Teddy Reed
8947dac232
[ Fix #1814 ] Various fixes for Linux inotify
2016-02-03 17:00:41 -08:00
Teddy Reed
ccda460ba0
Rename 'temps' temperatures, add constraints
2016-02-03 08:49:22 -08:00
Teddy Reed
fe3766796c
Use '/rom' path for OS X platform_info
2016-02-03 08:31:57 -08:00
Teddy Reed
08ca034f02
Merge pull request #1808 from kaizensoze/add-temps-table
...
add temperature sensors table
2016-02-02 21:52:40 -08:00
Joe Gallo
3c6134c1fa
add temperature sensors table
...
Extract temperature-related data from smc_keys table for table dedicated
to temperature sensors.
2016-02-02 23:57:55 -05:00
Teddy Reed
dd64d1df0d
Use ROM iokit ID instead of name
2016-02-02 13:27:47 -08:00
Teddy Reed
5394fe62ec
Add debug_package for OS X
2016-02-01 16:51:43 -08:00
Teddy Reed
724ca51e16
Lower severity of failed publishers
2016-02-01 16:42:21 -08:00
Teddy Reed
71d6107f83
Document logger_mode flag takes decimal values
2016-02-01 11:10:30 -08:00
Teddy Reed
f05cc345d3
Add an events_max limit for event buffering
2016-02-01 08:38:58 -08:00
Teddy Reed
b138c0be86
Fix constraint index checking on Linux
2016-01-27 11:38:06 -08:00
Teddy Reed
3951cac18f
Merge pull request #1797 from sharvilshah/sip_nvram_fix_default_case
...
SIP config: handle default case when IOKit key is not set
2016-01-26 21:44:48 -08:00
Teddy Reed
e58f96572f
Merge pull request #1796 from theopolis/better_constraints
...
Reduce complexity of SQLite constraints tracking
2016-01-22 15:45:02 -08:00
Sharvil Shah
f0e69204bc
IOKit key csr-active-config not found is the default state and not an error
2016-01-22 12:02:35 -08:00
Teddy Reed
d43bc9f06f
Reduce complexity of SQLite constraints tracking
2016-01-22 12:00:04 -08:00
Teddy Reed
f1c37f3ea8
Merge pull request #1794 from theopolis/tls_features
...
Add and document TLS debug features
2016-01-22 09:18:14 -08:00
Teddy Reed
95c4d733cc
Add and document TLS debug features
2016-01-22 08:59:07 -08:00
Teddy Reed
7e983dc568
Merge pull request #1780 from sharvilshah/rootless
...
Report on System Integrity Protection
2016-01-21 23:59:26 -08:00
Sharvil Shah
1f1f0215f1
Create copy of UUID data so that we have a value and not a reference before releasing the properties
2016-01-21 23:20:24 -08:00
Sharvil Shah
8cb7ee71bf
Report on System Integrity Protection
2016-01-21 21:28:13 -08:00
Teddy Reed
e6408e21f9
Add max log size for TLS logger of 1M per line
2016-01-21 10:43:15 -08:00
Teddy Reed
87ea41c6ec
Improve TLS logger performance
2016-01-21 10:43:15 -08:00
Teddy Reed
7728915651
Merge pull request #1786 from theopolis/add_1778
...
[#1778 ] Add hardware/board info for Linux
2016-01-20 19:12:53 -08:00
Teddy Reed
b9117b17a1
[ Fix #1788 ] Use an array for the 'data' key in TLS logs
2016-01-20 11:59:14 -08:00
Teddy Reed
b358d8029e
[ #1778 ] Add hardware/board info for Linux
2016-01-20 10:01:49 -08:00
Teddy Reed
9e4b1cc22c
Merge pull request #1776 from sharvilshah/filevault_updates
...
Add currently authenticated FileVault user
2016-01-19 18:11:18 -08:00
Sharvil Shah
819f95ccc6
Add currently authenticated FileVault user (if available) to disk_encryption on Darwin
2016-01-19 15:46:39 -08:00
Teddy Reed
1a12b41d76
Promote 10.11 to default darwin package builder
2016-01-16 15:47:26 -08:00
Teddy Reed
30b1627038
Merge pull request #1771 from theopolis/improve_tls
...
Improve TLS logging memory
2016-01-15 00:50:56 -08:00
Teddy Reed
d6e91c81e9
Improve TLS logging memory
2016-01-15 00:22:31 -08:00
Teddy Reed
ec119f852f
Merge pull request #1766 from sharvilshah/wifi_plist_parsing_fix
...
[Fix #1760 ] Fix wifi_networks for OS X 10.9
2016-01-14 00:58:09 -08:00
Sharvil Shah
826643adf8
[ Fix #1760 ] wifi_networks now takes into account slight differences b/w OS X 10.9 and later
2016-01-13 22:52:52 -08:00
Teddy Reed
c117967d07
Restrict verbose warnings to osquery code
2016-01-13 09:26:51 -08:00
Teddy Reed
18528e7750
Merge pull request #1761 from theopolis/fix_benchmarks
...
Unify build script and fix EVENTS benchmarks
2016-01-12 18:11:24 -08:00
Teddy Reed
832c3cfcce
Unify build script and fix EVENTS benchmarks
2016-01-12 17:09:52 -08:00
Teddy Reed
f4b8c1b0f3
Merge pull request #1756 from theopolis/pack_files
...
Allow packs to add file_path categories
2016-01-12 12:42:21 -08:00
Teddy Reed
eea7d67402
Merge pull request #1757 from theopolis/smc_keys
...
Add an smc_keys table for OS X
2016-01-11 18:08:33 -08:00
Teddy Reed
5295904624
Add an smc_keys table for OS X
2016-01-11 11:51:55 -08:00
Teddy Reed
51346313fc
Require either static/dynamic link of cpp-netlib
2016-01-09 14:36:12 -08:00
Teddy Reed
21b3af199e
Allow packs to add file_path categories
2016-01-08 17:59:19 -08:00
Teddy Reed
7c38cf17d9
Add support for make packages on Debian
2016-01-07 23:50:31 -08:00
secretsquirrel
4224c9fdc0
adding strict codesigning checks
2016-01-07 00:01:46 -05:00
Teddy Reed
6a1b08c4fe
Use key_strength to support ECC
2016-01-05 18:48:34 -08:00
Teddy Reed
e311a47774
Add key_size to certificates table
2016-01-05 11:34:57 -08:00
Teddy Reed
360ac54688
Remove num_levels explicit definition for RocksDB
2015-12-21 15:27:34 -08:00
Teddy Reed
5824b891d3
Only discovery SMBIOS tables once on Linux
2015-12-19 20:40:05 -08:00
Teddy Reed
75f545c16b
Merge pull request #1698 from theopolis/single_line_logger
...
[#1518 ] Only emit a single line for each logString
2015-12-18 00:32:56 -08:00
Teddy Reed
c2b78faa09
Merge pull request #1740 from theopolis/events_improvements
...
Fix double event subscriber select
2015-12-17 22:32:57 -08:00
Teddy Reed
ef5ee380b3
Merge pull request #1739 from theopolis/certificate_issuer
...
Add certificate issuer and self_signed columns
2015-12-17 22:30:43 -08:00
Teddy Reed
12329b1592
Merge pull request #1738 from theopolis/fix_1736
...
[Fix #1736 ] Do not cache TLS node key within enroll plugin
2015-12-17 22:28:48 -08:00
Teddy Reed
4af9d8d61c
Add certificate issuer and self_signed columns
2015-12-17 19:36:31 -08:00
Teddy Reed
c4f3db1613
Fix double event subscriber select
2015-12-17 19:23:26 -08:00
Teddy Reed
41b5ca545f
[ Fix #1736 ] Do not cache TLS node key within enroll plugin
2015-12-17 16:44:30 -08:00
Teddy Reed
f9faf0bea7
[ Fix #1735 ] Limit OPENED and access-related events
2015-12-17 15:42:32 -08:00
Teddy Reed
c5766da6d0
[ #1518 ] Only emit a single line for each logString
2015-12-16 16:42:55 -08:00
Teddy Reed
5a66d5b838
Move RocksDB logs to INFO
2015-12-16 14:36:12 -08:00
Teddy Reed
db3782bc7f
Do not add (self) events for FSEvents
2015-12-16 13:32:39 -08:00
Teddy Reed
3004df5a50
Use custom logger for RocksDB
2015-12-15 20:49:33 -08:00
Teddy Reed
2ec5d34291
Bump non-OS X TSK builds to 4.2.0
2015-12-14 23:43:08 -08:00
Teddy Reed
51fd73c449
Assure dropTo can be used safely consecutively
2015-12-14 21:27:00 -08:00
Teddy Reed
fbc8fb92dc
Allow --config_dump with watcher
2015-12-14 16:19:37 -08:00
Teddy Reed
63d12789b4
Fix regression in file content predicate refactor
2015-12-14 15:24:55 -08:00
Teddy Reed
31dfad2515
Fix unhelpful subscriber verbose error for process_file_events
2015-12-14 15:09:52 -08:00
Teddy Reed
e6a474a6f1
Fix Debian os_version detection
2015-12-14 15:09:40 -08:00
Teddy Reed
cfb44fdf09
Fix incorrect size of pointer in device_ tables
...
Limit max number of device_files to 10k
2015-12-14 15:09:34 -08:00
Teddy Reed
92719e7b48
Add OSX platform_info
2015-12-12 03:29:17 -08:00
Teddy Reed
70face8ac2
Add platform_info table for UEFI/ROM details
2015-12-12 01:55:14 -08:00
Teddy Reed
fdfe5f4d3f
Add support for Linux SMBIOS/DMI EFI structure parsing
2015-12-11 23:18:04 -08:00
Teddy Reed
a99b62a31d
Preserve atime and mtime by default for readFile
2015-12-11 22:18:45 -08:00
Teddy Reed
718ff77864
Extend fields of file_events
2015-12-11 10:26:36 -08:00
Teddy Reed
c6e9f0e321
Merge pull request #1724 from theopolis/faster_hashing
...
Speed up file hashing
2015-12-11 08:59:06 -08:00
Teddy Reed
98eb6a5055
Reorganize file_events into process_file_events
2015-12-11 00:58:22 -08:00
Teddy Reed
59750ec87d
Speed up file hashing
2015-12-11 00:36:16 -08:00
Teddy Reed
1a1b07b5c6
Merge pull request #1716 from theopolis/pack_shards
...
[#1636 ] Add simple sharding to packs and pack queries
2015-12-10 17:37:57 -08:00
Lex Neva
e9c183d962
DRY for inotify event mask (we missed IN_MOVE)
2015-12-10 16:00:02 -05:00
Teddy Reed
9d394065e3
[ #1636 ] Add simple sharding to packs and pack queries
2015-12-10 10:01:53 -08:00
Teddy Reed
675d1d2267
[ Fix #1714 ] Restore balance to the DOUBLE force
2015-12-09 17:28:30 -08:00
Teddy Reed
4129c6b191
Add 'AggStep0' to OpCode type discovery
...
Closes : #1699
2015-12-09 01:53:40 -08:00
Teddy Reed
9f79d74c60
Add canary path on empty FSEvents subscription set
2015-12-09 00:14:08 -08:00
Teddy Reed
fe234f8f96
Merge pull request #1711 from theopolis/fix_refresh_config
...
Fix quick regression with config refresh runner
2015-12-08 16:11:37 -08:00
Teddy Reed
1436d9d73a
Fix quick regression with config refresh runner
2015-12-08 15:53:19 -08:00
Teddy Reed
309944c586
Configuration triggered publisher reconfiguration
2015-12-08 14:03:35 -08:00
Teddy Reed
6602a59b7d
Change EventSubscriber API to include subscription references
2015-12-07 22:22:04 -08:00
Teddy Reed
b7650e5291
Remove passwd_changes and user_data from event callbacks
2015-12-07 17:47:38 -08:00
Teddy Reed
02c2b37a5d
Merge pull request #1709 from theopolis/expire_results
...
[Fix #1694 ] Expire results for 'old' scheduled queries
2015-12-07 14:01:44 -08:00
Teddy Reed
12716496aa
[ Fix #1694 ] Expire results for 'old' scheduled queries
2015-12-07 12:23:43 -08:00
Teddy Reed
b88d6816f3
Additional TSK tables
2015-12-07 08:36:22 -08:00
Teddy Reed
c020bb87b4
Merge pull request #1705 from theopolis/dump
...
[#1702 ] Add config and database dumping to stdout
2015-12-06 21:41:31 -08:00
Teddy Reed
24aa387eb0
Merge pull request #1696 from theopolis/node_invalid
...
[#1676 ] Clear node key on node_invalid
2015-12-06 17:10:12 -08:00
Teddy Reed
bfa0d617be
Merge pull request #1679 from theopolis/support_multi_loggers
...
[#1648 ] Support multiple loggers
2015-12-06 15:00:32 -08:00
Teddy Reed
eeff5d0bf0
[ #1676 ] Clear node key on node_invalid
2015-12-06 14:28:00 -08:00
Teddy Reed
9ebd292eb6
[ #1648 ] Support multiple loggers
2015-12-06 11:10:10 -08:00
Teddy Reed
fef53fa0d0
Add config and database dumping to stdout
2015-12-06 11:01:26 -08:00
Teddy Reed
ad07e07879
Make chrome extension identifiers easier to extract
2015-12-04 11:50:13 -08:00
Teddy Reed
1acba4dfa6
Merge pull request #1700 from theopolis/tsk2
...
TSK integration and example tables
2015-12-04 11:26:03 -08:00
Teddy Reed
f687a84840
[ Fix #1689 ] Remove C-style comments from config examples
2015-12-04 11:08:54 -08:00
Teddy Reed
373ce339dc
TSK integration and example tables
2015-12-04 11:08:51 -08:00
Teddy Reed
e5bc6410ba
Merge pull request #1697 from theopolis/fix_1660
...
[Fix #1660 ] Prevent spurious NETLINK recv retries
2015-12-02 23:56:39 -08:00
Teddy Reed
4dc6b9f0a3
[ Fix #1660 ] Prevent spurious NETLINK recv retries
2015-12-02 23:33:20 -08:00
Teddy Reed
ffb5b7020e
[ Fix #1693 , #1527 ] Add osquery-specific query planner output
2015-12-02 19:57:24 -08:00
Teddy Reed
ccff0c8c18
[ Fix #1686 ] Add 'subject' and 'signing_algorithm' to certificates
2015-11-29 18:32:13 -08:00
Teddy Reed
f57968e0f6
Use a static 'binary' name for Glog
2015-11-27 11:27:09 -08:00
Teddy Reed
2bad9d6a74
Changes to suport node-based configs
2015-11-24 14:44:56 -08:00
Teddy Reed
2e57869d34
Merge pull request #1681 from theopolis/fix_1665
...
[#1665 , #1615 ] Refactor user-based tables to act uniformly
2015-11-24 13:07:28 -08:00
Teddy Reed
35129a7af7
[ #1665 , #1615 ] Refactor user-based tables to act uniformly
2015-11-24 12:46:25 -08:00
Teddy Reed
204b16a946
Merge pull request #1675 from theopolis/planner_or
...
Fix constraints stacking
2015-11-24 12:25:15 -08:00
Teddy Reed
f2361bca21
Merge pull request #1680 from sharvilshah/clang_analyzer_fixes
...
Fix clang-analyzer warning
2015-11-24 07:04:06 -08:00
Sharvil Shah
4ac0e68c08
Fix clang-analyzer warning -- Use uint32_t instead of size_t for uniform_int_distribution
2015-11-24 00:56:37 -08:00
Teddy Reed
fe8b9246e9
Merge pull request #1673 from theopolis/replace_run_profile
...
[#1527 ] Add a --profile option to the shell, replace 'run'
2015-11-23 21:32:51 -08:00
Teddy Reed
5370fef950
Merge pull request #1678 from theopolis/audit_user_events
...
[#1497 ] Add user_events table based on audit user-type messages
2015-11-23 21:31:37 -08:00
Teddy Reed
07fd718e00
Add user_events table based on audit user-type messages
2015-11-23 18:13:31 -08:00
Teddy Reed
3221fbd9b3
Fix constraints stacking
2015-11-22 22:53:23 -08:00
Teddy Reed
a3a05e7e1e
[ #1527 ] Add a --profile option to the shell, replace 'run'
2015-11-21 22:45:40 -08:00
Teddy Reed
08c7911eb7
Merge pull request #1655 from theopolis/iokit_events
...
Rewrite OS X hardware events to use IOKit proper
2015-11-21 19:45:10 -08:00
Teddy Reed
6748fdb024
Rewrite OS X hardware events to use IOKit proper
2015-11-21 19:31:05 -08:00
Teddy Reed
7ca7974dfb
Merge pull request #1668 from cdown/f/freebsd_uid
...
freebsd process table: Fix EUID/EGID to not use saved IDs
2015-11-21 11:19:36 -08:00
Teddy Reed
283f7c6d59
Fix clang analyze failures in signature table
2015-11-21 09:56:19 -08:00
Chris Down
d4d87a69ce
freebsd process table: Fix EUID/EGID to not use saved IDs
...
It's not totally clear why saved IDs were used here. There is some precident in
sigar (https://github.com/hyperic/sigar ), where they also use the saved UID,
but me and @wxsBSD are not really sure why. Maybe it's because kinfo_proc feels
different than similar structs on other Unices.
Fixes #1662 .
2015-11-21 02:52:06 -08:00
Teddy Reed
8425010874
Merge pull request #1664 from stripe/andrew-better-homebrew
...
Determine Homebrew Cellar from binary
2015-11-20 16:06:30 -08:00
Andrew Dunham
161f8b9fd0
Determine Homebrew Cellar from binary
...
We look at the location of the Homebrew binary `brew` on disk, and use
the real path (i.e. path with all symlinks resolved) from that binary to
determine the Cellar. This behavior mirrors that of Homebrew itself.
2015-11-20 15:15:18 -08:00
Teddy Reed
9ae53f2158
Merge pull request #1663 from cdown/f/saved_ids
...
Add saved UIDs and GIDs to process table
2015-11-20 14:35:20 -08:00
Teddy Reed
5cd040eb35
Merge pull request #1667 from theopolis/add_hash_check
...
Use a noexcept method of directory checking for hash
2015-11-20 14:24:43 -08:00
Teddy Reed
a72fa19536
Use a noexcept method of directory checking for hash
2015-11-20 13:32:56 -08:00
Teddy Reed
a673a793fe
Merge pull request #1659 from PickmanSec/knownhosts
...
Added known_hosts table
2015-11-20 12:46:13 -08:00
Teddy Reed
9f5154eb4b
Merge pull request #1652 from theopolis/better_types
...
Add a SQLite query planner for type detection
2015-11-19 09:11:26 -08:00
Teddy Reed
16247f10e8
Merge pull request #1624 from PickmanSec/master
...
added authorized_keys table
2015-11-19 09:10:59 -08:00
Chris Down
39bdec4c8d
Add saved UIDs and GIDs to process table
2015-11-18 16:44:07 -08:00
Michael George
dde59f8c18
Added known_hosts file
...
added known_hosts table
2015-11-17 12:38:19 -08:00
Michael George
a649bf6733
Added authorized_keys table
...
Fixed mislabled variable from line parsing
Update authorized_keys.cpp
Update authorized_keys.cpp
Check if line is empty
2015-11-16 10:36:24 -08:00
Teddy Reed
98f212e7a9
Add a SQLite query planner for type detection
2015-11-15 13:56:16 -08:00
Teddy Reed
cef8f59054
Merge pull request #1639 from theopolis/cache
...
Table results caching
2015-11-14 16:22:24 -08:00
Teddy Reed
e1d7511600
Remove column type string representations
2015-11-14 15:57:30 -08:00
Teddy Reed
c2be670806
Table results caching
...
1. Table implementations (spec files) can mark the table as 'cachable'.
2. Cached results depend on the shortest/quickest interval of scheduled
queries that act on results of the table.
3. The table API generator blocks caching on index/additional/required
table column options.
2015-11-14 15:57:23 -08:00
Teddy Reed
7480003eb6
Merge pull request #1646 from stripe/andrew-refactor-signature
...
Refactor how we determine the OS version in the signature table
2015-11-11 14:18:48 -08:00
Teddy Reed
ee84f35632
Merge pull request #1645 from stripe/andrew-configure-perms
...
Allow setting the mode of log files
2015-11-11 13:46:24 -08:00
Andrew Dunham
4ccdcc7864
Allow setting the mode of log files
...
This also sets the appropriate flags in glog
2015-11-11 11:37:55 -08:00
Andrew Dunham
a0932105f6
Refactor how we determine the OS version in the signature table
2015-11-11 11:34:15 -08:00
Jaime
f7ee2437cf
Removed result= in the Syslog plugin
2015-11-11 09:16:50 +01:00
Teddy Reed
aa4973a1b3
Merge pull request #1644 from stripe/andrew-add-timezone
...
Add timezone field to time table
2015-11-10 16:41:39 -08:00
Teddy Reed
daee71919a
Merge pull request #1642 from stripe/andrew-add-codesign
...
Add a `signature` table on Darwin
2015-11-10 16:23:16 -08:00
Andrew Dunham
0ae380297f
Add timezone field to time table
2015-11-10 15:17:49 -08:00
Andrew Dunham
dea93c8aa5
Add a signature
table on Darwin
...
This table allows verifying the signature of files (or bundles) on
Darwin. It also provides the signing identifier that is a part of the
signature.
2015-11-10 13:21:18 -08:00
Teddy Reed
c441de27aa
Merge pull request #1643 from theopolis/fix_wifi_analysis
...
Fix missed nullptr checks in wifi
2015-11-10 12:56:45 -08:00
Teddy Reed
0a6d334f27
Fix missed nullptr checks in wifi
2015-11-10 01:01:12 -08:00
Teddy Reed
0d01a382b6
[ Fix #1634 ] Add sys/stat to filesystem
2015-11-09 01:33:17 -08:00
Teddy Reed
988daeb9e6
Merge pull request #1635 from theopolis/drop_gid
...
Add GID to PrivilegeDropper
2015-11-09 00:05:51 -08:00
Teddy Reed
4c2319f8dd
Add GID to PrivilegeDropper
2015-11-08 01:03:08 -08:00
Teddy Reed
18b1947e5b
Config/Schedule should not populate in extensions
2015-11-06 09:52:10 -08:00
Teddy Reed
41ba637030
Linux inotify should accept non-glob dirs
2015-11-04 13:46:47 -08:00
Teddy Reed
b29168a7b7
Use a null DB for the run test binary
2015-11-04 10:39:40 -08:00
Teddy Reed
57e8ef2ab3
[ #1546 ] Add computer_name to system_info and extend to Linux
2015-11-04 10:31:16 -08:00
Teddy Reed
2cf9e95fa1
Allow user-controlled FIFOs
2015-11-04 01:29:54 -08:00
Teddy Reed
084ccaf080
Use default blank value for startup_items Alias
2015-11-03 22:58:00 -08:00
Teddy Reed
7c70183a87
Merge pull request #1625 from theopolis/pack_delim
...
Add pack_delimiter option
2015-11-03 21:05:44 -08:00
Teddy Reed
cd4de8023f
Merge pull request #1630 from theopolis/fix_1626
...
[Fix #1626 ] Add schedule blacklist and protect DBHandle
2015-11-03 21:05:29 -08:00
Teddy Reed
edea3d6edd
[ Fix #1626 ] Add schedule blacklist and protect DBHandle
2015-11-03 20:50:22 -08:00
Teddy Reed
15c4673c5a
Add pack_delimiter option
2015-11-02 18:05:46 -08:00
Teddy Reed
7b270af6b2
Merge pull request #1623 from theopolis/simple_errors
...
Remove specific filenames from RocksDB IOErrors
2015-11-02 16:12:00 -08:00
Teddy Reed
5aa225d4c3
Merge pull request #1619 from sharvilshah/wifi
...
Implement wifi_networks tables for OS X
2015-11-02 16:11:21 -08:00
Teddy Reed
5728c93392
Remove specific filenames from RocksDB IOErrors
2015-11-02 15:12:52 -08:00
Teddy Reed
15215cdbc0
Add persistent splays
2015-11-02 14:10:04 -08:00
Teddy Reed
402490e75b
Attempt to improve DB/query performance
2015-11-02 10:57:01 -08:00
Teddy Reed
6aae4c9aa0
Fix tests and shell escape errors (faults)
2015-11-02 10:57:01 -08:00
Teddy Reed
425e5e5596
Change the watcher limits to default=loose
2015-11-02 10:57:01 -08:00
Teddy Reed
5233d7dcf8
Add start time to osquery_info, remove md5/path
2015-11-02 10:57:01 -08:00
Teddy Reed
19427b1854
Add database benchmarks
2015-11-02 10:57:01 -08:00
Teddy Reed
75bfcddc31
Merge pull request #1622 from theopolis/faster_sockets
...
Faster socket_events on Linux
2015-11-02 10:56:37 -08:00
Teddy Reed
a1a9131174
Optimize socket_events and Linux users
2015-11-02 10:37:56 -08:00
Teddy Reed
50550e607a
Build and provision edits for FreeBSD CI
2015-11-02 01:47:09 -08:00
Sharvil Shah
9a6d6d1293
Implement wifi_networks tables for OS X
...
If the option of remembering known Wi-Fi networks is enabled on a system,
they are persisted to disk as a preferences property list file.
This table is populated by parsing that file.
2015-11-01 16:53:51 -08:00
Teddy Reed
b97a2bcdb9
Merge pull request #1618 from theopolis/clang_addr_sanitize_3.7
...
Passing clang Address/Leak Sanitize version 3.7
2015-11-01 16:23:31 -08:00
Teddy Reed
6a07135648
Passing clang Address/Leak Sanitize version 3.7
2015-11-01 04:00:21 -08:00
Teddy Reed
d27a7ecc4c
Fix clang warnings, promote warnings to errors
2015-11-01 02:12:07 -08:00
Teddy Reed
97a6521445
Merge pull request #1614 from theopolis/drop_around_files
...
Expand the scope of permissions dropping
2015-10-30 17:07:04 -07:00
Teddy Reed
09e4e3c42e
Expand the scope of permissions dropping
2015-10-30 09:56:33 -07:00
Teddy Reed
4ac9317f64
Merge pull request #1613 from theopolis/fix_1611
...
[Fix #1611 ] Prevent fs links in inotify path search
2015-10-29 23:47:28 -07:00
Teddy Reed
2cf7543181
[ Fix #1611 ] Prevent fs links in inotify path search
2015-10-29 23:19:07 -07:00
Michael George
fb545bb85e
added sh_history
2015-10-29 10:53:04 -07:00
Teddy Reed
db58ec5e44
Only emit process events for 0-status execve
2015-10-27 17:12:23 -07:00
Teddy Reed
a3067fcbb5
Fix auditd message parsing
2015-10-27 16:56:42 -07:00
Teddy Reed
689ec53a71
Merge pull request #1603 from theopolis/inotify_mod_only
...
[#1600 ] Put inotify into a mod-only watch mode
2015-10-27 16:53:59 -07:00
Teddy Reed
ba4eeb6a80
[ #1600 ] Put inotify into a mod-only watch mode
2015-10-27 16:42:21 -07:00
Teddy Reed
8ca2925ef0
[ Fix #1583 ] Require osqueryd to have R/W access to RocksDB
2015-10-27 16:09:24 -07:00
Teddy Reed
811d578739
Merge pull request #1599 from theopolis/socket_events
...
Refactor a bit of config and add socket_events table to Linux
2015-10-27 15:30:15 -07:00
Teddy Reed
b81b6de6ae
This refactors a bit of config/packs and adds a socket_events table to Linux.
...
The refactor of config/packs was initiated because event subscribers needed
a method for toggling `::init` based on some configurable option. In the case
of auditd, turning on the support with `--disable_audit=false` used to start
auditing the EXECVE syscall. It was understandable that this would cause
latency based on the number of processes executing per measure of time.
A new `socket_events` table will do the same but for `bind` and `connect`. These
are less-obvious and for now, require a scan of /proc for socket tuples. In the
future this file descriptor to socket tuple will be faster.
2015-10-27 15:13:02 -07:00
Teddy Reed
b8087a1b26
Fix readFile TOCTOU error
2015-10-26 01:21:05 -07:00
Teddy Reed
654830cf11
Merge pull request #1594 from rcseacord/additional-sign-fixes
...
eliminated some warnings from Clang 3.7 analyze mode
2015-10-23 13:03:54 -03:00
Robert C. Seacord
09481d0381
Fixed some type problems, casting away const, integer types, old style casts, etc.
2015-10-21 20:56:58 +00:00
Robert C. Seacord
1d9695ac31
eliminated some warnings from Clang 3.7 analyze mode
2015-10-21 06:02:58 +00:00
Robert C. Seacord
7a87be9ada
more sign coversion errors
2015-10-20 06:08:01 +00:00
Robert C. Seacord
1d7877d120
remmoved fanitize compiler option
2015-10-20 02:51:57 +00:00
Teddy Reed
c0257aa7d1
Merge pull request #1589 from theopolis/fix_1578
...
[Fix #1578 ] Support OPENSSL_NO_SSV3
2015-10-19 11:25:46 -07:00
Teddy Reed
7ba87a88bb
Merge pull request #1585 from rcseacord/additional-sign-fixes
...
Additional sign fixes
2015-10-19 11:25:18 -07:00
Teddy Reed
8214dd1309
Merge pull request #1584 from theopolis/fix_1580
...
[Fix #1580 ] Handle exceptions in linux process_memory_map
2015-10-19 09:28:16 -07:00
Teddy Reed
f891503cd9
Merge pull request #1577 from nemith/dpkg
...
Support for newer versions of libdpkg
2015-10-19 09:24:37 -07:00
Teddy Reed
00875988dc
Use native OS X version as min ABI
2015-10-18 20:47:09 -07:00
Teddy Reed
2bd6398b53
[ Fix #1578 ] Support OPENSSL_NO_SSV3
2015-10-18 20:47:06 -07:00
Teddy Reed
bc50c053fb
Remove boolean type-columns from file in favor of 'type'
2015-10-17 12:16:54 -07:00
Robert C. Seacord
e57828aac3
changes for integer sign problems
2015-10-17 00:18:35 +00:00
Teddy Reed
3cc7984cc2
[ Fix #1580 ] Handle exceptions in linux process_memory_map
2015-10-16 16:59:23 -07:00
Robert C. Seacord
acb2f6f628
eliminating diagnostics, mostly for comparisons between signed and unsigned operations
2015-10-16 16:10:37 +00:00
Robert C. Seacord
37b8e83a9e
fixes for problems related to unsigned to signed integer comparisons
2015-10-16 16:10:36 +00:00
Robert C. Seacord
0a6a36485c
redeclared i from int to size_t in two locatoins to eliminate several signed to unsigned comparisons
2015-10-16 16:10:36 +00:00
Teddy Reed
3f8cb14fbb
Merge pull request #1579 from nemith/segv
...
Fix segfault on interfaces tables
2015-10-15 17:58:04 -07:00
Brandon Bennett
f683871653
Fix segfault on interfaces tables
...
getifaddrs(3) states that ifa_addr can be null. Check to make sure they are not null before accessing them
2015-10-15 16:53:14 -06:00
Brandon Bennett
65738a73c1
Support for newer versions of libdpkg
...
Libdpkg has some breaking changes in newer versions which prevented
compiling the deb_packages table on Ubuntu 15.04. This change looks for
the libpkg version user pkg-config and adds some preprocessor magic to
support the newer versions.
2015-10-15 16:43:14 -06:00
Teddy Reed
3be0994933
[ Fix #1570 ] Check for invalid apt sources
...
This fixes a crash identified by @endrazine.
When apt sources data in /etc/apt/sources.list or /etc/apt/sources.list.d/{*}.list contain invalid data/lines the cache_file.GetPkgCache(); call will fail and cache will be nullptr. Subsequent usage results in a SIGSEV.
To reproduce the fault try:
$ zzuf -I /etc/ -r 0.01:0.1 -s 0:1000 -v \
./build/trusty/osquery/osqueryi --registry_exceptions=true --verbose \
"select count(*) from apt_sources"
Signed-off-by: Jonathan Brossard
2015-10-15 15:20:26 -07:00
Teddy Reed
201fbabb28
[ Fix #1559 ] Allow boost.filesystem incorrect LC_CTYPE
2015-10-13 09:55:44 -07:00
Teddy Reed
4852e3525f
Merge pull request #1550 from theopolis/ext_clean
...
Extension managers should clean extension sockets when starting
2015-10-12 13:36:10 -07:00
Teddy Reed
171bfecd20
Merge pull request #1552 from theopolis/glog_benchmark
...
Build Glog with OS X ABI, add SKIP_BENCHMARK
2015-10-12 13:35:45 -07:00
Teddy Reed
34717fda29
Merge pull request #1554 from mlw/fix-lingering-socket-fds
...
Close socket fds when finished with them
2015-10-12 13:32:52 -07:00
Matthew White
2446b22a5f
Close socket fds when finished with them
2015-10-12 09:59:09 -07:00
Teddy Reed
b7a2d861bf
Build Glog with OS X ABI, add SKIP_BENCHMARK
2015-10-11 14:37:49 -07:00
Teddy Reed
c7ff3dfb4f
Merge pull request #1549 from theopolis/more_11
...
Bumb RocksDB to ERROR, fix OS X kernel_info, silence compile warnings
2015-10-11 20:39:56 +01:00
Teddy Reed
6b16720039
Fix kernel_info on OS X, remove md5
2015-10-11 11:43:42 -07:00
Teddy Reed
fb56646623
Restrict RocksDB log level to ERROR
2015-10-11 10:50:56 -07:00
Mike Arpaia
4d0cd46f42
Merge pull request #1539 from theopolis/nit_101
...
Minor nits around distributed CLIs
2015-10-09 14:55:05 -07:00
Teddy Reed
dbdf64ed6e
Use better defines for 10.11
2015-10-08 07:22:48 -07:00
Teddy Reed
d5a7498881
Extension managers should clean extension sockets when starting
2015-10-08 06:47:23 -07:00
Teddy Reed
689ae4c865
Minor nits around distributed CLIs
2015-10-02 11:33:50 -07:00
Mike Arpaia
5789d889f4
Merge pull request #1538 from marpaia/discovery_queries
...
[fix #1536 ] Schedule iteration pass-by-reference
2015-09-30 15:50:05 -07:00
Mike Arpaia
65df593d33
[ fix #1536 ] Schedule iteration pass-by-reference
...
There was a bug in the `osquery::Schedule` container object such that,
when the iteration through the schedule occured, pack objects were being
passed by value (copied) instead of passed by reference. Thus, the
discovery query would be executed, the object's cache would be updated,
and then the object would go out of scope and be destructed, thus
leaving the original object without ever having ran the discovery query.
This caused discovery queries to thrash. Bad times.
I added a new test so that we don't regress here as well as const'd a
few functions that should have been const in `osquery::Pack`.
2015-09-30 15:41:43 -07:00
Matthew White
25dbd33e1e
Fixed bug when checking if config is valid
2015-09-30 10:50:28 -07:00
Teddy Reed
2a71162b0c
Merge pull request #1534 from theopolis/glob_fix
...
Fix potential hang with recursive globbing
2015-09-28 18:06:53 -07:00
Teddy Reed
66888de80a
Fix potential hang with recursive globbing
2015-09-28 17:50:25 -07:00
Teddy Reed
31b7966088
[ Fix #1531 ] Use libarchive finish for safari_extension parsing
2015-09-28 17:33:42 -07:00
Teddy Reed
bbac2cf07f
[ #1529 ] Allow DB Readonly with RocksDB lite
2015-09-28 01:50:32 -07:00
Teddy Reed
64c18a70a9
Merge pull request #1525 from theopolis/process_adds
...
Add state, group, and nice to processes
2015-09-24 14:43:17 -07:00
Teddy Reed
5890901c00
Add state, group, and nice to processes
2015-09-24 13:11:46 -07:00
Teddy Reed
2d4150499a
Merge pull request #1526 from theopolis/linux_sigs
...
[#1488 ] Shutdown Linux event publishers responsibly
2015-09-24 11:08:41 -07:00
Teddy Reed
bb65ec49ac
[ #1488 ] Shutdown Linux event publishers responsibly
2015-09-22 23:06:23 -07:00
Mike Arpaia
327a9bcdb1
Merge pull request #1522 from marpaia/startup_items
...
Include system startup items
2015-09-22 16:06:20 -07:00
Mike Arpaia
b09031adda
Include system startup items
...
We were not parsing system startup items.
2015-09-22 15:50:55 -07:00
Teddy Reed
0b006f28c7
Merge pull request #1519 from theopolis/osx_events
...
[#1488 ] Stop OS X event publishers with SIGINT
2015-09-22 09:14:47 -07:00
Teddy Reed
97ca0e627a
[ #1488 ] Stop OS X event publishers with SIGINT
2015-09-21 22:02:27 -07:00
Mike Arpaia
4021a742df
Merge pull request #1507 from jacknagz/os_version_rhel
...
RHEL os_version fix
2015-09-21 18:03:03 -07:00
Teddy Reed
284dac71de
Write helpful DB access/open error to verbose log
2015-09-20 10:35:26 -07:00
Teddy Reed
946ab354ff
Merge pull request #1517 from theopolis/fix_yara
...
Fix YARA sigfile caching
2015-09-20 10:34:29 -07:00
Teddy Reed
d042967f43
Fix YARA sigfile caching
2015-09-20 00:06:57 -07:00
Jack Naglieri
9c1e114728
Fix os_version table regex for REDHAT_BASED systems. Updating centos6/7 and freebsd10 Vagrant boxes.
2015-09-18 14:47:08 -07:00
Mike Arpaia
a0795f300b
Merge pull request #1512 from theopolis/schedule_tracking
...
Scheduled query success tracking
2015-09-17 13:39:04 -07:00
Teddy Reed
c51d214ddd
Scheduled query success tracking
2015-09-16 23:31:07 -07:00
Mike Arpaia
73045e4974
Moving packs to top level include directory
...
I could've swore that I did this already, but this moves
`include/osquery/config/packs.h` to `include/osquery/packs.h`.
2015-09-16 15:51:05 -07:00
Teddy Reed
333f2ce8c8
[ #1506 ] Silent kext loading messages from syslog
2015-09-16 13:13:56 -07:00
Mike Arpaia
3d81223dfb
Merge pull request #1508 from marpaia/distributed_test_fixes
...
Making distributed tests more awesome and less flaky
2015-09-16 12:05:51 -07:00
Mike Arpaia
dc6e395b77
Only log to warning if the config can't be read by the daemon
...
fix #1504
2015-09-16 10:54:38 -07:00
Mike Arpaia
41ef6798c6
Making distributed tests more awesome and less flaky
...
Distributed tests were failing every now and then because the test
plugin didn't implement retry's and the test server wasn't always
starting up fast enough. I fixed this by refactoring the tests to use
the real TLS plugin, which has retry logic. This required some mangling
of the configuration options, which should serve as a good reference as
well.
2015-09-16 10:36:34 -07:00
Teddy Reed
7852c356ec
Merge pull request #1494 from theopolis/signals
...
[#1488 ] Use signal handlers for teardown and reloading
2015-09-15 16:14:40 -07:00
Teddy Reed
65162e7239
Merge pull request #1501 from sharvilshah/sysinfo_updates
...
Update system_info table to include CPU type, CPU cores and total memory
2015-09-14 20:02:56 -04:00
Teddy Reed
7c2a625ef2
Use signal handlers for teardown and reloading
2015-09-14 16:57:00 -07:00