valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 02:18:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,087 Commits 2 Branches 109 Tags 25 MiB
a6b769b6f4
Commit Graph

102 Commits

Author SHA1 Message Date
Norm MacLennan
a6b769b6f4 a table to show apt package sources 2015-01-04 19:44:45 -05:00
Norm MacLennan
dd4a9d9d74 merging cmake changes for distro-specific tables 2014-12-31 13:06:54 -05:00
Teddy Reed
ed00c95dca Support centos/ubuntu-specific tables 2014-12-31 09:38:18 -08:00
Norm MacLennan
beff9471f8 resolve merge conflict with upstream 2014-12-30 18:21:00 -05:00
Norm MacLennan
0191f1de29 resurrect the deb_packages table 2014-12-30 17:24:49 -05:00
Sean Williams
c54a568af3 Merge pull request #528 from facebook/linux-camb 
Initial linux kernel instrumentation bits
 2014-12-29 14:20:54 -08:00
Teddy Reed
94811f3ee8 Removed 'core' tables as a build dependency 2014-12-25 12:46:59 -08:00
Teddy Reed
b2dca55539 Build leaner libosquery, allow control over spec/impl 2014-12-23 20:07:12 -08:00
Theodore M. Reed
01005c72b3 Moved crontab out of utility 2014-12-23 14:39:59 -08:00
Theodore M. Reed
7b0640e4eb Move table link dependencies into tables CMakeLists 2014-12-23 14:37:00 -08:00
Teddy Reed
8c38492b2a Add XProtect vtable to OSX 2014-12-16 17:59:07 -08:00
Teddy Reed
d5c5253bbc Add osquery_flags vtable 2014-12-16 02:07:50 -08:00
anuka
375c837b74 Merge remote-tracking branch 'upstream/master' 2014-12-13 15:27:09 +01:00
Teddy Reed
acccfa94e2 IOKit HID events and OSX hardware_events table 2014-12-11 18:06:08 -08:00
Teddy Reed
7b56fa605d PCI/USB parity 2014-12-10 19:51:18 -08:00
mike@arpaia.co
8f8bc6b772 osquery_info table 2014-12-10 18:38:41 -08:00
Sean Williams
48bf3192e1 kernel_integrity vtable to use camb 2014-12-08 23:58:33 +00:00
Teddy Reed
2ebbbf6f98 Linux udev events 2014-12-08 14:13:47 -08:00
Teddy Reed
20dee9c274 Merge pull request #515 from theopolis/faster_generator 
Towards simple table generation
 2014-12-03 12:57:09 -08:00
Teddy Reed
f4337243ec Towards simple table generation 2014-12-02 20:36:46 -08:00
Teddy Reed
d885bf420d Port manual/filesystem to file using constraints 2014-12-02 12:37:26 -08:00
Teddy Reed
3fa2442e25 Rename/improve bash_history to shell_history 2014-11-29 22:36:07 -08:00
Teddy Reed
2b1cd4eee3 Towards predicate constraint checking 2014-11-29 22:36:05 -08:00
anuka
0a280f6546 Adding a table which maps services from /etc/services. 
Signed-off-by: anuka <david.vas1@gmail.com>
 2014-11-29 17:06:34 +01:00
Wesley Shields
7abc9f75f2 Implement logged_in_users. 
Fixes #9.
 2014-11-22 23:49:37 -05:00
Teddy Reed
4de3c8a0cf Fix memory leaks in USB Devices for OSX 2014-11-22 18:04:47 -08:00
Nick
acad6d8e8d Added USB device support for Mac (Linux coming next) 2014-11-22 17:42:56 -08:00
Teddy Reed
1961921d95 Pull process_open_files out of processes.cpp and reduce logging 2014-11-20 17:19:04 -08:00
Li-Wen Hsu
4f8006ad02 Add dummy table implementations for FreeBSD 2014-11-19 05:07:59 +08:00
Li-Wen Hsu
6c55b51c53 Merge branch 'master' into freebsd-build 
Conflicts:
	osquery/core/system.cpp
	tools/provision.sh
 2014-11-19 01:50:38 +08:00
Mike Goffin
57faad63fa Merge branch 'master' into mounts_table 2014-11-17 15:03:50 -05:00
Mike Goffin
6cddf4ad39 Mounts table for Darwin. 
Associated with #255, this adds Mounts table support for Darwin.
 2014-11-17 13:43:59 -05:00
Teddy
968f8027e6 Cleaner arp_table->arp_cache on Linux/OSX 2014-11-17 02:37:15 -08:00
Teddy Reed
ee015343f9 Simplify arp, move to arp_table 2014-11-16 19:49:40 -08:00
Pablo S. Torralba
4f524abbea arp vtable different implementation in osx and linux 2014-11-16 19:49:40 -08:00
Pablo S. Torralba
1843d80660 arp vtable with ip, arp and interface where it was seen 2014-11-16 19:49:40 -08:00
Li-Wen Hsu
e49537c8fa Add libraries and settings for FreeBSD 2014-11-16 01:41:50 +08:00
Abe Stanway
322fde0121 Socket_inode and port_inode tables to map PIDs->ports via netlink inet_diag 
Example query:
```
SELECT port.local_port,
       port.remote_port,
       port.local_ip,
       port.remote_ip,
       socket.pid,
       process.name,
       process.cmdline
       process.path
       FROM socket_inode AS socket
       JOIN port_inode AS port
       ON socket.inode = port.inode
       INNER JOIN processes AS process
       ON socket.pid = process.pid;
```
 2014-11-10 15:02:31 -05:00
Zachary Wasserman
0b30b9f692 Add basic Mac startup items vtable 2014-11-04 11:40:54 -08:00
Alexander Polakov
274e037527 Blockdev table for linux 2014-11-03 23:39:14 +03:00
Akshay Dixit
6c418507e6 renamed lspci to pci_devices and specified it linux only 2014-11-02 21:09:04 -07:00
Akshay Dixit
afd9d5e160 changed lspci to be a linux only virtual table, and added udev dependency to provisions.sh 2014-11-02 21:07:35 -07:00
Akshay Dixit
7896e7f78e added lspci virtual table and libudev dependencies 2014-11-02 21:03:43 -07:00
Alexander Polyakov
58716d6cfa Mounts table for linux 2014-11-01 16:12:56 +03:00
Teddy Reed
eb240ac527 RPM table and more robust Linux building 2014-10-31 21:59:10 -07:00
castrapel
2557bac3d4 RPM Package listing is now working 2014-10-31 16:52:58 -07:00
Pablo S. Torralba
a6e04efdd7 Add quarantine vtable for OSX 
The tables reports:
- path: The file in quarantine
- creator: The application that created the file

Example:
osquery> select * from quarantine limit 10;

+----------------------------------------------------------------------------+---------------+
| path                                                                       | creator       |
+----------------------------------------------------------------------------+---------------+
| /Applications/Adium.app                                                    | Google Chrome |
| /Applications/Adium.app/Contents                                           | Google Chrome |
| /Applications/Adium.app/Contents/_CodeSignature                            | Google Chrome |
| /Applications/Adium.app/Contents/_CodeSignature/CodeResources              | Google Chrome |
| /Applications/Adium.app/Contents/Frameworks                                | Google Chrome |
| /Applications/Adium.app/Contents/Frameworks/Adium.framework                | Google Chrome |
| /Applications/Adium.app/Contents/Frameworks/Adium.framework/Adium          | Google Chrome |
| /Applications/Adium.app/Contents/Frameworks/Adium.framework/Headers        | Google Chrome |
| /Applications/Adium.app/Contents/Frameworks/Adium.framework/PrivateHeaders | Google Chrome |
| /Applications/Adium.app/Contents/Frameworks/Adium.framework/Resources      | Google Chrome |
+----------------------------------------------------------------------------+---------------+

Fixes issue #231
 2014-10-31 06:10:51 -07:00
Teddy Reed
39f866387f [vtables] CPUID asm call feature information 2014-10-29 03:09:34 -07:00
Teddy Reed
1f1b38976a Merge pull request #261 from facebook/crontab 
[vtables] Crontab parsing for system/users
 2014-10-29 02:52:11 -07:00
Teddy Reed
6db0c67555 Merge pull request #269 from vmauge/suidbin 
Add suid_bin vtable
 2014-10-29 02:30:29 -07:00