valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 10:23:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,449 Commits 2 Branches 109 Tags 25 MiB
93577f3ab2
Commit Graph

819 Commits

Author SHA1 Message Date
Teddy Reed
9c1faec090 Isolate glog include and depend on libglog for #652 2015-01-21 13:37:06 -08:00
Mike Arpaia
248f8b90e6 Merge pull request #657 from facebook/marpaia-patch-1 
static lock in config.cpp
 2015-01-21 13:33:35 -08:00
Mike Arpaia
8e677caaef Update config.cpp 2015-01-21 13:08:17 -08:00
mike@arpaia.co
10d5aabd36 config-check command in osqueryd 
This addresses #585
 2015-01-21 12:59:39 -08:00
Mike Arpaia
778789d74e Merge pull request #648 from marpaia/hash-docs 
hash.h documentation
 2015-01-20 16:04:32 -08:00
mike@arpaia.co
ba2e465472 migrating smbios to use new hash api 2015-01-20 15:54:00 -08:00
mike@arpaia.co
ecfe29282b hash.h documentation 
I added some doxygen docs for hash.h
 2015-01-20 15:36:53 -08:00
Teddy Reed
7e58691df0 Merge pull request #637 from theopolis/osx_smbios 
OSX/Linux SMBIOS tables
 2015-01-20 15:28:55 -08:00
Teddy Reed
b7549e09ca SMBIOS parsing on Linux using mem 2015-01-20 15:10:19 -08:00
mike@arpaia.co
b6eed30688 removing md5.h 2015-01-20 15:07:50 -08:00
Teddy Reed
6b6649bbd4 Adding mem to Linux filesystem lib 2015-01-20 15:06:34 -08:00
Teddy Reed
b7852650c2 SMBIOS structure tables for OSX 2015-01-20 15:06:34 -08:00
Teddy Reed
7b0f7f3c49 Rename ACPI length to size 2015-01-20 15:06:34 -08:00
Teddy Reed
64d82388e4 Update the md5 hashing callsites 2015-01-20 14:52:07 -08:00
Teddy Reed
11237d2397 Merge pull request #644 from theopolis/md5_macros 
Use API macro for hash algorithms
 2015-01-20 14:33:55 -08:00
Teddy Reed
a2d9236478 Use API macro for hash algorithms 2015-01-20 14:24:49 -08:00
Mike Arpaia
4937e5cd2e Merge pull request #641 from theopolis/iokit_registry 
Separate IOKit devicetree from registry
 2015-01-20 13:31:24 -08:00
Zachary Wasserman
ee798cdde7 Use sizeof with memcpy and memset 
I'd like to make sure we use expressions of sizeof to relate buffer
sizes to memcpy and memset. This should make modifying the code less
error prone.

Conflicts:
	osquery/tables/system/darwin/nvram.cpp
 2015-01-20 12:36:36 -08:00
Mitchell Grenier
053fcc28ef More minor changes to address marpias requests 2015-01-20 12:13:10 -08:00
Mitchell Grenier
b8b1837bd6 Replaced loop with auto iterator, eliminating need to dereference 2015-01-20 12:13:10 -08:00
Mitchell Grenier
d2fe1826ae Minor code change and clang-format 2015-01-20 12:13:10 -08:00
Mitchell Grenier
34e6bd45c3 Addressed @marpia s changes 2015-01-20 12:13:10 -08:00
Mitchell Grenier
b9c477080f NFS Table for darwin systems. 
Currently table readonly field is a string, this may change in the future to an
integer to stay consistent with other parts of osquery.
 2015-01-20 12:13:09 -08:00
Teddy Reed
416198732a Merge pull request #631 from jedi22/sha-hashs 
Added SHA1 and SHA256 in Hash Table
 2015-01-20 11:24:43 -08:00
Teddy Reed
716aa41c15 Separate IOKit devicetree from registry 2015-01-20 11:15:20 -08:00
Mitchell Grenier
8f407a1e8f Moving commits around for efficientcy 2015-01-20 10:49:58 -08:00
Teddy Reed
5f8eccb3f3 Remove gotos from linux routes 2015-01-19 18:06:34 -08:00
Teddy Reed
8475522e76 Remove goto/sprintf from NVRAM parsing 2015-01-19 17:10:40 -08:00
Teddy Reed
066b7d78d9 Add basic acpi_tables hashing to Linux 2015-01-17 23:02:14 -08:00
Teddy Reed
09ce5099b2 Merge pull request #632 from theopolis/osx_boot_info 
OSX IOKit registry and ACPI table data
 2015-01-17 17:56:51 -08:00
Teddy Reed
545a6b0930 Merge pull request #629 from marpaia/cmdline-whitespace-fix 
Fix for #628
 2015-01-17 17:51:06 -08:00
Mitchell Grenier
c1a1013e5a Minor code changes and namespacing 2015-01-16 12:03:23 -08:00
Teddy Reed
ba716712cf [Fix #630] Clear stacking index plans 2015-01-16 06:47:32 -08:00
Teddy Reed
1df958c583 ACPI tables for OSX 2015-01-15 21:37:02 -08:00
Mitchell Grenier
e6e722dd17 Modifed config.cpp to not use the old MD5 implementation 2015-01-15 17:40:42 -08:00
Mitchell Grenier
570c6a32f3 Moved hashing functions into core. #include<osquery/hash.h> 2015-01-15 17:16:05 -08:00
Mitchell Grenier
c13a0e79a5 Most hashing stuff working though rerun bug is still plaguing the queries 2015-01-15 15:06:30 -08:00
Teddy Reed
803204a9dd iokit_registry table 2015-01-15 12:53:46 -08:00
mike@arpaia.co
aef517a29e Fix for #628 2015-01-15 12:11:25 -08:00
Teddy Reed
663e481d9e [Fix #620] Add query plan estimates bias toward constraints 2015-01-13 21:17:15 -08:00
Teddy Reed
367709429e Treat IOKit HID failures as warnings 2015-01-13 17:25:11 -08:00
Teddy Reed
4db7c90758 Merge pull request #608 from theopolis/linux_ports 
Moved socket_inode on Linux to process_open_files
 2015-01-13 14:54:35 -08:00
Teddy Reed
a709a34220 Merge pull request #605 from theopolis/fix_599 
[Fix #599] Rename kextstat->kernel_extensions
 2015-01-13 14:53:32 -08:00
Teddy Reed
ac0f2f96e4 Split OSX process_open_files into files/sockets 2015-01-13 11:05:54 -08:00
Teddy Reed
f0eec6fbe3 Adding listening_ports to Linux 2015-01-13 09:51:40 -08:00
Teddy Reed
bb6f313c6c Moved socket_inode on Linux to process_open_files 2015-01-13 08:26:47 -08:00
Teddy Reed
376a438516 Moving splay to scheduler and adding config logging 2015-01-12 12:53:05 -08:00
Teddy Reed
84ef94ce9d Testing for table query constraints 2015-01-12 12:52:29 -08:00
Teddy Reed
465db46628 Fix shouldFire pubsub virtual 2015-01-11 19:51:54 -08:00
Teddy Reed
6deeba39c9 Merged Linux/OSX interfaces implementation 2015-01-11 01:39:16 -07:00
Teddy Reed
6dfc5d88f4 Added interfaces to Linux 2015-01-11 00:42:23 -07:00
Teddy Reed
a2cc1c85ea [Fix #599] Rename kextstat->kernel_extensions 2015-01-11 00:38:03 -07:00
Teddy Reed
c5cbf992ad Remove installed unwind headers 2015-01-10 20:38:31 -07:00
mike@arpaia.co
a0a404acc1 removing the dependency on unwind 
Moving glog to third-party so that we can custom compile it so that
we no longer have the dependency on libunwind. #578
 2015-01-10 13:02:30 -07:00
Teddy Reed
18d93d8cbc Building DEB/RPM package dependencies 2015-01-09 12:24:54 -08:00
Teddy Reed
a4e236e16a Simpler OSX package building 2015-01-07 20:01:33 -08:00
Teddy Reed
45ee10f162 More complete make package 2015-01-07 16:07:19 -08:00
Teddy Reed
2ad15763e2 Provide example config, improve pid check 2015-01-07 15:22:50 -08:00
Teddy Reed
dbb7050376 Merge pull request #575 from theopolis/fix_574 
[Fix #574] Undef DEBUG for apt-pkg for make debug
 2015-01-06 07:29:02 -08:00
Teddy Reed
27541d4260 [Fix #574] Undef DEBUG for apt-pkg for make debug 2015-01-06 06:53:42 -08:00
Teddy Reed
f865647d0c [Fix #545] Simpler socket_info parsing in process_open_files 2015-01-06 06:23:48 -08:00
Teddy Reed
df3029e880 [Fix #559] Detach event publisher threads when ending 2015-01-05 19:07:08 -08:00
Norm MacLennan
7a6eb8255a renaming apt sources gen function 2015-01-05 18:02:55 -05:00
Norm MacLennan
38447838db merging upstream cmake changes 2015-01-05 17:43:07 -05:00
Teddy Reed
a4e5e58ec0 Merge pull request #572 from theopolis/auto_dependency 
Use CMake find_library for dependencies
 2015-01-05 08:59:03 -08:00
Teddy Reed
d2cea32644 Use CMake find_library for dependencies 2015-01-05 08:32:05 -08:00
Teddy Reed
80276471c5 Add --daemonize option to osqueryd 2015-01-04 19:27:04 -08:00
Norm MacLennan
a6b769b6f4 a table to show apt package sources 2015-01-04 19:44:45 -05:00
Teddy Reed
86cce395ab [Fix #553] Move config JSON parsing into try 2015-01-03 23:12:28 -08:00
Teddy Reed
2cef8d6f9f Merge pull request #564 from maclennann/deb_packages 
deb_packages table
 2015-01-02 11:15:56 -08:00
Norm MacLennan
cf08d605f0 code review changes and adding revision field 2015-01-02 13:30:04 -05:00
Teddy Reed
9b0adcc47f [Fix #560] Improve config tests 2015-01-01 22:05:03 -08:00
Norm MacLennan
18f40b0952 fixing compatibility issues with 1204 dpkg version 2015-01-01 18:58:00 -05:00
Norm MacLennan
dd4a9d9d74 merging cmake changes for distro-specific tables 2014-12-31 13:06:54 -05:00
Teddy Reed
ed00c95dca Support centos/ubuntu-specific tables 2014-12-31 09:38:18 -08:00
Teddy Reed
914ae37a72 Move CMakeLibs and valgrind supp file 2014-12-31 08:32:23 -08:00
Norm MacLennan
beff9471f8 resolve merge conflict with upstream 2014-12-30 18:21:00 -05:00
Norm MacLennan
0191f1de29 resurrect the deb_packages table 2014-12-30 17:24:49 -05:00
Sean Williams
c54a568af3 Merge pull request #528 from facebook/linux-camb 
Initial linux kernel instrumentation bits
 2014-12-29 14:20:54 -08:00
Teddy Reed
2bf86ebda9 Merge pull request #562 from theopolis/plugins_refactor 
Plugins Refactor: Towards external plugins
 2014-12-29 13:37:03 -08:00
Teddy Reed
d7653c77e7 Support 'make libosquery' for a wrappable so/dylib 2014-12-27 23:14:34 -08:00
Teddy Reed
7d260d3c05 Cleanup cmake files 2014-12-27 22:55:08 -08:00
Teddy Reed
8c6e45e9b5 Fix ca_certs memory leak 2014-12-25 12:49:45 -08:00
Teddy Reed
94811f3ee8 Removed 'core' tables as a build dependency 2014-12-25 12:46:59 -08:00
Teddy Reed
e4b60e883a Variable amalgamation output filename 2014-12-23 21:53:59 -07:00
Theodore M. Reed
b2be1fa383 Whole link tests and refactor flags_test 2014-12-23 20:38:16 -08:00
Teddy Reed
b2dca55539 Build leaner libosquery, allow control over spec/impl 2014-12-23 20:07:12 -08:00
Theodore M. Reed
01005c72b3 Moved crontab out of utility 2014-12-23 14:39:59 -08:00
Theodore M. Reed
53d683a3b3 Remove tables dependency from CMake build 2014-12-23 14:37:07 -08:00
Theodore M. Reed
7b0640e4eb Move table link dependencies into tables CMakeLists 2014-12-23 14:37:00 -08:00
Bryan Eastes
93cb303abc Merge branch 'master' of github.com:facebook/osquery into 520_pt_json_workaround 2014-12-20 18:24:33 -08:00
Bryan Eastes
5ad8d3ec55 Changes from CR 2014-12-20 18:19:33 -08:00
Sean Williams
9bb8efb9d9 Explicitly move out of osquery proper 2014-12-18 16:45:32 -08:00
Teddy Reed
ff7ca1e800 Merge pull request #557 from theopolis/xprotect_results 
OSX results of XProtect hits
 2014-12-18 13:04:08 -08:00
mike@arpaia.co
b9f732c31f Updating the license comment to be the correct open source header 
As per t5494224, all of the license headers in osquery needed to be updated
to reflect the correct open source header style.
 2014-12-18 10:52:55 -08:00
Teddy Reed
6a6851c4bc Merge pull request #544 from theopolis/events_2.0 
Events 2.0
 2014-12-17 20:17:02 -08:00
Teddy Reed
888f74de36 OSX results of XProtect hits 2014-12-17 18:35:01 -08:00
Teddy Reed
4453806dce Remove raw pattern from XProtect 2014-12-17 14:46:53 -08:00
Teddy Reed
7602d17de9 Move base64Decode from ca_certs testing to conversions 2014-12-17 14:03:52 -08:00
Teddy Reed
fefe6de824 OSX XProtect siganture DB as virtual table 2014-12-16 21:35:26 -08:00
Teddy Reed
8c38492b2a Add XProtect vtable to OSX 2014-12-16 17:59:07 -08:00
Teddy Reed
30a27798d5 osqueryd should announce to syslog when starting 2014-12-16 12:04:43 -08:00
Sean Williams
a236e9cf89 Add copyright header 2014-12-16 19:39:16 +00:00
Teddy Reed
d5c5253bbc Add osquery_flags vtable 2014-12-16 02:07:50 -08:00
Teddy Reed
b5535256e6 [Fix #546] Rename md5 to config_md5 and add config_path to osquery_info 2014-12-16 01:52:02 -08:00
Teddy Reed
b442ef0fd3 Merge pull request #548 from theopolis/support_any_brew_openssl 
Use static openssl libs to support thrift 0.9.x
 2014-12-16 01:23:25 -08:00
Teddy Reed
4425bed23e Merge pull request #504 from Anubisss/master 
Adding a table which maps services from /etc/services.
 2014-12-16 01:23:05 -08:00
Teddy Reed
5bd8d9ac37 Use static openssl libs to support thrift 0.9.x 2014-12-16 01:15:58 -08:00
Teddy Reed
dd2eaf248a Fixing Linux syntax errors and tests for Events 2.0 2014-12-15 16:47:09 -08:00
Teddy Reed
6de14466db Events 2.0 using pbr 2014-12-15 11:55:05 -08:00
Teddy Reed
fcdf49d17f WIP migrating Linux Events 2014-12-15 00:43:28 -08:00
Teddy Reed
17efa0b3d6 Migrate subscribers on OSX 2014-12-15 00:25:28 -08:00
Teddy Reed
fbd56663d9 Migrate fsevents to events 2.0 2014-12-14 22:17:38 -08:00
Teddy Reed
d927495209 Support casted subscribes 2014-12-14 21:20:20 -08:00
Teddy Reed
c1e37b73fb Non-static event type and name IDs 2014-12-14 18:03:41 -08:00
Teddy Reed
d2a93cf8c1 Remove EventSubscriber macros 2014-12-14 17:05:07 -07:00
anuka
fa95ff09d8 Some fix for etc_services. 
Signed-off-by: anuka <david.vas1@gmail.com>
 2014-12-14 22:14:00 +01:00
Teddy Reed
0d00e4b0e9 Remove EventPublisher macros 2014-12-14 04:43:31 -07:00
anuka
375c837b74 Merge remote-tracking branch 'upstream/master' 2014-12-13 15:27:09 +01:00
Teddy Reed
00c88a19bc Add timeout to netlink socket read 2014-12-12 17:50:47 -08:00
Sean Williams
4faa10eba0 Move non-external API header files back to src dir 2014-12-12 14:45:29 -08:00
Teddy Reed
cd20ed6b77 Prevent IOKitHID value subscriptions 2014-12-11 18:19:05 -08:00
Teddy Reed
acccfa94e2 IOKit HID events and OSX hardware_events table 2014-12-11 18:06:08 -08:00
Teddy Reed
7b56fa605d PCI/USB parity 2014-12-10 19:51:18 -08:00
Teddy Reed
a75fa3bf11 Merge pull request #538 from theopolis/improve_usb 
Improve usb_devices on OSX
 2014-12-10 19:51:08 -08:00
mike@arpaia.co
8f8bc6b772 osquery_info table 2014-12-10 18:38:41 -08:00
Teddy Reed
b08ad3cb14 Check USB property for CFString type 2014-12-10 09:12:12 -08:00
Teddy Reed
f29e0c17ca Update ca_certs_tests to use moved OSX conversions 2014-12-10 01:59:13 -08:00
Teddy Reed
4644c5e19b Simple usb_devices updates 2014-12-10 01:52:02 -08:00
Teddy Reed
7ba4fb31dd Merge pull request #536 from theopolis/suid_fix 
Suid fix
 2014-12-10 01:19:48 -08:00
Teddy Reed
0b5083bd0e Improve usb_devices on OSX 2014-12-10 01:17:24 -08:00
Bryan Eastes
bd97cb501a First draft of workaround for #520 2014-12-10 00:15:27 -08:00
Teddy Reed
ab8df11818 Add filesystem_error catching and remove suid_bin from BL 2014-12-09 20:13:39 -08:00
Teddy Reed
9a9de67b93 Restrict suid_bin to common search paths 2014-12-09 16:38:14 -08:00
Teddy Reed
192224977d Add small delay if NL read = 0 2014-12-09 16:02:25 -08:00
Teddy Reed
22c9664ae1 [Fix #530] Continue to read from NL socket 2014-12-09 15:49:40 -08:00
Teddy Reed
f4a226f4cf Merge pull request #533 from theopolis/static_build_osx 
Link the brew dependencies statically on OSX
 2014-12-09 14:03:54 -08:00
Teddy Reed
2fae6c0d7c Link the brew dependencies statically on OSX 2014-12-09 13:40:53 -08:00
Ari Rubinstein
27b6fb021e Force git to return something if tags aren't found 
If there are no tags in the current repository, this command will fail leaving the OSQUERY_BUILD_VERSION blank, and therefore breaking the package building process (and presumably other things too) due to the empty version flag.  By adding the flag --always, this forces git to fallback to a commit id instead of returning nothing.
 2014-12-09 09:52:36 -08:00
mike@arpaia.co
0846b6ddd5 Fixing pidfile creation bug 
If osqueryd was killed and another process was started with osqueryd's
old pid before a new osqueryd could start, osqueryd would encounter a
bug where osqueryd would never start.

This executes an osquery query to the processes table to make sure that
the name of the process is "osqueryd". Of course, you could perhaps
denial of service osqueryd this way, but that would require root
filesystem access (assuming that the last version of osqueryd was
ran as root). Thoughts?
 2014-12-08 23:52:38 -08:00
Sean Williams
341fbc3b53 -Conform to new table function signature 
-Add proper include and fix brackets on macro
-Let osquery core do the integer cast for syscall_addr_modified
-Fix misc cruft
 2014-12-09 01:47:51 +00:00
Sean Williams
48bf3192e1 kernel_integrity vtable to use camb 2014-12-08 23:58:33 +00:00
Sean Williams
cd5bedbb0e Remove hooking of init module: it should really go in an LSM proper; also fix Makefile when SMAP is not specified 2014-12-08 23:58:32 +00:00
Sean Williams
c979656cc9 Makefile more flexible; fix a few bugs; optionally naively hide module 2014-12-08 23:58:08 +00:00
Sean Williams
7a81544ac0 Makefile more flexible; fix a few bugs; optionally naively hide module 2014-12-08 23:58:07 +00:00
mike@arpaia.co
c6f14b9776 moving to top-level kernel directory 2014-12-08 23:52:34 +00:00
Sean Williams
d2bde43331 Fix a couple bugs; cleanup unused code/includes 2014-12-08 23:47:30 +00:00
Sean Williams
05ce70f871 Detect some linux kernel tampering. initial branch; not yet complete 
-Download kernel headers, enter camb directory, and type 'make'
-New sysfs directory /sys/kernel/camb created with two files undearneath it:
syscall_addr_modified and text_segment_hash.

File `syscall_addr_modified` is either 1 or 0 representing whether the syscall function pointers were modified or not respectively.
File `text_segment_hash` is the current sha1 hash of the kernel's .text segment (excluding loaded modules)

The address range that camb currently hashes is subject to change because it's probably not comprehensive. However, it caught the rootkits that I've thrown at it, one of which is suterusu (https://github.com/mncoppola/suterusu).
 2014-12-08 23:47:30 +00:00
Sean Williams
6ad17759d8 Makefile more flexible; fix a few bugs; optionally naively hide module 2014-12-08 23:47:29 +00:00
Sean Williams
218f74ae80 Makefile more flexible; fix a few bugs; optionally naively hide module 2014-12-08 23:47:29 +00:00
mike@arpaia.co
1ce1e17902 new headers 2014-12-08 23:47:25 +00:00
mike@arpaia.co
5b80664c5e moving to top-level kernel directory 2014-12-08 23:47:25 +00:00
Sean Williams
279d55e49d Fix a couple bugs; cleanup unused code/includes 2014-12-08 23:47:24 +00:00
Sean Williams
0953b17e93 Detect some linux kernel tampering. initial branch; not yet complete 
-Download kernel headers, enter camb directory, and type 'make'
-New sysfs directory /sys/kernel/camb created with two files undearneath it:
syscall_addr_modified and text_segment_hash.

File `syscall_addr_modified` is either 1 or 0 representing whether the syscall function pointers were modified or not respectively.
File `text_segment_hash` is the current sha1 hash of the kernel's .text segment (excluding loaded modules)

The address range that camb currently hashes is subject to change because it's probably not comprehensive. However, it caught the rootkits that I've thrown at it, one of which is suterusu (https://github.com/mncoppola/suterusu).
 2014-12-08 23:47:24 +00:00
Teddy Reed
96d68ce98a Clean before building CI 2014-12-08 15:22:17 -08:00
Teddy Reed
2ebbbf6f98 Linux udev events 2014-12-08 14:13:47 -08:00
mike@arpaia.co
e260007f04 Change exit(-1) to exit(EXIT_FAILURE) 2014-12-08 10:40:10 -08:00
Teddy Reed
fb5048596c Merge pull request #527 from theopolis/fix_linux_processes_cmdline 
Replace linux cmdline tokens with spaces
 2014-12-07 18:11:07 -08:00
Teddy Reed
f8cc579d36 Fix json results clear 2014-12-07 15:53:37 -07:00
Teddy Reed
b890670be1 Replace linux cmdline tokens with spaces 2014-12-07 00:35:24 -07:00
Teddy Reed
a0866c0972 Merge pull request #524 from theopolis/events_expiry 
Events expiry
 2014-12-06 19:52:16 -08:00
Teddy Reed
19695d40aa Add expiration to events 2014-12-06 18:28:03 -07:00
Teddy Reed
78ecc73d81 Add -json output mode for shell 2014-12-06 18:22:48 -07:00
Teddy Reed
7b16e45f55 Improve pubsub unittests 2014-12-05 16:18:05 -07:00
Teddy Reed
7c738c8497 Codemod to improve include search paths 2014-12-03 15:14:02 -08:00
Teddy Reed
20dee9c274 Merge pull request #515 from theopolis/faster_generator 
Towards simple table generation
 2014-12-03 12:57:09 -08:00
Teddy Reed
a50400d34f Merge pull request #510 from wxsBSD/issue_475 
Implement signed columns for users and groups.
 2014-12-03 12:46:02 -08:00
Teddy Reed
5d99dc0325 Use a single class for Table plugins 2014-12-03 12:43:55 -08:00
Teddy Reed
ebd77d47c4 Amalgamate generated tables 2014-12-03 02:02:11 -08:00
Teddy Reed
343cdf8405 Organize /tools 2014-12-02 21:16:24 -08:00
Teddy Reed
119eb37731 Simple template functions 2014-12-02 21:02:50 -08:00
Teddy Reed
f4337243ec Towards simple table generation 2014-12-02 20:36:46 -08:00
Bryan Eastes
5eef747025 Fixed typo in getHostIdentifer 2014-12-02 14:09:37 -08:00
Teddy Reed
d885bf420d Port manual/filesystem to file using constraints 2014-12-02 12:37:26 -08:00
Teddy Reed
13fb05ab48 Move config member set back to end of ctor 2014-12-02 01:52:32 -08:00
Teddy Reed
366c646cb8 Merge pull request #507 from theopolis/config_options 
Read arguments/options from config
 2014-12-01 23:57:53 -08:00
Teddy Reed
f8e9750ea2 Merge pull request #508 from theopolis/workaround_422 
[Fix #422] Workaround for multiple selects
 2014-12-01 23:57:37 -08:00
Bryan Eastes
d2d021df24 Fixed small bug in getHostIdentifier method 2014-12-01 15:02:40 -08:00
Wesley Shields
2504c06feb Implement signed columns for users and groups. 
Fixes #475.
 2014-12-01 11:52:13 -05:00
Teddy Reed
fc69ccf22a [Fix #422] Workaround for multiple selects 2014-12-01 02:27:51 -07:00
Teddy Reed
43b4debd47 Read arguments/options from config 2014-12-01 02:05:46 -07:00
Teddy Reed
6a46513a08 Fix abrt in osqueryd as non-su 2014-11-30 22:36:55 -07:00
Teddy Reed
3ec6b473dd [Fix #498] Remove default catch in quaratine 2014-11-30 22:01:31 -07:00
Teddy Reed
13c8277bb4 Add query constraints to logged_in_users 2014-11-29 22:40:11 -08:00
Teddy Reed
e33443d354 clang-format on feature-predicate updates 2014-11-29 22:36:07 -08:00
Teddy Reed
76780aa6f0 Improve OSX apps table 2014-11-29 22:36:07 -08:00
Teddy Reed
b1cf8f1e61 Improve and use constraints for various OSX tables 2014-11-29 22:36:07 -08:00
Teddy Reed
3fa2442e25 Rename/improve bash_history to shell_history 2014-11-29 22:36:07 -08:00
Teddy Reed
56014b9c31 Moving tables definitions into core/tables.cpp 2014-11-29 22:36:06 -08:00
Teddy Reed
b18068f114 Improve kextstat/startup_items code and perf 2014-11-29 22:36:06 -08:00
Theodore M. Reed
8ab1863790 Predicate constraints for FreeBSD 2014-11-29 22:36:06 -08:00
Teddy Reed
59367b41af Predicate constraints for Linux 2014-11-29 22:36:06 -08:00
Teddy Reed
ba86d68e68 Rebuild generated files when templates change. 2014-11-29 22:36:06 -08:00
Teddy Reed
b4be08a702 Updating table generators to use QueryContext 2014-11-29 22:36:05 -08:00
Teddy Reed
cd8413d483 Organizing affinity types into tables. 2014-11-29 22:36:05 -08:00
Teddy Reed
2b1cd4eee3 Towards predicate constraint checking 2014-11-29 22:36:05 -08:00
Teddy Reed
750cc807cf Merge pull request #493 from wxsBSD/issue_9 
Implement logged_in_users.
 2014-11-29 22:22:10 -08:00
anuka
0a280f6546 Adding a table which maps services from /etc/services. 
Signed-off-by: anuka <david.vas1@gmail.com>
 2014-11-29 17:06:34 +01:00
mike@arpaia.co
e29e808358 build tooling 
adding build files for some random build systems
 2014-11-25 17:38:16 -08:00
Mike Arpaia
6eb2ffda55 Merge pull request #497 from facebook/host-ident-sig 
Refactoring getHostIdentifier and adding some extra logging
 2014-11-25 11:53:23 -06:00