Teddy Reed
d3424f5831
Fix getifaddrs checking
2015-07-08 22:37:35 -07:00
Michael O'Farrell
4bbb591b37
Added kernel process events table.
2015-07-08 13:47:07 -07:00
Michael O'Farrell
0d82bf4de5
Merge pull request #1310 from mofarrell/kernel
...
Merge branch 'master' into kernel
2015-07-08 10:35:02 -07:00
Michael O'Farrell
0284b9e60d
Merge branch 'master' into kernel
...
Conflicts:
mkdocs.yml
2015-07-08 10:26:32 -07:00
Michael O'Farrell
ba28b47239
Merge pull request #1298 from theopolis/event_streams
...
Event index time and streaming
2015-07-07 18:27:35 -07:00
Teddy Reed
ab56011881
Apply FIM pattern matching to inotify
2015-07-07 18:18:45 -07:00
Teddy Reed
0854c3ddc3
Merge pull request #1292 from theopolis/memory_tweaks
...
Some tweaks to estimated scratch/heap for SQLite and RocksDB
2015-07-07 08:11:30 -07:00
Teddy Reed
f48619ed28
[ #1285 , #1276 ] Faster, optimized subscriber results
2015-07-07 00:59:28 -07:00
Teddy Reed
41002b829c
Merge pull request #1299 from timzimmermann/date
...
Add date information to time table
2015-07-07 00:46:32 -07:00
Teddy Reed
d2685cfa41
[ #1142 ] Move path resolution into publisher logic
2015-07-07 00:45:55 -07:00
Teddy Reed
bf65e3d2d6
Event index time and streaming
2015-07-07 00:44:57 -07:00
Teddy Reed
f30ef54097
Merge pull request #1305 from mlw/master
...
Minor fixes to support building on Ubuntu 10.04
2015-07-07 00:04:43 -07:00
Tim Zimmermann
0c3b123cb1
Add date information to time table
...
The fix also includes the time in ISO 8601 format
as well as the format returned by C++'s asctime().
See #1297 .
2015-07-07 00:00:50 -07:00
Teddy Reed
0e3eb388de
Merge pull request #1308 from arirubinstein/master
...
Fix version string for TLS plugins
2015-07-06 23:52:55 -07:00
Ari Rubinstein
be72e42bf1
Fix version string for TLS plugins
...
Before, osqueryd would send `osquery/OSQUERY_BUILD_VERSION` as the user agent and appeared broken. I copied the logic from the osquery version table and used that var here also so the user agent now reads 1.4.7
2015-07-06 22:12:26 -07:00
Mike Arpaia
8fe1c4029d
Add google group email to the wiki
...
Let's start using our google group for long-form questions so that we
can leave issues for implementation tasks.
2015-07-06 17:24:27 -07:00
Matthew White
11f447a959
Minor fixes to support building on Ubuntu 10.04
2015-07-06 15:18:11 -07:00
Teddy Reed
efe1ff18ee
Merge pull request #1274 from theopolis/read_limits
...
[Fix #1171 , #1089 ] Add configurable max reads
2015-07-06 01:06:12 -07:00
Teddy Reed
dd9fa25d78
[ Fix #1171 , #1089 ] Add configurable max reads
...
There are 3 new options that control how files are read:
--read_max: controls the maximum size, in bytes, for file reads. If a file is larger than `read_max` the read will fail.
--read_user_max: similar to `read_max` but applies additional limitations to user-controlled files.
--read_user_links: a boolean control to enable/disable following symlinks for user-controlled files.
Important highlights:
If files exceed the configured max, those reads will fail.
The `read_max` will override `read_user_max` if it is set lower.
A default integer value of `0` will disable the limitations.
The default `read_max` is set to 50M and the default `read_user_max` is 10M.
2015-07-06 00:49:43 -07:00
Teddy Reed
33ea79b8f7
Merge pull request #1300 from zi0r/freebsdfixes
...
Fix build under FreeBSD
2015-07-03 18:59:16 -07:00
Ryan Steinmetz
6f6bd8cabc
- Fix build under FreeBSD
2015-07-03 19:47:47 -04:00
Teddy Reed
e73a867b75
Merge pull request #1269 from theopolis/fsevents_symlinks
...
[Fix #1063 ] Allow configure-time symlink resolution in FSEvents
2015-07-03 00:37:58 -07:00
Mike Arpaia
4f94c0034c
Merge pull request #1290 from timzimmermann/uptime
...
Uptime
2015-07-03 00:23:44 -07:00
Tim Zimmermann
fa988b4e56
Add uptime table
...
The table contains information about the time passed since the last boot.
2015-07-02 22:32:48 -07:00
Michael O'Farrell
4e93902932
Merge pull request #1296 from mofarrell/processes-table-fix
...
[Fix #1295 ] `processes` table to report gid correctly.
2015-07-02 17:28:03 -07:00
Michael O'Farrell
a712cd5036
Fix processes table to report gid correctly.
2015-07-02 17:03:25 -07:00
Teddy Reed
546aaa885d
[ Fix #1063 ] Allow configure-time symlink resolution in FSEvents
2015-07-02 16:50:27 -07:00
Teddy Reed
66e5802818
Merge pull request #1266 from theopolis/glob
...
Replace custom wildcarding with POSIX-glob
2015-07-02 16:46:37 -07:00
Teddy Reed
7aac5fd358
Replace custom wildcarding with POSIX-glob
...
POSIX-globbing will allow event publishers/subscribers to post-check
results against glob-syntax, fnpath matching, and POSIX C-regex.
These checks are anecdotally speedy.
2015-07-02 13:53:16 -07:00
Teddy Reed
a8813ab7d8
Some tweaks to estimated scratch/heap for SQLite and RocksDB
2015-07-02 13:52:39 -07:00
Teddy Reed
64e4afa136
Merge pull request #1294 from theopolis/relax_test_timesouts
...
Relax extensions and shell timeouts
2015-07-02 13:50:07 -07:00
Teddy Reed
89e5b6c729
Relax extensions and shell timeouts
2015-07-02 12:14:44 -07:00
Teddy Reed
409414d8aa
Merge pull request #1283 from Rasoran/master
...
add epoch number to device-mapper version
2015-07-02 10:39:16 -07:00
Teddy Reed
e24614c959
Merge pull request #1286 from theopolis/relay_status_logs
...
[#1277 ] Forward status logs to osqueryd workers
2015-07-02 10:33:58 -07:00
Mike Arpaia
4ef32fc343
Merge pull request #1291 from marpaia/readme-cleaning
...
README updates
2015-07-01 23:50:06 -07:00
Mike Arpaia
1a6a6d4a1c
README updates
...
Moving platform specific build instructions to the wiki, to keep the
README brief.
2015-07-01 23:47:41 -07:00
Nicholas Sun
df716fb589
manually specify device-mapper, treating amazon as rhel7
2015-07-01 22:06:08 -04:00
Nicholas Sun
82db123f6a
changed to only set epoch number for cent7
2015-07-01 21:16:19 -04:00
Michael O'Farrell
8625851bfb
Merge pull request #1281 from mofarrell/kernel-event-publisher
...
Kernel event publisher
2015-07-01 17:51:01 -07:00
Michael O'Farrell
a00fb638c2
Added kernel event publisher.
2015-07-01 17:40:42 -07:00
Mike Arpaia
51f594e2bf
Merge pull request #1284 from marpaia/whats-snappenin
...
Install snappy headers instead of just the library
2015-07-01 16:25:04 -07:00
Mike Arpaia
ba89b67cc5
Install snappy headers instead of just the library
...
We found that not installing the headers for snappy caused RocksDB's
snappy detection to not find that snappy was installed:
https://goo.gl/YOWJl0
The snippet there requires that the headers are installed, not just the
library. By installing the headers, we can ensure that snappy is linked.
OR, alternatively, we could just leave it and not link snappy. It's
uncertain what the specific benefits of including snappy are for our
use-case. (CC @igorcanadi)
2015-07-01 16:14:06 -07:00
Teddy Reed
79de0a5def
[ #1277 ] Forward status logs to osqueryd workers
...
If watcher processes generate warning or error status logs they
will "relay" to the worker processes upon successful sanity check.
2015-07-01 15:26:26 -07:00
Michael O'Farrell
859d34a3af
Merge pull request #1280 from mofarrell/kernel-daemon-shutdown-fix
...
Kernel extension fixes for daemon shutdown process.
2015-07-01 11:00:51 -07:00
Nicholas Sun
1389b5e8f9
add epoch number to device-mapper version
2015-07-01 14:47:22 +00:00
Michael O'Farrell
1ab7040d83
Kernel extension fixes for daemon shutdown process.
2015-06-30 18:00:25 -07:00
Michael O'Farrell
c06d2db77c
Merge pull request #1279 from mofarrell/kernel
...
Added unloading make target for kernel.
2015-06-30 14:44:49 -07:00
Michael O'Farrell
e1ccd78ba1
Added unloading make target for kernel.
2015-06-30 14:41:54 -07:00
Michael O'Farrell
a7bd4bd3db
Merge pull request #1278 from facebook/master
...
Merge branch 'master' into kernel
2015-06-30 13:12:16 -07:00
Michael O'Farrell
d7aeaecf93
Merge pull request #1252 from theopolis/kernel-build
...
Towards CMake-based OS X kernel extension building
2015-06-30 12:30:36 -07:00