valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 09:58:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,944 Commits 2 Branches 109 Tags 25 MiB
e29ad573ef
Commit Graph

58 Commits

Author SHA1 Message Date
Teddy Reed
9c01d4a6e3 Add quicklook_cache to Darwin (#2099) 2016-05-13 23:49:10 -07:00
Nick Anderson
209900d5a8 Adding mobile device crash parsing and 'type' column to Crashes table (#2076) 
This commit adds mobile device crashes to the list of crash logs parsed by the Crashes table as well as adding a lamdba to improve code reuse.  The commit also adds a 'type' column to the table to indicate what kind of log this crash log was.
 2016-05-06 13:14:06 -07:00
Nick Anderson
27fa7001c9 Renamed crash_log table. Small fixes to parsing behavior (#2074) 
Renamed the crash_log table to crashes for future abstraction to other
operating systems. Also fixed how the table was parsing the most recent
stack trace and the registers.  Register values are now all parsed into
one column 'registers', which will be a space delimited string of the
form:

register:value register:value ... register:value

in order to best allow for OS abstraction.
 2016-05-06 09:18:06 -07:00
Nick Anderson
134c2750c2 Adding Crash Logs table for OS X (#2027) 
Added a table that parses out some of the informaiton in the OS X logs
stored in /Library/Logs/DiagnosticReports as well as
/Users/<user>/Library/Logs/DiagnosticReports
 2016-04-13 16:25:40 -07:00
Teddy Reed
c159ea7c71 Refactor install_history 2016-04-01 10:02:56 -07:00
Tim Zimmermann
5c47e2b91e Add InstallHistory table 
See #1922.
 2016-04-01 09:51:01 -07:00
Nick Anderson
7677494849 Treating the 'Disabled Plug-ins' as a folder as opposed to a plugin, and added a 'disabled' column to the table 2016-03-29 14:28:25 -07:00
Sereyvathana Ty
f912fca415 add cdhash, team_identifier, and authority to signature table 
cdhash - code directory hash
(https://developer.apple.com/library/mac/documentation/Security/Conceptu
al/CodeSigningGuide/RequirementLang/RequirementLang.html)

team_identifier is a unique id of the app developer

authority is the common name of the signed certificate
 2016-03-14 23:19:27 -07:00
Zachary Wasserman
1af6684019 Apple system log virtual table implementation 
This adds a virtual table implementation for efficient querying of the
Apple System Log (ASL) store.
 2016-03-14 12:19:03 -07:00
Joe Gallo
544ae37e9d add fan name to fan speeds table 2016-03-03 19:44:53 -05:00
Teddy Reed
c1b2af92c3 [Fix #1854] Unify power sensor tables 2016-02-21 16:02:58 -08:00
Teddy Reed
65be01d574 Merge pull request #1857 from kaizensoze/add-sensor-prefix 
add sensor_ prefix to sensor-related tables
 2016-02-20 18:29:30 -08:00
Joe Gallo
3cb18f9428 add powers table 2016-02-17 21:59:32 -05:00
Joe Gallo
3e5693d996 add sensor_ prefix to sensor-related tables 2016-02-17 01:05:36 -05:00
Joe Gallo
b8d32a74ec add currents table 
add smc genCurrent test
 2016-02-13 16:09:14 -05:00
Joe Gallo
36ca9f5664 add voltages table 2016-02-10 04:10:44 -05:00
Joe Gallo
66ed804eb6 add fan speeds table 2016-02-05 21:22:07 -05:00
Teddy Reed
a48109a226 Add developer_id to safari_extensions 2016-02-03 23:46:52 -08:00
Teddy Reed
ccda460ba0 Rename 'temps' temperatures, add constraints 2016-02-03 08:49:22 -08:00
Joe Gallo
3c6134c1fa add temperature sensors table 
Extract temperature-related data from smc_keys table for table dedicated
to temperature sensors.
 2016-02-02 23:57:55 -05:00
Sharvil Shah
8cb7ee71bf Report on System Integrity Protection 2016-01-21 21:28:13 -08:00
Teddy Reed
5295904624 Add an smc_keys table for OS X 2016-01-11 11:51:55 -08:00
Teddy Reed
6a1b08c4fe Use key_strength to support ECC 2016-01-05 18:48:34 -08:00
Teddy Reed
e311a47774 Add key_size to certificates table 2016-01-05 11:34:57 -08:00
Teddy Reed
4af9d8d61c Add certificate issuer and self_signed columns 2015-12-17 19:36:31 -08:00
Teddy Reed
a99b62a31d Preserve atime and mtime by default for readFile 2015-12-11 22:18:45 -08:00
Teddy Reed
98eb6a5055 Reorganize file_events into process_file_events 2015-12-11 00:58:22 -08:00
Teddy Reed
ccff0c8c18 [Fix #1686] Add 'subject' and 'signing_algorithm' to certificates 2015-11-29 18:32:13 -08:00
Teddy Reed
35129a7af7 [#1665, #1615] Refactor user-based tables to act uniformly 2015-11-24 12:46:25 -08:00
Teddy Reed
cef8f59054 Merge pull request #1639 from theopolis/cache 
Table results caching
 2015-11-14 16:22:24 -08:00
Teddy Reed
c2be670806 Table results caching 
1. Table implementations (spec files) can mark the table as 'cachable'.
2. Cached results depend on the shortest/quickest interval of scheduled
queries that act on results of the table.
3. The table API generator blocks caching on index/additional/required
table column options.
 2015-11-14 15:57:23 -08:00
Andrew Dunham
dea93c8aa5 Add a signature table on Darwin 
This table allows verifying the signature of files (or bundles) on
Darwin.  It also provides the signing identifier that is a part of the
signature.
 2015-11-10 13:21:18 -08:00
Teddy Reed
57e8ef2ab3 [#1546] Add computer_name to system_info and extend to Linux 2015-11-04 10:31:16 -08:00
Sharvil Shah
9a6d6d1293 Implement wifi_networks tables for OS X 
If the option of remembering known Wi-Fi networks is enabled on a system,
they are persisted to disk as a preferences property list file.
This table is populated by parsing that file.
 2015-11-01 16:53:51 -08:00
Sharvil Shah
28143f64f0 Update system_info table: adds CPU type, CPU cores and total memory. 
This change adds following columns to `system_info` table:

    cpu_type, cpu_subtype, cpu_brand, cpu_physical_cores,
    cpu_logical_cores, physical_memory, hardware_model

Here's an example output of those columns:

```
              cpu_type = x86_64h
           cpu_subtype = Intel x86-64h Haswell
             cpu_brand = Intel(R) Core(TM) i7-4850HQ CPU @ 2.30GHz
    cpu_physical_cores = 4
     cpu_logical_cores = 8
       physical_memory = 17179869184
        hardware_model = MacBookPro11,3
```
 2015-09-10 14:44:48 -07:00
Scott Piper
5e7d0d6a37 Added system_info table 2015-09-09 10:26:16 -07:00
Teddy Reed
2813d3ab87 Add a Linux audit event publisher 2015-09-03 08:45:02 -07:00
Teddy Reed
906d19927f [#1418] Use libarchive to parse Safari extension bundles 2015-08-29 23:59:41 -07:00
Teddy Reed
2433d9e06c [#1418] Include XProtect's meta list of plugin versions, and blacklisted extensions 2015-08-28 11:46:21 -07:00
Michael O'Farrell
5d0e4be6a1 Merge pull request #1335 from mofarrell/kernel-file-events 
Added kernel file access events.
 2015-07-31 15:22:11 -07:00
Michael O'Farrell
9f2b318778 Added kernel file access events. 2015-07-31 15:06:46 -07:00
Teddy Reed
dc82ffa636 Add optional environment variable whitelist to process_events 2015-07-30 16:05:11 -07:00
Michael O'Farrell
3f87d5832f Adding environment variables and arguments for process events. 2015-07-27 15:48:47 -07:00
Mike Arpaia
664c1e1ed3 Merge pull request #1346 from javuto/populating_table_fields 
Adding column description to all the missing table fields
 2015-07-15 23:37:05 -07:00
Javier Marcos
25f0de07a5 Adding description to all the missing table fields 2015-07-15 23:23:42 -07:00
Tom Burgin
e8d3e45cea Added authorization_mechanisms and authorizations tables 2015-07-15 14:25:19 -04:00
Michael O'Farrell
4bbb591b37 Added kernel process events table. 2015-07-08 13:47:07 -07:00
Teddy Reed
f48619ed28 [#1285, #1276] Faster, optimized subscriber results 2015-07-07 00:59:28 -07:00
Teddy Reed
040d9d5fd1 Merge pull request #1216 from sharvilshah/osx_mount_events 
[Implement #1103] DMG Mount Events
 2015-06-22 12:38:32 -07:00
Sharvil Shah
f676ba7642 Implements disk_events and the related publisher and subscriber. 
We now have a Publisher to report on disk events and its metadata,
using the DiskArbitration framework on OS X. Currently disk appearance
and disappearance events are published for both physical and
virtual disks (DMG files). On an event trigger, disk properties are
parsed and that metadata is reported along with the action.

The Subscriber subscribes to virtual disk events currently.

This closes #1103.
 2015-06-22 11:09:18 -07:00