1f6497 unused headers 2014-08-05 17:42:24 -07:00
mike@arpaia.co
1a114c4f18 bug fixes 2014-08-05 17:42:24 -07:00
mike@arpaia.co
7b3de7a3eb implementation for /etc/hosts vtable 2014-08-05 17:42:24 -07:00
mike@arpaia.co
0c1e7de598 virtual table structure for #25, the /etc/hosts vtable 2014-08-05 17:42:24 -07:00
mike@arpaia.co
7c81d42de5 reordering includes in cpp files 2014-08-05 17:37:04 -07:00
mike@arpaia.co
ec30260f37 core/status to status and header cleanup 2014-08-05 16:13:55 -07:00
mike@arpaia.co
dbf09752e9 moving manual tables into their own directory 2014-08-05 10:54:14 -07:00
mike@arpaia.co
7bc43dfe93 removing generated code 2014-08-05 02:34:36 -07:00
mike@arpaia.co
e261f1b6d4 more cleanups 2014-08-05 02:21:24 -07:00
mike@arpaia.co
f7a88ad771 automatic table loading 2014-08-05 01:21:28 -07:00
mike@arpaia.co
b79599ea84 readFile function 2014-08-04 11:06:45 -07:00
mike@arpaia.co
4986fbea20 filesystem.h header 2014-08-02 11:28:38 -07:00
mike@arpaia.co
73a32b7294 Initial commit 2014-07-30 17:35:19 -07:00