valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 09:58:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,635 Commits 2 Branches 109 Tags 25 MiB
d75e6cda72
Commit Graph

5635 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Teddy Reed
d75e6cda72
carver: Update carves specs to allow full scan (#6657) 2020-09-21 19:29:44 -04:00
Teddy Reed
775830270e
carver: Update table to use JSON (#6656) 2020-09-21 19:29:19 -04:00
Teddy Reed
5b8f20bfce
refactor: Move ephemeral database plugin into core and simplify tests (#6648) 2020-09-21 18:25:08 -04:00
Teddy Reed
0ed8b1b581
Fix image column within drivers table on Windows (#6652) 2020-09-18 22:12:58 -04:00
Teddy Reed
6a34c9527e
tests: Improve flaky python test handling (#6654) 2020-09-18 22:12:21 -04:00
seph
d0465b1af3
Add atom_packages table to windows (#6649) 2020-09-18 16:06:01 -04:00
Teddy Reed
f4555ac0d1
Improve performance and accuracy of Windows registry querying (#6647) 2020-09-14 11:59:47 -04:00
Teddy Reed
71524093f2
systemd: Limit osqueryd CPU usage to 20% (#6644) 2020-09-14 11:59:28 -04:00
Steve Brito
62d9a0c1fa
Fix BIOS Info table searching (#5246) 2020-09-13 10:53:07 -04:00
Teddy Reed
87f6832cdc
tests: Restore test_osqueryi (#6631) 2020-09-13 10:52:24 -04:00
puffyCid
bd545631ed
Support for Office MRU (most recently used) entries (#6587) 2020-09-13 10:51:51 -04:00
Teddy Reed
5c71654dcf
Add 4.5.0 CHANGELOG (#6646) 2020-09-12 19:17:50 -04:00
kumarak
69bcf70b8c
Add sigurl column to pass yara signatures with the queries (#6607) 2020-09-11 15:14:01 -04:00
Gavin
5f48f93517
Update process auditing docs schema link (#6645) 2020-09-11 15:12:48 -04:00
puffyCid
10b0635bc2
Support for Background Activity Moderator (#6585) 2020-09-10 22:20:34 -04:00
Teddy Reed
d7d6c56473
database: Remove read only concept (#6637) 2020-09-10 19:58:38 -04:00
kumarak
51d3833508
Parsing of user data in Windows event log (#6643) 2020-09-10 19:57:53 -04:00
Teddy Reed
c32953e139
events: Remove selectAllFrom from linux process events callback (#6638) 2020-09-08 16:16:22 -04:00
Teddy Reed
4f9ab34581
libs: Set glog and gflags includes as SYSTEM (#6635) 2020-09-08 16:15:44 -04:00
Teddy Reed
aae2b809ad
tests: Fix flaky test_2_daemon_with_option (#6634) 2020-09-07 08:40:08 -04:00
Teddy Reed
3759430a87
tests: Improve the reliability of TLSServerRunner (#6632) 2020-09-07 08:38:55 -04:00
Teddy Reed
26b53c5b48
database: Move initialization retry logic into DB API (#6633) 2020-09-07 08:38:14 -04:00
Artemis Tosini
ea70cde29d libs/smartmontools: Add aarch64 support 
Co-Authored-By: Benjamin Herrenschmidt <benh@kernel.crashing.org>
 2020-09-05 16:50:28 -04:00
Artemis Tosini
7eabe51bae libs/lzma: Add aarch64 support 
Co-Authored-By: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Co-Authored-By: Alessandro Gario <alessandro.gario@gmail.com>
 2020-09-05 16:50:28 -04:00
Artemis Tosini
4ea5db73a6 libs/lldpd: Add aarch64 support 
Co-Authored-By: Benjamin Herrenschmidt <benh@kernel.crashing.org>
 2020-09-05 16:50:28 -04:00
Artemis Tosini
41f58c1e3d libs/librdkafka: Add aarch64 support 
Co-Authored-By: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Co-Authored-By: Alessandro Gario <alessandro.gario@gmail.com>
 2020-09-05 16:50:28 -04:00
Artemis Tosini
028810ed05 libs/libgpg-error: Add aarch64 support 
Co-Authored-By: Benjamin Herrenschmidt <benh@kernel.crashing.org>
 2020-09-05 16:50:28 -04:00
Artemis Tosini
96000c74a0 libs/libgcrypt: Add aarch64 support 
Co-Authored-By: Benjamin Herrenschmidt <benh@kernel.crashing.org>
 2020-09-05 16:50:28 -04:00
Artemis Tosini
79eed8b059 libs/libdpkg: Add aarch64 support 
Co-Authored-By: Benjamin Herrenschmidt <benh@kernel.crashing.org>
 2020-09-05 16:50:28 -04:00
Artemis Tosini
89ca3f9b09 libs/libaudit: Add aarch64 support 
Co-Authored-By: Benjamin Herrenschmidt <benh@kernel.crashing.org>
 2020-09-05 16:50:28 -04:00
Artemis Tosini
5b84482b6f libs/boost: Add aarch64 support 
Co-Authored-By: Benjamin Herrenschmidt <benh@kernel.crashing.org>
 2020-09-05 16:50:28 -04:00
Artemis Tosini
a417b0845f libs/berkeley-db: Add aarch64 support 
Co-Authored-By: Benjamin Herrenschmidt <benh@kernel.crashing.org>
 2020-09-05 16:50:28 -04:00
Artemis Tosini
48926e1d07 libs/aws-sdk-cpp: Add aarch64 support 
Co-Authored-By: Benjamin Herrenschmidt <benh@kernel.crashing.org>
 2020-09-05 16:50:28 -04:00
Artemis Tosini
51a123fa2f libs/openssl: Add aarch64 support 
Co-Authored-By: Benjamin Herrenschmidt <benh@kernel.crashing.org>
 2020-09-05 16:50:28 -04:00
Artemis Tosini
a5492c55da Make cpuid table x86_only 
The instruction doesn't exist on other processors, and while there
might be ways to retrieve the equivalent information, none directly
matches the x86 "cpuid". This takes out the table completely on
non-x86_64 architectures.

Co-Authored-By: Benjamin Herrenschmidt <benh@kernel.crashing.org>
 2020-09-05 16:50:28 -04:00
Artemis Tosini
e324f5bc0e linux: Define __NR_perf_event_open for aarch64 
Co-Authored-By: Benjamin Herrenschmidt <benh@kernel.crashing.org>
 2020-09-05 16:50:28 -04:00
Artemis Tosini
d12b7931f5 linux: Conditionally build x86_64-only syscalls 
Some syscalls are deprecated on newer architectures, for example
fork and vfork are all variants of clone now; symlink, unlink, rename
etc... at variants of the *at() versions, dup2 of dup3, etc...

Note about the test events: Because the events are synthetic, we
only really test the parser, as such it doesn't matter if aarch64
doesn't use a snapshot of a real event. To keep things simple we
only replace the arch and syscall fields.

Co-Authored-By: Benjamin Herrenschmidt <benh@kernel.crashing.org>
 2020-09-05 16:50:28 -04:00
Artemis Tosini
7af153bd1b cmake: Use TARGET_PROCESSOR to set Linux .tgz name suffix 
Instead of hard-wiring "x86_64"

Co-Authored-By: Benjamin Herrenschmidt <benh@kernel.crashing.org>
 2020-09-05 16:50:28 -04:00
Artemis Tosini
588f06b177 cmake: Add TARGET_PROCESSOR 
Currently recognizes AMD64 and x86_64 for x86 and aarch64 for ARM.

Co-Authored-By: Benjamin Herrenschmidt <benh@kernel.crashing.org>
 2020-09-05 16:50:28 -04:00
Benjamin Herrenschmidt
dfcd537d82 events/linux: Use unistd.h 
We currenty inclulde unistd_64.h which doesn't work on aarch64. Rather
add #ifdef's around it, let's just use unistd.h which should do the
right thing on all architectures.

Additionally remove the duplicate #include's from the .cpp files
 2020-09-05 16:50:28 -04:00
Teddy Reed
e9f9fc5611
Remove prototype database implementations (#6622) 2020-09-05 10:53:49 -04:00
Teddy Reed
fc63cb6e31
bug: Set thread names correctly on macOS and Linux (#6627) 2020-09-05 10:53:35 -04:00
Teddy Reed
cb428e105e
Apply scheduler_timeout correctly (#6618) 2020-09-03 23:56:16 -04:00
Stefano Bonicatti
d0b4e327a2
Fix Windows build removing non existing C11 conformance (#6629) 
thirdparty_librdkafka_c was failing to compile
due to the C11 keyword _Thread_local not being recognized.
 2020-09-03 19:02:00 -04:00
Breakwell
6d57dc8066
Windows 32 bit Support (#6543) 2020-09-01 23:29:26 -04:00
Teddy Reed
bee63a6c06
Add check for character_frequencies size (#6625) 2020-09-01 13:35:33 -04:00
Kelechi Precious Nwachukwu
3060f54392
Improve cpu_type and cpu_subtype descriptions for processes table (#6596) 2020-08-31 22:52:07 -04:00
Teddy Reed
19b91bb2b1
bug: Fix race in removing external TablePlugins (#6623) 2020-08-31 22:49:47 -04:00
Teddy Reed
ef3b5b5af7
bug: Force shell to disable watchdog and logger (#6621) 2020-08-31 22:47:54 -04:00
Teddy Reed
b36678d707
refactor: Rename database APIs to not use DatabasePlugin class (#6620) 2020-08-31 22:45:43 -04:00