Sean Williams
6ad17759d8
Makefile more flexible; fix a few bugs; optionally naively hide module
2014-12-08 23:47:29 +00:00
Sean Williams
218f74ae80
Makefile more flexible; fix a few bugs; optionally naively hide module
2014-12-08 23:47:29 +00:00
mike@arpaia.co
ece9d4fa00
removing trailing content
2014-12-08 23:47:26 +00:00
mike@arpaia.co
1ce1e17902
new headers
2014-12-08 23:47:25 +00:00
mike@arpaia.co
5b80664c5e
moving to top-level kernel directory
2014-12-08 23:47:25 +00:00
Sean Williams
279d55e49d
Fix a couple bugs; cleanup unused code/includes
2014-12-08 23:47:24 +00:00
Sean Williams
0953b17e93
Detect some linux kernel tampering. initial branch; not yet complete
...
-Download kernel headers, enter camb directory, and type 'make'
-New sysfs directory /sys/kernel/camb created with two files undearneath it:
syscall_addr_modified and text_segment_hash.
File `syscall_addr_modified` is either 1 or 0 representing whether the syscall function pointers were modified or not respectively.
File `text_segment_hash` is the current sha1 hash of the kernel's .text segment (excluding loaded modules)
The address range that camb currently hashes is subject to change because it's probably not comprehensive. However, it caught the rootkits that I've thrown at it, one of which is suterusu (https://github.com/mncoppola/suterusu ).
2014-12-08 23:47:24 +00:00
Teddy Reed
96d68ce98a
Clean before building CI
2014-12-08 15:22:17 -08:00
Teddy Reed
2ebbbf6f98
Linux udev events
2014-12-08 14:13:47 -08:00
mike@arpaia.co
e260007f04
Change exit(-1) to exit(EXIT_FAILURE)
2014-12-08 10:40:10 -08:00
Teddy Reed
fb5048596c
Merge pull request #527 from theopolis/fix_linux_processes_cmdline
...
Replace linux cmdline tokens with spaces
2014-12-07 18:11:07 -08:00
Teddy Reed
f8cc579d36
Fix json results clear
2014-12-07 15:53:37 -07:00
Teddy Reed
b890670be1
Replace linux cmdline tokens with spaces
2014-12-07 00:35:24 -07:00
Teddy Reed
a0866c0972
Merge pull request #524 from theopolis/events_expiry
...
Events expiry
2014-12-06 19:52:16 -08:00
Teddy Reed
b77f469752
Merge pull request #526 from theopolis/json-output
...
Add -json output mode for shell
2014-12-06 19:52:06 -08:00
Teddy Reed
19695d40aa
Add expiration to events
2014-12-06 18:28:03 -07:00
Teddy Reed
78ecc73d81
Add -json output mode for shell
2014-12-06 18:22:48 -07:00
Sean Williams
16a1cbf563
kernel_integrity vtable to use camb
2014-12-06 23:36:50 +00:00
Sean Williams
0b1b1f5b72
Merge branch 'linux-camb' of github.com:facebook/osquery into linux-camb
...
Conflicts:
osquery/kernel/linux/Makefile
osquery/kernel/linux/main.c
2014-12-06 12:54:02 -08:00
Sean Williams
f651254bc5
Remove hooking of init module: it should really go in an LSM proper; also fix Makefile when SMAP is not specified
2014-12-06 12:47:59 -08:00
Sean Williams
c74c972e1d
Update CONTRIBUTING.md
2014-12-06 12:35:02 -08:00
Sean Williams
9c513c20e7
Update CONTRIBUTING.md
2014-12-06 12:34:19 -08:00
Teddy Reed
7b16e45f55
Improve pubsub unittests
2014-12-05 16:18:05 -07:00
Teddy Reed
76597aa25f
Merge pull request #522 from theopolis/make_pkg_simple
...
Add -s flag to OSX package script
2014-12-04 09:46:03 -08:00
Teddy Reed
f3ab333cf1
Add -s flag to OSX package script
2014-12-04 09:33:04 -08:00
Teddy Reed
bd64fb4619
Merge pull request #519 from theopolis/better_includes2
...
Codemod to improve include search paths for includes
2014-12-03 17:40:06 -08:00
Teddy Reed
b7765a6af0
Codemod to improve include search paths for includes
2014-12-03 15:31:09 -08:00
Teddy Reed
400199f05e
Merge pull request #518 from theopolis/better_includes
...
Codemod to improve include search paths
2014-12-03 15:29:23 -08:00
Teddy Reed
7c738c8497
Codemod to improve include search paths
2014-12-03 15:14:02 -08:00
Teddy Reed
20dee9c274
Merge pull request #515 from theopolis/faster_generator
...
Towards simple table generation
2014-12-03 12:57:09 -08:00
Teddy Reed
a50400d34f
Merge pull request #510 from wxsBSD/issue_475
...
Implement signed columns for users and groups.
2014-12-03 12:46:02 -08:00
Teddy Reed
5d99dc0325
Use a single class for Table plugins
2014-12-03 12:43:55 -08:00
Teddy Reed
ebd77d47c4
Amalgamate generated tables
2014-12-03 02:02:11 -08:00
Teddy Reed
343cdf8405
Organize /tools
2014-12-02 21:16:24 -08:00
Teddy Reed
119eb37731
Simple template functions
2014-12-02 21:02:50 -08:00
Teddy Reed
f4337243ec
Towards simple table generation
2014-12-02 20:36:46 -08:00
Teddy Reed
7ad06d856d
Merge pull request #514 from eastebry/fix_hostIdentifier_typo
...
Fixed typo in getHostIdentifier
2014-12-02 19:34:35 -08:00
Bryan Eastes
5eef747025
Fixed typo in getHostIdentifer
2014-12-02 14:09:37 -08:00
Teddy Reed
d99e8a4c5a
Merge pull request #513 from theopolis/filesystem_constraints
...
Port manual/filesystem to file using constraints
2014-12-02 14:02:51 -08:00
Teddy Reed
d885bf420d
Port manual/filesystem to file using constraints
2014-12-02 12:37:26 -08:00
Teddy Reed
3ac9c3be09
Verbose option for profile
2014-12-02 12:19:17 -08:00
Teddy Reed
13fb05ab48
Move config member set back to end of ctor
2014-12-02 01:52:32 -08:00
Teddy Reed
366c646cb8
Merge pull request #507 from theopolis/config_options
...
Read arguments/options from config
2014-12-01 23:57:53 -08:00
Teddy Reed
f8e9750ea2
Merge pull request #508 from theopolis/workaround_422
...
[Fix #422 ] Workaround for multiple selects
2014-12-01 23:57:37 -08:00
Teddy Reed
b000541d2f
Merge pull request #509 from theopolis/fix_500
...
[Fix #500 ] Add virtual dtors to event pub/subs
2014-12-01 23:57:24 -08:00
Teddy Reed
d904d34e3a
Merge pull request #511 from eastebry/scheduler_bug_fix
...
Fixed small bug in getHostIdentifier method
2014-12-01 23:57:07 -08:00
Bryan Eastes
d2d021df24
Fixed small bug in getHostIdentifier method
2014-12-01 15:02:40 -08:00
Wesley Shields
2504c06feb
Implement signed columns for users and groups.
...
Fixes #475 .
2014-12-01 11:52:13 -05:00
Teddy Reed
8db44f70f3
[ Fix #500 ] Add virtual dtors to event pub/subs
2014-12-01 02:44:35 -07:00
Teddy Reed
fc69ccf22a
[ Fix #422 ] Workaround for multiple selects
2014-12-01 02:27:51 -07:00