Giorgi Guliashvili
561fda3aa0
config backup ( #4935 )
2018-08-20 14:24:24 +01:00
Giorgi Guliashvili
4b7e211965
pauseMili to pause transform ( #4796 )
2018-08-02 16:57:02 +01:00
iBigQ
0bce73c846
Parse structured options as string ( #4567 )
...
* Parse structured options as string
* Added option parsing test
* fix option json test
* fix formating
2018-06-19 17:11:51 +01:00
Alexander
a4ca8b1048
Rid off the shared_ptr using from config schedule ( #4423 )
...
there is no reason to share this objects
2018-06-04 10:34:32 +01:00
Max Kareta
6edecaf67c
reorganized includes to improve compile time 2 ( #4446 )
2018-05-30 11:44:18 +01:00
Max Kareta
5aca61375f
reorganized includes to improve compile time ( #4445 )
2018-05-30 00:17:40 +01:00
Alexander
8de02701f2
Apply const qualifier for Config::packs(...) method ( #4387 )
2018-05-18 18:37:33 +01:00
Alexander
bfb6c13674
Add const qualifier to some Config methods ( #4383 )
2018-05-11 09:36:48 +01:00
Alexander
1a48150be0
Pass name of query to lambda in Config::scheduledQueries by value ( #4367 )
2018-05-09 14:56:19 +01:00
Teddy Reed
349f401161
Move singleton accessors into implementations ( #4347 )
2018-05-01 14:56:51 -04:00
Teddy Reed
4f531b9a7c
config: Parser keys should be objects or arrays ( #4281 )
2018-04-13 10:10:53 -04:00
Teddy Reed
90a737ead7
Replace most of boost::property_tree with rapidjson ( #3910 )
2018-01-20 20:58:01 -05:00
Teddy Reed
f6d077cbf7
license: Change license to Apache 2.0 and GPLv2 ( #4007 )
2017-12-18 16:04:06 -08:00
Teddy Reed
e71390ca82
config: Allow scheduled queries to set blacklist=false ( #4005 )
2017-12-18 08:42:00 -08:00
Teddy Reed
33ab8b6e5d
config: Inspect blacklisted queries ( #4004 )
2017-12-17 19:25:42 -08:00
Teddy Reed
a7c2669ba3
tidy: Improve clang-tidy (modernize) list of checks and run across codebase ( #3870 )
2017-10-29 22:25:49 -07:00
Teddy Reed
cf170c4278
cleanup: Move query out of database header ( #3576 )
2017-08-20 02:44:38 -07:00
Teddy Reed
57f04c4c49
General code cleanup for the config ( #3467 )
2017-07-17 11:38:21 -07:00
Teddy Reed
f8f5718297
watcher: Do not initialize the config in watcher ( #3403 )
2017-06-13 17:26:34 -07:00
Teddy Reed
eb4536dceb
config: Only reconfigure if content changes ( #3356 )
2017-05-30 19:22:41 -07:00
Teddy Reed
49ed383017
config: Unify the config refresh logic ( #3351 )
2017-05-29 14:09:44 -07:00
Teddy Reed
b38a62be8b
config: Rename getInstance to get for consistency ( #3350 )
2017-05-28 23:04:53 -07:00
Teddy Reed
775a4cdcce
flags: Allow custom flags in configuration ( #3301 )
2017-05-25 21:29:31 -07:00
Mitchell Grenier
fe1418f240
Adding a config block to create views ( #3306 )
2017-05-24 21:03:15 -07:00
Seshu Pasam
4cfb31452c
Docker support ( #3241 )
2017-05-05 09:53:12 -07:00
Santosh Ananthakrishnan
d3adaedbb1
Allow reloading filesystem config with --config_refresh ( #2967 )
2017-02-26 17:45:06 -08:00
Teddy Reed
0178419085
Add a TLS config plugin test that runs the scheduler ( #2898 )
2017-01-10 19:52:58 -08:00
Teddy Reed
0e9733f94c
Simplify Registry and plugin concepts ( #2887 )
2017-01-07 12:21:35 -08:00
Jonathan Lee
383e07e5be
[ Fix #2734 ] Remove OpenSSL link dependency for osquery core ( #2750 )
2016-12-22 00:37:59 -08:00
Teddy Reed
deed140080
[ #1773 ] Introduce multi-pack configuration syntax ( #2787 )
2016-11-22 09:35:03 -08:00
Teddy Reed
6ead016cbb
[ Fix #2656 ] Refactor events_optimize to act per-query ( #2665 )
2016-11-05 22:03:45 -07:00
Teddy Reed
a3acf2a3e5
Fix Config TLS plugin default verb ( #2708 )
2016-11-02 17:08:44 -07:00
Zachary Wasserman
b71276a1ea
Fix up doxygen docs and require correct docs in CI ( #2280 )
...
This change causes Doxygen to error if there are unrecognized commands, or
undocumented/incorrect parameters in documented functions. It does not require
that every function be fully documented, just that those that are do not have
errors.
Old documentation with problems was fixed to comply.
2016-07-25 12:21:26 -04:00
artemdinaburg
78e1cf7ab4
Transition __attribute__((constructor)) to a more platform independent approach ( #2233 )
2016-07-14 14:19:33 -07:00
Teddy Reed
a98e483ef5
Reset configuration state in relative tests
2016-04-12 13:06:02 -07:00
Teddy Reed
2379493721
Introduce decorator queries
2016-03-29 10:03:50 -07:00
Baraa Hamodi
21c2237eca
[osquery] Update copyright headers to new format.
2016-02-11 11:48:58 -08:00
Teddy Reed
4031e299bb
Cleanup/stabilize file_events-related APIs
2016-02-10 22:50:38 -08:00
Teddy Reed
a2754a01ef
Valid bool in packs for shard/plaform/version checking
2016-02-06 17:54:56 -08:00
Teddy Reed
21b3af199e
Allow packs to add file_path categories
2016-01-08 17:59:19 -08:00
Teddy Reed
9d394065e3
[ #1636 ] Add simple sharding to packs and pack queries
2015-12-10 10:01:53 -08:00
Teddy Reed
309944c586
Configuration triggered publisher reconfiguration
2015-12-08 14:03:35 -08:00
Teddy Reed
12716496aa
[ Fix #1694 ] Expire results for 'old' scheduled queries
2015-12-07 12:23:43 -08:00
Teddy Reed
c020bb87b4
Merge pull request #1705 from theopolis/dump
...
[#1702 ] Add config and database dumping to stdout
2015-12-06 21:41:31 -08:00
Teddy Reed
eeff5d0bf0
[ #1676 ] Clear node key on node_invalid
2015-12-06 14:28:00 -08:00
Teddy Reed
fef53fa0d0
Add config and database dumping to stdout
2015-12-06 11:01:26 -08:00
Teddy Reed
edea3d6edd
[ Fix #1626 ] Add schedule blacklist and protect DBHandle
2015-11-03 20:50:22 -08:00
Teddy Reed
5233d7dcf8
Add start time to osquery_info, remove md5/path
2015-11-02 10:57:01 -08:00
Teddy Reed
b81b6de6ae
This refactors a bit of config/packs and adds a socket_events table to Linux.
...
The refactor of config/packs was initiated because event subscribers needed
a method for toggling `::init` based on some configurable option. In the case
of auditd, turning on the support with `--disable_audit=false` used to start
auditing the EXECVE syscall. It was understandable that this would cause
latency based on the number of processes executing per measure of time.
A new `socket_events` table will do the same but for `bind` and `connect`. These
are less-obvious and for now, require a scan of /proc for socket tuples. In the
future this file descriptor to socket tuple will be faster.
2015-10-27 15:13:02 -07:00
Mike Arpaia
65df593d33
[ fix #1536 ] Schedule iteration pass-by-reference
...
There was a bug in the `osquery::Schedule` container object such that,
when the iteration through the schedule occured, pack objects were being
passed by value (copied) instead of passed by reference. Thus, the
discovery query would be executed, the object's cache would be updated,
and then the object would go out of scope and be destructed, thus
leaving the original object without ever having ran the discovery query.
This caused discovery queries to thrash. Bad times.
I added a new test so that we don't regress here as well as const'd a
few functions that should have been const in `osquery::Pack`.
2015-09-30 15:41:43 -07:00