Sereyvathana Ty
0706146c01
add feature to select multiple rows to signature table
2016-03-19 17:42:21 -07:00
Teddy Reed
4609486f74
Merge pull request #1947 from theopolis/osx_publisher_locks
...
Enhance publisher resource locking on OS X
2016-03-18 19:13:55 -07:00
Teddy Reed
54578df073
Merge pull request #1946 from theopolis/debian_packages_fixup
...
Fixup Debian package builds
2016-03-18 18:17:33 -07:00
Teddy Reed
f75c3cf704
Update Slack link in README
2016-03-18 17:05:31 -07:00
Teddy Reed
9f5de79af1
Fixup Debian package builds
2016-03-18 16:59:59 -07:00
Teddy Reed
d7c2f88289
Enhance publisher resource locking on OS X
2016-03-18 16:14:15 -07:00
Teddy Reed
4a88311ca2
Merge pull request #1944 from theopolis/tls_config_interrupt
...
Check for interrupt requests in TLS config refresher
2016-03-18 12:50:27 -07:00
Teddy Reed
3576189281
Check for interrupt requests in TLS config refresher
2016-03-18 12:03:27 -07:00
Teddy Reed
265ca2ff76
Merge pull request #1942 from theopolis/cleanups3
...
Various cleanups
2016-03-18 11:11:19 -07:00
Teddy Reed
c62a0f41b6
Various cleanups
2016-03-18 10:40:07 -07:00
Teddy Reed
81109efe04
Merge pull request #1937 from umareddy/patch-1
...
Update extensions.md
2016-03-17 09:50:40 -07:00
Uma Reddy
e421bfa54b
Update extensions.md
2016-03-17 12:47:13 -04:00
Teddy Reed
66d595edd9
Merge pull request #1935 from zwass/patch-1
...
Change .clang-format standard from Cpp03 to Cpp11
2016-03-16 23:29:05 -07:00
Teddy Reed
3e103e69ba
Merge pull request #1931 from ilovezfs/iokitlib-header-casesensitivity
...
IOKitLib.h not IOKitlib.h
2016-03-16 22:32:03 -07:00
Teddy Reed
593f024514
Merge pull request #1936 from theopolis/events_ex
...
Expire data when record is before expire time
2016-03-16 12:58:21 -07:00
Teddy Reed
7040780863
Expire data when record is before expire time
2016-03-16 12:35:06 -07:00
Teddy Reed
6156951d50
Merge pull request #1933 from theopolis/fix_1896
...
[Fix #1896 ] Gate additional and kernel tests/benchmarks
2016-03-15 23:52:16 -07:00
Teddy Reed
621f1bd3a9
[ Fix #1896 ] Gate additional and kernel tests/benchmarks
2016-03-15 23:05:37 -07:00
Zachary Wasserman
d6008c9267
Change .clang-format standard from Cpp03 to Cpp11
...
This fixes issue #1934 , and potentially other C++11 compatibility.
2016-03-15 20:37:13 -07:00
Teddy Reed
bb20a968d9
Merge pull request #1930 from theopolis/debug
...
Build debug packages
2016-03-15 11:12:56 -07:00
ilovezfs
52e7d55600
IOKitLib.h not IOKitlib.h
...
As with all other appearances of IOKitLib.h in the osquery sources, use
the capitalization "IOKitLib.h" not "IOKitlib.h" to avoid build failure
on case-sensitive file systems.
2016-03-15 09:43:11 -07:00
Teddy Reed
42222bd4a5
Build debug packages
2016-03-15 08:58:01 -07:00
Teddy Reed
ba6110f30d
Merge pull request #1926 from friedbutter/upgrade-signature-table
...
Upgrade signature table
2016-03-15 00:14:37 -07:00
Sereyvathana Ty
f912fca415
add cdhash, team_identifier, and authority to signature table
...
cdhash - code directory hash
(https://developer.apple.com/library/mac/documentation/Security/Conceptu
al/CodeSigningGuide/RequirementLang/RequirementLang.html)
team_identifier is a unique id of the app developer
authority is the common name of the signed certificate
2016-03-14 23:19:27 -07:00
Teddy Reed
68208e0423
Merge pull request #1915 from zwass/asl_table
...
Apple System Log Virtual Table Implementation
2016-03-14 12:52:29 -07:00
Zachary Wasserman
1af6684019
Apple system log virtual table implementation
...
This adds a virtual table implementation for efficient querying of the
Apple System Log (ASL) store.
2016-03-14 12:19:03 -07:00
Teddy Reed
cf630e00a2
Merge pull request #1924 from theopolis/1920_2
...
[Fix #1920 ] Detach thread before joining/clearing (terminate)
2016-03-13 12:38:21 -07:00
Teddy Reed
0ba2861cf9
[ Fix #1920 ] Detach thread before joining/clearing (terminate)
2016-03-13 12:15:18 -07:00
Teddy Reed
28c3ef37d5
Merge pull request #1923 from theopolis/1920_1
...
[Fix #1920 ] Remove remaining references to boost::thread
2016-03-12 00:47:48 -08:00
Teddy Reed
59274e59c6
Remove boost::thread from fsevents tests
2016-03-12 00:30:05 -08:00
Teddy Reed
21c7ab642b
Remove boost::thread from inotify tests
2016-03-12 00:15:58 -08:00
Teddy Reed
4a378b9068
Merge pull request #1918 from theopolis/remove_boost_threads
...
Remove boost::thread
2016-03-11 13:23:26 -08:00
Teddy Reed
3de52846d0
Remove boost::thread
2016-03-11 11:50:44 -08:00
Teddy Reed
bc384ba7ad
Merge pull request #1914 from russellhancox/certificate-files
...
Darwin: Allow certificates table to read DER/PEM files
2016-03-11 08:19:51 -08:00
Russell Hancox
05c1dbecb0
Darwin: Allow certificates table to read DER/PEM files as well as keychain
2016-03-11 11:02:54 -05:00
Teddy Reed
d3786c45a3
Merge pull request #1916 from theopolis/deps_updates
...
Several package updates within provision code
2016-03-10 20:26:04 -08:00
Teddy Reed
32efa9a09b
Several package updates within provision code
...
1. Update boost to 1.60 from 1.55 on Linux platforms
2. Add asio (1.11.0) to the deps set
3. Update snappy to 1.1.3 on Linux platforms
4. Update cpp-netlib to 0.12.0-rc1 from 0.11 on Linux platforms
- OS X and brew also include 0.12.0-rc1 as a devel option
5. Update libapt to 1.2.6 from 0.8.6 on Ubuntu/Debian
- This adds lzma as a dependent link
2016-03-10 19:40:15 -08:00
Teddy Reed
74a32dbba7
Merge pull request #1912 from zwass/improve_error
...
Add path to error message when config file not found
2016-03-10 17:33:05 -08:00
Zachary Wasserman
c91798b083
Add path to error message when config file not found
...
Example:
```
$ sudo ./build/darwin/osquery/osqueryd --allow_unsafe --config_path
/foo/bar
W0310 13:34:40.473743 1955008512 init.cpp:506] Error reading config:
config file does not exist: /foo/bar
```
2016-03-10 14:13:08 -08:00
Teddy Reed
28f6bc932c
Merge pull request #1911 from readshaw/readshaw/osx-embed-tls-chain-cert
...
OS/X packaging improvements
2016-03-10 08:31:46 -08:00
Teddy Reed
9d8c3adef7
Merge pull request #1879 from theopolis/lints-2
...
Fix various lint issues
2016-03-10 01:10:42 -08:00
Teddy Reed
96e2562e2d
Merge pull request #1913 from sharvilshah/process_state_mnemonics
...
[#1886 ] Use mnemonics for process states on Darwin
2016-03-09 23:30:41 -08:00
Teddy Reed
26c8b5640f
Fix various lint issues
2016-03-09 19:55:39 -08:00
Teddy Reed
03d0d7e835
Merge pull request #1910 from theopolis/null
...
Allow NULL values, stop using -1 as int/double invalid values
2016-03-09 19:23:35 -08:00
Teddy Reed
a6c147700f
Allow NULL values, stop using -1 as int/double invalid values
2016-03-09 18:24:17 -08:00
readshaw
d0b16e37c4
Add option to specify and bundle TLS server cert chain file; and osqueryd is restarted in installation postinstall.
2016-03-10 10:12:34 +10:00
Sharvil Shah
a713fbcc55
Use mnenomics for process states on Darwin
...
Process states in `processes` table now use mnemonics instead of the
integer code. They follow closely to the states defined sys/proc.h,
which means processes with state as:
state value meaning mnemonic
-------- ------- --------------------------------- ----------
SIDL 1 process being created by fork 'I'
SRUN 2 currently runnable 'R'
SSLEEP 3 sleeping on an address 'S'
SSTOP 4 process debugging or suspension 'T'
SZOMB 5 awaiting collection by parent 'Z'
Note: The mnemonics here will not match up with what `ps` or `top`
reports.
`ps` and `top` queries run state of all Mach Threads (by grabbing a Mach Task)
of a process, and then coalesces it to represent the process state.
This is no longer possible to do by non-Apple signed binaries,
as the only way to a Mach Task (and therefore list of Mach Threads)
is by calling `task_for_pid()`, which no longer works under
System Integrity Protection (SIP) introduced in OS X 10.11
2016-03-09 11:25:58 -08:00
Teddy Reed
57db798a11
Merge pull request #1903 from theopolis/windows_build
...
Minor changes to support a Windows build
2016-03-08 18:10:14 -08:00
Teddy Reed
d8650c7630
Minor changes to support a Windows build
2016-03-08 10:47:38 -08:00
Teddy Reed
6f69330920
Merge pull request #1907 from theopolis/fix_1900
...
Allow extensions to use the backing store
2016-03-08 10:45:56 -08:00