valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 18:08:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,796 Commits 2 Branches 109 Tags 25 MiB
d498bcbd65
Commit Graph

2903 Commits

Author SHA1 Message Date
Vova Mishatkin
dbac4ea67c
Add the ability to specify file_paths with sql queries (#4678) 2018-07-10 16:24:13 +01:00
Alexander
508b147aa1
Remove using instance() from serviceCount() (#4685) 
As far serviceCount is not a static function there is absolutely legal to use
 2018-07-10 10:35:45 +01:00
Alexander
1945db71b5
Numeric monitoring system concept (#4626) 
Just an interface and simple implementation dumping points to file on disk.
And I add also few monitoring records to some places of osquery code as an example.

Brief
Just an interface and simple implementation dumping points to file on disk.
And I add also few monitoring records to some places of osquery code as an example.

Motivation
osquery can monitor system health. But at some point we need to monitor the condition of osquery itself. Vast majority of interesting parameters can be represented by
numbers. How many queries it runs, how long does each query takes, what is the performance hit of each query, how long was last downtime and so on and so far. For obviou
s reason it hard to measure most of this parameters by external instrument. And it is almost impossible to evaluate it on production. But we can do it from inside of osquery.

What this PR is for
The systems like graphite or RRDtool can store and plot time-series data for us. We just have to
be able to feed data to it. We can create different plugins to be able to send data to different instruments. And we need some proper internal interface to all potential plugins. This PR is attempt to create generic interface.

Interface description
The most systems accept data as sequences of 2-dimensional points. One of the dimensions is value, the other is time. Each particular sequence has unique key, to be distinguished from the others.
Data descriptions for carbon. I have used this three parameters as an attributes of one monitoring point.

To send one point from some particular place in the code you just need to call the function record from namespace monitoring declared in the file include/osquery/num eric_monitoring.h with 3 arguments (path, value, time). Where path is the unique key of sequence; value is some interesting value to watch; time is the time of the point (can be omitted, current system time is the default vaule).
 2018-07-09 13:19:50 +01:00
Teddy Reed
ee65b95f3c
bug: Fix SELinux events rebase (#4684) 2018-07-08 16:07:25 -04:00
Alessandro Gario
9497df67cc Add a new audit-based table to collect SELinux events (#4224) 2018-07-08 11:22:03 -04:00
uptycs-nishant
1cf5cb7dbc Fixing user_time, system_time bug and changing the cpu utilization logic (#4431) 2018-07-08 11:20:45 -04:00
Alexander
af647a4251
Add get_or, take_or shortcuts to Expected class (#4662) 
* Add get_or, take_or shortcuts to Expected class
* Make take_or more strict with accept types
 2018-07-06 14:27:06 +01:00
Alexander
5fa1ebad13
Output stream like operator << for Error (#4670) 
To create an error human readable message should be provided among other argmunts.
Which is good to better understanding what happend by log records.
To make it more informative user in most cases should put in those message some data (numbers, strings etc.).
This operator will help us to avoid using verbose constructions like boost::format or std::ostringstream or something similar to format a proper error message.
We will be able just to "stream" in a created error any "printable" variables from the context.

Additionaly we will be able to use "fancy" tools for streams like boost::io::quoted or std::hex to format messages.

Example:
```c++
createError(SystemErorr::NoSuchFile, "Could not read pidfile: ")
  << boost::io::quoted(pidfile_path)
  << " " << read_status.toString();
```
 2018-07-05 16:12:18 +01:00
Jason Schroth
b75821658b adding bash_session logging (#4640) 
* adding bash_session logging

* adding genShellHistoryFromBashSessions

updated to include new function for adding bash_sessions

* adding genShellHistoryFromBashSessions and tests and header
updated test use canonical for filepath

updated to include new function for adding bash_sessions
 2018-07-04 15:25:38 +01:00
Alexander
4051b0fc79
Create a template implementation of tryTo<> for the one type (#4665) 2018-07-03 17:12:17 +01:00
Alessandro Gario
e622f62d8a macOS signature: Add a hash_resources parameter to the table (#4246) 2018-07-02 19:47:18 +01:00
Alexander
02e29c48a1
Remove container specific join implementation from conversions.h (#4656) 
using templates generic version for any iterable container could be done
Also, realisation for std::set were using a useless copy of data.
 2018-07-02 14:14:36 +01:00
Vova Mishatkin
29b596dc85 Add ssdeep table for posix (#4629) 2018-06-29 19:50:47 +01:00
Alexander
9f69a0f8c8 Explicit use ValueType and EnumErrorType in Expected full type definition (#4650) 2018-06-28 14:46:48 +01:00
Rich5
50f66f8baa Using TOKEN_USER instead of TOKEN_OWNER struct (#4651) 2018-06-28 11:22:24 +01:00
Alexander
13081420ae
Remove platformStrncpy function from osquery/core/utils.h (#4645) 
On the one heand there is no place of use for it. And on the other, if code rely on all this checks it must be pretty unsafe and messy.
 2018-06-27 19:18:35 +01:00
Alexander
ed7c5ca69d
Connecte expected.h and error.h tests to build system (#4648) 
* Connecte expected.h and error.h tests to build system

% ./build/darwin/osquery/osquery_tests --gtest_filter='Expected*'
Note: Google Test filter = Expected*
[==========] Running 0 tests from 0 test cases.
[==========] 0 tests from 0 test cases ran. (0 ms total)
[  PASSED  ] 0 tests.

% ./build/darwin/osquery/osquery_tests --gtest_filter='Expected*'
Note: Google Test filter = Expected*
[==========] Running 2 tests from 2 test cases.
[----------] Global test environment set-up.
[----------] 1 test from ExpectedValueTest
[ RUN      ] ExpectedValueTest.initialization
[       OK ] ExpectedValueTest.initialization (0 ms)
[----------] 1 test from ExpectedValueTest (0 ms total)
[----------] 1 test from ExpectedPointerTest
[ RUN      ] ExpectedPointerTest.initialization
[       OK ] ExpectedPointerTest.initialization (0 ms)
[----------] 1 test from ExpectedPointerTest (0 ms total)
[----------] Global test environment tear-down
[==========] 2 tests from 2 test cases ran. (0 ms total)
[  PASSED  ] 2 tests.

* Check error message and name of error enum separatelly

Different compilers produce different names for C++ classes
 2018-06-27 18:42:17 +01:00
Max Kareta
c382a8a739
Refactor/cmake (#4646) 2018-06-27 18:08:52 +01:00
Max Kareta
a2e1e37219
Refactor/cmake (#4644) 2018-06-26 18:27:24 +01:00
Alexander
5ef576a99c
Create a success and failure static factory for Status (#4627) 
Consider this PR as a cosmetic one.

Creating Status class object in the code is not so clear. It is not so obvious that defatult costructed Status is success. Also it is not obvious that status with zero code is success and non-zero is failure.

To fix it I created 2 static methods to make construction of some particular status clear to reader.

* Use assert to check code in Status::failure in debut mode

* Rename success_code constant to kSuccessCode
according to style guide
 2018-06-26 17:36:26 +01:00
Max Kareta
6ab2a83a61
Refactor/cmake 5 (#4642) 2018-06-26 16:54:08 +01:00
Alexander
f9e9fdb962 Remove unused unused mutex 'config_valid_mutex_' from config (#4637) 2018-06-26 16:01:28 +01:00
Max Kareta
8f7ea728d2
reworked part of cmake files (#4638) 2018-06-26 12:03:35 +01:00
Jason Schroth
ec22af9fc8 Refactor before adding bash_sessions history files to shell_history (#4634) 2018-06-25 17:42:48 +01:00
Alexander
1179915350
The default timestamp was added for shell_history without timestamp (#4618) 
If the shell history file does not contain a timestamps for the lines
osquery will miss the time in rows and will show an confusing error
about attempt to convert empty string to INTEGER.

```
% head -n 3 ~/.zsh_history
ls
cd source
ls
```

```
osquery> select * from shell_history limit 1;
I0621 11:56:37.804193 2629124992 virtual_table.cpp:292] Error casting time () to INTEGER
+------------+------+---------+-------------------------------+
| uid        | time | command | history_file                  |
+------------+------+---------+-------------------------------+
| 1868255265 |      | exit    | /home/akindyakov/.zsh_history |
+------------+------+---------+-------------------------------+
```
So, default value for the time in shell history can solve the problem.
 2018-06-25 16:55:49 +01:00
mchaffe
191fc7df53 Fix regular files being tagged as symlinks (#4579) 2018-06-23 10:32:13 +01:00
Kyle Creyts
19843b8253 first pass at ssh_config table (#4380) 2018-06-22 19:37:29 -07:00
Giorgi Guliashvili
257bcfa546 events proof read (#4591) 2018-06-22 19:35:36 -07:00
Giorgi Guliashvili
6bb1f93fc2 udev resource protection (#4599) 2018-06-22 19:01:59 -07:00
Max Kareta
d085f2dca1
added custom version of realpath function (#4416) 2018-06-22 15:02:22 +01:00
Alexander
6b7ff81ad8
Do not try to decode/encode utf-8 in python extensions (#4617) 
osquery itself does not care about unicode validity in table columns,
just takes it "as is". It definetely makes sense, because it could be broken.
But thrift extensions interface for python do it.

If, for instance, shell history contains broken unicode test `python_test_example_queries`
will fail.

```bash
% sed -n '5277p' < ~/.zsh_history | xxd -b                                                                                                                          [146]
00000000: 11000011 10000011 10111111 01101100 01110011 00001010  ...ls.
```
 2018-06-22 10:21:11 +01:00
Max Kareta
2084c74238
updated another set of cmake files (#4622) 2018-06-21 18:43:22 +01:00
Max Kareta
bccc28dd98
xcode support (#4581) 2018-06-21 15:46:39 +01:00
Sven Mueller
e6a6a12e15 Add some more features to the cpuid table. (#4192) 2018-06-20 11:49:24 +01:00
Giorgi Guliashvili
a87db9952f
memory leak resolve for dispatcher (#4597) 2018-06-19 23:46:56 +01:00
Giorgi Guliashvili
f9e60dbb74
toIndex simplification (#4586) 2018-06-19 23:16:18 +01:00
Mitchell Grenier
ed186e0961 Watcher: Never give up on extensions (#4585) 2018-06-19 14:22:38 -07:00
Filipe Manco
b67fc0eb28
Comment out unused parameter to make linter happy (#4606) 2018-06-19 22:02:32 +01:00
Filipe Manco
3c271d2b9b
Replace unsafe usages of 0 as nullptr (#4607) 2018-06-19 22:02:07 +01:00
jcai1
574061b5f9 add recovery behavior to osqueryd Windows service (#4565) 2018-06-19 16:58:33 -04:00
iBigQ
0bce73c846 Parse structured options as string (#4567) 
* Parse structured options as string

* Added option parsing test

* fix option json test

* fix formating
 2018-06-19 17:11:51 +01:00
M Amin
7623f5380f tables: Added NTFS ACL permissions virtual table (#4518) 2018-06-18 16:12:36 -04:00
Max Kareta
4b8d7f0c53
moved from file(GLOB); added CMAKE_CURRENT_LIST_DIR to support include syntax (#4582) 2018-06-18 14:24:20 +01:00
Max Kareta
408c54565e
Removing macOS kernel module (#4572) 2018-06-17 19:21:07 +01:00
Giorgi Guliashvili
c7ad4350e1
dispatcher race conditions (#4570) 
* dispatcher race conditions

dispatcher had 2 race condition.
In joinServices it was accessing service_threads_ with different lock(join_lock). However, if by that time new service was added baad things would happen :) .

Also dispatcher was accessing services_.size() without the lock. ( If by that time service was removed or joined bad things would happen)
 2018-06-15 18:01:44 +01:00
Giorgi Guliashvili
ff1747347e
InterruptableRunnable RunnerInterruptPoint redesign (#4545) 
* InterruptableRunnable RunnerInterruptPoint redesign

There were several inefficiencies in the old version of RunnerInterruptPoint and InterruptableRunnable.

1) RunnerInterruptPoint was throwing the exception when interrupted, however, the exception was always ignored.

2) InterruptableRunnable used the read-write lock, however only write lock was used.

3) InterruptableRunnable InterruptableRunnable, stored almost similar variable stop_, interrupted_.

4) std::atomic<bool> interrupted_ was used with locks, even though it was accessed by default safest access mode memory_order_seq_cst. So no additional cache invalidation was needed.

5) InterruptableRunnable contained code(in method interrupted() and variables bypass_check_, checked) just for testing. Which was slowing down method interrupted().

6) Some more confusing things. notify_all was not needed, as only one thread could be waiting for the conditional variable. RunnerInterruptPoint:: pause(void) looks ambiguous and that's why was not used anywhere.

I resolved all these problems by merging InterruptableRunnable and RunnerInterruptPoint into the InterruptableRunnable.

1) No use of the exception.
2) 4) Simple mutex, which is only used for pauseMilli. InterruptableRunnable::interrupted and InterruptableRunnable::interrupt function lock-free.
3) Single variable interrupted_.
5) Made InterruptableRunnable::interrupt virtual. Tests override interrupt to make things testable.
6) change to notify_one and removed pause without the specific time.
 2018-06-15 16:15:43 +01:00
Nick Anderson
428094ef72 bug: correctly check windows event log channels for firing (#4550) 2018-06-13 21:40:50 +01:00
Filipe Manco
366141fda2
Catch exceptions by ref on windows processes (#4541) 2018-06-13 21:06:38 +01:00
Filipe Manco
98ccbcc250
Remove /dev/null monitoring from fsevents (#4549) 2018-06-13 20:33:32 +01:00
Alexandru Stefanica
674efda216 Fix autoloaded extension processes outliving the main process (#4359) 2018-06-13 20:33:02 +01:00
Filipe Manco
b512f4be6d
ATCPlugin fix ctor initialization order (#4540) 2018-06-13 17:17:28 +01:00
Alessandro Gario
ea95870bc8 AuditdNetlink: Only start the netlink services once (#4535) 2018-06-13 14:57:57 +01:00
Filipe Manco
bb57c489de
Removed extra empty line at top of file (#4543) 2018-06-13 14:51:44 +01:00
Filipe Manco
92dbd15a89
Fix comment typos (#4542) 2018-06-13 14:51:27 +01:00
Filipe Manco
98f00bea4f
SQL::selectFrom() pass columns as ref (#4544) 2018-06-13 14:32:10 +01:00
Filipe Manco
0a08620b65
Move process namespaces to separate table (#4534) 2018-06-13 14:28:16 +01:00
Alexander
d22146beac Fix up flaky fileops_tests (#4529) 2018-06-13 10:18:27 +01:00
Alessandro Gario
b64dbb0f53 auditdnetlink: Do not reset the handle when poll() returns EINTR (#4531) 2018-06-13 10:06:53 +01:00
Nick Anderson
6ff5aded99
bug: correctly check for failed process open (#4532) 2018-06-12 14:56:22 -04:00
Giorgi Guliashvili
698846fda4
base64 encoding and decoding optimized (#4507) 
base64 encoding and decoding optimized
 2018-06-12 18:37:04 +01:00
Giorgi Guliashvili
5e9332aea4
bug split(string,string,size_t) (#4515) 
split(string,string,size_t) contained bug, it was joining on every delimiter, which would result to unusual outcome. However, test could not detect this problem as delim.size() was 1. It turned out, that this split is not used anywhere having delim.size() > 1, so completely fixing bug by changing signature of the method to split(string,char,size_t)
 2018-06-12 18:34:09 +01:00
Mitchell Grenier
46e38e1c4a
Add decode back to cmdline pieces (#4521) 2018-06-12 10:30:54 -07:00
Alexander
343971caae
Do not continue FileOpsTests.* after file opening faulure (#4530) 
Without ASSERT_* tests try to work with invalid file pointer - it doesn't make any sense
 2018-06-12 18:20:08 +01:00
Filipe Manco
adedd50c9a
Registry: don't call external code holding lock (#4528) 2018-06-12 15:55:51 +01:00
Teddy Reed
e1676c9ef5 Make macOS signatures table architecture aware (#4525) 2018-06-11 14:03:57 -07:00
Nick Anderson
e860e8e794
[Fix 4488] Ensure that corrupted DB entries are processed gracefully (#4508) 2018-06-08 20:56:16 -07:00
Filipe Manco
0f66afff6e Set parent to -1 on process_events (#4511) 2018-06-08 15:15:54 -07:00
Babatunde Micheal Okutubo
ffe025e0a3 tables: Report process limits on darwin and linux (#4219) 2018-06-08 10:53:17 -07:00
Alexander
4c2925743e If config update call from extension failed, do not go further (#4517) 2018-06-08 10:15:46 -07:00
Jason Meller
8456b34993 Add battery virtual table for Darwin (#4168) 2018-06-07 09:47:45 -07:00
Giorgi Guliashvili
6188729295
get rid of unnecessary string conversion (#4506) 
* get rid of unnecessary string conversion

* formating problem corrected
 2018-06-07 08:43:54 -07:00
Giorgi Guliashvili
521041ba86
Ephemeral native support for int (#4489) 
* Ephemeral native support for int

Ephemeral supports int without serialization.
Dump get and put pushed from database.cpp to the database plugin.
Basic support for rocksDB and sqlite

* status messages

* style and compilation problems fix

* const int& to int for database get

* const int& to int for database put

* more specific exception type of boost variant get

* eohemeral improvements

code repetition reduced
map operations reduced
error message improved
 #everything, next in the following.

* safeStrtoi implementation and use

*  code formatting

* atoi accepts base int type

* error message add to status

* compilation error and format correction
 2018-06-06 19:08:23 -07:00
Nick Anderson
49e5c2ed27
events: updating logging verbiage and off-by-one for powershell events (#4502) 2018-06-06 15:57:09 -07:00
Mitchell Grenier
6ea8ceb944
Allow ATC to ignore DB locking (#4414) 2018-06-06 12:30:31 -07:00
Giorgi Guliashvili
13a5e683f1
rocksDB simplify (#4490) 
* rocksDB simplify

unnecessary private variables moved to functions.
Find method replaced by std::find

* reverting back some changes

* code move revert
 2018-06-06 12:17:34 -07:00
Alexander
a1ba0b1371
Use just unique_ptr instead of shared in ImplExtensionClient (#4498) 
There is no intent to shared this objects
 2018-06-06 19:26:03 +01:00
Mitchell Grenier
7b60f97a71
Fix Mojave BSSIDs (#4499) 2018-06-06 09:48:54 -07:00
Alexander
410bd82eac Fixed up resource releasing order UB in ImplExtensionClient (#4463) 2018-06-04 10:51:50 -07:00
Alexander
e6f69e6480 Use std::vector instead of std::list for PackRef in Config implementation (#4485) 2018-06-04 09:46:54 -07:00
Alexander
a4ca8b1048
Rid off the shared_ptr using from config schedule (#4423) 
there is no reason to share this objects
 2018-06-04 10:34:32 +01:00
Nick Anderson
df5ae228dd
bug: fixes initialization of BSTR to be explicit for bios info table (#4481) 2018-06-03 20:21:46 -07:00
Nick Anderson
34b787122f
build: remove PRODUCT_MOBILE_CORE reference and pinning v140 compiler tools (#4482) 2018-06-02 23:12:09 -07:00
Alessandro Gario
5006a02c27 Bundle C++ extensions into a single executable (#4335) 2018-06-03 02:04:36 +01:00
Allan Liu
566f07e76a tables: text address arg for SMBIOSParser::tables predicate (#4452) 2018-06-02 13:45:44 -07:00
Max Kareta
898b27e00e
parent directory function (#4418) 2018-06-02 20:48:26 +01:00
Max Kareta
93110701d8
reworked cmake file split database plugins files (#4476) 2018-06-02 20:44:58 +01:00
Giorgi Guliashvili
8d7129ee03
Basic db int type support (#4454) 
* Basic db int type support

Added API and tests for int types in the database abstraction.

For now, it's just the  wrapper over the string type. In the following commits, will utilize specific database capabilites for additional performance.

* source formatting corrected

* hardened tests
 2018-06-02 12:38:29 -07:00
James Jerger
56bbd9a8b9 Tables: Add cpu_info table to windows (#4381) 2018-05-31 15:25:12 -07:00
Max Kareta
c0a9e76611
osquery::Error && osquery::Expected (#4396) 2018-05-31 15:17:50 +01:00
Max Kareta
6edecaf67c
reorganized includes to improve compile time 2 (#4446) 2018-05-30 11:44:18 +01:00
Max Kareta
5aca61375f
reorganized includes to improve compile time (#4445) 2018-05-30 00:17:40 +01:00
Max Kareta
bf391e5b83
reworked core cmakefiles.txt (#4443) 2018-05-30 00:04:52 +01:00
Alexander
422c1400b8
Simple solution to reduce drift time in loop of scheduled queries (#4393) 
* Simple solution to reduce drift time in loop of scheduled queries #4301

based on measuring time of loop step and reduce sleep time on it.

* Change schedule time drift compensation policy

Sleep less time or do not sleep at all if there is non-zero accumulated drift.
Also new flag [schedule_max_drift] was added to make it configurable.

* Add test to check time drift accumulation and fix up code according review comments
 2018-05-29 18:48:43 +01:00
Giorgi Guliashvili
b2533f8bf9 cpu_type fixed for linux (#4425) 2018-05-29 10:53:09 +01:00
Filipe Manco
c485474ad6
Enable configure() calls on logger plugins (#4434) 2018-05-29 09:58:07 +01:00
Max Kareta
deff17a8e7
split registry to separate classes (#4444) 2018-05-28 20:16:04 +01:00
Teddy Reed
9e98cefd22
deps: Update aws-sdk-cpp to version 1.4.55 (#4437) 2018-05-26 22:09:33 -04:00
Alexander
ff4f90ca81 Remove unused member from SchedulerRunner class (#4430) 2018-05-25 21:44:35 +01:00
Allan Liu
083c57e3f0 tables: memory related SMBIOS tables (#4409) 2018-05-25 21:29:43 +01:00
Drake Aronhalt
408d002403 Adding readonly_rootfs field to docker_containers table. (#4419) 2018-05-25 17:54:15 +01:00
Filipe Manco
67f95baf6e
Fix files with no new line at eof (#4426) 2018-05-24 20:12:31 +01:00
Rutwa189
3de45f5abb Improve Python packages table (#4407) 2018-05-24 09:14:44 -07:00
Yuan Lei
b95575e260 bug: fix osquery warn for non exist file (#4424) 2018-05-24 16:55:27 +01:00
Max Kareta
6047e7d6f8
Added custom path functions (#4265) 2018-05-24 12:26:43 +01:00
Max Kareta
a4f1bedc63
Fixing memory leak in mdfind table (#4406) 2018-05-22 13:08:13 +01:00
Max Kareta
b92b8a078a
Fixed over release of object on osx (#4404) 2018-05-22 13:07:43 +01:00
Max Kareta
bf82fca620
[osx] added autorelease pools (#4405) 2018-05-21 14:41:02 +01:00
Alexander
8de02701f2 Apply const qualifier for Config::packs(...) method (#4387) 2018-05-18 18:37:33 +01:00
Teddy Reed
201dd6d940 packs: Fix blacklist option bool assumption (#4400) 2018-05-18 11:58:59 +01:00
Teddy Reed
b4c7abb2b8
http_client: Always close socket on exception (#4399) 2018-05-17 23:26:25 -04:00
Seshu Pasam
b49feec0d3 aws: Deal with missing uuid file on C5/M5 instances. (#4397) 2018-05-17 22:33:34 -04:00
Allan Liu
1c38b7626d tables: add link_speed column to interface_details for linux (#4320) 2018-05-17 14:35:20 -07:00
Allan Liu
a110c291fa tables: Virtual table implemention for memory devices from SMBIOS (#4138) 2018-05-17 17:33:35 -04:00
Steve Brito
c52276879a tables: adding bios_info table for Windows. (#4118) 2018-05-17 13:49:33 -07:00
Ngo The Trung
b748386ddb mac: add 'state' to process_open_sockets (#4253) 2018-05-15 11:28:42 +01:00
Nick Anderson
a338c86170
tables: adding user_groups table for Windows (#4217) 2018-05-14 16:48:16 -07:00
Giorgi Guliashvili
58969a1df7 Removed startup_items from linux platform. (#4373) 2018-05-14 23:50:28 +01:00
Teddy Reed
6e9f55d15d
llvm 6.0 and libFuzzer implementation (#4370) 2018-05-12 21:56:00 -04:00
Jonathan Keljo
1ea714a325 Plumb used columns into QueryContext; use that to make processes table more efficient on macOS (#4269) 2018-05-12 09:07:57 -07:00
James Jerger
a5df5acc01 Refactor tables to bail out early on error. Add encryption method to bitlocker_info. (#4337) 2018-05-11 22:57:16 -07:00
Nick Anderson
e50a38490b
bug: wait for service thread to finish before exiting with SCM (#4386) 2018-05-11 14:30:16 -07:00
Filipe Manco
74cee943f3
Handle placeholder hardware UUIDs (#4374) 2018-05-11 21:35:33 +01:00
Alexander
bfb6c13674 Add const qualifier to some Config methods (#4383) 2018-05-11 09:36:48 +01:00
Andrew Guthrie
a6064cf247 NPM Packages Table on Linux (#4315) 2018-05-10 19:11:30 -07:00
Steve Brito
8c22b59538 Add manufaturer and service to interface_details table for Windows (#4376) 2018-05-09 18:07:07 -07:00
Alexander
1a48150be0 Pass name of query to lambda in Config::scheduledQueries by value (#4367) 2018-05-09 14:56:19 +01:00
Nick Anderson
4125297158
tables: adds a Powershell events table to Windows (#4351) 2018-05-07 10:26:43 -07:00
Rich5
aea381e147 Correct process uid for user name mapping and added is_elevated_token column (#4369) 2018-05-06 20:14:59 -07:00
Jonathan Keljo
45b0286c4f [darwin] Fix a variety of small bugs in system_controls (#4328) 2018-05-06 20:59:03 -04:00
Mitchell Grenier
192ccaeaed
New ATC Tables (#4271) 2018-05-04 13:54:14 -07:00
Jonathan Keljo
4ed6a22a4b Fix an old regression in processes table on macOS (#4254) 2018-05-04 18:18:59 +01:00
Mitchell Grenier
30a10db1a3
macOS usb_devices slight code adjustment (#4365) 2018-05-03 14:33:46 -07:00
barn-stripe
2e72f9f20a Fix USB class/subclass IDs on darwin (#4363) 2018-05-03 21:56:04 +01:00
Nick Anderson
81751e5526
bug: do not block hashing file read on posix (#4356) 2018-05-03 10:38:06 -07:00
Nick Anderson
d10dbb3caa
tables: updating confusing info messages for interface details table (#4215) 2018-05-03 10:34:33 -07:00
Soukaina NAIT HMID
2ac7dc6b64 recover interface flags (#4303) 2018-05-03 18:14:36 +01:00
Filipe Manco
446ae4c366
Add namespaces to processes table on linux (#4263) 2018-05-03 18:12:53 +01:00
Mitchell Grenier
5bd021a84f
Cups Jobs and Cups Destinations (#4278) 2018-05-02 15:03:17 -07:00
Mitchell Grenier
8d16ae3887
Add an mdfind table to macOS (#4313) 2018-05-02 10:58:12 -07:00
Nick Anderson
6eb695bf9b
service: add full path for service binary (#4316) 2018-05-01 20:47:22 -07:00
Teddy Reed
f5abb45919
Fast code audit for flags and dispatcher (#4355) 2018-05-01 22:47:01 -04:00
Teddy Reed
eb4460dc8e
Use shadow-all instead of shadow for more GCC parity (#4353) 2018-05-01 22:17:53 -04:00
Filipe Manco
161653b2b4 Make options parser ignore invalid options (#4345) 2018-05-01 21:55:33 -04:00
Teddy Reed
e34a558e7b
Separate general hashing methods from table implementation (#4350) 2018-05-01 21:54:23 -04:00
Teddy Reed
97dae5a56e
sync: Fix sync to handle new fbthrift refactor (#4349) 2018-05-01 19:04:46 -04:00
Nick Anderson
8158f090f8
style: fixing WEL parsing ternary (#4346) 2018-05-01 12:28:30 -07:00
Jonathan Keljo
7a7c43dbe2 Enable query planner to understand CAST statements (#4326) 2018-05-01 12:24:10 -07:00
Teddy Reed
349f401161
Move singleton accessors into implementations (#4347) 2018-05-01 14:56:51 -04:00
Zac Brown
e1534bb3c8 bug: Fix parsing of EventData block for Windows Events. (#4321) 2018-05-01 10:37:58 -07:00
Filipe Manco
d706f6b52d Fix init when using fbthrift (and folly) (#4343) 2018-05-01 13:27:55 -04:00
Teddy Reed
7919791637
fbthrift: Second set of Apache and FbThrift refactors (#4312) 2018-05-01 13:26:10 -04:00
Mitchell Grenier
c646139e97
Fix a unicode parsing error (#4310) 2018-04-25 15:12:01 -07:00
Yuan Lei
8c9900008d
bug: fix fail to read yum sources (#4284) (#4327) 2018-04-25 12:12:08 -07:00
Nick Anderson
6ba14264e7
bug: fix handle leaks in Windows process functions (#4323) 2018-04-24 14:48:51 -07:00
Mitchell Grenier
592f7d9fa8 bug: convert empty ptree json to empty RJ lists for db upgrades (#4325) 2018-04-24 13:39:22 -07:00
Mitchell Grenier
44c0b03702
Fix a memory leak in the sip_config table (#4305) 2018-04-20 13:52:24 -07:00
Nick Anderson
305108155a
bug: handle windows service shutdowns gracefully (#4286) 2018-04-18 07:51:04 -07:00
Gabi Purcaru
0d1425266a Added certificate serial number column (#4290) 2018-04-18 07:30:12 -07:00
Filipe Manco
1c397f2d88 Filter by gid on Linux groups table (#4288) 2018-04-18 07:28:47 -07:00
Nick Anderson
2017068f11
database: updating migration logic from ptree to rapidjson (#4294) 2018-04-17 10:55:58 -07:00
Jonathan Keljo
1d07098d29 [darwin][processes] Show kernel_task (#4268) 2018-04-17 08:28:16 -07:00
Mitchell Grenier
360f58887c
Fix macOS build on Xcode 9.3 (#4291) 2018-04-16 12:21:33 -07:00
Filipe Manco
921da9e339
Make RegistryInterface thread-safe (#4276) 2018-04-16 16:00:28 +01:00
Teddy Reed
4f531b9a7c
config: Parser keys should be objects or arrays (#4281) 2018-04-13 10:10:53 -04:00
Mitchell Grenier
ccc6e54999
Remove BOOST_FOREACH from docker.cpp (#4279) 2018-04-12 12:36:09 -07:00
Ngo The Trung
d27787e84f tables: Use more specific release files on os_version (#4256) 2018-04-10 10:01:42 +01:00
Alexander Akulov
8312887744 fix incorrect uptime on windows (#4240) 2018-04-05 08:02:04 -07:00
Ngo The Trung
f1a630735e tables: Add yum_sources table (#4213) 2018-04-05 13:27:59 +01:00
Mitchell Grenier
21cae039eb bug: Fix acceleration code to use RapidJSON properly (#4236) 2018-04-02 10:21:22 -07:00
James Jerger
3abadc77d7 tables: Add video_info table to collect video card information (#4226) 2018-03-30 21:35:11 -07:00
Jonathan Keljo
b1babab8d2 Use safeStrtoll instead of strtol (#4211) 2018-03-30 13:59:27 -07:00
Filipe Manco
9797276fc8
Properly filter process_open_sockets when pid=-1 (#4234) 2018-03-30 00:15:44 +01:00
Ngo The Trung
a56588819b tests: Fix compression test failing for Sierra #4139 (#4216) 2018-03-29 20:19:01 +01:00
Filipe Manco
00f3be5535
Fix performance regression on process_open_sockets (#4225) 2018-03-29 19:40:43 +01:00
Filipe Manco
567b0e2abc
Don't bail out when querying one namespace fails (#4229) 2018-03-29 19:39:30 +01:00
Nick Anderson
8b186b01ad bug: Windows crashes table crashes parsing stack traces (#4222) 2018-03-29 19:31:32 +01:00
Seshu Pasam
e45ddd98ce kafka: Support for kafka compression.codec (#4181) 2018-03-21 11:53:13 -07:00
James Jerger
ab26abb2d6 tables: Add windows disk_info table (#4177) 2018-03-21 11:42:44 -07:00
Jonathan Keljo
bf707ef4a9 mac/linux: add disk I/O columns to processes table (#4204) 2018-03-21 09:46:26 -07:00
Nick Anderson
9e2515a661
database: convert cached ptree entires to RapidJSON results (#4207) 2018-03-21 09:39:50 -07:00
Nick Anderson
2cf2601f77
perf: refactoring drivers table for performance (#4195) 2018-03-20 17:06:36 -07:00
Teddy Reed
2d67bbf482
thrift: Breakout thrift and fbthrift into implementations (#4130) 2018-03-20 15:20:51 -04:00
ryandeivert
06117da0f1 aws_log_forwarder: incrementing index for batches of records that could not be sent (#4188) 2018-03-09 13:28:14 -08:00
packetzero
525f869325 fix minor leak in darwin disk_encryption generate (#4125) 2018-03-09 12:56:18 -08:00
Mitchell Grenier
873fc4124c
Add status back instead of query data again (#4182) 2018-03-09 12:02:53 -08:00
Mitchell Grenier
f34df53ecb
Remove all table autoreleasepools (#4148) 2018-03-09 12:02:42 -08:00
Seshu Pasam
de6efc096d docker: Deal with HTTP/1.1 response. (#4180) 2018-03-09 12:01:26 -08:00
Jason Meller
dab7d67b86 Add account_policy_data virtual table for macOS (#4165) 2018-03-09 09:02:47 -08:00
Jesse Luehrs
ca2e33b3ad look up the external plugin by the correct name (#4169) 2018-03-06 20:13:49 -08:00
Teddy Reed
999034367a
freebsd: Update CMake for thrift 11 and boost 1.66 (#4166) 2018-03-05 09:13:05 -05:00
James Jerger
2fdc935840 Update confusing variable name and allow multiple row return in bitlocker_info.cpp (#4146) 2018-03-04 19:23:26 -08:00
Cem Gürkök
1e432dcd4c adding fields to docker_containers table (#4167) 
* adding fields to docker_containers table

* adding more fields: path, entrypoint

* addressing comments by obelisk

* pid to int and osquery::join use
 2018-03-02 10:20:59 -08:00
Cem Gürkök
769059fda7 enable docker_container_processes for OS X (#4163) 2018-02-28 19:21:29 -08:00
Filipe Manco
1bbdff8c7a
Replace ptree with JSON on serialization code (#4128) 2018-03-01 00:36:24 +00:00
Mitchell Grenier
dad25b89a9
Adding symlink loop detection to globbing (#4129) 2018-02-22 11:57:46 -08:00
Teddy Reed
9f08f0b957
logger: Add check to prevent C++ extensions from using glog (#4147) 2018-02-22 11:53:52 -08:00
Teddy Reed
65a85799f5
extensions: Allow option accesses in extensions (#4142) 2018-02-21 17:52:35 -08:00
Alessandro Gario
abfcaf0d0e List all sockets (host and containers) in process_open_sockets (#4024) 2018-02-22 00:36:51 +00:00
Nick Anderson
57e8e123a1
[fix #4140] Removing WEL logger plugin from systemLog due to duplicate linkage (#4143) 2018-02-20 21:30:54 -08:00
Mitchell Grenier
94b48ea87f
Fix JSON output from --json (#4134) 2018-02-16 15:41:44 -08:00
Nick Anderson
f89392bdb4
extensions: adding autoloading python extensions for Windows (#4096) 2018-02-16 13:56:38 -08:00
Mitchell Grenier
21049a26d2
Fix issue [#4123] MSVC Permissive Error (#4131) 2018-02-16 12:57:47 -08:00
uptycs-nishant
c475fe880b TLS session reuse support (#3948) 2018-02-11 01:48:24 -08:00
Mitchell Grenier
3f7dda4475 Fix RapidJSON error asserting in configuration (#4086) 2018-02-11 01:16:38 -08:00
Teddy Reed
6f20eced93
thrift: Optionally build and link with fbthrift (#4105) 2018-02-10 23:37:15 -08:00
packetzero
d058e19345 darwin: Separate IOKit routines from IOKit event support (#4087) 2018-02-09 17:07:53 +00:00
James Jerger
6c3e90e170 Add bitlocker_info to Windows (#4113) 2018-02-09 17:06:32 +00:00
Javier Marcos
ef7130b49f bug: Fix for sslv3 handshake failure in the file carver (#4109) 2018-02-07 12:24:57 -08:00
Nick Anderson
7d7ed9de61
tests: removing username test in favor of status check (#4090) 2018-02-07 10:41:37 -08:00
Filipe Manco
766634aa83
Add parent PID on process_events from openbsm (#4091) 
* openbsm_events: Fix using wrong union element

* darwin: use macros to identify audit events

* darwin: Add parent info to proc events [1/3]

Rename subscriber class to a more generic name in preparation to make it
handling multiple process related events.

* darwin: Add parent info to proc events [2/3]

Refactor exec event handling into its own function in preparation to
make it handling multiple process related events.

* darwin: Add parent info to proc events [3/3]

Capture fork events to construct a map of parent child relationships. On
a exec look at the map to get the parent information. Use exit events to
garbage collect the map.
 2018-01-31 15:20:43 +00:00
Teddy Reed
3decac948e
tables: Remove ptree from table plugins (#4075) 2018-01-21 05:11:42 -05:00
Teddy Reed
967910c6bf
deps: Use librpm 4.14.1 without beecrypt (#4073) 2018-01-21 01:56:11 -05:00
Teddy Reed
483fbbb594
query: Force query results into proper order (#2947) 2018-01-21 01:20:48 -05:00
Teddy Reed
90a737ead7
Replace most of boost::property_tree with rapidjson (#3910) 2018-01-20 20:58:01 -05:00
Teddy Reed
fad4a748c0
tables: Add cpu_microcode to system_info (#4028) 2018-01-20 20:24:09 -05:00
Alessandro Gario
44e03bada9 process_file_events: Add fields euid and egid and cleanup logs 2018-01-15 20:19:05 -08:00
Alessandro Gario
02caa95774 audit: Rename audit_fim_events to process_file_events 2018-01-15 20:12:58 -08:00
Alessandro Gario
4a478f1ea1 audit: Ignore operations on PF_NETLINK sockets 2018-01-15 20:10:50 -08:00
Alessandro Gario
8829c9f0de audit: Improve responsiveness when terminating and set name 2018-01-15 20:06:52 -08:00
Alessandro Gario
d72779c784 Update column names, add switch to clear Audit config on startup (#3611) 2018-01-15 20:02:27 -08:00
Alessandro Gario
9c0bd4abfb audit-based file integrity monitoring (#3492) 2018-01-15 19:57:50 -08:00
Teddy Reed
e8c0601ffe
tables: Parse interface flags from sysfs on Linux (#4063) 2018-01-15 00:05:08 -05:00
Teddy Reed
3591d221e8
tables: Add pcid to cpuid table (#4061) 2018-01-14 22:24:30 -05:00
Teddy Reed
193de0c818
deps: Improve native (non-deps) builds (#4060) 2018-01-14 20:14:40 -05:00
Teddy Reed
82235e3c13
deps: Build linenoise locally (third-party) (#4058) 2018-01-14 16:31:41 -05:00
Teddy Reed
8272c028dd
macOS: Link with no-weak-imports (#4056) 2018-01-12 20:34:45 -05:00
exFill
979330efbb Fix on_disk detection for Linux (#4047) 2018-01-12 10:26:01 -05:00
Teddy Reed
b8a25429a5
tables: Remove apt-pkg linking on Linux (#4049) 2018-01-12 10:25:25 -05:00
Mitchell Grenier
fa8d267ad8 Fix a crash in the extended_attributes table (#4051) 2018-01-12 10:24:45 -05:00
Nick Anderson
d73222326f
tables: updating row description for kva_speculative_info (#4044) 2018-01-09 11:43:19 -08:00
Teddy Reed
5777efffb4
deps: Add SKIP_DEPS control to CMake (#4036) 2018-01-07 14:32:24 -08:00
Teddy Reed
de19f0b6c2
tables: Replace apt_sources with crude string parsing (#4034) 2018-01-07 00:26:27 -08:00
Teddy Reed
00040c6c1a
feature: URI parsing from folly (#4035) 2018-01-06 20:26:36 -08:00
Nick Anderson
85133d8ad0
tables: adding windows table for KVA and speculative exec info (#4027) 2018-01-05 10:53:02 -08:00
Teddy Reed
c4c5385253
deps: Rebuild all dependencies for Darwin and Linux (v5) (#4025) 2018-01-04 23:05:21 -08:00
Dave Kukfa
6ddbdc0fea tables: Implemented Windows crashes table (#3696) 2017-12-28 21:09:10 -08:00
Teddy Reed
ec4cad5604
tables: Fix Bookmark and Alias path extraction (#4022) 2017-12-28 14:40:23 -08:00
uptycs-nishant
1acc7b91ef Reducing memory footprint of osquery by achieving zero-copy (#3977) 2017-12-27 19:43:20 -08:00
Teddy Reed
b86b8c0ba3
rocksdb: Decrease max open database files to 128 from 256 (#4021) 2017-12-27 14:40:42 -08:00
Teddy Reed
5efb0bd09a
Set minimum NOFILE limit to 1024 (#4020) 2017-12-27 14:12:51 -08:00
Teddy Reed
776846a737
deps: Use beast v124 APIs (#4016) 2017-12-23 15:22:28 -08:00
Teddy Reed
56f9072cb6
deps: Build for thrift 0.11.0 (#4013) 2017-12-23 13:39:13 -08:00
Teddy Reed
f6d077cbf7
license: Change license to Apache 2.0 and GPLv2 (#4007) 2017-12-18 16:04:06 -08:00
Teddy Reed
222f40f2d3
hash: Use the hash-cache by default and document flags (#4006) 2017-12-18 12:20:57 -08:00
Teddy Reed
e71390ca82
config: Allow scheduled queries to set blacklist=false (#4005) 2017-12-18 08:42:00 -08:00
Teddy Reed
33ab8b6e5d
config: Inspect blacklisted queries (#4004) 2017-12-17 19:25:42 -08:00
Teddy Reed
a6998b7518
extensions: watchdog: Opt-in to monitor extension performance (#4003) 2017-12-17 16:33:20 -08:00
Teddy Reed
f7be9fae71
ux: The ephemeral flag should disable the database (#4002) 2017-12-17 11:02:39 -08:00
Teddy Reed
70a214b8a6
logger: Remove invalid assumptions about status logging (#4001) 2017-12-17 09:44:15 -08:00
Teddy Reed
2c8813a150
logger: wel: codemod the generated WEL header into plugins (#4000) 2017-12-16 21:57:35 -08:00
Alessandro Gario
e859276739 logging: Adds Windows Event Log support (#3887) 2017-12-12 14:15:38 -08:00
Nick Anderson
1dd6e1e693
ux: adding verbosity if osquery fails to read system uuid (#3989) 2017-12-08 08:17:40 -08:00
D Lohachov
3e83bfbe4a Persistent hashing of `hash' virtual table (#3814) 2017-12-06 08:35:07 -08:00
Nick Anderson
6d576e93d8
events: removing newline from windows event log lines (#3985) 2017-12-05 10:42:48 -08:00
uptycs-nishant
473920d601 Removing cpp-netlib name references (#3978) 2017-11-30 11:08:48 -08:00
Seshu Pasam
1c141995a3 Kafka SSL support (#3921) 2017-11-30 09:13:46 -08:00
Teddy Reed
13dfd0148c
audit: Force include and source files to be 100644 (#3971) 2017-11-30 02:01:04 -08:00
Nick Anderson
1097827ca2
daemon: set service status to SERVICE_STOPPED on exit (#3973) 2017-11-29 21:12:49 -08:00
Reed Loden
6b6723110f tables: Add linux shadow table (#3902) 2017-11-28 00:51:44 -08:00
Teddy Reed
03984bc9a9
watcher: Use min for delay max and delay current (#3969) 2017-11-28 00:50:18 -08:00
Mike Myers
b79c0e2621 Local Groups table for Windows (#3855) 2017-11-27 23:51:47 -08:00
Omer Katz
595fd11284 tables: augeas: Remove trailing slash from /files prefix (#3967) 2017-11-27 11:38:02 -08:00
Nick Anderson
6068d61068
tables: adding intel_me_info virtual table on Windows (#3960) 2017-11-27 11:26:08 -08:00
Teddy Reed
ee17e7e6f0
extensions: Fix path quotes on Windows (#3965) 2017-11-27 07:17:43 -08:00
Teddy Reed
bfb4061f39
remote: Remove legacy OpenSSL SSL symbol defines (#3961) 2017-11-27 00:29:57 -08:00
Omer Katz
6aa2648472 Augeas table performance imporvements (#3911) 2017-11-26 20:29:27 -08:00
Mitchell Grenier
7c95e98551
Fix Ryzen Core Count (#3432) 2017-11-22 20:33:09 -08:00
uptycs-nishant
9d46d9cb5f http_client: Fix for issue-3953 (#3958) 2017-11-22 16:26:54 -08:00
Teddy Reed
1cedf8d573
tables: Add basic Intel ME table returning version (#3956) 2017-11-22 00:39:18 -08:00
Mitchell Grenier
a73233263b Renaming the key_events table to user_interaction_events and adding mouse down (#3951) 2017-11-21 23:43:52 -08:00
Nick Anderson
1239c8ccc5
tables: expanding windows programs table to encompass apps without GUID (#3945) 2017-11-20 08:21:21 -08:00
Nick Anderson
3d7f7cf037
tables: adding type column to users table to differentiate local users (#3946) 2017-11-20 08:21:06 -08:00
Nick Anderson
cb401f9ded
tables: adding certificate store to the cert path for Windows table (#3947) 2017-11-20 08:20:52 -08:00
Teddy Reed
3ad5267642
[Fix #3941] Stop renaming worker and extension argv[0] (#3943) 2017-11-20 07:24:55 -08:00
Teddy Reed
80cebc8318
extensions: Add 5min timeouts for read and send client calls (#3847) 2017-11-20 07:23:41 -08:00
Teddy Reed
120c0ee62e
Stop latent autoloaded extensions and apply an initial delay (#3944) 2017-11-19 18:56:42 -08:00
Teddy Reed
523ad777a8
[Fix #3931] Remove removed results correctly (#3938) 2017-11-18 15:21:11 -08:00
Michal Sekletar
66977bf116 Print correct address family id for AF_UNIX sockets (#3909) 2017-11-11 13:26:39 -08:00
Mitchell Grenier
c3a2171ebc Tighten up the event tapping code (#3917) 2017-11-09 13:21:22 -08:00
Babatunde Micheal Okutubo
9fd2be038c Virtual table: Iptables port feature #3621 (#3897) 2017-11-08 18:02:44 -08:00
Mitchell Grenier
beca5e68e9 Require root permissions to start the event tapping framework (#3849) 2017-11-01 07:31:50 -07:00
Teddy Reed
5245f7bcf3
tables: Refactor ssl_cert into curl_certificate (#3903) 2017-11-01 07:30:22 -07:00
Teddy Reed
8597db5f11
tables: Move the curl table to all platforms (#3904) 2017-10-31 23:44:46 -07:00
uptycs-nishant
bd28a4598e Conditionally adding port along with host name as host header value (#3899) 2017-10-31 21:00:51 -07:00
Nick Anderson
573cf5fc11
tables: porting the ssl cert to Windows (#3894) 2017-10-30 22:46:45 -07:00
Nick Anderson
b1355c4441
tables: Adding a Named Pipes table for Windows (#3893) 2017-10-30 22:46:28 -07:00
andy152
0af1a6606c tables: Added macOS firewall applications to the alf_exceptions tables (#3884) 2017-10-30 22:38:09 -07:00
Teddy Reed
a7c2669ba3
tidy: Improve clang-tidy (modernize) list of checks and run across codebase (#3870) 2017-10-29 22:25:49 -07:00
uptycs-nishant
efe32b45d5 Fix for issue-3853: using higher precision arithmetic (#3892) 2017-10-29 22:18:51 -07:00
Babatunde Micheal Okutubo
ff1ae545e8 tables: SSL cert table for posix #3811 (#3839) 2017-10-28 13:28:17 -07:00
Tom de Vries
fe98652348 documentation: Fix typos (#3886) 2017-10-26 08:25:44 -07:00
Alessandro Gario
58fa4a6899 Verbose logging when spawning services (#3689) 2017-10-24 19:55:05 -07:00
Teddy Reed
4aa3db30ca [Fix #3859] Lock every access to SQLiteDBInstance::db (#3883) 2017-10-24 11:40:26 -07:00
Javier Marcos
f256c3a75c Pointing tables/schema documentation to new locations (#3878) 2017-10-24 11:40:09 -07:00
Teddy Reed
9b3d02ff2f remote: Various refactors for the http_client (#3882) 2017-10-24 10:08:42 -07:00
uptycs-nishant
d8b700ab74 Implementing http_client based on boost.beast and adding proxy support to tls logger (#3623) 2017-10-22 22:00:29 -07:00
Nick Anderson
45bafdbe51 tables: adding windows physical disk perfmon table (#3865) 2017-10-22 13:56:54 -07:00
Teddy Reed
aa7f7dee68 logger: Port status serialization to rapidjson (#3742) 2017-10-21 19:25:40 -07:00
Teddy Reed
979cd4e5d1 [Fix #3831] Apply per-DB instance attach locking (#3862) 2017-10-21 11:19:57 -07:00
Samuel Keeley
58af0b7477 Add version to usb_devices table (#3840) 2017-10-17 07:59:56 -07:00