valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 10:23:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,033 Commits 2 Branches 109 Tags 25 MiB
c1d004ed1f
Commit Graph

3033 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony
c1d004ed1f Better fault-tolerant defaults for systemd service (#2255) 2016-07-17 18:56:00 -07:00
Teddy Reed
b9a5313123 Update third-party for Win10 building and add .patch to gitignore (#2250) 2016-07-15 10:55:28 -07:00
artemdinaburg
78e1cf7ab4 Transition __attribute__((constructor)) to a more platform independent approach (#2233) 2016-07-14 14:19:33 -07:00
Zachary Wasserman
8161a5f0a8 Add autocompletion of table names in osqueryi (#2236) 2016-07-14 14:15:32 -07:00
Nick Anderson
8d97d06b89 Crashes table now grabs all register values (#2243) 2016-07-13 11:29:07 -07:00
Marcin Wielgoszewski
805e24928d Log execution of a distributed query (#2241) 2016-07-12 19:22:06 -07:00
Teddy Reed
45530c0496 Slight performance improvments (#2242) 2016-07-12 19:16:50 -07:00
DaanDeMeyer
0544b50530 Cleaned up arch provisioning (#2239) 2016-07-12 11:51:35 -07:00
Teddy Reed
7f304a0934 Various fixups and best practices (#2237) 2016-07-11 09:45:57 -07:00
Zachary Wasserman
b5c129f324 Fix process path parsing (#2234) 
This commit fixes two issues with `path` in the linux processes table:

(1) Fixes a bug in which `on_disk` is set to `NULL` instead of `0` when the
binary is not on disk.

(2) Fixes a bug in which a filename ending in ` (deleted)` could cause osquery
to return an incorrect value for `on_disk`. See
https://github.com/facebook/osquery/issues/1607
 2016-07-08 12:06:56 -07:00
Peter
51f5fa9095 [#2216] Add notice text for required table predicates (#2225) 2016-07-08 08:33:37 -07:00
Teddy Reed
54557b16e7 [Fix #2196] Fix osquery home directory checking (#2232) 2016-07-07 17:33:52 -07:00
Teddy Reed
48cb4d555d Add systemLog API (#2229) 
This includes a minor SDK refactor as it move quite a few specialized
functions and facilities from core.h into system.h. There was a breaking point
for needing to frequently update core includes.

The new logger systemLog function allows a call site to bypass logging config
and write a line to the OS logger (aka syslog).
 2016-07-07 15:16:28 -07:00
Michael George
f0108ac901 update osx_attacks with Backdoor.MAC.Eleanor with fixes (#2226) 2016-07-07 15:14:27 -07:00
Javier Marcos
43dd75eb59 Adding folder signature for iWorm OSX malware (#2231) 2016-07-07 15:14:01 -07:00
Teddy Reed
6852122af9 Force RocksDB to sync writes for non-event domains (#2228) 
RocksDB is the default "database" plugin. Writes are normally kept in an
in-memory memtable. Writes that are not part of the event pubsub system can
be forced to sync to disk.
 2016-07-07 14:08:12 -07:00
Chris Long
1e9aa1a49c Adding Aobo Keylogger and OSX_Keydnap to osx-attacks (#2230) 2016-07-07 14:04:05 -07:00
Ryan Holeman
88053a08b4 Optional top level decorator functionality (#2177) 2016-07-06 15:31:59 -07:00
Tony
aa714d4c77 Add ability to provision Arch Linux (#2215) 2016-07-06 15:02:58 -07:00
Zachary Wasserman
8909602a40 Increase block period in flaky BufferedForwarder test (#2222) 
This test was intermittently failing because it relies on the actual thread
scheduling. Our discussion in issue #2218 decided that it was worth keeping the
test around, while trying to mitigate the flakiness. The longer sleeps in this
test ran successfully hundreds of times in local testing.
 2016-07-06 14:59:24 -07:00
Teddy Reed
21d1fca37d Add shutdown method to extensions (#2224) 
This alters the osquery.thrift spec to add a ::shutdown method to the
Extension class. The ExtensionManager inherits from this but includes a
no-op shutdown method.

When an ExtensionManager (osquery core) stops, it optionally requests all
Extensions to shutdown immediately. This helps quit extensions processes
faster.
 2016-07-06 12:23:24 -07:00
artemdinaburg
bede048323 Merge posix/windows processes table into single entity (#2220) 2016-07-05 21:18:14 -07:00
Omer Katz
2eb4a75884 Bump AWS SDK to 0.12.17 (#2214) 2016-07-05 20:26:24 -07:00
Teddy Reed
24f757850e Add link_whole to generated TARGETS file (#2219) 2016-07-05 17:58:06 -07:00
Teddy Reed
f740a1f020 Fix SQLite access after ASIO usage (#2217) 
Using the boost ASIO libraries before calling SQLite open causes the
"file://" protocol to be rewritten with a prepended CWD.
 2016-07-05 12:56:38 -07:00
artemdinaburg
e6fbde820e Windows Daemon/Shell: Make osquery code more Windows-friendly (#2188) 2016-07-01 14:56:07 -07:00
Teddy Reed
8dfe79ad83 Use a noexcept lexical_cast for SQL type conversions (#2212) 2016-07-01 11:37:19 -07:00
Teddy Reed
3b2c489374 Use libuuid from e2fsprogs for codegen TARGETS (#2213) 2016-07-01 11:36:42 -07:00
Teddy Reed
662b1483d5 Remove unused variable in virtual_table (#2210) 2016-06-30 18:41:43 -07:00
Teddy Reed
ca3cc5cf03 Silence ccache and clang warnings (#2209) 2016-06-30 18:41:32 -07:00
Teddy Reed
1f9739eed4 [Fix #2203] Restore extension respawn limits to 20s (#2207) 2016-06-30 17:53:05 -07:00
Teddy Reed
753c023640 Fix milli/micro conversion when waiting for active plugins (#2205) 2016-06-30 13:31:32 -07:00
artemdinaburg
5292100c22 Use vector.data() to get internal vector buffers (#2204) 2016-06-30 12:32:26 -07:00
Teddy Reed
3422a44d83 Run profile on all POSIX tables (#2202) 2016-06-30 11:58:55 -07:00
Teddy Reed
9756713e36 Adds -fpermissive and fixes 'using' for anon struct (#2200) 2016-06-29 20:15:58 -07:00
Omer Katz
f848679b63 Use ccache when available to speed up compilation. (#2178) 2016-06-29 10:18:52 -07:00
artemdinaburg
c20c91f2e5 CMake changes to build Windows tables (#2194) 
This PR implements the CMake changes to build Windows tables, and serves as a follow-on to PR
 2016-06-28 11:19:32 -07:00
artemdinaburg
864d77b180 Windows Daemon/Shell: Windows Processes Table (#2184) 
Include table changes necessary for a Windows processes table and changes to other tables needed for daemon and shell to run. The Windows processes table uses WMI as a backend to gather information. This commit does not yet build these tables.
 2016-06-28 11:07:34 -07:00
Teddy Reed
47e1a5ba74 Use noexcept boost::filesystem overloads (#2195) 2016-06-27 16:39:04 -07:00
Teddy Reed
3472b7cc32 Add bash and python to make packages calls (#2193) 2016-06-27 16:19:08 -07:00
Nick Anderson
72df044ef5 Adding check for nullptr before dereferencing. This fixes #2185 (#2187) 2016-06-24 13:59:49 -07:00
artemdinaburg
b7aad5a2c3 Install new requires packages and link to them in CMake (#2183) 2016-06-24 08:47:48 -07:00
artemdinaburg
d4a3fe2452 Windows Daemon/Shell: Initial support for Windows tables (#2182) 
Preparation for Windows Tables. We need a Windows process table so that the daemon will run
 2016-06-23 16:04:11 -07:00
Teddy Reed
c8c67c455a Simplify watchdog limits configuration (#2173) 2016-06-19 23:27:16 -07:00
Teddy Reed
9a4b6ba1a8 [Fix #2161] Remove space and quotes from launch daemon (#2174) 2016-06-19 23:25:09 -07:00
d-yokoi
97f2850967 fix a typo error on the doc for building (#2172) 2016-06-19 23:24:42 -07:00
Ryan Holeman
b47f246ab4 Optional randomization of shard ids for AWS Kinesis load balancing (#2157) 2016-06-15 15:29:59 -07:00
Gary
498f64437a Copy service unit configuration to Ubuntu Xenial default location (#2163) 2016-06-15 13:21:33 -07:00
yying
d2d9a27845 [Fix #2165] Use noexcept boost methods in PlatformFile (#2167) 2016-06-15 10:23:48 -07:00
Teddy Reed
231000ca4b Add SQL and Process Auditing to wiki index (#2168) 2016-06-14 19:30:28 -07:00