valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 09:58:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,977 Commits 2 Branches 109 Tags 25 MiB
a8813ab7d8
Commit Graph

1977 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Teddy Reed
a8813ab7d8 Some tweaks to estimated scratch/heap for SQLite and RocksDB 2015-07-02 13:52:39 -07:00
Teddy Reed
64e4afa136 Merge pull request #1294 from theopolis/relax_test_timesouts 
Relax extensions and shell timeouts
 2015-07-02 13:50:07 -07:00
Teddy Reed
89e5b6c729 Relax extensions and shell timeouts 2015-07-02 12:14:44 -07:00
Teddy Reed
409414d8aa Merge pull request #1283 from Rasoran/master 
add epoch number to device-mapper version
 2015-07-02 10:39:16 -07:00
Teddy Reed
e24614c959 Merge pull request #1286 from theopolis/relay_status_logs 
[#1277] Forward status logs to osqueryd workers
 2015-07-02 10:33:58 -07:00
Mike Arpaia
4ef32fc343 Merge pull request #1291 from marpaia/readme-cleaning 
README updates
 2015-07-01 23:50:06 -07:00
Mike Arpaia
1a6a6d4a1c README updates 
Moving platform specific build instructions to the wiki, to keep the
README brief.
 2015-07-01 23:47:41 -07:00
Nicholas Sun
df716fb589 manually specify device-mapper, treating amazon as rhel7 2015-07-01 22:06:08 -04:00
Nicholas Sun
82db123f6a changed to only set epoch number for cent7 2015-07-01 21:16:19 -04:00
Mike Arpaia
51f594e2bf Merge pull request #1284 from marpaia/whats-snappenin 
Install snappy headers instead of just the library
 2015-07-01 16:25:04 -07:00
Mike Arpaia
ba89b67cc5 Install snappy headers instead of just the library 
We found that not installing the headers for snappy caused RocksDB's
snappy detection to not find that snappy was installed:
https://goo.gl/YOWJl0

The snippet there requires that the headers are installed, not just the
library. By installing the headers, we can ensure that snappy is linked.

OR, alternatively, we could just leave it and not link snappy. It's
uncertain what the specific benefits of including snappy are for our
use-case. (CC @igorcanadi)
 2015-07-01 16:14:06 -07:00
Teddy Reed
79de0a5def [#1277] Forward status logs to osqueryd workers 
If watcher processes generate warning or error status logs they
will "relay" to the worker processes upon successful sanity check.
 2015-07-01 15:26:26 -07:00
Nicholas Sun
1389b5e8f9 add epoch number to device-mapper version 2015-07-01 14:47:22 +00:00
Mike Arpaia
5ef01b4075 Merge pull request #1272 from marpaia/getConfig 
rename osquery::getConfig to osquery::makeTLSConfigRequest
 2015-06-29 23:45:15 -07:00
Mike Arpaia
a2ec9d5885 rename osquery::getConfig to osquery::makeTLSConfigRequest 2015-06-29 23:33:40 -07:00
Mike Arpaia
06793f9d00 Merge pull request #1267 from marpaia/osquery-latest-no-more 
Remove "latest" from the osquery package names
 2015-06-29 15:09:31 -07:00
Teddy Reed
0e4962fde0 Merge pull request #1268 from theopolis/fix_yara_events_cmake 
Yara events was not building
 2015-06-29 14:58:30 -07:00
Teddy Reed
0d6ab16281 Yara events was not building 2015-06-29 14:45:31 -07:00
Mike Arpaia
d6719f9ef7 Remove "latest" from the osquery package names 2015-06-29 11:18:49 -07:00
Mike Arpaia
661e46ae48 Merge pull request #1253 from theopolis/better_print 
Fix small issue with printing
 2015-06-28 17:22:53 -07:00
Teddy Reed
6011ad06eb Fix small issue with printing 2015-06-28 11:18:35 -07:00
Teddy Reed
6c8814bcb9 Merge pull request #1257 from theopolis/fix_1198 
[Fix #1198] Add a small retry to ext watcher
 2015-06-28 02:54:28 -07:00
Teddy Reed
8db6ca4a3f [Fix #1198] Add a small retry to ext watcher 2015-06-28 02:12:50 -07:00
Teddy Reed
5566d8cd96 Merge pull request #1194 from theopolis/lucid-build 
Loose support for building on Ubuntu 10.04
 2015-06-27 20:47:53 -07:00
Teddy Reed
55ecfc7058 Merge pull request #1250 from theopolis/fast_ext_tests 
[Fix #1198] Faster death/timeout checks in extensions tests
 2015-06-25 13:03:26 -07:00
Teddy Reed
e7ed68e187 [Fix #1198] Faster death/timeout checks in extensions tests 2015-06-25 02:53:53 -07:00
Teddy Reed
66dcedcd54 Merge pull request #1249 from d0ugal/master 
Updated the MkDocs config from the deprecated format
 2015-06-25 01:34:34 -07:00
Dougal Matthews
bcffd4a2a0 Updated the MkDocs config from the deprecated format 2015-06-25 08:35:40 +01:00
Teddy Reed
6437ddb82d Merge pull request #1235 from sharvilshah/remove_os_x_10_9_code 
Remove OS X 10.9 code path
 2015-06-24 15:18:32 -07:00
Teddy Reed
3c69ee8e53 Merge pull request #1238 from sharvilshah/fix_watchdog_tests 
[Fix #1220] osqueryd watchdog tests
 2015-06-24 15:18:09 -07:00
Mike Arpaia
7d5cb221dd Merge pull request #1239 from marpaia/1237-segfault 
Check for nullptr in CreatePropertyFromCertificate
 2015-06-24 08:25:25 -07:00
Mike Arpaia
d6389dc64d Check for nullptr in CreatePropertyFromCertificate 2015-06-23 21:45:46 -07:00
Sharvil Shah
368517c6a6 Use psutil's Process.children() instead of Process.get_children() as the latter has been deprecated. 
Process.get_children() had been deprecated in psutil 2.x and is compeletely removed in 3.x versions
in favor of Process.children().

This fixes #1220.
 2015-06-23 16:44:05 -07:00
Sharvil Shah
05bbe2ce06 Remove OS X 10.9 code path since we no longer support it 2015-06-22 20:49:34 -07:00
Teddy Reed
040d9d5fd1 Merge pull request #1216 from sharvilshah/osx_mount_events 
[Implement #1103] DMG Mount Events
 2015-06-22 12:38:32 -07:00
Sharvil Shah
f676ba7642 Implements disk_events and the related publisher and subscriber. 
We now have a Publisher to report on disk events and its metadata,
using the DiskArbitration framework on OS X. Currently disk appearance
and disappearance events are published for both physical and
virtual disks (DMG files). On an event trigger, disk properties are
parsed and that metadata is reported along with the action.

The Subscriber subscribes to virtual disk events currently.

This closes #1103.
 2015-06-22 11:09:18 -07:00
Mike Arpaia
9d783fee00 adding an example to the keychain_acls spec 2015-06-22 09:38:24 -07:00
Mike Arpaia
2b9bbb6bd4 Merge pull request #1223 from marpaia/yara-3.4.0 
updating yara to 3.4.0
 2015-06-22 09:33:25 -07:00
Mike Arpaia
53c407781f Merge pull request #1224 from theopolis/duti_table 
OS X application duti/scheme listing table
 2015-06-22 09:33:06 -07:00
Teddy Reed
37188f788b Fixups in tables, add DOUBLE, shell extensions 2015-06-22 04:17:23 -04:00
Mike Arpaia
1cd0adaaeb fixing the type in the keychain_acls table for real 2015-06-21 23:34:53 -07:00
Teddy Reed
55f270ff97 OS X application duti/scheme listing table 2015-06-21 14:08:21 -04:00
Mike Arpaia
be85046d32 typo in keychain_acls table where path was being returned as app_path 2015-06-21 13:52:01 -04:00
Mike Arpaia
6f85f2f617 updating yara to 3.4.0 2015-06-21 11:40:51 -04:00
Mike Arpaia
e194558560 Merge pull request #1217 from marpaia/keychain_acl 
Table to enumerate keychain ACLs
 2015-06-21 11:09:03 -04:00
Mike Arpaia
9df7c3b2ea Merge pull request #1222 from marpaia/remove-clion 
Remove CLion files
 2015-06-20 16:10:01 -04:00
Mike Arpaia
a326df3e92 Remove CLion files 
These files are ten months old, nobody uses CLion on the team to verify
that these still work properly, etc. If someone uses CLion and default
project settings would be useful, please add and maintain new project
files.
 2015-06-20 16:08:24 -04:00
Mike Arpaia
2944725ae0 Merge pull request #1221 from marpaia/contributing-docs 
Update the contributing docs git workflow
 2015-06-20 16:04:05 -04:00
Mike Arpaia
e4d804f575 Update the contributing docs git workflow 
The git workflow has been severely out of date for a long time. I made a
few updates to reflect the current state of affairs.
 2015-06-20 15:55:44 -04:00
Mike Arpaia
0a83572f08 Table to enumerate keychain ACLs 2015-06-20 14:59:07 -04:00