valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 02:18:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,093 Commits 2 Branches 109 Tags 25 MiB
b79c0e2621
Commit Graph

2393 Commits

Author SHA1 Message Date
Nick Anderson
072e73b54d shell: ensuring shell does not access stop event (#3664) 2017-09-08 13:03:31 -07:00
Teddy Reed
061dfeecb2 tests: Improve permissions tests as root (#3665) 2017-09-08 04:08:57 -04:00
Teddy Reed
e86470c96b [Fix #3625] Use readlink and add test for listening_ports (#3661) 2017-09-08 02:08:27 -04:00
Seshu Pasam
6fab8b6083 logging: adding "counter" to differentiate initial results (#3651) 
When setting up alerts for differential logs data you might want to skip the
initial added records. counter can be used to identify if the added records
are all records from initial query of if they are new records. For initial
query results that includes all records counter will be "0". For subsequent
query executions counter will be incremented by 1. When epoch changes, counter
will be reset back to "0".
 2017-09-07 15:01:15 -07:00
Seshu Pasam
863cd72e17 AWS code refactoring. (#3660) 2017-09-07 09:26:17 -07:00
lxcode
2f60dd0fd3 FreeBSD: Avoid clash with rapidjson (#3634) 2017-09-06 17:33:03 -07:00
Nick Anderson
11acc7d64f deps: bumping rocksdb to 5.7.1 on Windows (#3640) 2017-09-06 17:03:29 -07:00
Nick Anderson
093d1337c1 deps: fixing up aws-sdk-cpp choco build script (#3648) 2017-09-05 08:00:08 -07:00
Alessandro Gario
6489c8b050 logging: Add Firehose/Kinesis support to Windows (#3641) 2017-09-03 16:52:47 -07:00
Teddy Reed
16b40138fe rocksdb: Flush all column families and set max files (#3638) 2017-09-02 12:08:35 -07:00
Nick Anderson
002f2cb873 deploy: Adding binary version and publisher information (#3629) 2017-09-02 11:22:56 -07:00
Teddy Reed
205da3c698 rocksdb: Implement a 'backup' and recover feature for RocksDB (#3635) 2017-09-01 22:31:03 -07:00
Atyansh Jaiswal
68b1de153d tables: Adding posix curl virtual table (#3596) 2017-08-30 15:24:05 -07:00
Nick Anderson
2a317ce17f worker: shutdown safely on Windows only if not worker (#3628) 2017-08-30 08:45:56 -07:00
Teddy Reed
e748f38a06 deps: Finish removal of snappy and lz4 dependencies (#3618) 2017-08-27 17:45:15 -07:00
Mitchell Grenier
7750fa8ee5 deps: Remove snappy and lz4 (#3545) 2017-08-27 12:02:27 -07:00
Nick Anderson
3c782051eb tables: adding chocolatey packages virtual table (#3612) 2017-08-27 11:21:04 -07:00
Teddy Reed
f29de27649 Combine osqueryi and osqueryd into single binary (#2742) 2017-08-27 11:09:25 -07:00
Alessandro Gario
a3e4310188 Fix 3568: Kinesis/Firehose record size check failure (#3599) 2017-08-27 11:01:52 -07:00
Teddy Reed
e4bbf06074 codemod: Refactor query functions out of database (#3615) 2017-08-26 18:36:06 -07:00
Teddy Reed
48ab0c783c logger: Use a mutex to protect buffered counts (#3588) 2017-08-22 01:30:13 -07:00
Nick Anderson
8bb1e40d27 tables: porting the process_memory_map table to windows (#3587) 2017-08-21 21:47:45 -07:00
Teddy Reed
57f6e37839 audit: Handle AUDIT_SOCKADDR messages (#3586) 2017-08-21 20:53:32 -07:00
Teddy Reed
072aa7dad1 sql: Handle potential LIKE and GLOB optimizations by increasing comparisons (#3580) 2017-08-21 19:31:44 -07:00
Nick Anderson
cbed65d10e tables: Adding list indexing to darwin plist table (#3546) 2017-08-21 09:29:33 -07:00
Teddy Reed
7b2f905f43 aws: Fix TSAN warning in request exception (#3556) 2017-08-21 01:04:58 -07:00
Teddy Reed
cf170c4278 cleanup: Move query out of database header (#3576) 2017-08-20 02:44:38 -07:00
uptycs-nishant
5a92d2c7f0 Implementing exclude paths for FIM (#3530) 2017-08-19 19:59:23 -07:00
Nick Anderson
5172580ac8 bug: Processes name correctly displays uid for domain users (#3574) 2017-08-18 21:51:39 -07:00
Mark Ignacio
04b51fd450 add LVM and parental contexts to block_devices and disk_encryption on Linux (#3551) 2017-08-15 10:33:54 -07:00
Teddy Reed
c141dd390f sanitizers: Skip several tests that fail custom alloc checks (#3555) 2017-08-13 02:01:05 -07:00
Allan Liu
3a70fd7336 md tables: additional bounds checking around substr calls (#3532) 2017-08-10 18:14:39 -07:00
Mitchell Grenier
c680e7d1c7 Fix an sqlite3 memory leak in quicklook_cache (#3552) 2017-08-10 12:02:59 -07:00
lxcode
d391c3e585 Fix memory leak (#3553) 2017-08-10 11:45:00 -07:00
Nick Anderson
b42b3d677e tables: adding scheduled action to windows scheduled tasks table (#3543) 2017-08-09 09:54:39 -07:00
Thomas Maurice
a41ff4117f linux usb_devices: add the class, subclass and protocol information (#3542) 2017-08-08 12:17:29 -07:00
Teddy Reed
242ca5f484 implement LIKEs for extended attributes table (#3541) 2017-08-08 08:00:55 -07:00
Vishwa Shah
c54c6e6c0e corrected size in block_devices on darwin, linux (#3539) 2017-08-07 19:21:18 -07:00
Hugh Neale
2b48fbc557 A fix for Mac OSX process start_time (#3534) 2017-08-07 17:49:12 -07:00
Mitchell Grenier
8a963e8d40 [Distributed] Moving to RapidJSON (#3265) 2017-08-07 16:34:44 -07:00
Mitchell Grenier
b22a403bf1 OpenBSM Events (#3503) 2017-08-07 16:02:16 -07:00
Nick Anderson
b4316a57a0 tables: Adding certificates virtual table for windows (#3498) 2017-08-07 09:08:53 -07:00
Nick Anderson
405ec99476 Adding threads and start_time fields to processes table (#3536) 2017-08-06 20:58:18 -07:00
Seshu Pasam
9dc69ee282 Minor static analysis fixes. (#3529) 2017-08-04 18:22:10 -07:00
Zachary Wasserman
af444370f4 Fix memory leaks in Gatekeeper table (#3531) 2017-08-04 18:19:50 -07:00
Mitchell Grenier
e577a76b9b macOS - Listeners on folders that throw mount events (#3506) 2017-08-03 18:09:04 -07:00
Nick Anderson
c34d9f8348 windows: Updating various chocolatey powershell build scripts (#3427) 2017-08-03 18:01:10 -07:00
Seshu Pasam
32ad42aea0 EC2 instance metadata implementation. (#3502) 2017-08-03 17:54:17 -07:00
Nick Anderson
ea5f06bfc5 [Fix #3527] Addressing interface indexing in arp_cache table (#3528) 2017-08-03 17:49:58 -07:00
Teddy Reed
7ca18f5a32 audit: Add cwd to process_events on Linux (#3525) 2017-08-03 08:21:15 -07:00
Teddy Reed
d581be4ef0 Fix #3522: Do not call SQL ctor directly (#3524) 2017-08-02 20:20:19 -07:00
Seshu Pasam
6495f14828 EC2 instance tags implementation. (#3507) 2017-08-02 13:40:59 -07:00
Teddy Reed
0b0c5febd1 tables: Add device_firmware to darwin (#3499) 2017-08-02 09:48:09 -07:00
Jason Meller
8ba9a54daa tables: Implement sharing_preferences table for Darwin (#3509) 2017-08-02 09:30:35 -07:00
Jason Meller
c4010bd306 tables: Implement shared folders table for Darwin (#3510) 2017-08-01 20:33:57 -07:00
Seshu Pasam
9b3be1c02d Fixes from static code analysis (#3512) 2017-08-01 20:13:25 -07:00
Teddy Reed
90c6a44599 freebsd: Some refactoring to processes table (#3442) 2017-08-01 16:58:26 -07:00
Teddy Reed
30aae77259 extensions: Call wait on all extensions before respawning (#3516) 2017-08-01 15:16:22 -07:00
Mitchell Grenier
ba35a92243 Expand Carver APIs and Add Compression (#3386) 2017-07-31 11:11:45 -07:00
Seshu Pasam
5b42749d93 Some "make audit" output fixes. (#3508) 2017-07-31 11:06:08 -07:00
Jason Meller
b9fbf583d0 Darwin: Add gatekeeper tables (#3461) 2017-07-27 10:51:31 -07:00
Rohit Varkey Thankachan
3cd26ac48c Add collisions to the interface_details table (#3491) 2017-07-24 13:51:50 -07:00
Nick Anderson
30e5b89df8 Adding in additional program installation locations (#3484) 2017-07-24 09:22:20 -07:00
Teddy Reed
295acfcf3d worker: Do not ignore SIGCHLD to exit faster (#3487) 2017-07-24 08:48:06 -07:00
Teddy Reed
30a9f23cb0 tsan: Fix watcher and posix utils tsan findings (#3489) 2017-07-24 07:19:31 -07:00
Teddy Reed
98d91192b4 audit: Isolate the audit consumer logic into a thread (#3486) 2017-07-24 00:27:19 -07:00
Teddy Reed
9b7ce1b5ad logger: Fail all plugins if any fail (#3488) 2017-07-24 00:26:19 -07:00
Zachary Wasserman
b86869208d Fix error handling in AWS logger plugins (#3426) 2017-07-22 19:41:39 -07:00
uptycs-nishant
43046f48da Inotify: re-implemented remove/add subscription and remove/add monito… (#3459) 2017-07-21 20:00:34 -07:00
Nick Anderson
de0c0c0663 Updating windows system_info to return fqdn for hostname (#3470) 2017-07-21 11:22:07 -07:00
Nick Anderson
dfbcd50737 windows: Adding osqueryi and osqueryd integration tests (#3479) 2017-07-21 11:20:56 -07:00
Nick Anderson
891a6fb17a windows: Fixing watcher respawn logic for killed worker processes (#3475) 2017-07-21 11:10:06 -07:00
Mitchell Grenier
7801ac6dce Add mount to fsevents (#3480) 2017-07-20 09:44:38 -07:00
Mitchell Grenier
0c7059ed0a APFS Globbing Order Change (#3473) 2017-07-19 13:14:50 -07:00
Mitchell Grenier
951b009069 Fix a crash in interface_details on windows (#3478) 2017-07-18 18:38:01 -07:00
Teddy Reed
a9799a9426 Allow caching for tables with indexes and additionals (#3472) 2017-07-18 00:08:38 -07:00
Teddy Reed
d6184f62b5 Set config refresh to 1 hour and fix retry (#3469) 2017-07-17 22:28:11 -07:00
Mitchell Grenier
6fff46a20a Fix ad_config table regression from splitting preferences and plist (#3474) 2017-07-17 17:52:52 -07:00
Teddy Reed
57f04c4c49 General code cleanup for the config (#3467) 2017-07-17 11:38:21 -07:00
Teddy Reed
1e9feba506 pidfile: Update pidfile to /var/run on Linux and fbsd (#3457) 2017-07-07 17:57:31 -07:00
Lambda Conjecture
ecb9e2ccf2 Add Epoch marker to scheduled query results (#3378) 2017-07-07 17:56:03 -07:00
Teddy Reed
190e46f994 aws: Restore exception error printing and upgrade to 1.1.5 (#3456) 2017-07-02 20:44:06 -07:00
Teddy Reed
dacfbd4584 Separate preferences from plist and add user-concept (#3455) 2017-07-02 18:28:59 -07:00
Teddy Reed
99675fdbb2 audit: Increase speed when using socket_events (#3449) 2017-07-02 17:18:40 -07:00
ryanheffernan
5d7de135dd Adding URL Search hooks to ie_extensions table (#3452) 2017-06-30 11:12:43 -07:00
Nick Anderson
85d8af3996 carver: tar creation is now streamed (#3450) 2017-06-29 22:13:09 -07:00
Mitchell Grenier
9f9c729216 Fix test on High Sierra (#3451) 2017-06-29 16:46:04 -07:00
Teddy Reed
89ee28dcc4 watchdog: Fix disabled database and logging when watchdog is not used (#3448) 2017-06-28 23:24:18 -07:00
Teddy Reed
e3cafd53a3 tables: Add SSE bits to cpuid (#3446) 2017-06-28 16:00:05 -07:00
ryanheffernan
cf50143e69 Adding autoexec table for Windows (#3444) 2017-06-27 13:48:21 -07:00
ryanheffernan
80acd105f5 IE Extensions table for Windows - Browser Helper Objects (#3436) 2017-06-27 10:50:36 -07:00
Teddy Reed
617314c7df tables: Add flags to interface_details (#3439) 2017-06-25 14:12:01 -07:00
Allan Liu
256d113a74 Linux software RAID table (#3304) 2017-06-21 21:58:37 -07:00
Seshu Pasam
2fd90bd5c1 Custom directory flag for augeas lenses (#3428) 2017-06-20 20:54:27 -07:00
Seshu Pasam
dc02616967 Check number of columns returned from 'docker top' (#3429) 2017-06-20 20:16:13 -07:00
Zachary Wasserman
a0a6e56314 Fix shadow declaration in darwin broswer_plugins (#3423) 2017-06-20 20:15:51 -07:00
Teddy Reed
28c10a415f freebsd: Update Vagrantfile, config tests, and remove hidden visibility (#3419) 2017-06-18 18:30:57 -07:00
Teddy Reed
12daf75acd virtual tables: Build Linux cpu_time on FreeBSD (#3417) 2017-06-18 15:32:48 -07:00
Teddy Reed
c81c815f75 tables: Add symlink column to file table (#3390) 2017-06-18 14:42:40 -07:00
Teddy Reed
0e294f8095 build: Major change to building within shared folders (#3415) 2017-06-18 14:41:05 -07:00
Rohit Varkey Thankachan
6b211a19ad cpu_time on macos (#3392) 2017-06-18 14:28:07 -07:00
Teddy Reed
e75575ea66 build: Remove specific -mt from boost links (#3409) 2017-06-15 20:59:53 -07:00
Nicolas Bigaouette
23194c732d Replace hardcoded paths throughout code base (#3387) 2017-06-15 19:31:52 -07:00
Nick Anderson
c4b6b33ad1 carver: gating carver code in CMake (#3407) 2017-06-15 09:40:58 -07:00
Nick Anderson
cffa9cb7a3 Changing init verbosity to honor verbose flag (#3406) 2017-06-14 21:08:33 -07:00
Teddy Reed
445fc12648 tests: Record process start time in tests (#3405) 2017-06-13 17:53:05 -07:00
Teddy Reed
a65e7caad8 sqlite: Remove the explicit copy and add mutex to function carve (#3404) 2017-06-13 17:27:00 -07:00
Teddy Reed
f8f5718297 watcher: Do not initialize the config in watcher (#3403) 2017-06-13 17:26:34 -07:00
Teddy Reed
4f7abe963d Allow up to 64k rpm_package_files (#3402) 2017-06-13 13:22:55 -07:00
Teddy Reed
414cf83c6a logger: Re-add syslog logger plugin (#3401) 2017-06-13 00:23:54 -07:00
Rohit Varkey Thankachan
dfb6d84112 Load Averages on POSIX systems using getloadavg (#3396) 2017-06-10 15:25:20 -07:00
Nick Anderson
4aa4a983fc Triaging windows auto load extensions; (#3384) 2017-06-09 10:35:40 -07:00
Teddy Reed
8ad086098c watcher: Add initial watchdog delay (#3360) 2017-06-08 18:03:30 +01:00
Mitchell Grenier
31793c6773 Trying to apply xiangfan-ms' patch (#3340) 2017-06-07 09:51:22 -07:00
ryanheffernan
80aaed8b05 [Fix #3313] Adding driver version + adding malloc/pointer safety to drivers table (#3319) 2017-06-05 09:06:49 -07:00
Teddy Reed
6ce053a45d fim: Allow Linux publishers to be interrupted (#3376) 2017-06-02 21:39:35 -07:00
tpott
f2ed11c0ca Adds platform_type to enrollment request (#3375) 2017-06-02 21:01:55 -07:00
Mitchell Grenier
739d910a2c Fix #1546 Add local host name (#3370) 2017-06-02 16:15:50 -07:00
Mitchell Grenier
98418bdf35 Small docs change (#3371) 2017-06-01 10:49:39 -07:00
Rohit Varkey Thankachan
081ea9e76d Virtual memory statistics for darwin (#3368) 2017-05-31 12:00:44 -07:00
Teddy Reed
eb4536dceb config: Only reconfigure if content changes (#3356) 2017-05-30 19:22:41 -07:00
Mitchell Grenier
f9cb7149a9 [Tidy] Fix syscall deprecation on macOS (#3354) 2017-05-30 17:08:20 -07:00
Nick Anderson
c0085cc63c Bumping thrift to install thrift compiler and squelch output (#3366) 2017-05-30 16:58:45 -07:00
Teddy Reed
a7162daea6 logger: Allow logString and logSnapshot to fast-track (#3362) 2017-05-29 23:49:37 -07:00
Mitchell Grenier
aba8f7524e [Tidy] Fix all C99 warnings (#3353) 2017-05-29 23:31:43 -07:00
Teddy Reed
31eb83a1f4 packs: Allow posix in pack platform selection (#3364) 2017-05-29 23:13:59 -07:00
Teddy Reed
7844a8ea1b nits: Use char-overload for find (#3363) 2017-05-29 23:13:10 -07:00
Teddy Reed
616172af56 logger: Rename BufferedLogSink instance and other nits (#3361) 2017-05-29 22:23:36 -07:00
Teddy Reed
70f30b99d8 watcher: Rename instance to get for consistency (#3359) 2017-05-29 17:16:19 -07:00
Teddy Reed
98505e5eb2 events: Sane defaults for expiration and max (#3358) 2017-05-29 16:10:24 -07:00
Teddy Reed
49ed383017 config: Unify the config refresh logic (#3351) 2017-05-29 14:09:44 -07:00
Mitchell Grenier
01518102aa [Tidy] Fix four character literal warning (#3355) 2017-05-29 08:47:21 -07:00
Teddy Reed
8a93acfa1c TSAN: Address failures and findings in LLVM 4.0 (#3343) 2017-05-29 02:06:57 -07:00
Teddy Reed
b38a62be8b config: Rename getInstance to get for consistency (#3350) 2017-05-28 23:04:53 -07:00
Teddy Reed
73848c10ff virtual tables: Add optional --table_delay between scans (#3349) 2017-05-28 22:37:38 -07:00
Teddy Reed
df82f8c50e filesystem: Remove read_user_max flag (#3348) 2017-05-28 22:36:41 -07:00
Mitchell Grenier
fdf71643f8 Fix C99 array errors by moving array to the heap (#3346) 2017-05-28 20:46:54 -07:00
Mitchell Grenier
20327b32a2 Disallow the shadowing of local variables and fix existing shadows (#3347) 2017-05-28 20:44:11 -07:00
Teddy Reed
854b38519f extensions: Clear signals in autoload thread (#3345) 2017-05-28 17:42:43 -07:00
Teddy Reed
ae4de5628e Add SANITIZE_UNDEFINED for UBSAN (#3344) 2017-05-28 00:40:08 -07:00
Mitchell Grenier
40056d3d25 Addressing a few nits for carver and system (#3339) 2017-05-26 23:55:51 -07:00
lxcode
8b7b37bf4f Add table for FreeBSD kernel modules. (#3328) 2017-05-26 15:10:59 -07:00
Mitchell Grenier
62beb1e547 Fix #3220 Error loading packs not verbose enough (#3333) 2017-05-26 14:07:50 -07:00
Mitchell Grenier
600a5d017a Add an sql function for carving paths (#3317) 2017-05-26 11:19:43 -07:00
Teddy Reed
9ba0edb4bb darwin: Improve disk_events add detection (#3332) 2017-05-26 10:38:26 -07:00
Mitchell Grenier
bf2457ffcd Address YARA hardcoded home folder issue (#3331) 2017-05-26 00:27:02 -07:00
Mitchell Grenier
ce62dc53ba Rename new base64 functions to be like MySQL (#3329) 2017-05-25 22:24:25 -07:00
Teddy Reed
775a4cdcce flags: Allow custom flags in configuration (#3301) 2017-05-25 21:29:31 -07:00
Mitchell Grenier
ccf5977b0e Conditional base64 function (#3320) 2017-05-25 10:58:08 -07:00
Nick Anderson
4ab974d7ce Fixing gle warning verbosity in drivers table and resharper lints (#3325) 2017-05-25 09:38:36 -07:00