valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 09:58:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,887 Commits 2 Branches 109 Tags 25 MiB
c70cddd258
Commit Graph

596 Commits

Author SHA1 Message Date
Sharvil Shah
4ab79a8bd6 deallocate array with delete[] instead of delete 2015-06-02 15:09:22 -07:00
Wesley Shields
80749c3531 Chase constraint changes introduced in #1170. 
The changes done in #1170 broke some of the tables on FreeBSD.
 2015-05-30 01:42:44 +00:00
Wesley Shields
571fd65796 Fix build on FreeBSD. 
Missing osquery/tables.h include in routes.cpp and need to add gen_users
to blacklist on FreeBSD.
 2015-05-30 01:14:08 +00:00
Teddy Reed
f954e2c7e8 Merge pull request #1170 from mofarrell/exists-all 
Constraint existence now check for constraints using specific operator types.
 2015-05-29 16:10:30 -07:00
Michael O'Farrell
77aa36fa0b Constraint existence now check for constraints using specific operator types. 
This change allows QueryContext constraints to be checked for based on
operator type.  This makes checks for the existence of an equality
operator allow enumeration.

Example:
  if (context.constraints["pid"].exists(EQUALS)) {
    pids = context.constraints["pid"].getAll(EQUALS);
  } else {
    osquery::procProcesses(pids);
  }
 2015-05-29 13:47:04 -07:00
Wesley Shields
6558f605ff Implement process related tables on FreeBSD. 
This implements the following tables on FreeBSD:

process_envs
process_memory_map
process_open_files
process_open_sockets
processes

All the heavy lifting is done with libprocstat(3). All the tables follow
the same general principle. Use the common function, getProcesses() in
procstat.cpp, to get the processes and then generate the rows for each
process returned. There is also a procstatCleanup() function commonly
used across all the tables.

The one thing I am not able to test is the process_open_sockets table on
an IPv6 machine.
 2015-05-29 19:17:49 +00:00
Teddy Reed
ce3ac8a7e3 Merge pull request #1164 from theopolis/packs 
Pack and testing fixups
 2015-05-28 16:47:35 -07:00
Teddy Reed
4064fa6eb5 Pack and testing fixups 2015-05-28 12:17:27 -07:00
Mark Ignacio
84f8203dfd Converted CFAbsoluteTime in X509 certificates to UNIX time 2015-05-27 15:23:46 -07:00
Teddy Reed
ff9243bce1 Merge pull request #1159 from mofarrell/user-groups-table 
Wrote a user_groups table for darwin and linux based system.
 2015-05-27 11:38:06 -07:00
Michael O'Farrell
80356b26f0 Wrote a user_groups table for darwin and linux based system. 
The user_groups table represents the association between user ids and group ids.

Darwin Issue:
Issues arise in darwin systems with users that are members of many groups due
to a bug in Apple's implementation of getgrouplist.  If the number of groups a
user is a member of is greater than 64 a truncated association table may
be returned.
 2015-05-27 10:32:46 -07:00
Teddy Reed
8b3686a58a TLS plugin workflow tests 2015-05-26 19:55:00 -07:00
Teddy Reed
5969ae4fbf Clean up TLS-version from OpenSSL detection 2015-05-23 13:04:36 -07:00
Teddy Reed
700384dedc Minify tables namespace, extra CMake macros 2015-05-22 10:29:04 -07:00
Javier Marcos
9a4f611baf Merge pull request #1155 from javuto/osquery_packs_table 
Osquery packs table
 2015-05-21 20:32:45 -07:00
Javier Marcos
f86b2bc6f3 Adding checks to avoid duplicated queries in the schedule 2015-05-21 19:23:38 -07:00
Mike Arpaia
6f30c40041 Merge pull request #1152 from sharvilshah/xattr_parse_where_from 
More thorough where_from parsing in extended_attributes
 2015-05-21 16:32:32 -07:00
Javier Marcos
2b834a401a Fixing problem with extensions test, utility tables were added to core 2015-05-21 14:10:20 -07:00
Javier Marcos
886ad6e928 Added table for the packs and check for already scheduled queries 2015-05-21 13:42:45 -07:00
Sharvil Shah
a216ef2886 Use CoreServices Metadata API to parse kMDItemWhereFroms for file xattrs and now includes non-browser values too 2015-05-20 10:50:25 -07:00
Teddy Reed
4ff2fc1db2 Merge pull request #1151 from theopolis/crontab-fix 
Include several search paths for user contabs
 2015-05-20 10:47:32 -07:00
Javier Marcos
c6855fab43 Table for osquery packs 2015-05-19 18:44:28 -07:00
Teddy Reed
983d107fe6 Search for cronstabs in /cron and /cron/crontabs 2015-05-19 15:51:03 -07:00
Ryan Steinmetz
949f84f3a8 Add mounts table support under FreeBSD 
Cleanup blacklist entries for FreeBSD (mounts/users/groups)
 2015-05-19 15:33:06 -07:00
Teddy Reed
525c584a0b Merge pull request #1141 from theopolis/static_cryptsetup 
Build libcryptsetup statically
 2015-05-14 22:33:56 -07:00
Teddy Reed
9ee839b265 Build libcryptsetup statically 2015-05-14 19:36:00 -07:00
Blake Frantz
3a49fc46c8 Merge remote-tracking branch 'upstream/master' 2015-05-13 07:38:41 -07:00
Ryan Steinmetz
0777fa5fe2 - Add users/groups support for FreeBSD 2015-05-12 23:47:20 -07:00
Mike Arpaia
fff36af0af Removing trailing whitespace 2015-05-11 23:31:13 -07:00
Blake Frantz
2e865a69d6 Merge remote-tracking branch 'upstream/master' 2015-05-10 14:38:33 -07:00
Blake Frantz
2c4ae6758a initial commit for adding support for amazon linux 2015.03 2015-05-10 11:42:30 -07:00
Teddy Reed
98b52c39a1 elaxing iptables, EL-deps 2015-05-09 18:16:13 -07:00
Teddy Reed
b5be0212e2 Merge pull request #1120 from theopolis/iptables_best 
Adding new table to display iptables filters, chains and rules
 2015-05-08 20:10:34 -07:00
Javier Marcos
4f21090fb8 Adding new table to display iptables filters, chains and rules 
Patching headers to avoid void pointers
Adding test for parsing ipt_ip entries
 2015-05-08 19:11:49 -07:00
Teddy Reed
1de7cfb331 Use CMake find_package for python, fix ifaddrs on FreeBSD 2015-05-08 18:49:01 -07:00
Teddy Reed
258dd62b24 Merge pull request #1114 from theopolis/rhel_centos_tables 
RHEL table parity with CENTOS
 2015-05-08 11:54:20 -07:00
Teddy Reed
6919065b4b RHEL table parity with CENTOS 2015-05-07 23:23:32 -07:00
Teddy Reed
c7b9114975 Towards building on FreeBSD/ports 2015-05-07 23:12:30 -07:00
Jack Naglieri
8e3e7ef7be Fixed crontab parsing issue in RHEL 6.5.X 2015-05-06 13:03:34 -07:00
Teddy Reed
70e3c190bb Easier build host-based sync 2015-05-05 15:15:45 -07:00
Teddy Reed
fa35ee5f7b Merge pull request #1095 from theopolis/raw_sockets 
[Fix #1080] Remove netlink, support raw sockets
 2015-05-04 12:09:37 -07:00
Teddy Reed
893f678403 Linting and asan fixups 2015-05-04 11:00:21 -07:00
Teddy Reed
7da8b6f68a [Fix #1080] Remove netlink, support raw sockets 2015-05-04 10:57:49 -07:00
Teddy Reed
c63bf0451a Various exception hardening 2015-05-03 14:18:20 -07:00
Teddy Reed
e01a73b4f3 Schedule monitoring, doc updates, logger plugin fixes 2015-05-03 11:54:15 -07:00
Teddy Reed
a4c3a869de Merge pull request #1073 from theopolis/file_events 
Rename file_changes to file_events
 2015-04-29 18:43:57 -07:00
Javier Marcos
e83b813399 Support RHEL6 
This enables support for building osquery in RHEL6
 2015-04-29 18:31:13 -07:00
Teddy Reed
9658d4377c Rename file_changes to file_events 2015-04-29 16:27:29 -07:00
Wesley Shields
546d298196 Move yara relative paths to /etc/osquery/yara. 2015-04-29 10:16:11 -04:00
Wesley Shields
82123d14d1 Make YARA rule compiling handle relative paths. 
Previously this only existed in the yara table, but it now exists in the
yara config parser land, which will compile signature groups upon
update. Now your signature groups can reference signature files using
paths relative to /var/osquery.
 2015-04-28 23:06:02 -04:00