Commit Graph

109 Commits

Author SHA1 Message Date
Teddy Reed
b81b6de6ae This refactors a bit of config/packs and adds a socket_events table to Linux.
The refactor of config/packs was initiated because event subscribers needed
a method for toggling `::init` based on some configurable option. In the case
of auditd, turning on the support with `--disable_audit=false` used to start
auditing the EXECVE syscall. It was understandable that this would cause
latency based on the number of processes executing per measure of time.

A new `socket_events` table will do the same but for `bind` and `connect`. These
are less-obvious and for now, require a scan of /proc for socket tuples. In the
future this file descriptor to socket tuple will be faster.
2015-10-27 15:13:02 -07:00
Robert C. Seacord
09481d0381 Fixed some type problems, casting away const, integer types, old style casts, etc. 2015-10-21 20:56:58 +00:00
Robert C. Seacord
acb2f6f628 eliminating diagnostics, mostly for comparisons between signed and unsigned operations 2015-10-16 16:10:37 +00:00
Robert C. Seacord
37b8e83a9e fixes for problems related to unsigned to signed integer comparisons 2015-10-16 16:10:36 +00:00
Brandon Bennett
f683871653 Fix segfault on interfaces tables
getifaddrs(3) states that ifa_addr can be null. Check to make sure they are not null before accessing them
2015-10-15 16:53:14 -06:00
Matthew White
2446b22a5f Close socket fds when finished with them 2015-10-12 09:59:09 -07:00
Teddy Reed
5890901c00 Add state, group, and nice to processes 2015-09-24 13:11:46 -07:00
Teddy Reed
bb2b5f594b Static analysis cleanups, static libmagic 2015-09-02 16:55:20 -07:00
Javier Marcos
74be3d1da0 Removing dots at the end of log entries 2015-08-28 16:50:44 -07:00
Mathieu Kooiman
b151ecedc2 Refs https://github.com/facebook/osquery/issues/320
Add provisioning scripts to build osquery on Debian Wheezy and Debian Jessie.
2015-08-20 20:57:22 +02:00
Teddy Reed
5bf30a779d RocksDB usage speedups 2015-08-15 20:43:53 -07:00
Teddy Reed
2d7ce9341a Remove some non-warning/error log lines from tables 2015-07-24 00:09:06 -07:00
Teddy Reed
6104aaebfe Add optional TLS config plugin refresh 2015-07-17 14:59:08 -07:00
Teddy Reed
d3424f5831 Fix getifaddrs checking 2015-07-08 22:37:35 -07:00
Teddy Reed
49eb22ef44 Process open sockets on Linux was added '[' 2015-06-07 13:28:17 -07:00
Wesley Shields
571fd65796 Fix build on FreeBSD.
Missing osquery/tables.h include in routes.cpp and need to add gen_users
to blacklist on FreeBSD.
2015-05-30 01:14:08 +00:00
Teddy Reed
f954e2c7e8 Merge pull request #1170 from mofarrell/exists-all
Constraint existence now check for constraints using specific operator types.
2015-05-29 16:10:30 -07:00
Michael O'Farrell
77aa36fa0b Constraint existence now check for constraints using specific operator types.
This change allows QueryContext constraints to be checked for based on
operator type.  This makes checks for the existence of an equality
operator allow enumeration.

Example:
  if (context.constraints["pid"].exists(EQUALS)) {
    pids = context.constraints["pid"].getAll(EQUALS);
  } else {
    osquery::procProcesses(pids);
  }
2015-05-29 13:47:04 -07:00
Wesley Shields
6558f605ff Implement process related tables on FreeBSD.
This implements the following tables on FreeBSD:

process_envs
process_memory_map
process_open_files
process_open_sockets
processes

All the heavy lifting is done with libprocstat(3). All the tables follow
the same general principle. Use the common function, getProcesses() in
procstat.cpp, to get the processes and then generate the rows for each
process returned. There is also a procstatCleanup() function commonly
used across all the tables.

The one thing I am not able to test is the process_open_sockets table on
an IPv6 machine.
2015-05-29 19:17:49 +00:00
Teddy Reed
8b3686a58a TLS plugin workflow tests 2015-05-26 19:55:00 -07:00
Mike Arpaia
fff36af0af Removing trailing whitespace 2015-05-11 23:31:13 -07:00
Teddy Reed
98b52c39a1 elaxing iptables, EL-deps 2015-05-09 18:16:13 -07:00
Teddy Reed
b5be0212e2 Merge pull request #1120 from theopolis/iptables_best
Adding new table to display iptables filters, chains and rules
2015-05-08 20:10:34 -07:00
Javier Marcos
4f21090fb8 Adding new table to display iptables filters, chains and rules
Patching headers to avoid void pointers
Adding test for parsing ipt_ip entries
2015-05-08 19:11:49 -07:00
Teddy Reed
1de7cfb331 Use CMake find_package for python, fix ifaddrs on FreeBSD 2015-05-08 18:49:01 -07:00
Teddy Reed
c7b9114975 Towards building on FreeBSD/ports 2015-05-07 23:12:30 -07:00
Teddy Reed
7da8b6f68a [Fix #1080] Remove netlink, support raw sockets 2015-05-04 10:57:49 -07:00
Teddy Reed
2c5cbdee63 Various shell fixups 2015-04-27 16:40:05 -07:00
Teddy Reed
be65922569 Fast tests 2015-04-27 09:40:31 -07:00
Javier Marcos
ddb41ae84a Adding tests to the prototocols table 2015-04-22 17:49:27 -07:00
Javier Marcos
93d2b58b60 Adding new table for /etc/protocols 2015-04-22 15:46:29 -07:00
Teddy Reed
c59ce0e4e4 Lint fixes and clang analyze 2015-04-17 09:18:46 -07:00
Teddy Reed
dc7cf9cf59 [Implement #879] Add managed_policies to OS X 2015-04-08 21:38:56 -07:00
Sharvil Shah
e7a3d24ece Fix etc_hosts hostname parsing so that inline comments are now ignored; update tests 2015-04-06 23:32:56 -07:00
Teddy Reed
38bfed3414 Remove libprocps(ng) in favor of parsing proc manually 2015-03-27 12:37:16 -07:00
Teddy Reed
148d7385f6 [Fix #792] Replace std::regex with string parsing gcc below 4.9 2015-02-24 13:19:27 -08:00
Teddy Reed
aa078895d3 CentOS7 clang without fortify
1. _FORTIFY_SOURCE=1 will cause readlink/recv to hang when using
heap-allocated target buffers.
2. Install boost/rocksdb/thrift using source, similar to CentOS6.5
3. Remove boost::regex, prefer extended std::regex without static
link to boost_regex.
2015-02-13 12:47:30 -08:00
Teddy Reed
e37b16ce2f Clang analyze fixups for Linux 2015-02-01 05:10:57 -07:00
Mitchell Grenier
299bef0452 Fixing the last strcpy 2015-01-27 14:06:12 -08:00
Teddy Reed
72fcd44bf1 Fallback to /proc/net/ for open sockets in Linux 2015-01-25 18:44:10 -07:00
Teddy Reed
9c1faec090 Isolate glog include and depend on libglog for #652 2015-01-21 13:37:06 -08:00
Teddy Reed
5f8eccb3f3 Remove gotos from linux routes 2015-01-19 18:06:34 -08:00
Teddy Reed
ac0f2f96e4 Split OSX process_open_files into files/sockets 2015-01-13 11:05:54 -08:00
Teddy Reed
f0eec6fbe3 Adding listening_ports to Linux 2015-01-13 09:51:40 -08:00
Teddy Reed
bb6f313c6c Moved socket_inode on Linux to process_open_files 2015-01-13 08:26:47 -08:00
Teddy Reed
6deeba39c9 Merged Linux/OSX interfaces implementation 2015-01-11 01:39:16 -07:00
Teddy Reed
6dfc5d88f4 Added interfaces to Linux 2015-01-11 00:42:23 -07:00
mike@arpaia.co
b9f732c31f Updating the license comment to be the correct open source header
As per t5494224, all of the license headers in osquery needed to be updated
to reflect the correct open source header style.
2014-12-18 10:52:55 -08:00
Teddy Reed
4425bed23e Merge pull request #504 from Anubisss/master
Adding a table which maps services from /etc/services.
2014-12-16 01:23:05 -08:00
anuka
fa95ff09d8 Some fix for etc_services.
Signed-off-by: anuka <david.vas1@gmail.com>
2014-12-14 22:14:00 +01:00