valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 10:23:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,806 Commits 2 Branches 109 Tags 25 MiB
cf630e00a2
Commit Graph

1599 Commits

Author SHA1 Message Date
Teddy Reed
0ba2861cf9 [Fix #1920] Detach thread before joining/clearing (terminate) 2016-03-13 12:15:18 -07:00
Teddy Reed
59274e59c6 Remove boost::thread from fsevents tests 2016-03-12 00:30:05 -08:00
Teddy Reed
21c7ab642b Remove boost::thread from inotify tests 2016-03-12 00:15:58 -08:00
Teddy Reed
3de52846d0 Remove boost::thread 2016-03-11 11:50:44 -08:00
Teddy Reed
bc384ba7ad Merge pull request #1914 from russellhancox/certificate-files 
Darwin: Allow certificates table to read DER/PEM files
 2016-03-11 08:19:51 -08:00
Russell Hancox
05c1dbecb0 Darwin: Allow certificates table to read DER/PEM files as well as keychain 2016-03-11 11:02:54 -05:00
Teddy Reed
d3786c45a3 Merge pull request #1916 from theopolis/deps_updates 
Several package updates within provision code
 2016-03-10 20:26:04 -08:00
Teddy Reed
32efa9a09b Several package updates within provision code 
1. Update boost to 1.60 from 1.55 on Linux platforms
2. Add asio (1.11.0) to the deps set
3. Update snappy to 1.1.3 on Linux platforms
4. Update cpp-netlib to 0.12.0-rc1 from 0.11 on Linux platforms
 - OS X and brew also include 0.12.0-rc1 as a devel option
5. Update libapt to 1.2.6 from 0.8.6 on Ubuntu/Debian
 - This adds lzma as a dependent link
 2016-03-10 19:40:15 -08:00
Zachary Wasserman
c91798b083 Add path to error message when config file not found 
Example:
```
$ sudo ./build/darwin/osquery/osqueryd --allow_unsafe --config_path
/foo/bar
W0310 13:34:40.473743 1955008512 init.cpp:506] Error reading config:
config file does not exist: /foo/bar
```
 2016-03-10 14:13:08 -08:00
Teddy Reed
9d8c3adef7 Merge pull request #1879 from theopolis/lints-2 
Fix various lint issues
 2016-03-10 01:10:42 -08:00
Teddy Reed
96e2562e2d Merge pull request #1913 from sharvilshah/process_state_mnemonics 
[#1886] Use mnemonics for process states on Darwin
 2016-03-09 23:30:41 -08:00
Teddy Reed
26c8b5640f Fix various lint issues 2016-03-09 19:55:39 -08:00
Teddy Reed
03d0d7e835 Merge pull request #1910 from theopolis/null 
Allow NULL values, stop using -1 as int/double invalid values
 2016-03-09 19:23:35 -08:00
Teddy Reed
a6c147700f Allow NULL values, stop using -1 as int/double invalid values 2016-03-09 18:24:17 -08:00
Sharvil Shah
a713fbcc55 Use mnenomics for process states on Darwin 
Process states in `processes` table now use mnemonics instead of the
integer code. They follow closely to the states defined sys/proc.h,
which means processes with state as:

  state    value   meaning                           mnemonic
 -------- ------- --------------------------------- ----------
  SIDL     1       process being created by fork     'I'
  SRUN     2       currently runnable                'R'
  SSLEEP   3       sleeping on an address            'S'
  SSTOP    4       process debugging or suspension   'T'
  SZOMB    5       awaiting collection by parent     'Z'

Note: The mnemonics here will not match up with what `ps` or `top`
reports.

`ps` and `top` queries run state of all Mach Threads (by grabbing a Mach Task)
of a process, and then coalesces it to represent the process state.

This is no longer possible to do by non-Apple signed binaries,
as the only way to a Mach Task (and therefore list of Mach Threads)
is by calling `task_for_pid()`, which no longer works under
System Integrity Protection (SIP) introduced in OS X 10.11
 2016-03-09 11:25:58 -08:00
Teddy Reed
d8650c7630 Minor changes to support a Windows build 2016-03-08 10:47:38 -08:00
Teddy Reed
6f69330920 Merge pull request #1907 from theopolis/fix_1900 
Allow extensions to use the backing store
 2016-03-08 10:45:56 -08:00
Teddy Reed
b5defa7436 Allow extensions to use the backing store 2016-03-08 08:56:03 -08:00
Teddy Reed
44488fe0a6 Merge pull request #1895 from DaanDeMeyer/cpu_time 
Cpu time table implementation (solves #1889)
 2016-03-08 08:20:12 -08:00
Daan De Meyer
d4737f9214 Create table called cpu_time for inspecting where the cpu cores spent time since the last system restart. 2016-03-08 15:14:06 +01:00
Teddy Reed
53c108d02e Merge pull request #1902 from theopolis/remove_glog 
Remove Glog from third-party build
 2016-03-07 14:53:32 -08:00
Teddy Reed
956ce75601 Remove Glog from third-party build 2016-03-07 12:54:00 -08:00
Teddy Reed
5f8fa32e21 [Fix #1901] Tear down TLS server runner 2016-03-07 09:38:37 -08:00
Teddy Reed
677c448dea Merge pull request #1897 from theopolis/remove_rdb 
Refactor backing storage
 2016-03-06 21:09:23 -08:00
Teddy Reed
afd17f8134 1. Reorganize RocksDB database handle into a plugin 
2. Introduce a SQLite-based database plugin
3. Refactor database usage to include local 'fast-calls'
4. Introduce an 'ephemeral' database plugin for testing (like a mock)
 2016-03-06 20:40:16 -08:00
Teddy Reed
bcd0debaee Merge pull request #1894 from theopolis/sql_debug 
Add define to enable SQLite WHERETRACE
 2016-03-06 09:32:18 -08:00
Teddy Reed
8607d319a1 Merge pull request #1893 from theopolis/dm_bind 
[Fix #1892] Build devmapper statically
 2016-03-04 21:04:05 -08:00
Teddy Reed
8c3d2387e9 Add define to enable SQLite WHERETRACE 2016-03-04 20:41:06 -08:00
Teddy Reed
5fbde8ec4f [Fix #1892] Build devmapper statically 2016-03-04 20:09:43 -08:00
Teddy Reed
683e5c1778 Merge pull request #1890 from theopolis/join_tests 
Add high level join tests for processes, file, and hash
 2016-03-03 22:01:47 -08:00
Teddy Reed
ee1182f526 Add high level join tests for processes, file, and hash 2016-03-03 18:47:55 -08:00
Joe Gallo
544ae37e9d add fan name to fan speeds table 2016-03-03 19:44:53 -05:00
Teddy Reed
297d6ae1c3 [Fix #1887] Do not generate row for invalid pids 2016-03-03 13:47:27 -08:00
Teddy Reed
69fe7ca4be Merge pull request #1884 from russellhancox/fix-darwin-groups 
Darwin: Use undocumented getgroupcount() before getgrouplist
 2016-03-02 13:58:33 -08:00
Teddy Reed
f08c1c5ec5 Merge pull request #1885 from theopolis/fix_1874 
[Fix #1874] Update SQLite to 3.12.0
 2016-03-02 12:37:21 -08:00
Teddy Reed
489a5e839c [Fix #1874] Update SQLite to 3.12.0 2016-03-02 10:12:41 -08:00
Russell Hancox
cc964af444 Darwin: Use undocumented getgroupcount() before getgrouplist 2016-03-01 09:39:01 -05:00
Teddy Reed
94c9824f12 Merge pull request #1876 from sharvilshah/fix_leaks 
Fix potential leak in Darwin disk_encryption table
 2016-02-27 17:38:17 -08:00
Sharvil Shah
cf573d668e Fix potential leak 2016-02-26 14:54:23 -08:00
Teddy Reed
b21c2ed943 [#1816] Refactor DB instance management 2016-02-25 19:07:52 -08:00
Teddy Reed
c314428c66 Merge pull request #1871 from theopolis/more_tests 
Add fstests and reduce SQLite scope
 2016-02-23 23:54:25 -08:00
Teddy Reed
cf40b8a967 Merge pull request #1869 from theopolis/deps_cxxflags 
Add CXXFLAGS to deps build
 2016-02-23 23:49:47 -08:00
Teddy Reed
897b2225b1 Add fstests and reduce SQLite scope 2016-02-23 17:09:02 -08:00
Teddy Reed
08a1d852a2 Add CXXFLAGS to deps build 2016-02-22 22:12:06 -08:00
Teddy Reed
50440ddea5 [Fix #1866] Emit warning log with unknown options 2016-02-22 21:39:17 -08:00
Teddy Reed
9c42ba51b3 Merge pull request #1858 from theopolis/sqlite_3.11 
Bump sqlite to 3.11.0
 2016-02-21 23:35:01 -08:00
Teddy Reed
9a54af29ce Bump sqlite to 3.11.0 2016-02-21 22:40:37 -08:00
Teddy Reed
3101a32b01 Improve logging tests, add filesystem logger tests 2016-02-21 19:40:16 -08:00
Teddy Reed
4b60d8f9d4 Merge pull request #1863 from theopolis/fix_1861 
[Fix #1861] Add newline to all filesystem logger writes
 2016-02-21 17:05:02 -08:00
Teddy Reed
c1b2af92c3 [Fix #1854] Unify power sensor tables 2016-02-21 16:02:58 -08:00