valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 18:08:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,393 Commits 2 Branches 109 Tags 25 MiB
b64dbb0f53
Commit Graph

303 Commits

Author SHA1 Message Date
Alessandro Gario
b64dbb0f53 auditdnetlink: Do not reset the handle when poll() returns EINTR (#4531) 2018-06-13 10:06:53 +01:00
Nick Anderson
e860e8e794
[Fix 4488] Ensure that corrupted DB entries are processed gracefully (#4508) 2018-06-08 20:56:16 -07:00
Max Kareta
5aca61375f
reorganized includes to improve compile time (#4445) 2018-05-30 00:17:40 +01:00
Filipe Manco
67f95baf6e
Fix files with no new line at eof (#4426) 2018-05-24 20:12:31 +01:00
Alexander
1a48150be0 Pass name of query to lambda in Config::scheduledQueries by value (#4367) 2018-05-09 14:56:19 +01:00
Nick Anderson
305108155a
bug: handle windows service shutdowns gracefully (#4286) 2018-04-18 07:51:04 -07:00
Mitchell Grenier
360f58887c
Fix macOS build on Xcode 9.3 (#4291) 2018-04-16 12:21:33 -07:00
Mitchell Grenier
dad25b89a9
Adding symlink loop detection to globbing (#4129) 2018-02-22 11:57:46 -08:00
Nick Anderson
57e8e123a1
[fix #4140] Removing WEL logger plugin from systemLog due to duplicate linkage (#4143) 2018-02-20 21:30:54 -08:00
packetzero
d058e19345 darwin: Separate IOKit routines from IOKit event support (#4087) 2018-02-09 17:07:53 +00:00
Teddy Reed
90a737ead7
Replace most of boost::property_tree with rapidjson (#3910) 2018-01-20 20:58:01 -05:00
Alessandro Gario
44e03bada9 process_file_events: Add fields euid and egid and cleanup logs 2018-01-15 20:19:05 -08:00
Alessandro Gario
02caa95774 audit: Rename audit_fim_events to process_file_events 2018-01-15 20:12:58 -08:00
Alessandro Gario
8829c9f0de audit: Improve responsiveness when terminating and set name 2018-01-15 20:06:52 -08:00
Alessandro Gario
d72779c784 Update column names, add switch to clear Audit config on startup (#3611) 2018-01-15 20:02:27 -08:00
Alessandro Gario
9c0bd4abfb audit-based file integrity monitoring (#3492) 2018-01-15 19:57:50 -08:00
Teddy Reed
00040c6c1a
feature: URI parsing from folly (#4035) 2018-01-06 20:26:36 -08:00
Teddy Reed
c4c5385253
deps: Rebuild all dependencies for Darwin and Linux (v5) (#4025) 2018-01-04 23:05:21 -08:00
Teddy Reed
f6d077cbf7
license: Change license to Apache 2.0 and GPLv2 (#4007) 2017-12-18 16:04:06 -08:00
Mitchell Grenier
a73233263b Renaming the key_events table to user_interaction_events and adding mouse down (#3951) 2017-11-21 23:43:52 -08:00
Mitchell Grenier
c3a2171ebc Tighten up the event tapping code (#3917) 2017-11-09 13:21:22 -08:00
Mitchell Grenier
beca5e68e9 Require root permissions to start the event tapping framework (#3849) 2017-11-01 07:31:50 -07:00
Teddy Reed
a7c2669ba3
tidy: Improve clang-tidy (modernize) list of checks and run across codebase (#3870) 2017-10-29 22:25:49 -07:00
Alessandro Gario
58fa4a6899 Verbose logging when spawning services (#3689) 2017-10-24 19:55:05 -07:00
Mitchell Grenier
9ab7233f7e Fixes a small data race in disk arbitration (#3841) 2017-10-16 17:55:11 -07:00
Mitchell Grenier
cd88cecc9a Publisher and Table for Event Tap Capture (KeyDown) (#3829) 2017-10-16 13:07:24 -07:00
securityclippy
76e904941e soften language to not enabled rather than failed (#3744) 2017-09-28 20:27:44 -07:00
Teddy Reed
8dc4268761 kernel: Disable kernel support by default (#3672) 2017-09-09 16:48:39 -07:00
Teddy Reed
205da3c698 rocksdb: Implement a 'backup' and recover feature for RocksDB (#3635) 2017-09-01 22:31:03 -07:00
Teddy Reed
f29de27649 Combine osqueryi and osqueryd into single binary (#2742) 2017-08-27 11:09:25 -07:00
Teddy Reed
57f6e37839 audit: Handle AUDIT_SOCKADDR messages (#3586) 2017-08-21 20:53:32 -07:00
Teddy Reed
cf170c4278 cleanup: Move query out of database header (#3576) 2017-08-20 02:44:38 -07:00
uptycs-nishant
5a92d2c7f0 Implementing exclude paths for FIM (#3530) 2017-08-19 19:59:23 -07:00
Vishwa Shah
c54c6e6c0e corrected size in block_devices on darwin, linux (#3539) 2017-08-07 19:21:18 -07:00
Mitchell Grenier
b22a403bf1 OpenBSM Events (#3503) 2017-08-07 16:02:16 -07:00
Seshu Pasam
9dc69ee282 Minor static analysis fixes. (#3529) 2017-08-04 18:22:10 -07:00
Mitchell Grenier
e577a76b9b macOS - Listeners on folders that throw mount events (#3506) 2017-08-03 18:09:04 -07:00
Seshu Pasam
9b3be1c02d Fixes from static code analysis (#3512) 2017-08-01 20:13:25 -07:00
Teddy Reed
98d91192b4 audit: Isolate the audit consumer logic into a thread (#3486) 2017-07-24 00:27:19 -07:00
uptycs-nishant
43046f48da Inotify: re-implemented remove/add subscription and remove/add monito… (#3459) 2017-07-21 20:00:34 -07:00
Mitchell Grenier
7801ac6dce Add mount to fsevents (#3480) 2017-07-20 09:44:38 -07:00
Teddy Reed
99675fdbb2 audit: Increase speed when using socket_events (#3449) 2017-07-02 17:18:40 -07:00
Teddy Reed
6ce053a45d fim: Allow Linux publishers to be interrupted (#3376) 2017-06-02 21:39:35 -07:00
Teddy Reed
7844a8ea1b nits: Use char-overload for find (#3363) 2017-05-29 23:13:10 -07:00
Teddy Reed
98505e5eb2 events: Sane defaults for expiration and max (#3358) 2017-05-29 16:10:24 -07:00
Teddy Reed
8a93acfa1c TSAN: Address failures and findings in LLVM 4.0 (#3343) 2017-05-29 02:06:57 -07:00
Teddy Reed
b38a62be8b config: Rename getInstance to get for consistency (#3350) 2017-05-28 23:04:53 -07:00
Teddy Reed
9ba0edb4bb darwin: Improve disk_events add detection (#3332) 2017-05-26 10:38:26 -07:00
Teddy Reed
b427310241 deps: Rebuild the world, static and hidden (#3299) 2017-05-21 10:59:19 -07:00
Teddy Reed
582ab52e8f build: Remove SYSTEMD and _BASED logic (#3245) 2017-05-03 22:28:33 -07:00