Commit Graph

2074 Commits

Author SHA1 Message Date
Teddy Reed
757940fe6f Towards CMake-powered kernel extension building 2015-06-30 00:49:16 -07:00
Mike Arpaia
5ef01b4075 Merge pull request #1272 from marpaia/getConfig
rename osquery::getConfig to osquery::makeTLSConfigRequest
2015-06-29 23:45:15 -07:00
Mike Arpaia
a2ec9d5885 rename osquery::getConfig to osquery::makeTLSConfigRequest 2015-06-29 23:33:40 -07:00
Mike Arpaia
06793f9d00 Merge pull request #1267 from marpaia/osquery-latest-no-more
Remove "latest" from the osquery package names
2015-06-29 15:09:31 -07:00
Teddy Reed
0e4962fde0 Merge pull request #1268 from theopolis/fix_yara_events_cmake
Yara events was not building
2015-06-29 14:58:30 -07:00
Teddy Reed
0d6ab16281 Yara events was not building 2015-06-29 14:45:31 -07:00
Michael O'Farrell
93d6a27c41 Merge pull request #1255 from mofarrell/kernel
Added a gtest for the kernel communications.
2015-06-29 13:52:41 -07:00
Michael O'Farrell
680ffd3bc8 Added a gangsta test (gtest) for the kernel communications.
This test does not evaluate the functionality of the kernel
communication unless the KERNEL_TEST flag was set during the build.
The test will not succeed unless the tests are being run as root.
2015-06-29 12:12:54 -07:00
Mike Arpaia
d6719f9ef7 Remove "latest" from the osquery package names 2015-06-29 11:18:49 -07:00
Mike Arpaia
661e46ae48 Merge pull request #1253 from theopolis/better_print
Fix small issue with printing
2015-06-28 17:22:53 -07:00
Teddy Reed
61e6816e24 Merge pull request #1258 from theopolis/kernel-update2
Merge build/test fixes from master into kernel
2015-06-28 11:45:34 -07:00
Teddy Reed
d339877c01 Merge branch 'master' into kernel 2015-06-28 11:30:14 -07:00
Teddy Reed
6011ad06eb Fix small issue with printing 2015-06-28 11:18:35 -07:00
Teddy Reed
6c8814bcb9 Merge pull request #1257 from theopolis/fix_1198
[Fix #1198] Add a small retry to ext watcher
2015-06-28 02:54:28 -07:00
Teddy Reed
8db6ca4a3f [Fix #1198] Add a small retry to ext watcher 2015-06-28 02:12:50 -07:00
Teddy Reed
5566d8cd96 Merge pull request #1194 from theopolis/lucid-build
Loose support for building on Ubuntu 10.04
2015-06-27 20:47:53 -07:00
Michael O'Farrell
39597e5029 Merge pull request #1256 from mofarrell/merge
Merge branch 'master' into kernel
2015-06-26 17:06:00 -07:00
Michael O'Farrell
f4e05b992a Merge branch 'master' into kernel
Conflicts:
	mkdocs.yml
2015-06-26 17:04:42 -07:00
Teddy Reed
b076ce85eb Merge pull request #1241 from mofarrell/kernel
Moved kernel userland code into the osquery directory structure.
2015-06-25 13:07:51 -07:00
Teddy Reed
55ecfc7058 Merge pull request #1250 from theopolis/fast_ext_tests
[Fix #1198] Faster death/timeout checks in extensions tests
2015-06-25 13:03:26 -07:00
Michael O'Farrell
89fb4fbaf0 Moved kernel userland code into the osquery directory structure.
Test cpp files are dead.
2015-06-25 12:38:39 -07:00
Teddy Reed
e7ed68e187 [Fix #1198] Faster death/timeout checks in extensions tests 2015-06-25 02:53:53 -07:00
Teddy Reed
66dcedcd54 Merge pull request #1249 from d0ugal/master
Updated the MkDocs config from the deprecated format
2015-06-25 01:34:34 -07:00
Dougal Matthews
bcffd4a2a0 Updated the MkDocs config from the deprecated format 2015-06-25 08:35:40 +01:00
Teddy Reed
6437ddb82d Merge pull request #1235 from sharvilshah/remove_os_x_10_9_code
Remove OS X 10.9 code path
2015-06-24 15:18:32 -07:00
Teddy Reed
3c69ee8e53 Merge pull request #1238 from sharvilshah/fix_watchdog_tests
[Fix #1220] osqueryd watchdog tests
2015-06-24 15:18:09 -07:00
Mike Arpaia
7d5cb221dd Merge pull request #1239 from marpaia/1237-segfault
Check for nullptr in CreatePropertyFromCertificate
2015-06-24 08:25:25 -07:00
Mike Arpaia
d6389dc64d Check for nullptr in CreatePropertyFromCertificate 2015-06-23 21:45:46 -07:00
Sharvil Shah
368517c6a6 Use psutil's Process.children() instead of Process.get_children() as the latter has been deprecated.
Process.get_children() had been deprecated in psutil 2.x and is compeletely removed in 3.x versions
in favor of Process.children().

This fixes #1220.
2015-06-23 16:44:05 -07:00
Michael O'Farrell
7adf170540 Base kernel module with circular queue and test. 2015-06-23 16:16:19 -07:00
Sharvil Shah
05bbe2ce06 Remove OS X 10.9 code path since we no longer support it 2015-06-22 20:49:34 -07:00
Teddy Reed
040d9d5fd1 Merge pull request #1216 from sharvilshah/osx_mount_events
[Implement #1103] DMG Mount Events
2015-06-22 12:38:32 -07:00
Sharvil Shah
f676ba7642 Implements disk_events and the related publisher and subscriber.
We now have a Publisher to report on disk events and its metadata,
using the DiskArbitration framework on OS X. Currently disk appearance
and disappearance events are published for both physical and
virtual disks (DMG files). On an event trigger, disk properties are
parsed and that metadata is reported along with the action.

The Subscriber subscribes to virtual disk events currently.

This closes #1103.
2015-06-22 11:09:18 -07:00
Mike Arpaia
9d783fee00 adding an example to the keychain_acls spec 2015-06-22 09:38:24 -07:00
Mike Arpaia
2b9bbb6bd4 Merge pull request #1223 from marpaia/yara-3.4.0
updating yara to 3.4.0
2015-06-22 09:33:25 -07:00
Mike Arpaia
53c407781f Merge pull request #1224 from theopolis/duti_table
OS X application duti/scheme listing table
2015-06-22 09:33:06 -07:00
Teddy Reed
37188f788b Fixups in tables, add DOUBLE, shell extensions 2015-06-22 04:17:23 -04:00
Mike Arpaia
1cd0adaaeb fixing the type in the keychain_acls table for real 2015-06-21 23:34:53 -07:00
Teddy Reed
55f270ff97 OS X application duti/scheme listing table 2015-06-21 14:08:21 -04:00
Mike Arpaia
be85046d32 typo in keychain_acls table where path was being returned as app_path 2015-06-21 13:52:01 -04:00
Mike Arpaia
6f85f2f617 updating yara to 3.4.0 2015-06-21 11:40:51 -04:00
Mike Arpaia
e194558560 Merge pull request #1217 from marpaia/keychain_acl
Table to enumerate keychain ACLs
2015-06-21 11:09:03 -04:00
Mike Arpaia
9df7c3b2ea Merge pull request #1222 from marpaia/remove-clion
Remove CLion files
2015-06-20 16:10:01 -04:00
Mike Arpaia
a326df3e92 Remove CLion files
These files are ten months old, nobody uses CLion on the team to verify
that these still work properly, etc. If someone uses CLion and default
project settings would be useful, please add and maintain new project
files.
2015-06-20 16:08:24 -04:00
Mike Arpaia
2944725ae0 Merge pull request #1221 from marpaia/contributing-docs
Update the contributing docs git workflow
2015-06-20 16:04:05 -04:00
Mike Arpaia
e4d804f575 Update the contributing docs git workflow
The git workflow has been severely out of date for a long time. I made a
few updates to reflect the current state of affairs.
2015-06-20 15:55:44 -04:00
Mike Arpaia
0a83572f08 Table to enumerate keychain ACLs 2015-06-20 14:59:07 -04:00
Mike Arpaia
fe8b25f443 Merge pull request #1218 from theopolis/osx_sandboxes
Add application sandbox container metadata
2015-06-19 11:01:03 -04:00
Teddy Reed
09ea12a2a7 Add application sandbox container metadata 2015-06-19 01:53:09 -04:00
Teddy Reed
fcc875ca47 Merge pull request #1212 from theopolis/syslog_plugin
[#1207] Add syslog plugin
2015-06-18 19:49:16 -04:00