valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 02:18:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,701 Commits 2 Branches 109 Tags 25 MiB
b3540034f8
Commit Graph

206 Commits

Author SHA1 Message Date
Teddy Reed
b90aeab2fe Fix dameon flags loading from options 2015-04-24 11:37:51 -07:00
Javier Marcos
ddb41ae84a Adding tests to the prototocols table 2015-04-22 17:49:27 -07:00
Teddy Reed
c59ce0e4e4 Lint fixes and clang analyze 2015-04-17 09:18:46 -07:00
Mike Arpaia
c37be342ec updating wiki link to read the docs 2015-04-15 01:02:58 -07:00
Teddy Reed
e1f0106710 Various fixes, checks 2015-04-11 15:57:12 -07:00
Mike Arpaia
5cebb95134 Merge pull request #979 from theopolis/fast_shell_query 
Skip event publishers when a single query is used
 2015-04-10 23:03:51 -07:00
Teddy Reed
aaecffa096 Skip event publishers when a single query is used 2015-04-10 17:37:49 -07:00
Mitchell Grenier
41283223af Better extended attributes 
For the second time in a couple of weeks, I've rewritten the xattr table into
a new extended_attributes table.

If we find an attribute that we don't have a parser for, we will check if it
contains non printable characters. If it does, we'll base64 it. If it doesn't,
we will just output the unencoded string.
 2015-04-10 13:17:22 -07:00
Sharvil Shah
e7a3d24ece Fix etc_hosts hostname parsing so that inline comments are now ignored; update tests 2015-04-06 23:32:56 -07:00
Mike Arpaia
91e70d1df3 Merge pull request #928 from theopolis/config_check_pp 
[#915] Skip daemon initialization if checking config
 2015-04-04 00:12:12 -07:00
Teddy Reed
2b20d3dde0 Merge yara subscribers 2015-04-03 00:48:13 -07:00
Teddy Reed
6dd92bd051 [#915] Skip daemon initialization if checking config 2015-04-02 13:31:51 -07:00
Teddy Reed
38bfed3414 Remove libprocps(ng) in favor of parsing proc manually 2015-03-27 12:37:16 -07:00
Teddy Reed
14a09cc6f2 Change schedule to a map, splay on config update 2015-03-24 16:28:49 -07:00
Teddy Reed
79ddc5ba38 Remove unused shell functions 2015-03-19 16:14:29 -07:00
Teddy Reed
afd11fe1f3 Set osquery_extensions for worker child 2015-03-17 10:36:19 -07:00
Teddy Reed
1a0334ec9a Use a .load file instead of delimited dirs 2015-03-17 10:11:43 -07:00
Teddy Reed
dd354c279d Merge pull request #854 from theopolis/osqueryi_tmp 
[Fix #852] Use a user-specific temporary dir for shell state
 2015-03-16 10:51:38 -07:00
Teddy Reed
8b990c546d [Fix #852] Use a user-specific temporary dir for shell state 2015-03-16 09:29:50 -07:00
Teddy Reed
4440b2f791 Renamed osx_version to os_version, include Linux versions 2015-03-15 16:07:49 -07:00
Teddy Reed
1170887d56 Improve extensions integration testing 2015-03-13 18:33:55 -07:00
Teddy Reed
fe0f369af0 Extension-dependent config/logger plugins 2015-03-13 12:01:30 -07:00
Teddy Reed
90b7f0a986 Merge pull request #836 from theopolis/active_plugins 
Move logger/config to use Registry getActive
 2015-03-10 16:04:40 -07:00
Teddy Reed
6a81cec937 Organize kernel_extensions to add signatures 2015-03-09 11:43:06 -07:00
Teddy Reed
6e7f3dbbbd Move logger/config to use Registry getActive 2015-03-08 14:52:13 -07:00
Teddy Reed
95a9716e02 Remove shell tools from daemon 2015-03-04 23:21:16 -08:00
Teddy Reed
0673900837 Registry modules 2015-03-04 20:33:10 -08:00
Teddy Reed
99beceaef6 Switch lazy=active concept for registry setup 2015-03-04 18:51:41 -08:00
Teddy Reed
8efa07e520 Watcher process will fail if DB path is incorrect 2015-03-04 18:51:41 -08:00
Teddy Reed
3c02806cd8 Extensions autoloading prequel 2015-03-04 18:51:41 -08:00
Mitchell Grenier
3d27fff697 Merge pull request #784 from jedi22/directory_monitoring 
Adding ability to monitor whole folders
 2015-03-02 17:21:24 -08:00
Mitchell Grenier
544615ef57 Bug fix for REC_LIST_FOLDERS 
Fixed a bug where when using REC_LIST_FOLDERS, the root resolution directory
would not be returned.
 2015-03-01 18:26:37 -08:00
Teddy Reed
9031bad609 Extensions helpers, API additions 
Use --socket for extensions, limit help
Add an 'active' concept to registries, support a blank item call
Add osquery_registry to list the internal/external plugin details
 2015-02-25 01:02:05 -07:00
Mike Arpaia
503cf32522 Merge pull request #794 from marpaia/fix-785 
Adding warning text if the system is not configured
 2015-02-24 13:27:16 -08:00
mike@arpaia.co
5a5ec45bbb Adding warning text if the system is not configured 
See #785 for context. If you don't have a properly configured system,
osqueryd will print a convenient warning with instructions.
 2015-02-24 13:19:37 -08:00
Teddy Reed
925deb8e74 [lints] Basic cpp linting 2015-02-24 03:47:12 -08:00
Teddy Reed
f173fb6e0a Working on sync using new non-macro decisions 2015-02-23 23:15:04 -08:00
Teddy Reed
ace433e49d Allow external calls from within registry 2015-02-23 21:35:54 -08:00
Teddy Reed
a29addba61 Extensions integrations testing 2015-02-22 22:56:18 -07:00
Teddy Reed
0f3adbbe24 Merge pull request #781 from theopolis/watcher_full_path 
Use full path for exec in watcher
 2015-02-19 17:02:46 -08:00
Teddy Reed
fa8dbf2b7f Use full path for exec in watcher 2015-02-19 16:00:12 -08:00
Teddy Reed
451ef686ed Building example extension with SDK 2015-02-18 20:11:00 -08:00
Teddy Reed
1f8dacec3c Add flag aliasing, logger/flag tests 2015-02-17 16:26:14 -08:00
Teddy Reed
6f155d63c5 Improve flag storage and printing 2015-02-16 16:26:06 -08:00
Teddy Reed
6994361f26 Improved logging control 2015-02-16 14:42:22 -08:00
Teddy Reed
3c36c4196b Merge pull request #731 from jedi22/wildcard_events 
Added parsing of extra data along with its addition to the osqueryconfig structure
 2015-02-15 19:16:54 -08:00
Teddy Reed
95dd2a808f Merge pull request #762 from theopolis/startup_items 
[Fix #758] Parse startup_items Alias data
 2015-02-15 16:33:39 -08:00
Teddy Reed
1ea06a9d15 [Fix #758] Parse startup_items Alias data 2015-02-13 17:40:02 -08:00
Mitchell Grenier
de5ac74fab All changes addressed 2015-02-13 16:52:11 -08:00
Zachary Wasserman
79034111a5 POC for client side of distributed queries. 
This introduces the notion of a DistributedQueryHandler that uses a "provider" to read/write requests and results to and from the master. The full flow is exercised via integration tests, and unit tests for each component.

It is intended to foster discussion around this client side interface, as well as provide a base to build from.
 2015-02-13 13:01:02 -08:00