valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-09 02:36:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,250 Commits 2 Branches 109 Tags 25 MiB
ba3931cc1f
Commit Graph

1250 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mike Arpaia
6eb2ffda55 Merge pull request #497 from facebook/host-ident-sig 
Refactoring getHostIdentifier and adding some extra logging
 2014-11-25 11:53:23 -06:00
Mike Arpaia
5d42395e38 Merge pull request #486 from facebook/clang-format 
clang-format on the codebase
 2014-11-25 11:26:44 -06:00
mike@arpaia.co
fdcea6daa7 manual fix to spacing issue 2014-11-25 09:08:00 -08:00
mike@arpaia.co
5855dab22b fixing two missing semi-colon issues with clang-format 2014-11-25 09:05:16 -08:00
mike@arpaia.co
807b7c735f can't format filesystem_tests because of raw strings 2014-11-25 09:05:16 -08:00
mike@arpaia.co
8f50cae3aa clang-format on the codebase 
Periodic clang-format run.
 2014-11-25 09:05:16 -08:00
mike@arpaia.co
6f8ec8587c Refactoring getHostIdentifier and adding some extra logging 2014-11-25 08:47:32 -08:00
Sean Williams
09230fc192 Makefile more flexible; fix a few bugs; optionally naively hide module 2014-11-24 16:26:03 -08:00
Sean Williams
aaee4d99ed Makefile more flexible; fix a few bugs; optionally naively hide module 2014-11-24 16:26:03 -08:00
mike@arpaia.co
bdf68e2e67 removing trailing content 2014-11-24 16:26:03 -08:00
mike@arpaia.co
542c7d83a9 new headers 2014-11-24 16:26:03 -08:00
mike@arpaia.co
f958b18984 moving to top-level kernel directory 2014-11-24 16:26:02 -08:00
Sean Williams
4ed1e10017 Fix a couple bugs; cleanup unused code/includes 2014-11-24 16:26:02 -08:00
Sean Williams
70d2b1038a Detect some linux kernel tampering. initial branch; not yet complete 
-Download kernel headers, enter camb directory, and type 'make'
-New sysfs directory /sys/kernel/camb created with two files undearneath it:
syscall_addr_modified and text_segment_hash.

File `syscall_addr_modified` is either 1 or 0 representing whether the syscall function pointers were modified or not respectively.
File `text_segment_hash` is the current sha1 hash of the kernel's .text segment (excluding loaded modules)

The address range that camb currently hashes is subject to change because it's probably not comprehensive. However, it caught the rootkits that I've thrown at it, one of which is suterusu (https://github.com/mncoppola/suterusu).
 2014-11-24 16:26:02 -08:00
Mike Arpaia
6b525af149 Update README.md 2014-11-24 08:56:56 -08:00
Mike Arpaia
20065157f1 update build matrix text 2014-11-24 08:56:28 -08:00
mike@arpaia.co
077fc936c9 updating master api references 2014-11-22 23:41:22 -08:00
Wesley Shields
7abc9f75f2 Implement logged_in_users. 
Fixes #9.
 2014-11-22 23:49:37 -05:00
Teddy Reed
54536e5915 Merge pull request #490 from theopolis/universal-darwin-pkg 
Towards a more universal darwin package
 2014-11-22 18:54:01 -08:00
Teddy Reed
4d19f4c97a Merge pull request #491 from theopolis/iokit_usb 
OS X IOKit's USB Devices virtual table
 2014-11-22 18:53:46 -08:00
Teddy Reed
4de3c8a0cf Fix memory leaks in USB Devices for OSX 2014-11-22 18:04:47 -08:00
Nick
acad6d8e8d Added USB device support for Mac (Linux coming next) 2014-11-22 17:42:56 -08:00
Teddy Reed
38bc5542b3 Towards a more universal darwin package 2014-11-22 17:42:02 -08:00
Teddy Reed
5620510414 Merge pull request #488 from wxsBSD/macros 
Using SQLite type macros
 2014-11-22 13:04:49 -08:00
Wesley Shields
059403eac4 Merge branch 'master' into macros 
Conflicts:
	osquery/tables/system/darwin/processes.cpp
 2014-11-22 15:12:21 -05:00
Sean Williams
a25b1ca128 Makefile more flexible; fix a few bugs; optionally naively hide module 2014-11-21 22:54:43 -08:00
Sean Williams
3929f50b25 Merge branch 'linux-camb' of github.com:facebook/osquery into linux-camb 2014-11-21 22:50:49 -08:00
Sean Williams
2be71e48bf Makefile more flexible; fix a few bugs; optionally naively hide module 2014-11-21 22:45:52 -08:00
Javier Marcos
4b5d8c4903 Merge pull request #485 from facebook/improve_build_script 
Changes to build scripts
 2014-11-21 15:41:42 -08:00
Javier Marcos
00d1d8f563 Avoiding unnecessary download of cmake in Ubuntu, removing Travis support and adding new dependency in osx needed to build a package 2014-11-21 15:33:47 -08:00
Teddy Reed
5da3ce9a24 Merge pull request #484 from theopolis/remove-host-routes 
Remove 'host' from OS X route types #483
 2014-11-21 11:05:46 -08:00
Teddy Reed
1caba72c30 Remove 'host' from OS X route types #483 2014-11-21 10:59:25 -08:00
Teddy Reed
863d99350b Merge pull request #481 from theopolis/unsigned-bigint-type 
Add basic support for unsigned long long int
 2014-11-21 10:49:07 -08:00
Teddy Reed
44181b7aeb Add basic support for unsigned long long int 2014-11-21 10:32:56 -08:00
Teddy Reed
6fc014b390 Merge pull request #478 from theopolis/darwin_min_abi 
Support at least darwin/OSX 10.9+
 2014-11-20 18:10:39 -08:00
Teddy Reed
011c0f0d47 Support at least darwin/OSX 10.9+ 2014-11-20 18:02:38 -08:00
Teddy Reed
e9f3162e6d Merge pull request #477 from theopolis/darwin_process_improvements 
Pull process_open_files out of processes.cpp and reduce logging
 2014-11-20 17:27:39 -08:00
Teddy Reed
7cee788be5 Add build matrix 2014-11-20 17:26:11 -08:00
Teddy Reed
1961921d95 Pull process_open_files out of processes.cpp and reduce logging 2014-11-20 17:19:04 -08:00
Javier Marcos
f247287b37 Merge pull request #476 from facebook/master_build_per_platform 
Adding one build badge per supported system
 2014-11-20 15:25:44 -08:00
Javier Marcos
0a161bcd2f Adding one build badge per supported system 2014-11-20 15:02:27 -08:00
Teddy Reed
a84c20a468 Merge pull request #472 from theopolis/cleanup-inode-tables 
Cleanup inode table implementations and unblacklist.
 2014-11-19 17:04:23 -08:00
Teddy Reed
b2debf509a Cleanup inode table implementations and unblacklist 2014-11-19 16:56:48 -08:00
Javier Marcos
bdaed6390e Merge pull request #473 from facebook/improve_build_script 
FIRST! 👍
 2014-11-19 16:40:45 -08:00
Javier Marcos
2ca0e44d5c Comment to test PR builds, again 2014-11-19 16:33:33 -08:00
Javier Marcos
a190b41720 Comment to test PR builds 2014-11-19 16:23:25 -08:00
Teddy Reed
9a6a69a224 Merge pull request #469 from theopolis/logging-nits 
Move expected errors to info log
 2014-11-19 14:54:32 -08:00
Javier Marcos
0dabad43af Merge pull request #471 from facebook/apt_get_update_errors 
Fix problem with apt-get update and hash mismatch
 2014-11-19 13:08:03 -08:00
Javier Marcos
e585fffacb Fix problem with apt-get update and hash mismatch 2014-11-19 12:59:40 -08:00
Mike Arpaia
ac70916719 Merge pull request #434 from lwhsu/freebsd-build 
FreeBSD support of build infrastructure
 2014-11-19 09:23:17 -08:00