Teddy Reed
757940fe6f
Towards CMake-powered kernel extension building
2015-06-30 00:49:16 -07:00
Mike Arpaia
5ef01b4075
Merge pull request #1272 from marpaia/getConfig
...
rename osquery::getConfig to osquery::makeTLSConfigRequest
2015-06-29 23:45:15 -07:00
Mike Arpaia
a2ec9d5885
rename osquery::getConfig to osquery::makeTLSConfigRequest
2015-06-29 23:33:40 -07:00
Mike Arpaia
06793f9d00
Merge pull request #1267 from marpaia/osquery-latest-no-more
...
Remove "latest" from the osquery package names
2015-06-29 15:09:31 -07:00
Teddy Reed
0e4962fde0
Merge pull request #1268 from theopolis/fix_yara_events_cmake
...
Yara events was not building
2015-06-29 14:58:30 -07:00
Teddy Reed
0d6ab16281
Yara events was not building
2015-06-29 14:45:31 -07:00
Michael O'Farrell
93d6a27c41
Merge pull request #1255 from mofarrell/kernel
...
Added a gtest for the kernel communications.
2015-06-29 13:52:41 -07:00
Michael O'Farrell
680ffd3bc8
Added a gangsta test (gtest) for the kernel communications.
...
This test does not evaluate the functionality of the kernel
communication unless the KERNEL_TEST flag was set during the build.
The test will not succeed unless the tests are being run as root.
2015-06-29 12:12:54 -07:00
Mike Arpaia
d6719f9ef7
Remove "latest" from the osquery package names
2015-06-29 11:18:49 -07:00
Mike Arpaia
661e46ae48
Merge pull request #1253 from theopolis/better_print
...
Fix small issue with printing
2015-06-28 17:22:53 -07:00
Teddy Reed
61e6816e24
Merge pull request #1258 from theopolis/kernel-update2
...
Merge build/test fixes from master into kernel
2015-06-28 11:45:34 -07:00
Teddy Reed
d339877c01
Merge branch 'master' into kernel
2015-06-28 11:30:14 -07:00
Teddy Reed
6011ad06eb
Fix small issue with printing
2015-06-28 11:18:35 -07:00
Teddy Reed
6c8814bcb9
Merge pull request #1257 from theopolis/fix_1198
...
[Fix #1198 ] Add a small retry to ext watcher
2015-06-28 02:54:28 -07:00
Teddy Reed
8db6ca4a3f
[ Fix #1198 ] Add a small retry to ext watcher
2015-06-28 02:12:50 -07:00
Teddy Reed
5566d8cd96
Merge pull request #1194 from theopolis/lucid-build
...
Loose support for building on Ubuntu 10.04
2015-06-27 20:47:53 -07:00
Michael O'Farrell
39597e5029
Merge pull request #1256 from mofarrell/merge
...
Merge branch 'master' into kernel
2015-06-26 17:06:00 -07:00
Michael O'Farrell
f4e05b992a
Merge branch 'master' into kernel
...
Conflicts:
mkdocs.yml
2015-06-26 17:04:42 -07:00
Teddy Reed
b076ce85eb
Merge pull request #1241 from mofarrell/kernel
...
Moved kernel userland code into the osquery directory structure.
2015-06-25 13:07:51 -07:00
Teddy Reed
55ecfc7058
Merge pull request #1250 from theopolis/fast_ext_tests
...
[Fix #1198 ] Faster death/timeout checks in extensions tests
2015-06-25 13:03:26 -07:00
Michael O'Farrell
89fb4fbaf0
Moved kernel userland code into the osquery directory structure.
...
Test cpp files are dead.
2015-06-25 12:38:39 -07:00
Teddy Reed
e7ed68e187
[ Fix #1198 ] Faster death/timeout checks in extensions tests
2015-06-25 02:53:53 -07:00
Teddy Reed
66dcedcd54
Merge pull request #1249 from d0ugal/master
...
Updated the MkDocs config from the deprecated format
2015-06-25 01:34:34 -07:00
Dougal Matthews
bcffd4a2a0
Updated the MkDocs config from the deprecated format
2015-06-25 08:35:40 +01:00
Teddy Reed
6437ddb82d
Merge pull request #1235 from sharvilshah/remove_os_x_10_9_code
...
Remove OS X 10.9 code path
2015-06-24 15:18:32 -07:00
Teddy Reed
3c69ee8e53
Merge pull request #1238 from sharvilshah/fix_watchdog_tests
...
[Fix #1220 ] osqueryd watchdog tests
2015-06-24 15:18:09 -07:00
Mike Arpaia
7d5cb221dd
Merge pull request #1239 from marpaia/1237-segfault
...
Check for nullptr in CreatePropertyFromCertificate
2015-06-24 08:25:25 -07:00
Mike Arpaia
d6389dc64d
Check for nullptr in CreatePropertyFromCertificate
2015-06-23 21:45:46 -07:00
Sharvil Shah
368517c6a6
Use psutil's Process.children() instead of Process.get_children() as the latter has been deprecated.
...
Process.get_children() had been deprecated in psutil 2.x and is compeletely removed in 3.x versions
in favor of Process.children().
This fixes #1220 .
2015-06-23 16:44:05 -07:00
Michael O'Farrell
7adf170540
Base kernel module with circular queue and test.
2015-06-23 16:16:19 -07:00
Sharvil Shah
05bbe2ce06
Remove OS X 10.9 code path since we no longer support it
2015-06-22 20:49:34 -07:00
Teddy Reed
040d9d5fd1
Merge pull request #1216 from sharvilshah/osx_mount_events
...
[Implement #1103 ] DMG Mount Events
2015-06-22 12:38:32 -07:00
Sharvil Shah
f676ba7642
Implements disk_events and the related publisher and subscriber.
...
We now have a Publisher to report on disk events and its metadata,
using the DiskArbitration framework on OS X. Currently disk appearance
and disappearance events are published for both physical and
virtual disks (DMG files). On an event trigger, disk properties are
parsed and that metadata is reported along with the action.
The Subscriber subscribes to virtual disk events currently.
This closes #1103 .
2015-06-22 11:09:18 -07:00
Mike Arpaia
9d783fee00
adding an example to the keychain_acls spec
2015-06-22 09:38:24 -07:00
Mike Arpaia
2b9bbb6bd4
Merge pull request #1223 from marpaia/yara-3.4.0
...
updating yara to 3.4.0
2015-06-22 09:33:25 -07:00
Mike Arpaia
53c407781f
Merge pull request #1224 from theopolis/duti_table
...
OS X application duti/scheme listing table
2015-06-22 09:33:06 -07:00
Teddy Reed
37188f788b
Fixups in tables, add DOUBLE, shell extensions
2015-06-22 04:17:23 -04:00
Mike Arpaia
1cd0adaaeb
fixing the type in the keychain_acls table for real
2015-06-21 23:34:53 -07:00
Teddy Reed
55f270ff97
OS X application duti/scheme listing table
2015-06-21 14:08:21 -04:00
Mike Arpaia
be85046d32
typo in keychain_acls table where path was being returned as app_path
2015-06-21 13:52:01 -04:00
Mike Arpaia
6f85f2f617
updating yara to 3.4.0
2015-06-21 11:40:51 -04:00
Mike Arpaia
e194558560
Merge pull request #1217 from marpaia/keychain_acl
...
Table to enumerate keychain ACLs
2015-06-21 11:09:03 -04:00
Mike Arpaia
9df7c3b2ea
Merge pull request #1222 from marpaia/remove-clion
...
Remove CLion files
2015-06-20 16:10:01 -04:00
Mike Arpaia
a326df3e92
Remove CLion files
...
These files are ten months old, nobody uses CLion on the team to verify
that these still work properly, etc. If someone uses CLion and default
project settings would be useful, please add and maintain new project
files.
2015-06-20 16:08:24 -04:00
Mike Arpaia
2944725ae0
Merge pull request #1221 from marpaia/contributing-docs
...
Update the contributing docs git workflow
2015-06-20 16:04:05 -04:00
Mike Arpaia
e4d804f575
Update the contributing docs git workflow
...
The git workflow has been severely out of date for a long time. I made a
few updates to reflect the current state of affairs.
2015-06-20 15:55:44 -04:00
Mike Arpaia
0a83572f08
Table to enumerate keychain ACLs
2015-06-20 14:59:07 -04:00
Mike Arpaia
fe8b25f443
Merge pull request #1218 from theopolis/osx_sandboxes
...
Add application sandbox container metadata
2015-06-19 11:01:03 -04:00
Teddy Reed
09ea12a2a7
Add application sandbox container metadata
2015-06-19 01:53:09 -04:00
Teddy Reed
fcc875ca47
Merge pull request #1212 from theopolis/syslog_plugin
...
[#1207 ] Add syslog plugin
2015-06-18 19:49:16 -04:00