valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 18:08:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,796 Commits 2 Branches 109 Tags 25 MiB
d498bcbd65
Commit Graph

2903 Commits

Author SHA1 Message Date
Marek Cirkos
6a64e353e9 Refactor battery table and return some information even if advanced information is missing 2018-12-07 16:00:46 +00:00
Filipe Manco
bf4c0a3117 Move iptables querying to a C based proxy 
The iptables uapi kernel headers are incompatible with C++. To avoid
depending on modified kernel headers query iptables from a C based
proxy. This is a temporary solution until the problem is fixed on
upstream Linux.
 2018-12-07 16:00:36 +00:00
packetzero
5188ce5288 update aws-sdk-cpp 1.4.55 on windows (#5255) 2018-10-29 21:24:29 +00:00
Nick Anderson
0314871908
bug: explicitly set safe permissions on osquery dbs (#5229) 2018-09-18 22:51:29 -07:00
Michael McGrew
e6302379fd Add per process performance data to windows processes table (#5224) 2018-09-18 20:59:35 -07:00
James Jerger
b8d7243aa9 Add InstallDate to os_version for Windows (#5226) 2018-09-14 16:07:37 -07:00
Giorgi Guliashvili
7bac8cb7f6
remove old boost bug supprot (#5221) 2018-09-14 23:51:44 +01:00
Nick Anderson
bf93fcf2f9
database: changing default path of the database for pathing uniformity (#4832) 2018-09-14 11:36:24 -07:00
James Jerger
e10b243ecf Add NTDomain Table for Windows (#5152) 2018-09-14 11:25:49 -07:00
Max Kareta
61d415c6bc
added database migration class (#5112) 2018-09-14 20:58:03 +03:00
Adrien Schildknecht
bdf504f6b6 tables: netmask should be an integer (#5217) 2018-09-14 16:13:37 +01:00
Alessandro Gario
52805dca44 chrome_extensions: Use the translation dictionary with case insensitive keys (#5215) 2018-09-14 16:06:31 +01:00
Giorgi Guliashvili
53a48d8fb4
posix profiling (#5187) 2018-09-14 16:04:28 +01:00
Giorgi Guliashvili
70806ae4fc
numeric_monitoring recursive sync record (#5204) 2018-09-14 12:17:24 +01:00
Alexander
dcd653ce33
Create helper functions to get CPU cores info on linux (#5209) 
Helper functions to get CPU cores info exposed via sysfs on linux.
I need this information to use kprobes in osquery on linux.
 2018-09-14 11:32:25 +01:00
Alexander
8ab08ed6c0
Prepare the filesystem directories in initialisation routine (#5207) 
Create directory for the database only if database is switched on and do not fail on unsuccessful creation, just write down a message to log.
 2018-09-14 11:19:07 +01:00
Alexander
9b3e14789b
Non throwing directory creation function. (#5206) 
Directory creation function to osquery/filesystem.h

Status was used as a return value, as far as all function in this file operate with Status not Expected. Let's move from Status to Expected in another PR.
 2018-09-12 11:48:11 +01:00
Alessandro Gario
e2f1a11d75 Add a 'permission' field to the chrome_extensions table (#5193) 2018-09-12 01:03:36 +01:00
Giorgi Guliashvili
9bfd3f4a2d boost throwing is_directory bug (#5208) 2018-09-11 16:54:37 -07:00
yying
6e9f23a0e2 Add ReleaseDate to table for platform_info queries on Windows (#5182) 2018-09-10 17:05:44 -07:00
Adrien Schildknecht
0b686c4834 Add interface_ipv6 table (#4903) 2018-09-10 05:50:03 +02:00
Adrien Schildknecht
07961f314c [Table sanity check] routes & arp_cache (#5189) 2018-09-10 05:47:52 +02:00
Alexander
2ddd10b3df
Remove the rest of the safeStrto* function from conversion.h (#5190) 
Remove the rest of the safeStrto* function from conversion.h
Used tryTo<> from PR #4676 instead
 2018-09-07 15:48:15 +01:00
Alexander
b44110aaaa
Expected::takeOr have to accept rvalue as an argument (#5191) 
Fix up checking the type for argument in template definition.
Fixes: #5190
 2018-09-07 14:59:10 +01:00
Giorgi Guliashvili
ceb3e6896d
dispatcher static destructor (#5192) 2018-09-07 14:47:46 +01:00
Alexander
0f0440fa61
Removing potentially risky method getOr(T const&) from Expected (#5174) 
Too dangerous, because it is so easy to create a dangling reference (to local object for instance) with it.

It was discussed in terms of PR #4833
 2018-09-07 11:49:47 +01:00
Allan Liu
5457ef0ea9 tables: add pci_class_id and pci_subclass_id to pci_devices (#5183) 2018-09-06 01:05:11 +01:00
Allan Liu
37ae0ef4d5 tables: augment pci_devices table on linux with pci_subclass (#5175) 2018-09-05 20:20:27 +01:00
Giorgi Guliashvili
bf95191e5c
total number of queries sent numeric_monitor (#5172) 2018-09-04 16:30:37 +01:00
Alessandro Gario
6c59b6df38 intel_me_info/Windows: Fix the buffer size for the GetFirmwareVersion command (#5111) 2018-09-04 14:50:56 +01:00
Giorgi Guliashvili
f903ec02bc
monitor number of times osquery starts (#5171) 2018-09-04 14:05:11 +01:00
Giorgi Guliashvili
2cfaf8aa94
numeric monitoring aggregation types (#5169) 2018-09-04 13:49:04 +01:00
Giorgi Guliashvili
87a8260a5e
integration test helper NonNegativeOrErrorInt (#5150) 2018-09-04 13:48:12 +01:00
Giorgi Guliashvili
c301e361ca
executing query monitor under killswitch (#5170) 2018-09-03 18:02:40 +01:00
Giorgi Guliashvili
1a7e241483
[Table sanity check] kernel_info (#5140) 2018-08-31 20:21:41 +01:00
Alexander
5835484027
[Table sanity check] Integration test for the registry table (#5155) 
Fixes: #5034
 2018-08-31 17:45:04 +01:00
Giorgi Guliashvili
9fa67def23
allow numeric_monitoring flush for non testing purposes (#5156) 2018-08-31 17:38:32 +01:00
Giorgi Guliashvili
120e061c64
[Table sanity check] process_open_files (#5145) 2018-08-31 17:37:30 +01:00
Alexander
c23cc190ae
[Table sanity check] Integration test for the 'apt_sources' table (#5157) 2018-08-31 17:32:51 +01:00
Alexander
ba08abb982
[Table sanity check] Integration test for the known_hosts table (#5130) 
Fixes: #4879
 2018-08-31 16:07:38 +01:00
Alexander
11c38ad99d
[Table sanity check] sanity check for the table interface_details (#5143) 2018-08-31 15:14:29 +01:00
Alexander
5db628b7e8
Make more talkative in terms of unexpected columns (#5149) 2018-08-31 14:50:49 +01:00
Alexander
dad4507725
[Table sanity check] Integration test for the table (#5147) 2018-08-31 14:49:51 +01:00
Alexander
831becc7d2
[Table sanity check] sanity check for the table logged_in_users (#5144) 2018-08-31 14:48:53 +01:00
Alexander
2b24cf22de
[Table sanity check] sanity check for the table interface_addresses (#5142) 2018-08-31 14:28:26 +01:00
Giorgi Guliashvili
29550c0ecc
[Table sanity check] memory_map (#5146) 2018-08-31 12:15:59 +01:00
Giorgi Guliashvili
e01149d51e
[Table sanity check] programs (#5141) 2018-08-31 10:41:59 +01:00
Filipe Manco
fe5c7d990c
[Table sanity check] sanboxes (#5137) 2018-08-31 10:40:00 +01:00
Giorgi Guliashvili
b5e1cdc81a
[Table sanity check] user_group (#5128) 2018-08-31 10:25:21 +01:00
Mathieu Martin
c7803fdefd Fix typo. It's Comma, not Coma :-) (#5151) 2018-08-30 21:42:13 +01:00
Alexander
723f077c3b
Add quotes for the key and value in assertion messages (#5148) 2018-08-30 18:15:51 +01:00
Giorgi Guliashvili
566dd75671
[Table sanity check] file (#5126) 2018-08-30 18:15:29 +01:00
Alexander
e901bb35e8
Fix up wrong integer types from validating values from the tables (#5133) 2018-08-30 10:56:08 +01:00
Filipe Manco
7214331832
[Table sanity check] time (#5123) 2018-08-30 10:44:37 +01:00
Filipe Manco
40a770025c
[Table sanity check] process_events (#5132) 2018-08-30 10:02:45 +01:00
Filipe Manco
873c6555d0
[Table sanity check] os_version (#5124) 2018-08-30 09:39:43 +01:00
Teddy Reed
7a2bc0bc28
virtual tables: Handle SQLite3 BLOB_TYPE (#5118) 2018-08-29 21:40:33 -04:00
Giorgi Guliashvili
637d301853
validate rows assert debugging (#5125) 2018-08-29 20:16:00 +01:00
Alexander
f7b5447871
Use just std::function for custom validator in table integration tests (#5129) 2018-08-29 18:48:49 +01:00
Alexander
80bfdf914c
[Table sanity check] Integration tests for deb_packages (#5120) 
[Table sanity check] Integration tests for deb_packages
 2018-08-29 18:04:15 +01:00
Max Kareta
85d78c768e
[Table sanity check] crontab (#5127) 2018-08-29 16:16:23 +01:00
Alexander
7ed337d008
[Table sanity check] Integration test for the linux kernel modules table (#5121) 2018-08-29 15:13:38 +01:00
Max Kareta
ba1a933b90
[Table sanity check] system info (#5119) 2018-08-29 12:53:38 +01:00
Filipe Manco
59925a2706
[Table sanity check] hash (#5122) 2018-08-29 12:42:19 +01:00
Giorgi Guliashvili
a06af88b18
simplify logger initilization (#5078) 2018-08-29 00:21:59 +01:00
Giorgi Guliashvili
d5ccbd1813
treat warnings as error only in the osquery core (#5113) 2018-08-28 17:22:06 +01:00
Alessandro Gario
3082b7cb87 socket_events: Use local_port/local_address for bind() (#5098) 2018-08-28 15:52:36 +01:00
Alexander
6a460f22c7
RAII based scope guard class (#4980) 
To be sure that resources are always released/removed/closed/verified/stoped
in face of multiple return statements from the function.
 2018-08-28 12:32:02 +01:00
Alexander
dcfe83a0aa
Helper functions tryTake, tryTakeCopy to lookup in key-value tables (#4833) 
There are a lot of lookups in the maps the osquery code. Most of them are verbose and not-optimal with check if such key exists in the table before get access. Some of them consists error e.g.:
```c++
    r["uid"] = row.count("uuid") > 0 ? row.at("uid") : "";
```
Introduced code will help to avoid the most of such problems.
 2018-08-28 12:31:10 +01:00
Jibola
e05be701ed Expand "opaque" values in system_controls table (#5082) 2018-08-28 11:52:06 +01:00
Alexander
ae09a6e95b
Fix up debug build for InMemoryDatabaseTest (#5086) 
Fix up debug build for InMemoryDatabaseTest

  - add checks for return status of the operations
  - fix up check funtion for types in DB
 2018-08-28 11:22:57 +01:00
Adrien Schildknecht
d7b701cb2a Implement setThreadName() for FreeBSD (#5097) 
FreeBSD supports renaming threads with pthread_np.
The difference with Linux or Darwin is that there's no error code:
  "Because of the debugging nature of this function, all errors that may
   appear inside are silently ignored"
This isn't really a problem because thread names are meant for debugging
and osquery does not check the retun value of `setThreadName()` anyway.

Test plan:
  adrs@freebsd: procstat -t `pidof old_osqueryi`
    PID    TID COMM                TDNAME              CPU  PRI STATE   WCHAN
   7612 100059 osqueryi            -                    -1  152 sleep   ttyin
   7612 100162 osqueryi            -                    -1  152 sleep   uwait
   7612 100163 osqueryi            -                    -1  152 sleep   select
  adrs@freebsd: procstat -t `pidof osqueryi`
    PID    TID COMM                TDNAME              CPU  PRI STATE   WCHAN
   7278 100151 osqueryi            -                    -1  120 sleep   ttyin
   7278 100160 osqueryi            ExtensionWatcher     -1  120 sleep   uwait
   7278 100161 osqueryi            ExtensionRunnerCore  -1  131 sleep   select
 2018-08-28 11:11:11 +01:00
Giorgi Guliashvili
fd5b103c63
rearrange initLogger disable capabilities (#5077) 2018-08-27 17:33:10 +01:00
Max Kareta
78020a127e
added stubs for sanity checks (#5109) 2018-08-27 17:21:26 +01:00
Giorgi Guliashvili
21228c3172
put config backup feature behind killswitch (#5100) 2018-08-27 17:16:43 +01:00
Max Kareta
63fb35af74
added uptime sanity check (#5108) 2018-08-27 17:00:40 +01:00
Max Kareta
5dc0e5a7d5
added integration tests target and helper functions to tests table sanity (#5107) 2018-08-27 15:25:28 +01:00
Allan Liu
a17d6b5963 SMBIOS oem_strings table (#4849) 2018-08-22 20:02:40 -04:00
Giorgi Guliashvili
5f9552fa0e
writeTextFile optional mode argument (#5081) 2018-08-22 14:23:01 +01:00
Alexander
b6edf00892
Make error messages in Expected check different to distinguish problems (#5088) 
Make error messages in Expected check different to know for sure which check is failed.
 2018-08-22 13:26:55 +01:00
Giorgi Guliashvili
2a9a9ef666
cleanup after the primary logger concept removal (#5089) 2018-08-22 01:58:00 +01:00
Giorgi Guliashvili
81d53394fa
unused code after refactor (#5083) 2018-08-21 21:25:48 +01:00
Giorgi Guliashvili
dc3bb9ebba
remove unused force_permissions (#5080) 2018-08-21 20:58:52 +01:00
Max Kareta
cbfcd875cd
disk_encryption macOS, fix for issue #4658 (#4691) 2018-08-21 18:45:56 +01:00
Filipe Manco
d0486499ea
Log when an extension is registered or dies (#5076) 2018-08-21 10:31:20 +01:00
Giorgi Guliashvili
fa98cd5cc6
get rid of aliased flag log_result_events (#4970) 2018-08-20 20:42:40 +01:00
Giorgi Guliashvili
b30af3b6f2
remove primary logger concept (#4969) 2018-08-20 20:38:26 +01:00
Giorgi Guliashvili
77b0dbffa7
Match how logger_min_status works to doc (#4977) 2018-08-20 15:37:33 +01:00
Giorgi Guliashvili
13bdf72682
default logtostderr to true (remove logStderrOnly) (#4971) 2018-08-20 15:36:52 +01:00
Giorgi Guliashvili
5314fc6034
Match how logger_min_stderr works to doc (#4978) 2018-08-20 15:11:29 +01:00
Filipe Manco
2f50d1a13d Correct --enable_extensions_watchdog description (#5066) 2018-08-20 14:35:26 +01:00
Adrien Schildknecht
a86603e9fd route table: get the value of the MTU on Linux (#4981) 2018-08-20 14:27:37 +01:00
Giorgi Guliashvili
561fda3aa0
config backup (#4935) 2018-08-20 14:24:24 +01:00
Giorgi Guliashvili
84698b3e84
get rid of alias verbose_debug and debug (#4972) 2018-08-20 14:17:03 +01:00
Max Kareta
78ba6e0e62
rocksdb implementation part (#4912) 2018-08-20 12:49:56 +01:00
Teddy Reed
512f775c58
Remove boost SHA1 UUID dependency (#5070) 2018-08-19 21:55:00 -04:00
ryandeivert
68be4f10fa [aws] adding aws proxy support in ClientConfiguration (#4850) 2018-08-17 10:25:10 +01:00
Allan Liu
9091fd98a5 pci_devices: model and vendor information from system PCI db && add subsystem info (#4391) 2018-08-16 23:51:38 +01:00
Adrien Schildknecht
fc88135f3b route table: properly display the default IPv6 route on Linux (#4934) 2018-08-16 23:43:09 +01:00
Teddy Reed
b0815c78c7
tables: Harden SMBIOS data parsing (#4853) 2018-08-15 12:23:01 -04:00