valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 02:18:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,093 Commits 2 Branches 109 Tags 25 MiB
b79c0e2621
Commit Graph

2393 Commits

Author SHA1 Message Date
Teddy Reed
101ea332a2 [Fix #3824] Do not lock registry addExternal calls (#3830) 2017-10-14 00:48:13 -07:00
uptycs-nishant
aa594aa731 [Fix #3760] Fixing ConstraintList::literal_matches function (#3816) 2017-10-14 00:47:26 -07:00
Alessandro Gario
e888f3e8e8 tables: Authenticode verification support for Windows (#3716) 2017-10-14 00:09:27 -07:00
uptycs-nishant
d2576e576b [Fix #3699] Reporting mode as octal string (#3825) 2017-10-13 21:26:07 -07:00
Tony
d8dddacb31 Fixes compilation issues with latest master branch (#3826) 2017-10-13 21:03:59 -07:00
Garret Reece
0615372d02 Implement a logical_drives table for windows (#3818) 2017-10-13 20:35:54 -07:00
Nick Anderson
c494bc56ae windows: relax "safe" permissions for binary execution (#3727) 2017-10-13 11:54:43 -07:00
Babatunde Micheal Okutubo
702203086f Convert Linux process_events mode column to octal (#3800) 2017-10-12 20:02:34 -07:00
Teddy Reed
d106647c7f tables: Require explicit requests for query results caching (#3805) 2017-10-12 20:00:51 -07:00
Allan Liu
6ff22d8065 tests: include posix table tests into OSQUERY_TABLE_TEST (#3819) 2017-10-11 09:40:23 -07:00
Teddy Reed
6db57de94c gtest: Fix tuple breakage on CentOS (#3809) 2017-10-09 00:27:28 -07:00
Nick Anderson
7b321cef60 [Fix #3756] Fixing windows hashes table (#3798) 2017-10-06 17:23:36 -07:00
Teddy Reed
d791a144c2 tables: Add exception handling within constraints matching (#3792) 2017-10-05 20:46:56 -07:00
Nick Anderson
6a79b5659c [#3763] binding sql parameters before querying in registry table (#3785) 2017-10-04 17:21:25 -07:00
Teddy Reed
32ca65e1fe [#3765] Drop privileges to the parent path not referred path (#3782) 2017-10-04 14:41:03 -07:00
Teddy Reed
8535c8b52c [Fix #3765] Drop privileges to the user in the safari_extensions search (#3783) 2017-10-04 14:40:16 -07:00
Teddy Reed
278955df78 [Fix #3762] Use DropPrivileges helper within known_hosts table (#3781) 2017-10-04 14:39:35 -07:00
Zachary Wasserman
b19b6db61e Detect disk encryption status on macOS 10.13 High Sierra (#3748) 2017-10-04 14:19:36 -07:00
dlobutters
2b82381203 Fixed hardware_serial (#3622) 2017-10-03 22:01:16 -07:00
Francisco Neves
20ef4ee8e2 Fix IPv6 socket's family in socket events (#3759) 2017-10-03 21:59:16 -07:00
Teddy Reed
82773e83f5 [Fix #3717] Check crypt API values before constructing strings (#3746) 2017-09-28 21:56:56 -07:00
securityclippy
76e904941e soften language to not enabled rather than failed (#3744) 2017-09-28 20:27:44 -07:00
Alessandro Gario
0130928a24 aws_firehose: Add missing newline separator between each log line. (#3743) 2017-09-28 11:08:41 -07:00
Teddy Reed
29f5dfb369 logger: Add benchmarks for status logging (#3741) 2017-09-27 20:30:00 -07:00
Teddy Reed
32ec05c3c0 flags: Add helper method to get an Int32 flag value (#3739) 2017-09-27 20:23:15 -07:00
Teddy Reed
9d33261767 tables: alf_services should not be hardcoded (#3695) 2017-09-25 08:16:15 -07:00
Teddy Reed
988afd0aa9 filesystem: Use fs::path for PlatformFile ctor (#3720) 2017-09-24 21:24:31 -07:00
Seshu Pasam
b6e50c5050 Avoid unnecessary ptree allocation. (#3726) 2017-09-24 21:23:53 -07:00
Jason Meller
02bbd83ce3 Add last_opened_time to apps table (#3715) 2017-09-21 19:18:35 -07:00
Alessandro Gario
641aa0321e aws_kinesis/aws_firehose: Be more verbose when complete failures occur. (#3710) 2017-09-18 20:22:40 -07:00
Nick Anderson
4ac3f42656 [Fix #3619] Better shutdown logic for Windows service controller (#3698) 2017-09-18 14:15:09 -07:00
Nick Anderson
2520edca73 tables: porting python_packages to Windows (#3702) 2017-09-16 16:40:43 -07:00
Nick Anderson
fa78d5db01 [Fix #3683] Setting interface id for interface_addresses (#3684) 2017-09-13 16:30:30 -07:00
Teddy Reed
39f487e687 Refactor authorizations tables (#3691) 2017-09-13 16:28:45 -07:00
Teddy Reed
812dbc5080 [Fix #2400] Use PackageKit to enumerate packages (#3685) 2017-09-12 21:59:55 -07:00
Teddy Reed
83f8a4e92c preferences: Report both Current Host and Any Host (#3681) 2017-09-12 21:57:50 -07:00
Teddy Reed
862fb57647 [Fix #3140] Use IODeviceTree:/ for hardware fields (#3680) 2017-09-12 21:55:28 -07:00
Teddy Reed
450ed67422 watcher: Add more details to the utilization limits docs (#3677) 2017-09-12 21:54:49 -07:00
Thomas Maurice
210712ba60 [usb_devices] fallback to ID_MODEL if ID_MODEL_FROM_DATABASE is absent (#3686) 2017-09-12 21:38:41 -07:00
Omer Katz
1cfe9bb528 Known hosts table performance improvements (#3679) 2017-09-10 15:06:28 -07:00
Omer Katz
1dcd3773f2 Load average table performance improvements (#3607) 2017-09-10 11:03:18 -07:00
Teddy Reed
49bb0ecc49 process: Aesthetic changes to process and process_ops (#3678) 2017-09-10 10:58:38 -07:00
Teddy Reed
19930bfed3 logger: Reconfigure verbosity with logger_min_level (#3676) 2017-09-09 19:11:56 -07:00
Teddy Reed
c1ad74cbe7 enroll: Add host_details to TLSEnrollPlugin (#3675) 2017-09-09 19:10:46 -07:00
Teddy Reed
360d9fd516 cmake: Do not use target LOCATION property (#3674) 2017-09-09 17:36:32 -07:00
Teddy Reed
c2bcc459d3 [Fix #3466] Link shared object builds correctly (#3673) 2017-09-09 17:08:46 -07:00
Teddy Reed
8dc4268761 kernel: Disable kernel support by default (#3672) 2017-09-09 16:48:39 -07:00
Teddy Reed
e491194238 enroll: Fix bug in CMake that removed enroll tests (#3671) 2017-09-09 15:25:52 -07:00
Allan Liu
1cd4ed949f kafka logger: Kafka producer implemented as a Logger plugin (#3155) 2017-09-09 10:38:01 -07:00
Teddy Reed
4d631edac6 rocksdb: Remove manual flush (#3663) 2017-09-08 13:04:44 -07:00
Nick Anderson
072e73b54d shell: ensuring shell does not access stop event (#3664) 2017-09-08 13:03:31 -07:00
Teddy Reed
061dfeecb2 tests: Improve permissions tests as root (#3665) 2017-09-08 04:08:57 -04:00
Teddy Reed
e86470c96b [Fix #3625] Use readlink and add test for listening_ports (#3661) 2017-09-08 02:08:27 -04:00
Seshu Pasam
6fab8b6083 logging: adding "counter" to differentiate initial results (#3651) 
When setting up alerts for differential logs data you might want to skip the
initial added records. counter can be used to identify if the added records
are all records from initial query of if they are new records. For initial
query results that includes all records counter will be "0". For subsequent
query executions counter will be incremented by 1. When epoch changes, counter
will be reset back to "0".
 2017-09-07 15:01:15 -07:00
Seshu Pasam
863cd72e17 AWS code refactoring. (#3660) 2017-09-07 09:26:17 -07:00
lxcode
2f60dd0fd3 FreeBSD: Avoid clash with rapidjson (#3634) 2017-09-06 17:33:03 -07:00
Nick Anderson
11acc7d64f deps: bumping rocksdb to 5.7.1 on Windows (#3640) 2017-09-06 17:03:29 -07:00
Nick Anderson
093d1337c1 deps: fixing up aws-sdk-cpp choco build script (#3648) 2017-09-05 08:00:08 -07:00
Alessandro Gario
6489c8b050 logging: Add Firehose/Kinesis support to Windows (#3641) 2017-09-03 16:52:47 -07:00
Teddy Reed
16b40138fe rocksdb: Flush all column families and set max files (#3638) 2017-09-02 12:08:35 -07:00
Nick Anderson
002f2cb873 deploy: Adding binary version and publisher information (#3629) 2017-09-02 11:22:56 -07:00
Teddy Reed
205da3c698 rocksdb: Implement a 'backup' and recover feature for RocksDB (#3635) 2017-09-01 22:31:03 -07:00
Atyansh Jaiswal
68b1de153d tables: Adding posix curl virtual table (#3596) 2017-08-30 15:24:05 -07:00
Nick Anderson
2a317ce17f worker: shutdown safely on Windows only if not worker (#3628) 2017-08-30 08:45:56 -07:00
Teddy Reed
e748f38a06 deps: Finish removal of snappy and lz4 dependencies (#3618) 2017-08-27 17:45:15 -07:00
Mitchell Grenier
7750fa8ee5 deps: Remove snappy and lz4 (#3545) 2017-08-27 12:02:27 -07:00
Nick Anderson
3c782051eb tables: adding chocolatey packages virtual table (#3612) 2017-08-27 11:21:04 -07:00
Teddy Reed
f29de27649 Combine osqueryi and osqueryd into single binary (#2742) 2017-08-27 11:09:25 -07:00
Alessandro Gario
a3e4310188 Fix 3568: Kinesis/Firehose record size check failure (#3599) 2017-08-27 11:01:52 -07:00
Teddy Reed
e4bbf06074 codemod: Refactor query functions out of database (#3615) 2017-08-26 18:36:06 -07:00
Teddy Reed
48ab0c783c logger: Use a mutex to protect buffered counts (#3588) 2017-08-22 01:30:13 -07:00
Nick Anderson
8bb1e40d27 tables: porting the process_memory_map table to windows (#3587) 2017-08-21 21:47:45 -07:00
Teddy Reed
57f6e37839 audit: Handle AUDIT_SOCKADDR messages (#3586) 2017-08-21 20:53:32 -07:00
Teddy Reed
072aa7dad1 sql: Handle potential LIKE and GLOB optimizations by increasing comparisons (#3580) 2017-08-21 19:31:44 -07:00
Nick Anderson
cbed65d10e tables: Adding list indexing to darwin plist table (#3546) 2017-08-21 09:29:33 -07:00
Teddy Reed
7b2f905f43 aws: Fix TSAN warning in request exception (#3556) 2017-08-21 01:04:58 -07:00
Teddy Reed
cf170c4278 cleanup: Move query out of database header (#3576) 2017-08-20 02:44:38 -07:00
uptycs-nishant
5a92d2c7f0 Implementing exclude paths for FIM (#3530) 2017-08-19 19:59:23 -07:00
Nick Anderson
5172580ac8 bug: Processes name correctly displays uid for domain users (#3574) 2017-08-18 21:51:39 -07:00
Mark Ignacio
04b51fd450 add LVM and parental contexts to block_devices and disk_encryption on Linux (#3551) 2017-08-15 10:33:54 -07:00
Teddy Reed
c141dd390f sanitizers: Skip several tests that fail custom alloc checks (#3555) 2017-08-13 02:01:05 -07:00
Allan Liu
3a70fd7336 md tables: additional bounds checking around substr calls (#3532) 2017-08-10 18:14:39 -07:00
Mitchell Grenier
c680e7d1c7 Fix an sqlite3 memory leak in quicklook_cache (#3552) 2017-08-10 12:02:59 -07:00
lxcode
d391c3e585 Fix memory leak (#3553) 2017-08-10 11:45:00 -07:00
Nick Anderson
b42b3d677e tables: adding scheduled action to windows scheduled tasks table (#3543) 2017-08-09 09:54:39 -07:00
Thomas Maurice
a41ff4117f linux usb_devices: add the class, subclass and protocol information (#3542) 2017-08-08 12:17:29 -07:00
Teddy Reed
242ca5f484 implement LIKEs for extended attributes table (#3541) 2017-08-08 08:00:55 -07:00
Vishwa Shah
c54c6e6c0e corrected size in block_devices on darwin, linux (#3539) 2017-08-07 19:21:18 -07:00
Hugh Neale
2b48fbc557 A fix for Mac OSX process start_time (#3534) 2017-08-07 17:49:12 -07:00
Mitchell Grenier
8a963e8d40 [Distributed] Moving to RapidJSON (#3265) 2017-08-07 16:34:44 -07:00
Mitchell Grenier
b22a403bf1 OpenBSM Events (#3503) 2017-08-07 16:02:16 -07:00
Nick Anderson
b4316a57a0 tables: Adding certificates virtual table for windows (#3498) 2017-08-07 09:08:53 -07:00
Nick Anderson
405ec99476 Adding threads and start_time fields to processes table (#3536) 2017-08-06 20:58:18 -07:00
Seshu Pasam
9dc69ee282 Minor static analysis fixes. (#3529) 2017-08-04 18:22:10 -07:00
Zachary Wasserman
af444370f4 Fix memory leaks in Gatekeeper table (#3531) 2017-08-04 18:19:50 -07:00
Mitchell Grenier
e577a76b9b macOS - Listeners on folders that throw mount events (#3506) 2017-08-03 18:09:04 -07:00
Nick Anderson
c34d9f8348 windows: Updating various chocolatey powershell build scripts (#3427) 2017-08-03 18:01:10 -07:00
Seshu Pasam
32ad42aea0 EC2 instance metadata implementation. (#3502) 2017-08-03 17:54:17 -07:00
Nick Anderson
ea5f06bfc5 [Fix #3527] Addressing interface indexing in arp_cache table (#3528) 2017-08-03 17:49:58 -07:00
Teddy Reed
7ca18f5a32 audit: Add cwd to process_events on Linux (#3525) 2017-08-03 08:21:15 -07:00