Commit Graph

347 Commits

Author SHA1 Message Date
Teddy Reed
b2debf509a Cleanup inode table implementations and unblacklist 2014-11-19 16:56:48 -08:00
mike@arpaia.co
e7fedd8833 throw in ctor if an error occurs 2014-11-17 19:47:44 -08:00
Mike Arpaia
49da6387ea Merge pull request #454 from facebook/pidfile
pidfile for osqueryd
2014-11-17 19:27:08 -08:00
mike@arpaia.co
c56b663261 pidfile for osqueryd
close #442
2014-11-17 18:42:36 -08:00
mike@arpaia.co
f8c27bde85 Add a splay of 10% to scheduled queries so that they don't stack
close #446
2014-11-17 14:19:09 -08:00
mike@arpaia.co
ca2c63419a incorrect namespacing 2014-11-17 13:47:44 -08:00
Teddy Reed
565bce3c07 Fix unwind exception catching 2014-11-14 01:42:00 -08:00
Teddy Reed
153cc7208f More control over logging 2014-11-12 18:19:22 -07:00
Teddy Reed
aa933491d2 Merge pull request #416 from theopolis/hack_fix_386
[Fix #386] This is a hack to fix Ubuntu unwinding
2014-11-12 16:43:18 -08:00
Teddy Reed
b419c79791 [Fix #386] This is a hack to fix Ubuntu unwinding 2014-11-12 17:12:37 -07:00
mike@arpaia.co
a8832482b3 implementation for #360 2014-11-12 16:51:14 -05:00
Teddy Reed
0d8b9d3eaa Use SQLite types 2014-11-12 11:07:24 -08:00
Teddy Reed
8e408f987e Table spec documentation examples 2014-11-11 11:26:11 -08:00
Bryan Eastes
ec081c9a54 Added --host_identifier option
Conflicts:
	osquery/core/system.cpp
2014-11-10 16:41:13 -05:00
Teddy Reed
bc05f5de78 Merge pull request #383 from theopolis/fix_rpm_packages
[Fix #367] Check RPMTAG class before cast
2014-11-10 01:59:13 -08:00
Teddy Reed
b0ff403d3d Fixing librpm API usage leaks 2014-11-10 01:48:07 -08:00
Teddy Reed
ea0d210ad3 Fix newline warning in flags 2014-11-09 13:24:57 -07:00
Teddy Reed
f7667ec440 Remove Threads requirement, cleanup flags 2014-11-09 00:00:57 -08:00
Teddy Reed
078d4cf7d2 Refector shell flags/versioning 2014-11-08 20:27:28 -08:00
Teddy Reed
62d6472cfe Rethinking some build improvements 2014-11-08 19:28:35 -08:00
Veres Lajos
afc82c722f typo fixes - https://github.com/vlajos/misspell_fixer 2014-11-07 22:18:02 +00:00
mike@arpaia.co
896a4f2957 generic users function and some general cleanups 2014-11-04 11:40:54 -08:00
Mike Arpaia
a9e636af9f Merge pull request #349 from facebook/329
Ensuring that listening_ports results are unique
2014-11-03 14:08:04 -08:00
mike@arpaia.co
1ce7f7b486 adding a comment denoting performance 2014-11-03 12:16:39 -08:00
Zachary Wasserman
c559f0e1d2 Refactor osquery::fileystem to use boost::filesystem::path rather than std::string 2014-11-03 12:08:46 -08:00
mike@arpaia.co
75ded8b881 Ensuring that listening_ports results are unique 2014-11-03 12:03:57 -08:00
Teddy Reed
24b7be320c Fix #328, add gflags defines for shell-internal flags 2014-11-02 15:40:35 -08:00
Teddy Reed
1554bf3295 Fix #290, add permissions to osqueryd logging 2014-10-30 15:03:05 -07:00
yetanotherhacker
8cee7e0b3c Spelling fixes in comments and output. 2014-10-30 04:27:00 -04:00
Teddy Reed
8a9374d6e3 [vtables] Support linux crontab vars 2014-10-29 02:24:00 -07:00
Teddy Reed
47d1f13966 Using Cpp03 to remove double right angle brackets 2014-10-27 17:56:55 -07:00
Teddy Reed
6e60612520 Using clang-format 3.5 2014-10-27 17:37:36 -07:00
Teddy Reed
cc31e93762 Version bump, 1.0.3 2014-10-27 12:29:51 -07:00
Teddy Reed
0a1925200e Clean flags usage in daemon/shell and dbhandle 2014-10-27 12:09:35 -07:00
Teddy Reed
6d50d762ce Changing flag infra, reducing config testing, adding debug macro 2014-10-27 10:30:02 -07:00
Teddy Reed
991cbdfb00 Fix permissions on DB handle 2014-10-27 10:05:08 -07:00
Teddy Reed
a82792b3f7 Log results as events 2014-10-24 17:05:17 -07:00
mike@arpaia.co
0033e9bd02 cleaning up some memory leak supps 2014-10-09 22:06:55 -07:00
Teddy Reed
ded0717e94 [events] Additional INotify tests 2014-10-07 12:27:25 -07:00
Teddy Reed
8213e7dcbc [events] Improve inotify 2014-10-06 14:37:44 -07:00
Teddy Reed
c553a59745 [events] Use pub/sub diction for events 2014-10-03 11:30:51 -07:00
Teddy Reed
1e36b494b4 [events] Rename MonitorContext to SubscriptionContext 2014-10-03 08:26:41 -07:00
Teddy Reed
b2474b49eb [events] Renamed EventType to EventPublisher 2014-10-03 08:14:36 -07:00
Teddy Reed
e77ae22fe2 [events] Rename EventModule to EventSubscriber 2014-10-03 08:08:06 -07:00
Teddy Reed
69bfb92905 [events] Fleshing out OSX FSEvent framework 2014-10-02 21:30:14 -07:00
mike@arpaia.co
764619c849 Adding a function to read tomcat configs from disk 2014-09-30 19:59:52 -07:00
mike@arpaia.co
c8fded9498 comments for tomcat 2014-09-30 19:54:44 -07:00
Mike Arpaia
3fb8c8a5d4 Merge pull request #183 from facebook/tomcat-users
Adding a function to parse the Tomcat users XML file
2014-09-30 19:51:54 -07:00
mike@arpaia.co
196ec880ab Adding a function to parse the Tomcat users XML file
This is apart of a bigger, better virtual table idea that @carnal0wnage
had.
2014-09-30 19:49:38 -07:00
Teddy Reed
bf8209ca90 Merge pull request #182 from facebook/events_docs
[events] Added remaining doxy comments
2014-09-30 15:00:08 -07:00
Teddy Reed
ef044c4a72 [events] Added remaining doxy comments 2014-09-30 12:50:14 -07:00
Teddy Reed
6eb9c5fd44 EventFactory, Dispatcher as singletons 2014-09-29 20:47:24 -07:00
Teddy Reed
588f1198f3 Merge pull request #174 from facebook/passwd_changes_vtable
[events] Events lifecycle complete, passwd_changes vtable
2014-09-26 21:13:52 -07:00
Teddy Reed
ed338e8356 [events] Events lifecycle complete, passwd_changes vtable 2014-09-26 12:58:32 -07:00
mike@arpaia.co
0c783ebf0a Migrating internal usage of osquery::query to osquery::SQL 2014-09-26 00:34:56 -07:00
mike@arpaia.co
7076aa813c SQL class for executing queries
implements #141
2014-09-26 00:28:18 -07:00
mike@arpaia.co
636ced854f Pretty shell results
Example:

```
osquery> select name, program || program_arguments as executable from launchd limit 5;

+----------------------------------+-------------------------------------------------------------------------------+
| name                             | executable                                                                    |
+----------------------------------+-------------------------------------------------------------------------------+
| bootps.plist                     | /usr/libexec/bootpd                                                           |
| com.apple.afpfs_afpLoad.plist    | /System/Library/Filesystems/AppleShare/afpLoad                                |
| com.apple.afpfs_checkafp.plist   | /System/Library/Filesystems/AppleShare/check_afp.app/Contents/MacOS/check_afp |
| com.apple.AirPlayXPCHelper.plist | /usr/libexec/AirPlayXPCHelper                                                 |
| com.apple.airport.wps.plist      | /usr/libexec/wps                                                              |
+----------------------------------+-------------------------------------------------------------------------------+
osquery> .tables
  => alf
  => alf_exceptions
  => alf_explicit_auths
  => alf_services
  => apps
  => ca_certs
  => etc_hosts
  => interface_addresses
  => interface_details
  => kextstat
  => last
  => launchd
  => listening_ports
  => nvram
  => osx_version
  => processes
  => routes
  => time
```
2014-09-25 21:39:07 -07:00
Teddy Reed
9220da7e3d [events] Registry integration 2014-09-24 12:43:14 -07:00
mike@arpaia.co
5f4108c503 Moving all boost smart pointers to std smart pointers 2014-09-24 10:54:59 -07:00
Teddy Reed
9a2d299424 [events] Events and registry coordination 2014-09-24 10:46:37 -07:00
Teddy Reed
94953df90e [events] Flesh out inotify eventtype 2014-09-23 13:01:03 -07:00
Teddy Reed
bb7097a255 [events] EventType threads for each run loop 2014-09-22 18:35:12 -07:00
mike@arpaia.co
ebfc47b399 Edits to https://github.com/facebook/osquery/pull/148/ 2014-09-22 14:35:59 -07:00
mike@arpaia.co
16122544f5 Reorganizing tests so that the public headers don't have to include gtest 2014-09-22 14:30:52 -07:00
Teddy Reed
9b42c060ea [events] Linux inotify event type 2014-09-22 01:47:50 -07:00
mike@arpaia.co
627821abc1 Periodic clang-format 2014-09-21 14:29:28 -07:00
mike@arpaia.co
b5ee19f49f Removing the osquery::db namespace 2014-09-21 14:27:09 -07:00
Teddy Reed
eee37034b4 [events] Intro of non-async event framework 2014-09-18 15:05:41 -07:00
mike@arpaia.co
f06a4ba52e cleaning up the plugin interfaces 2014-09-16 01:34:39 -07:00
mike@arpaia.co
5998dbd1c5 clang-format 2014-09-16 00:36:49 -07:00
mike@arpaia.co
d9edc81041 Updating the format of doxygen comment blocks 2014-09-16 00:28:23 -07:00
mike@arpaia.co
b36b5c8f29 fixing documentation error 2014-09-15 23:26:22 -07:00
mike@arpaia.co
0eab76a20c refactored aggregateQuery to query 2014-09-15 23:07:03 -07:00
mike@arpaia.co
9147eb541f fixing up some misdocumented parameters 2014-09-15 18:54:18 -07:00
mike@arpaia.co
011d38a767 moving namespace documentation into the doxygen directory 2014-09-15 18:53:04 -07:00
mike@arpaia.co
441ca7bb36 better namespace documentation 2014-09-15 18:11:49 -07:00
mike@arpaia.co
019efb923a namespace documentation 2014-09-15 17:24:29 -07:00
mike@arpaia.co
4a048db278 database namespace documentation 2014-09-15 17:13:22 -07:00
mike@arpaia.co
8d1714841a plugin docs 2014-09-15 14:37:57 -07:00
mike@arpaia.co
e295630d32 Accidental comment 2014-09-15 13:37:20 -07:00
mike@arpaia.co
6f940fb827 Status docs 2014-09-15 13:23:28 -07:00
mike@arpaia.co
6985d4bfa5 scheduler documentation 2014-09-15 13:11:39 -07:00
mike@arpaia.co
1f42458bfb registry docs 2014-09-15 13:09:16 -07:00
mike@arpaia.co
3ca56b42a9 config documentation updates 2014-09-15 13:02:30 -07:00
mike@arpaia.co
798a8aa02a logger documentation 2014-09-15 13:02:23 -07:00
mike@arpaia.co
e0b385aa95 filesystem.h docs 2014-09-15 12:47:00 -07:00
mike@arpaia.co
42afd04bec docs for devtools.h 2014-09-15 12:28:41 -07:00
mike@arpaia.co
7d97186a26 comments for core.h 2014-09-15 12:23:07 -07:00
mike@arpaia.co
de426754d9 moving fs to the global namespace 2014-09-15 11:47:52 -07:00
mike@arpaia.co
d29c58f795 moving scheduler to global namespace 2014-09-15 11:26:16 -07:00
mike@arpaia.co
05f4bc513c down with scheduledQueries_t 2014-09-15 11:17:48 -07:00
mike@arpaia.co
b7f8f5f72a moving logger to the global namespace 2014-09-15 11:14:17 -07:00
mike@arpaia.co
fb2591d82a #143 2014-09-15 11:09:33 -07:00
mike@arpaia.co
68318f816b doxygen docs for Dispatcher 2014-09-14 23:02:50 -07:00
mike@arpaia.co
ad9b0bb5c1 Doxyfile, for docs 2014-09-13 15:18:26 -07:00
mike@arpaia.co
6a0e5b7ddb Removing the unimplemented transaction locking methods in DBHandle 2014-09-13 13:53:12 -07:00
mike@arpaia.co
e838110e84 Moving header to include 2014-09-12 17:50:03 -07:00