valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 18:08:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,944 Commits 2 Branches 109 Tags 25 MiB
e29ad573ef
Commit Graph

2944 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Teddy Reed
28f6bc932c Merge pull request #1911 from readshaw/readshaw/osx-embed-tls-chain-cert 
OS/X packaging improvements
 2016-03-10 08:31:46 -08:00
Teddy Reed
9d8c3adef7 Merge pull request #1879 from theopolis/lints-2 
Fix various lint issues
 2016-03-10 01:10:42 -08:00
Teddy Reed
96e2562e2d Merge pull request #1913 from sharvilshah/process_state_mnemonics 
[#1886] Use mnemonics for process states on Darwin
 2016-03-09 23:30:41 -08:00
Teddy Reed
26c8b5640f Fix various lint issues 2016-03-09 19:55:39 -08:00
Teddy Reed
03d0d7e835 Merge pull request #1910 from theopolis/null 
Allow NULL values, stop using -1 as int/double invalid values
 2016-03-09 19:23:35 -08:00
Teddy Reed
a6c147700f Allow NULL values, stop using -1 as int/double invalid values 2016-03-09 18:24:17 -08:00
readshaw
d0b16e37c4 Add option to specify and bundle TLS server cert chain file; and osqueryd is restarted in installation postinstall. 2016-03-10 10:12:34 +10:00
Sharvil Shah
a713fbcc55 Use mnenomics for process states on Darwin 
Process states in `processes` table now use mnemonics instead of the
integer code. They follow closely to the states defined sys/proc.h,
which means processes with state as:

  state    value   meaning                           mnemonic
 -------- ------- --------------------------------- ----------
  SIDL     1       process being created by fork     'I'
  SRUN     2       currently runnable                'R'
  SSLEEP   3       sleeping on an address            'S'
  SSTOP    4       process debugging or suspension   'T'
  SZOMB    5       awaiting collection by parent     'Z'

Note: The mnemonics here will not match up with what `ps` or `top`
reports.

`ps` and `top` queries run state of all Mach Threads (by grabbing a Mach Task)
of a process, and then coalesces it to represent the process state.

This is no longer possible to do by non-Apple signed binaries,
as the only way to a Mach Task (and therefore list of Mach Threads)
is by calling `task_for_pid()`, which no longer works under
System Integrity Protection (SIP) introduced in OS X 10.11
 2016-03-09 11:25:58 -08:00
Teddy Reed
57db798a11 Merge pull request #1903 from theopolis/windows_build 
Minor changes to support a Windows build
 2016-03-08 18:10:14 -08:00
Teddy Reed
d8650c7630 Minor changes to support a Windows build 2016-03-08 10:47:38 -08:00
Teddy Reed
6f69330920 Merge pull request #1907 from theopolis/fix_1900 
Allow extensions to use the backing store
 2016-03-08 10:45:56 -08:00
Teddy Reed
b5defa7436 Allow extensions to use the backing store 2016-03-08 08:56:03 -08:00
Teddy Reed
7483b3d720 Merge pull request #1906 from theopolis/fix_1690 
[Fix #1690] Update SQLite 3.12.0 pre-release: 721ae51e
 2016-03-08 08:33:32 -08:00
Teddy Reed
44488fe0a6 Merge pull request #1895 from DaanDeMeyer/cpu_time 
Cpu time table implementation (solves #1889)
 2016-03-08 08:20:12 -08:00
Daan De Meyer
d4737f9214 Create table called cpu_time for inspecting where the cpu cores spent time since the last system restart. 2016-03-08 15:14:06 +01:00
Teddy Reed
c5418c9d11 [Fix #1690] Update SQLite 3.12.0 pre-release: 721ae51e 2016-03-07 17:41:46 -08:00
Teddy Reed
53c108d02e Merge pull request #1902 from theopolis/remove_glog 
Remove Glog from third-party build
 2016-03-07 14:53:32 -08:00
Teddy Reed
956ce75601 Remove Glog from third-party build 2016-03-07 12:54:00 -08:00
Teddy Reed
320df0162c Merge pull request #1904 from theopolis/fix_1901 
[Fix #1901] Tear down TLS server runner
 2016-03-07 12:44:11 -08:00
Javier Marcos
d49255d142 Merge pull request #1905 from javuto/osx_keranger_union 
OSX Keranger detection fix
 2016-03-07 11:32:02 -08:00
Teddy Reed
5f8fa32e21 [Fix #1901] Tear down TLS server runner 2016-03-07 09:38:37 -08:00
Javier Marcos
7c18ce9bb0 OSX Keranger detection fix 2016-03-07 09:25:32 -08:00
Teddy Reed
677c448dea Merge pull request #1897 from theopolis/remove_rdb 
Refactor backing storage
 2016-03-06 21:09:23 -08:00
Teddy Reed
afd17f8134 1. Reorganize RocksDB database handle into a plugin 
2. Introduce a SQLite-based database plugin
3. Refactor database usage to include local 'fast-calls'
4. Introduce an 'ephemeral' database plugin for testing (like a mock)
 2016-03-06 20:40:16 -08:00
Javier Marcos
6afd1a29cf Merge pull request #1898 from javuto/osx_keranger 
Adding detectiong for OSX Keranger
 2016-03-06 17:03:38 -08:00
Javier Marcos
bdd783366d Adding detectiong for OSX Keranger 2016-03-06 16:40:03 -08:00
Teddy Reed
bcd0debaee Merge pull request #1894 from theopolis/sql_debug 
Add define to enable SQLite WHERETRACE
 2016-03-06 09:32:18 -08:00
Teddy Reed
8607d319a1 Merge pull request #1893 from theopolis/dm_bind 
[Fix #1892] Build devmapper statically
 2016-03-04 21:04:05 -08:00
Teddy Reed
8c3d2387e9 Add define to enable SQLite WHERETRACE 2016-03-04 20:41:06 -08:00
Teddy Reed
5fbde8ec4f [Fix #1892] Build devmapper statically 2016-03-04 20:09:43 -08:00
Teddy Reed
683e5c1778 Merge pull request #1890 from theopolis/join_tests 
Add high level join tests for processes, file, and hash
 2016-03-03 22:01:47 -08:00
Teddy Reed
86b9b00f3d Merge pull request #1891 from kaizensoze/add-fan-name-to-fan-speeds-table 
add fan name to fan speeds table
 2016-03-03 20:48:12 -08:00
Teddy Reed
ee1182f526 Add high level join tests for processes, file, and hash 2016-03-03 18:47:55 -08:00
Joe Gallo
544ae37e9d add fan name to fan speeds table 2016-03-03 19:44:53 -05:00
Teddy Reed
545597e315 Merge pull request #1888 from theopolis/fix_1887 
[Fix #1887] Do not generate row for invalid pids
 2016-03-03 15:16:40 -08:00
Teddy Reed
297d6ae1c3 [Fix #1887] Do not generate row for invalid pids 2016-03-03 13:47:27 -08:00
Teddy Reed
69fe7ca4be Merge pull request #1884 from russellhancox/fix-darwin-groups 
Darwin: Use undocumented getgroupcount() before getgrouplist
 2016-03-02 13:58:33 -08:00
Teddy Reed
f08c1c5ec5 Merge pull request #1885 from theopolis/fix_1874 
[Fix #1874] Update SQLite to 3.12.0
 2016-03-02 12:37:21 -08:00
Teddy Reed
b1485d6536 Merge pull request #1883 from friedbutter/patch-1 
Added new detection for hacking team
 2016-03-02 11:33:39 -08:00
Teddy Reed
489a5e839c [Fix #1874] Update SQLite to 3.12.0 2016-03-02 10:12:41 -08:00
Russell Hancox
cc964af444 Darwin: Use undocumented getgroupcount() before getgrouplist 2016-03-01 09:39:01 -05:00
Sereyvathana Ty
7b772880b7 Added new detection for hacking team 
Detect persistency binary from hacking team (ref: https://reverse.put.as/2016/02/29/the-italian-morons-are-back-what-are-they-up-to-this-time/)
 2016-02-29 23:28:18 -08:00
Bruce Mitchener
2f61e18e56 Fix typos in example conf. 2016-03-01 13:07:07 +07:00
Teddy Reed
58635e3526 Merge pull request #1880 from russellhancox/custom-brew-path 
Mac: fix build when homebrew is not in /usr/local
 2016-02-29 15:00:29 -08:00
Russell Hancox
8bea4f7b3f Mac: fix build when homebrew is not in /usr/local 2016-02-29 14:22:42 -05:00
Teddy Reed
94c9824f12 Merge pull request #1876 from sharvilshah/fix_leaks 
Fix potential leak in Darwin disk_encryption table
 2016-02-27 17:38:17 -08:00
Sharvil Shah
cf573d668e Fix potential leak 2016-02-26 14:54:23 -08:00
Teddy Reed
7b3aa47527 Merge pull request #1873 from theopolis/bind_sql 
[#1816] Refactor DB instance management
 2016-02-25 21:23:50 -08:00
Teddy Reed
b21c2ed943 [#1816] Refactor DB instance management 2016-02-25 19:07:52 -08:00
Teddy Reed
d2efc2fc7e Merge pull request #1872 from mmichie/mattm/fix_debian_init_script 
Update initd script to respect LSB values
 2016-02-24 21:56:07 -08:00