Commit Graph

36 Commits

Author SHA1 Message Date
Mitchell Grenier
92045900aa [Fix #2696] Add kernel development mode check to OS X (#2735) 2016-11-09 22:07:19 -08:00
Evan
d89d4bad6a Fixed type in function description (#2688) 2016-10-28 13:04:29 -07:00
Teddy Reed
172363d3f5 Fix debug-kernel build and deploy dependencies (#2266) 2016-07-20 17:21:20 -07:00
Teddy Reed
57c6b2a521 Revive the OS X kernel-based publishers (#2083)
The OS X kernel subscribers have not been starting because they expect the
publisher thread to run before they begin configuration. Due to some recent
refactors the publisher thread creation now occurs after configuration.

The subscriber logic to check for a valid kernel connection is still valid.

This commit has two additional side-effects:
- The RocksDB plugin is modified to use 3 background merge threads.
- The OS X kernel publisher syncing thread is now non-blocking.
2016-05-11 11:47:42 -07:00
Sahal Sajjad
3e7bf22c4a Merge pull request #1877 from sahalsajjad/master
Corrected typo in OS X kernel extension debug output
2016-04-04 11:29:04 -07:00
Baraa Hamodi
21c2237eca [osquery] Update copyright headers to new format. 2016-02-11 11:48:58 -08:00
Teddy Reed
dfa32d9e7e Update OS X kernel building to include distro 2016-01-19 16:20:16 -08:00
Teddy Reed
b7650e5291 Remove passwd_changes and user_data from event callbacks 2015-12-07 17:47:38 -08:00
Teddy Reed
50550e607a Build and provision edits for FreeBSD CI 2015-11-02 01:47:09 -08:00
Teddy Reed
b81b6de6ae This refactors a bit of config/packs and adds a socket_events table to Linux.
The refactor of config/packs was initiated because event subscribers needed
a method for toggling `::init` based on some configurable option. In the case
of auditd, turning on the support with `--disable_audit=false` used to start
auditing the EXECVE syscall. It was understandable that this would cause
latency based on the number of processes executing per measure of time.

A new `socket_events` table will do the same but for `bind` and `connect`. These
are less-obvious and for now, require a scan of /proc for socket tuples. In the
future this file descriptor to socket tuple will be faster.
2015-10-27 15:13:02 -07:00
Raphael Salas
025348d9de fixing kernel-configure-target syntax error 2015-10-22 13:13:49 -04:00
Teddy Reed
b7a2d861bf Build Glog with OS X ABI, add SKIP_BENCHMARK 2015-10-11 14:37:49 -07:00
Teddy Reed
333f2ce8c8 [#1506] Silent kext loading messages from syslog 2015-09-16 13:13:56 -07:00
Teddy Reed
2813d3ab87 Add a Linux audit event publisher 2015-09-03 08:45:02 -07:00
Teddy Reed
b9ded9e7af [#1402] Add notes around pack paths in example.conf 2015-08-12 17:15:42 -07:00
Michael O'Farrell
9f2b318778 Added kernel file access events. 2015-07-31 15:06:46 -07:00
Michael O'Farrell
93a65eaf04 Merge pull request #1400 from mofarrell/process-events-env-arg
Adding environment variables and arguments for process events.
2015-07-27 17:54:06 -07:00
Michael O'Farrell
3f87d5832f Adding environment variables and arguments for process events. 2015-07-27 15:48:47 -07:00
Teddy Reed
af13c1b7ea Silence google benchmark CMake output, remove benchmark tests 2015-07-24 09:52:29 -07:00
Michael O'Farrell
a65f8dd93c Added benchmarking targets. 2015-07-23 17:07:42 -07:00
Teddy Reed
270b4da540 [Fix #1339] Add kernel-build to packages when used 2015-07-16 15:23:29 -07:00
Michael O'Farrell
58ec6415d3 Created a basic publisher system for kernel events in the kernel extension. 2015-07-13 16:42:55 -07:00
Teddy Reed
0e49a3a9a1 Build separate OS X packages 2015-07-13 15:44:16 -07:00
Michael O'Farrell
dd1f0af0ff Build system changes for kernel extension testing and deployment. 2015-07-09 11:50:23 -07:00
Michael O'Farrell
4bbb591b37 Added kernel process events table. 2015-07-08 13:47:07 -07:00
Michael O'Farrell
a00fb638c2 Added kernel event publisher. 2015-07-01 17:40:42 -07:00
Michael O'Farrell
1ab7040d83 Kernel extension fixes for daemon shutdown process. 2015-06-30 18:00:25 -07:00
Michael O'Farrell
e1ccd78ba1 Added unloading make target for kernel. 2015-06-30 14:41:54 -07:00
Michael O'Farrell
d7aeaecf93 Merge pull request #1252 from theopolis/kernel-build
Towards CMake-based OS X kernel extension building
2015-06-30 12:30:36 -07:00
Teddy Reed
757940fe6f Towards CMake-powered kernel extension building 2015-06-30 00:49:16 -07:00
Michael O'Farrell
680ffd3bc8 Added a gangsta test (gtest) for the kernel communications.
This test does not evaluate the functionality of the kernel
communication unless the KERNEL_TEST flag was set during the build.
The test will not succeed unless the tests are being run as root.
2015-06-29 12:12:54 -07:00
Michael O'Farrell
89fb4fbaf0 Moved kernel userland code into the osquery directory structure.
Test cpp files are dead.
2015-06-25 12:38:39 -07:00
Michael O'Farrell
7adf170540 Base kernel module with circular queue and test. 2015-06-23 16:16:19 -07:00
Mike Arpaia
3103843e68 removing old unused kernel code 2015-05-05 11:39:41 -07:00
Sean Williams
51c2adae02 Function doc return value clarity 2014-12-20 21:42:00 -08:00
Sean Williams
9bb8efb9d9 Explicitly move out of osquery proper 2014-12-18 16:45:32 -08:00