Teddy Reed
b81b6de6ae
This refactors a bit of config/packs and adds a socket_events table to Linux.
...
The refactor of config/packs was initiated because event subscribers needed
a method for toggling `::init` based on some configurable option. In the case
of auditd, turning on the support with `--disable_audit=false` used to start
auditing the EXECVE syscall. It was understandable that this would cause
latency based on the number of processes executing per measure of time.
A new `socket_events` table will do the same but for `bind` and `connect`. These
are less-obvious and for now, require a scan of /proc for socket tuples. In the
future this file descriptor to socket tuple will be faster.
2015-10-27 15:13:02 -07:00
Robert C. Seacord
09481d0381
Fixed some type problems, casting away const, integer types, old style casts, etc.
2015-10-21 20:56:58 +00:00
Robert C. Seacord
acb2f6f628
eliminating diagnostics, mostly for comparisons between signed and unsigned operations
2015-10-16 16:10:37 +00:00
Robert C. Seacord
37b8e83a9e
fixes for problems related to unsigned to signed integer comparisons
2015-10-16 16:10:36 +00:00
Brandon Bennett
f683871653
Fix segfault on interfaces tables
...
getifaddrs(3) states that ifa_addr can be null. Check to make sure they are not null before accessing them
2015-10-15 16:53:14 -06:00
Matthew White
2446b22a5f
Close socket fds when finished with them
2015-10-12 09:59:09 -07:00
Teddy Reed
5890901c00
Add state, group, and nice to processes
2015-09-24 13:11:46 -07:00
Teddy Reed
bb2b5f594b
Static analysis cleanups, static libmagic
2015-09-02 16:55:20 -07:00
Javier Marcos
74be3d1da0
Removing dots at the end of log entries
2015-08-28 16:50:44 -07:00
Mathieu Kooiman
b151ecedc2
Refs https://github.com/facebook/osquery/issues/320
...
Add provisioning scripts to build osquery on Debian Wheezy and Debian Jessie.
2015-08-20 20:57:22 +02:00
Teddy Reed
5bf30a779d
RocksDB usage speedups
2015-08-15 20:43:53 -07:00
Teddy Reed
2d7ce9341a
Remove some non-warning/error log lines from tables
2015-07-24 00:09:06 -07:00
Teddy Reed
6104aaebfe
Add optional TLS config plugin refresh
2015-07-17 14:59:08 -07:00
Teddy Reed
d3424f5831
Fix getifaddrs checking
2015-07-08 22:37:35 -07:00
Teddy Reed
49eb22ef44
Process open sockets on Linux was added '['
2015-06-07 13:28:17 -07:00
Wesley Shields
571fd65796
Fix build on FreeBSD.
...
Missing osquery/tables.h include in routes.cpp and need to add gen_users
to blacklist on FreeBSD.
2015-05-30 01:14:08 +00:00
Teddy Reed
f954e2c7e8
Merge pull request #1170 from mofarrell/exists-all
...
Constraint existence now check for constraints using specific operator types.
2015-05-29 16:10:30 -07:00
Michael O'Farrell
77aa36fa0b
Constraint existence now check for constraints using specific operator types.
...
This change allows QueryContext constraints to be checked for based on
operator type. This makes checks for the existence of an equality
operator allow enumeration.
Example:
if (context.constraints["pid"].exists(EQUALS)) {
pids = context.constraints["pid"].getAll(EQUALS);
} else {
osquery::procProcesses(pids);
}
2015-05-29 13:47:04 -07:00
Wesley Shields
6558f605ff
Implement process related tables on FreeBSD.
...
This implements the following tables on FreeBSD:
process_envs
process_memory_map
process_open_files
process_open_sockets
processes
All the heavy lifting is done with libprocstat(3). All the tables follow
the same general principle. Use the common function, getProcesses() in
procstat.cpp, to get the processes and then generate the rows for each
process returned. There is also a procstatCleanup() function commonly
used across all the tables.
The one thing I am not able to test is the process_open_sockets table on
an IPv6 machine.
2015-05-29 19:17:49 +00:00
Teddy Reed
8b3686a58a
TLS plugin workflow tests
2015-05-26 19:55:00 -07:00
Mike Arpaia
fff36af0af
Removing trailing whitespace
2015-05-11 23:31:13 -07:00
Teddy Reed
98b52c39a1
elaxing iptables, EL-deps
2015-05-09 18:16:13 -07:00
Teddy Reed
b5be0212e2
Merge pull request #1120 from theopolis/iptables_best
...
Adding new table to display iptables filters, chains and rules
2015-05-08 20:10:34 -07:00
Javier Marcos
4f21090fb8
Adding new table to display iptables filters, chains and rules
...
Patching headers to avoid void pointers
Adding test for parsing ipt_ip entries
2015-05-08 19:11:49 -07:00
Teddy Reed
1de7cfb331
Use CMake find_package for python, fix ifaddrs on FreeBSD
2015-05-08 18:49:01 -07:00
Teddy Reed
c7b9114975
Towards building on FreeBSD/ports
2015-05-07 23:12:30 -07:00
Teddy Reed
7da8b6f68a
[ Fix #1080 ] Remove netlink, support raw sockets
2015-05-04 10:57:49 -07:00
Teddy Reed
2c5cbdee63
Various shell fixups
2015-04-27 16:40:05 -07:00
Teddy Reed
be65922569
Fast tests
2015-04-27 09:40:31 -07:00
Javier Marcos
ddb41ae84a
Adding tests to the prototocols table
2015-04-22 17:49:27 -07:00
Javier Marcos
93d2b58b60
Adding new table for /etc/protocols
2015-04-22 15:46:29 -07:00
Teddy Reed
c59ce0e4e4
Lint fixes and clang analyze
2015-04-17 09:18:46 -07:00
Teddy Reed
dc7cf9cf59
[Implement #879 ] Add managed_policies to OS X
2015-04-08 21:38:56 -07:00
Sharvil Shah
e7a3d24ece
Fix etc_hosts hostname parsing so that inline comments are now ignored; update tests
2015-04-06 23:32:56 -07:00
Teddy Reed
38bfed3414
Remove libprocps(ng) in favor of parsing proc manually
2015-03-27 12:37:16 -07:00
Teddy Reed
148d7385f6
[ Fix #792 ] Replace std::regex with string parsing gcc below 4.9
2015-02-24 13:19:27 -08:00
Teddy Reed
aa078895d3
CentOS7 clang without fortify
...
1. _FORTIFY_SOURCE=1 will cause readlink/recv to hang when using
heap-allocated target buffers.
2. Install boost/rocksdb/thrift using source, similar to CentOS6.5
3. Remove boost::regex, prefer extended std::regex without static
link to boost_regex.
2015-02-13 12:47:30 -08:00
Teddy Reed
e37b16ce2f
Clang analyze fixups for Linux
2015-02-01 05:10:57 -07:00
Mitchell Grenier
299bef0452
Fixing the last strcpy
2015-01-27 14:06:12 -08:00
Teddy Reed
72fcd44bf1
Fallback to /proc/net/ for open sockets in Linux
2015-01-25 18:44:10 -07:00
Teddy Reed
9c1faec090
Isolate glog include and depend on libglog for #652
2015-01-21 13:37:06 -08:00
Teddy Reed
5f8eccb3f3
Remove gotos from linux routes
2015-01-19 18:06:34 -08:00
Teddy Reed
ac0f2f96e4
Split OSX process_open_files into files/sockets
2015-01-13 11:05:54 -08:00
Teddy Reed
f0eec6fbe3
Adding listening_ports to Linux
2015-01-13 09:51:40 -08:00
Teddy Reed
bb6f313c6c
Moved socket_inode on Linux to process_open_files
2015-01-13 08:26:47 -08:00
Teddy Reed
6deeba39c9
Merged Linux/OSX interfaces implementation
2015-01-11 01:39:16 -07:00
Teddy Reed
6dfc5d88f4
Added interfaces to Linux
2015-01-11 00:42:23 -07:00
mike@arpaia.co
b9f732c31f
Updating the license comment to be the correct open source header
...
As per t5494224, all of the license headers in osquery needed to be updated
to reflect the correct open source header style.
2014-12-18 10:52:55 -08:00
Teddy Reed
4425bed23e
Merge pull request #504 from Anubisss/master
...
Adding a table which maps services from /etc/services.
2014-12-16 01:23:05 -08:00
anuka
fa95ff09d8
Some fix for etc_services.
...
Signed-off-by: anuka <david.vas1@gmail.com>
2014-12-14 22:14:00 +01:00