valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-09 02:36:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,262 Commits 2 Branches 109 Tags 25 MiB
9c1e114728
Commit Graph

381 Commits

Author SHA1 Message Date
Jack Naglieri
9c1e114728 Fix os_version table regex for REDHAT_BASED systems. Updating centos6/7 and freebsd10 Vagrant boxes. 2015-09-18 14:47:08 -07:00
Sharvil Shah
28143f64f0 Update system_info table: adds CPU type, CPU cores and total memory. 
This change adds following columns to `system_info` table:

    cpu_type, cpu_subtype, cpu_brand, cpu_physical_cores,
    cpu_logical_cores, physical_memory, hardware_model

Here's an example output of those columns:

```
              cpu_type = x86_64h
           cpu_subtype = Intel x86-64h Haswell
             cpu_brand = Intel(R) Core(TM) i7-4850HQ CPU @ 2.30GHz
    cpu_physical_cores = 4
     cpu_logical_cores = 8
       physical_memory = 17179869184
        hardware_model = MacBookPro11,3
```
 2015-09-10 14:44:48 -07:00
Scott Piper
5e7d0d6a37 Added system_info table 2015-09-09 10:26:16 -07:00
Teddy Reed
bb2b5f594b Static analysis cleanups, static libmagic 2015-09-02 16:55:20 -07:00
Teddy Reed
776de9c4d1 Merge pull request #1477 from theopolis/table_xp_meta 
XProtect meta virtual table and safari_extensions column additions
 2015-08-30 21:31:35 -07:00
Javier Marcos
74be3d1da0 Removing dots at the end of log entries 2015-08-28 16:50:44 -07:00
Javier Marcos
086ab40f83 Merge pull request #1473 from javuto/this_is_real_magic 
Adding magic table to check for libmagic data
 2015-08-28 14:03:10 -07:00
Javier Marcos
1a50977a23 Adding magic table to check for libmagic data 2015-08-28 12:49:46 -07:00
Teddy Reed
88c7ad35a2 Merge pull request #1471 from theopolis/process_start_fix 
[Fix #1453] Use second precision for process start times
 2015-08-28 11:48:25 -07:00
Teddy Reed
2433d9e06c [#1418] Include XProtect's meta list of plugin versions, and blacklisted extensions 2015-08-28 11:46:21 -07:00
Teddy Reed
014e504fba [Fix #1432] Improve OS X USB device reporting 2015-08-27 16:36:54 -07:00
Teddy Reed
3c114c3439 [Fix #1453] Use second precision for process start times 2015-08-27 15:47:06 -07:00
Teddy Reed
bdadc9753b Additional OS X table performance improvements 2015-08-18 01:35:10 -07:00
Teddy Reed
43cf5f1a0a Merge pull request #1448 from theopolis/strol-speedup 
Speedup type conversions, yara, and 10.10 symbols at runtime
 2015-08-14 11:01:46 -07:00
Teddy Reed
68d7a6e0be Speedup type conversions, yara, and 10.10 symbols at runtime 2015-08-13 18:04:03 -07:00
Teddy Reed
634dfe7da1 Merge pull request #1438 from sharvilshah/fix_homebrew_version 
[Fix #1434] version reporting for homewbrew_packages
 2015-08-12 11:30:21 -07:00
Sharvil Shah
b190f5f99a Fix #1433, os_version reporting for 10.11 2015-08-11 14:03:27 -07:00
Sharvil Shah
369040e69b Fix version reporting for homewbrew_packages. Fixes #1434 2015-08-11 01:50:40 -07:00
Sharvil Shah
64588be88b Fix build on OS X 10.11 
enum `SecItemClass` changed in 10.11 headers,
so don't instantiate with rvalue of int.

Update `SecKeychainSearchCreateFromAttributes` to match the stricter definition.

Fixes #1423
 2015-08-05 18:29:29 -07:00
Mike Arpaia
a45c794f52 building on 10.9 2015-07-31 11:57:39 -07:00
osquery
ae8305e00e Revert "Remove OS X 10.9 code path since we no longer support it" 
This reverts commit 05bbe2ce06.
 2015-07-31 11:44:34 -07:00
Chris Down
260df0d6d0 linux users table: Do not drop users with duplicate UIDs 
See Github issue #1301. FreeBSD (which also uses this table) by default has two
users which are UID 0 -- both `toor` and `root`. 19a2d64959 made it so that we
would only get the first one from `getpwent`, but this feature is undesirable
in cases where two different users share the same UID.
 2015-07-29 09:00:47 -07:00
Teddy Reed
2d7ce9341a Remove some non-warning/error log lines from tables 2015-07-24 00:09:06 -07:00
Teddy Reed
fc24682816 Fix profile platform bug in leaks checking 2015-07-20 02:06:52 -07:00
Teddy Reed
e8cb919f03 Merge pull request #1364 from theopolis/harden_applications 
[Fix #1357] Use OS X LS API for app listing
 2015-07-20 01:14:07 -07:00
Mike Arpaia
5ccfe886ba Merge pull request #1363 from theopolis/less_rows 
[Fix #1303] Only emit rows when appropriate for processes/users.
 2015-07-19 20:36:26 -07:00
Teddy Reed
dd7990b719 [Fix #1357] Use OS X LS API for app listing 
Attempt to use OS X's LaunchServices to get a list of applications.
Fall back to basic directory traversal of well-known application paths.
 2015-07-19 20:22:48 -07:00
Teddy Reed
5249e74146 [Fix #1303] Only emit rows when appropriate for processes/users. 
When optimizing a table using query constraints an implementation should not add unneeded rows.
A user experience bug exists when selecting with an explicit non-existing pid/uid.
 2015-07-19 20:20:04 -07:00
Teddy Reed
bcdbb40f0c [Fix #1356] Tokenize process environ by '\0' on Linux 2015-07-19 14:34:49 -07:00
Teddy Reed
6104aaebfe Add optional TLS config plugin refresh 2015-07-17 14:59:08 -07:00
Teddy Reed
c36fbda274 Merge pull request #1349 from theopolis/centos_version 
[Fix #1319] CentOS version reporting and file read error
 2015-07-17 09:07:29 -07:00
Teddy Reed
f06820f578 [Fix #1319] CentOS version reporting and file read error 
1. Redhat-based distributions were not reporting their version correct.
2. The file read API assumed stat would return an accurate file size.
This has been replaced with an attempt to seek to the end of the file.
 2015-07-16 14:16:51 -07:00
Mike Arpaia
9eeb224ce7 clang-format authorizations files 2015-07-16 11:09:16 -07:00
Tom Burgin
e8d3e45cea Added authorization_mechanisms and authorizations tables 2015-07-15 14:25:19 -04:00
Teddy Reed
c269bbeaf3 Rollup of build changes 2015-07-14 13:45:53 -07:00
Teddy Reed
3bd6b64b8b Silence OS X OpenSSL-related deprecations 2015-07-13 10:14:47 -07:00
Sharvil Shah
1ac6702f32 Better/faster performance when querying certificates on OS X 
X509 parsing is now handled by OpenSSL as there does seem to be a
memory leak in SecCertificateCopyValues of Security framework which resulted
in a performance hit when querying certificates.

key_usage and key_algorithm columns now display human readable strings
(e.g. Digital Signature, CRL Sign rsaEncryption)
than the raw flags and OIDs (e.g 0x86, 1.2.840.1).

This fixes #1032
 2015-07-12 11:18:53 -07:00
Mike Arpaia
4f94c0034c Merge pull request #1290 from timzimmermann/uptime 
Uptime
 2015-07-03 00:23:44 -07:00
Tim Zimmermann
fa988b4e56 Add uptime table 
The table contains information about the time passed since the last boot.
 2015-07-02 22:32:48 -07:00
Michael O'Farrell
a712cd5036 Fix processes table to report gid correctly. 2015-07-02 17:03:25 -07:00
Teddy Reed
6437ddb82d Merge pull request #1235 from sharvilshah/remove_os_x_10_9_code 
Remove OS X 10.9 code path
 2015-06-24 15:18:32 -07:00
Mike Arpaia
d6389dc64d Check for nullptr in CreatePropertyFromCertificate 2015-06-23 21:45:46 -07:00
Sharvil Shah
05bbe2ce06 Remove OS X 10.9 code path since we no longer support it 2015-06-22 20:49:34 -07:00
Teddy Reed
37188f788b Fixups in tables, add DOUBLE, shell extensions 2015-06-22 04:17:23 -04:00
Teddy Reed
55f270ff97 OS X application duti/scheme listing table 2015-06-21 14:08:21 -04:00
Mike Arpaia
be85046d32 typo in keychain_acls table where path was being returned as app_path 2015-06-21 13:52:01 -04:00
Mike Arpaia
0a83572f08 Table to enumerate keychain ACLs 2015-06-20 14:59:07 -04:00
Teddy Reed
09ea12a2a7 Add application sandbox container metadata 2015-06-19 01:53:09 -04:00
Teddy Reed
e7ab2fc47b Limit scope of git/tag version defines. 
Harden plist parsing against internal fuzzing tests.
Improve file/stream read speeds.
 2015-06-12 10:10:20 -07:00
Teddy Reed
b56e9efd47 Merge pull request #1199 from theopolis/fix_open_sockets 
Process open sockets on Linux needs '['
 2015-06-07 14:04:45 -07:00