valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 18:08:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,778 Commits 2 Branches 109 Tags 25 MiB
a713fbcc55
Commit Graph

2778 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sharvil Shah
a713fbcc55 Use mnenomics for process states on Darwin 
Process states in `processes` table now use mnemonics instead of the
integer code. They follow closely to the states defined sys/proc.h,
which means processes with state as:

  state    value   meaning                           mnemonic
 -------- ------- --------------------------------- ----------
  SIDL     1       process being created by fork     'I'
  SRUN     2       currently runnable                'R'
  SSLEEP   3       sleeping on an address            'S'
  SSTOP    4       process debugging or suspension   'T'
  SZOMB    5       awaiting collection by parent     'Z'

Note: The mnemonics here will not match up with what `ps` or `top`
reports.

`ps` and `top` queries run state of all Mach Threads (by grabbing a Mach Task)
of a process, and then coalesces it to represent the process state.

This is no longer possible to do by non-Apple signed binaries,
as the only way to a Mach Task (and therefore list of Mach Threads)
is by calling `task_for_pid()`, which no longer works under
System Integrity Protection (SIP) introduced in OS X 10.11
 2016-03-09 11:25:58 -08:00
Teddy Reed
53c108d02e Merge pull request #1902 from theopolis/remove_glog 
Remove Glog from third-party build
 2016-03-07 14:53:32 -08:00
Teddy Reed
956ce75601 Remove Glog from third-party build 2016-03-07 12:54:00 -08:00
Teddy Reed
320df0162c Merge pull request #1904 from theopolis/fix_1901 
[Fix #1901] Tear down TLS server runner
 2016-03-07 12:44:11 -08:00
Javier Marcos
d49255d142 Merge pull request #1905 from javuto/osx_keranger_union 
OSX Keranger detection fix
 2016-03-07 11:32:02 -08:00
Teddy Reed
5f8fa32e21 [Fix #1901] Tear down TLS server runner 2016-03-07 09:38:37 -08:00
Javier Marcos
7c18ce9bb0 OSX Keranger detection fix 2016-03-07 09:25:32 -08:00
Teddy Reed
677c448dea Merge pull request #1897 from theopolis/remove_rdb 
Refactor backing storage
 2016-03-06 21:09:23 -08:00
Teddy Reed
afd17f8134 1. Reorganize RocksDB database handle into a plugin 
2. Introduce a SQLite-based database plugin
3. Refactor database usage to include local 'fast-calls'
4. Introduce an 'ephemeral' database plugin for testing (like a mock)
 2016-03-06 20:40:16 -08:00
Javier Marcos
6afd1a29cf Merge pull request #1898 from javuto/osx_keranger 
Adding detectiong for OSX Keranger
 2016-03-06 17:03:38 -08:00
Javier Marcos
bdd783366d Adding detectiong for OSX Keranger 2016-03-06 16:40:03 -08:00
Teddy Reed
bcd0debaee Merge pull request #1894 from theopolis/sql_debug 
Add define to enable SQLite WHERETRACE
 2016-03-06 09:32:18 -08:00
Teddy Reed
8607d319a1 Merge pull request #1893 from theopolis/dm_bind 
[Fix #1892] Build devmapper statically
 2016-03-04 21:04:05 -08:00
Teddy Reed
8c3d2387e9 Add define to enable SQLite WHERETRACE 2016-03-04 20:41:06 -08:00
Teddy Reed
5fbde8ec4f [Fix #1892] Build devmapper statically 2016-03-04 20:09:43 -08:00
Teddy Reed
683e5c1778 Merge pull request #1890 from theopolis/join_tests 
Add high level join tests for processes, file, and hash
 2016-03-03 22:01:47 -08:00
Teddy Reed
86b9b00f3d Merge pull request #1891 from kaizensoze/add-fan-name-to-fan-speeds-table 
add fan name to fan speeds table
 2016-03-03 20:48:12 -08:00
Teddy Reed
ee1182f526 Add high level join tests for processes, file, and hash 2016-03-03 18:47:55 -08:00
Joe Gallo
544ae37e9d add fan name to fan speeds table 2016-03-03 19:44:53 -05:00
Teddy Reed
545597e315 Merge pull request #1888 from theopolis/fix_1887 
[Fix #1887] Do not generate row for invalid pids
 2016-03-03 15:16:40 -08:00
Teddy Reed
297d6ae1c3 [Fix #1887] Do not generate row for invalid pids 2016-03-03 13:47:27 -08:00
Teddy Reed
69fe7ca4be Merge pull request #1884 from russellhancox/fix-darwin-groups 
Darwin: Use undocumented getgroupcount() before getgrouplist
 2016-03-02 13:58:33 -08:00
Teddy Reed
f08c1c5ec5 Merge pull request #1885 from theopolis/fix_1874 
[Fix #1874] Update SQLite to 3.12.0
 2016-03-02 12:37:21 -08:00
Teddy Reed
b1485d6536 Merge pull request #1883 from friedbutter/patch-1 
Added new detection for hacking team
 2016-03-02 11:33:39 -08:00
Teddy Reed
489a5e839c [Fix #1874] Update SQLite to 3.12.0 2016-03-02 10:12:41 -08:00
Russell Hancox
cc964af444 Darwin: Use undocumented getgroupcount() before getgrouplist 2016-03-01 09:39:01 -05:00
Sereyvathana Ty
7b772880b7 Added new detection for hacking team 
Detect persistency binary from hacking team (ref: https://reverse.put.as/2016/02/29/the-italian-morons-are-back-what-are-they-up-to-this-time/)
 2016-02-29 23:28:18 -08:00
Teddy Reed
58635e3526 Merge pull request #1880 from russellhancox/custom-brew-path 
Mac: fix build when homebrew is not in /usr/local
 2016-02-29 15:00:29 -08:00
Russell Hancox
8bea4f7b3f Mac: fix build when homebrew is not in /usr/local 2016-02-29 14:22:42 -05:00
Teddy Reed
94c9824f12 Merge pull request #1876 from sharvilshah/fix_leaks 
Fix potential leak in Darwin disk_encryption table
 2016-02-27 17:38:17 -08:00
Sharvil Shah
cf573d668e Fix potential leak 2016-02-26 14:54:23 -08:00
Teddy Reed
7b3aa47527 Merge pull request #1873 from theopolis/bind_sql 
[#1816] Refactor DB instance management
 2016-02-25 21:23:50 -08:00
Teddy Reed
b21c2ed943 [#1816] Refactor DB instance management 2016-02-25 19:07:52 -08:00
Teddy Reed
d2efc2fc7e Merge pull request #1872 from mmichie/mattm/fix_debian_init_script 
Update initd script to respect LSB values
 2016-02-24 21:56:07 -08:00
Matt Michie
b806529313 Update initd script to respect LSB values 
The LSB init syntax is different than chkconfig, this was breaking Debian installation.
 2016-02-24 13:59:10 -08:00
Teddy Reed
c314428c66 Merge pull request #1871 from theopolis/more_tests 
Add fstests and reduce SQLite scope
 2016-02-23 23:54:25 -08:00
Teddy Reed
cf40b8a967 Merge pull request #1869 from theopolis/deps_cxxflags 
Add CXXFLAGS to deps build
 2016-02-23 23:49:47 -08:00
Teddy Reed
897b2225b1 Add fstests and reduce SQLite scope 2016-02-23 17:09:02 -08:00
Teddy Reed
c3abb1ef38 Minor addition to multiple logger wiki docs 2016-02-23 10:42:08 -08:00
Teddy Reed
7720dbbbb6 Merge pull request #1868 from theopolis/fix_1866 
[Fix #1866] Emit warning log with unknown options
 2016-02-22 23:13:27 -08:00
Teddy Reed
08a1d852a2 Add CXXFLAGS to deps build 2016-02-22 22:12:06 -08:00
Teddy Reed
50440ddea5 [Fix #1866] Emit warning log with unknown options 2016-02-22 21:39:17 -08:00
Teddy Reed
35e102fb01 Merge pull request #1867 from lexelby/master 
fix typo in config example
 2016-02-22 11:17:47 -08:00
Lex Neva
bcc901780f fix typo in config example 2016-02-22 11:37:29 -05:00
Teddy Reed
69e08f994e Allow build.sh target overrides 2016-02-22 00:10:48 -08:00
Teddy Reed
9c42ba51b3 Merge pull request #1858 from theopolis/sqlite_3.11 
Bump sqlite to 3.11.0
 2016-02-21 23:35:01 -08:00
Teddy Reed
9a54af29ce Bump sqlite to 3.11.0 2016-02-21 22:40:37 -08:00
Teddy Reed
b588cb6484 Merge pull request #1864 from theopolis/improve_logger_tests 
Improve logging tests, add filesystem logger tests
 2016-02-21 20:20:04 -08:00
Teddy Reed
3101a32b01 Improve logging tests, add filesystem logger tests 2016-02-21 19:40:16 -08:00
Teddy Reed
4b60d8f9d4 Merge pull request #1863 from theopolis/fix_1861 
[Fix #1861] Add newline to all filesystem logger writes
 2016-02-21 17:05:02 -08:00