osquery-1

mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 02:18:53 +00:00

Author	SHA1	Message	Date
Zachary Wasserman	91691f71d6	Update flaky test for ASL table Previously, this test relied on there being console messages available to query for. Now, it actually writes a message to ASL, then verifies that the message can be found. It also exercises a more complicated query than previously. Also remove potentially high latency queries. Fixes issue #1975	2016-03-28 14:06:53 -07:00
Teddy Reed	2a350afb10	Merge pull request #1974 from theopolis/sane_logging_disable [Fix #1973] Improve logging/extensions relays	2016-03-27 01:00:16 -07:00
Teddy Reed	b9194026db	[Fix #1973 ] Improve logging/extensions relays	2016-03-27 00:43:02 -07:00
Teddy Reed	e663d91f00	Merge pull request #1972 from theopolis/fix_1971 [Fix #1971] Use recursive locks for config data predicates	2016-03-26 22:27:45 -07:00
Teddy Reed	a18444813b	[Fix #1971 ] Use recursive locks for config data predicates	2016-03-26 21:52:22 -07:00
Zachary Wasserman	0eff0f2f4e	Collection of doc fixes - Minor fix in creating tables documentation - Fix docs for join - Add note about config paths - Update events docs - Fix link to query packs	2016-03-25 14:12:41 -07:00
Teddy Reed	684697ba8d	Merge pull request #1963 from theopolis/yara_move Add move events to yara_events	2016-03-24 12:16:18 -07:00
Teddy Reed	339f142da4	Add move events to yara_events	2016-03-24 11:24:54 -07:00
Teddy Reed	d2d1431061	Move dispatcher to public API	2016-03-21 15:27:51 -07:00
Teddy Reed	52a3285c18	Merge pull request #1953 from theopolis/pgroup [Fix #1878] Rename processes 'group' to 'pgroup'	2016-03-20 22:14:08 -07:00
Teddy Reed	eb76fc1860	Rename processes 'group' to 'pgroup'	2016-03-20 19:35:49 -07:00
Teddy Reed	27f4754e5e	[Fix #1928 ] Reorder deps installs to build all with clang	2016-03-20 19:15:44 -07:00
Teddy Reed	482eecfab1	Protect udev publisher from fast interrupts	2016-03-20 18:46:34 -07:00
Teddy Reed	59196b6f44	Merge pull request #1952 from theopolis/profile_fix Fix shell's --profile switch	2016-03-20 16:37:46 -07:00
Teddy Reed	ebb0ab30ce	Fix shell's --profile switch	2016-03-20 16:05:13 -07:00
Teddy Reed	89c32de89d	Merge pull request #1950 from friedbutter/signature_multiple_results add feature to select multiple rows to signature table	2016-03-20 13:53:09 -07:00
Teddy Reed	15a998e54f	Use the default shutdown flow within extensions	2016-03-20 01:45:49 -07:00
Sereyvathana Ty	0706146c01	add feature to select multiple rows to signature table	2016-03-19 17:42:21 -07:00
Teddy Reed	4609486f74	Merge pull request #1947 from theopolis/osx_publisher_locks Enhance publisher resource locking on OS X	2016-03-18 19:13:55 -07:00
Teddy Reed	54578df073	Merge pull request #1946 from theopolis/debian_packages_fixup Fixup Debian package builds	2016-03-18 18:17:33 -07:00
Teddy Reed	9f5de79af1	Fixup Debian package builds	2016-03-18 16:59:59 -07:00
Teddy Reed	d7c2f88289	Enhance publisher resource locking on OS X	2016-03-18 16:14:15 -07:00
Teddy Reed	3576189281	Check for interrupt requests in TLS config refresher	2016-03-18 12:03:27 -07:00
Teddy Reed	c62a0f41b6	Various cleanups	2016-03-18 10:40:07 -07:00
Teddy Reed	3e103e69ba	Merge pull request #1931 from ilovezfs/iokitlib-header-casesensitivity IOKitLib.h not IOKitlib.h	2016-03-16 22:32:03 -07:00
Teddy Reed	593f024514	Merge pull request #1936 from theopolis/events_ex Expire data when record is before expire time	2016-03-16 12:58:21 -07:00
Teddy Reed	7040780863	Expire data when record is before expire time	2016-03-16 12:35:06 -07:00
Teddy Reed	621f1bd3a9	[Fix #1896 ] Gate additional and kernel tests/benchmarks	2016-03-15 23:05:37 -07:00
Teddy Reed	bb20a968d9	Merge pull request #1930 from theopolis/debug Build debug packages	2016-03-15 11:12:56 -07:00
ilovezfs	52e7d55600	IOKitLib.h not IOKitlib.h As with all other appearances of IOKitLib.h in the osquery sources, use the capitalization "IOKitLib.h" not "IOKitlib.h" to avoid build failure on case-sensitive file systems.	2016-03-15 09:43:11 -07:00
Teddy Reed	42222bd4a5	Build debug packages	2016-03-15 08:58:01 -07:00
Sereyvathana Ty	f912fca415	add cdhash, team_identifier, and authority to signature table cdhash - code directory hash (https://developer.apple.com/library/mac/documentation/Security/Conceptu al/CodeSigningGuide/RequirementLang/RequirementLang.html) team_identifier is a unique id of the app developer authority is the common name of the signed certificate	2016-03-14 23:19:27 -07:00
Zachary Wasserman	1af6684019	Apple system log virtual table implementation This adds a virtual table implementation for efficient querying of the Apple System Log (ASL) store.	2016-03-14 12:19:03 -07:00
Teddy Reed	0ba2861cf9	[Fix #1920 ] Detach thread before joining/clearing (terminate)	2016-03-13 12:15:18 -07:00
Teddy Reed	59274e59c6	Remove boost::thread from fsevents tests	2016-03-12 00:30:05 -08:00
Teddy Reed	21c7ab642b	Remove boost::thread from inotify tests	2016-03-12 00:15:58 -08:00
Teddy Reed	3de52846d0	Remove boost::thread	2016-03-11 11:50:44 -08:00
Teddy Reed	bc384ba7ad	Merge pull request #1914 from russellhancox/certificate-files Darwin: Allow certificates table to read DER/PEM files	2016-03-11 08:19:51 -08:00
Russell Hancox	05c1dbecb0	Darwin: Allow certificates table to read DER/PEM files as well as keychain	2016-03-11 11:02:54 -05:00
Teddy Reed	d3786c45a3	Merge pull request #1916 from theopolis/deps_updates Several package updates within provision code	2016-03-10 20:26:04 -08:00
Teddy Reed	32efa9a09b	Several package updates within provision code 1. Update boost to 1.60 from 1.55 on Linux platforms 2. Add asio (1.11.0) to the deps set 3. Update snappy to 1.1.3 on Linux platforms 4. Update cpp-netlib to 0.12.0-rc1 from 0.11 on Linux platforms - OS X and brew also include 0.12.0-rc1 as a devel option 5. Update libapt to 1.2.6 from 0.8.6 on Ubuntu/Debian - This adds lzma as a dependent link	2016-03-10 19:40:15 -08:00
Zachary Wasserman	c91798b083	Add path to error message when config file not found Example: ``` $ sudo ./build/darwin/osquery/osqueryd --allow_unsafe --config_path /foo/bar W0310 13:34:40.473743 1955008512 init.cpp:506] Error reading config: config file does not exist: /foo/bar ```	2016-03-10 14:13:08 -08:00
Teddy Reed	9d8c3adef7	Merge pull request #1879 from theopolis/lints-2 Fix various lint issues	2016-03-10 01:10:42 -08:00
Teddy Reed	96e2562e2d	Merge pull request #1913 from sharvilshah/process_state_mnemonics [#1886] Use mnemonics for process states on Darwin	2016-03-09 23:30:41 -08:00
Teddy Reed	26c8b5640f	Fix various lint issues	2016-03-09 19:55:39 -08:00
Teddy Reed	03d0d7e835	Merge pull request #1910 from theopolis/null Allow NULL values, stop using -1 as int/double invalid values	2016-03-09 19:23:35 -08:00
Teddy Reed	a6c147700f	Allow NULL values, stop using -1 as int/double invalid values	2016-03-09 18:24:17 -08:00
Sharvil Shah	a713fbcc55	Use mnenomics for process states on Darwin Process states in `processes` table now use mnemonics instead of the integer code. They follow closely to the states defined sys/proc.h, which means processes with state as: state value meaning mnemonic -------- ------- --------------------------------- ---------- SIDL 1 process being created by fork 'I' SRUN 2 currently runnable 'R' SSLEEP 3 sleeping on an address 'S' SSTOP 4 process debugging or suspension 'T' SZOMB 5 awaiting collection by parent 'Z' Note: The mnemonics here will not match up with what `ps` or `top` reports. `ps` and `top` queries run state of all Mach Threads (by grabbing a Mach Task) of a process, and then coalesces it to represent the process state. This is no longer possible to do by non-Apple signed binaries, as the only way to a Mach Task (and therefore list of Mach Threads) is by calling `task_for_pid()`, which no longer works under System Integrity Protection (SIP) introduced in OS X 10.11	2016-03-09 11:25:58 -08:00
Teddy Reed	d8650c7630	Minor changes to support a Windows build	2016-03-08 10:47:38 -08:00
Teddy Reed	6f69330920	Merge pull request #1907 from theopolis/fix_1900 Allow extensions to use the backing store	2016-03-08 10:45:56 -08:00

1 2 3 4 5 ...

1632 Commits