valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 10:23:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,910 Commits 2 Branches 109 Tags 25 MiB
e57d15da86
Commit Graph

1910 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Teddy Reed
e57d15da86 Merge pull request #1195 from theopolis/feature-nice 
Various table perf improvements and TLS docs
 2015-06-06 15:19:31 -07:00
Teddy Reed
727f5b091f Various table perf improvements and TLS docs 2015-06-05 22:03:15 -07:00
Teddy Reed
02a22b4cde Merge pull request #1197 from theopolis/fix_multiplexed_fsevents 
Fix FSEvents multiplexing actions
 2015-06-05 21:32:18 -07:00
Teddy Reed
4c80891010 Fix FSEvents multiplexing actions 2015-06-05 17:36:29 -07:00
Teddy Reed
b1b71d5fd0 Merge pull request #1193 from theopolis/fix_scheduler 
Fix the watchdog/scheduler limit tracking
 2015-06-04 18:01:32 -07:00
Teddy Reed
1168b6ef3b Fix the watchdog/scheduler limit tracking 2015-06-04 17:43:37 -07:00
Teddy Reed
4e59bcf4c1 Merge pull request #1191 from theopolis/feature-backoffs 
[#1190] Schedule queries without logging removed results
 2015-06-04 14:58:19 -07:00
Teddy Reed
a678f8f46a Merge pull request #1192 from theopolis/rocksdb-from-homebrew 
[Fix #1185, #1183] Use RocksDB from Homebrew on OS X
 2015-06-04 14:34:52 -07:00
Teddy Reed
650a43d053 [Fix #1185, #1183] Use RocksDB from Homebrew on OS X 2015-06-04 13:56:58 -07:00
Teddy Reed
e244883ea4 [#1190] Schedule queries without logging removed results 2015-06-04 13:53:55 -07:00
Mike Arpaia
ea70781f25 Merge pull request #1188 from marpaia/msr_format 
Formatting the callback function in the model_specific_register table
 2015-06-04 12:17:19 -07:00
Mike Arpaia
388bfda4e6 Renaming model_specific_register to msr 2015-06-03 23:39:49 -07:00
Teddy Reed
a70828c2a4 Merge pull request #1187 from sharvilshah/xattr_update 
Extended Attributes: Use LaunchServices API for quarantine data
 2015-06-03 22:38:17 -07:00
Sharvil Shah
065fe6412d Use LaunchServices (part of CoreServices) to grab quarantine properties instead of manually parsing the colon separated attribute data. 
Fall back to deprecated LaunchService API for OS X 10.9 Mavericks.

Added tests for extended_attributes

Better error handling and cleanup
 2015-06-03 22:18:45 -07:00
Teddy Reed
8e2b7e1281 Merge pull request #1189 from theopolis/tooling 
Update tooling/profiling paths and use a better random seed
 2015-06-03 22:15:22 -07:00
Teddy Reed
c934ad0df3 Update tooling/profiling paths 2015-06-03 21:22:12 -07:00
Mike Arpaia
657731b11c Formatting the callback function in the model_specific_register table 
`int osquery::filter(const struct dirent*)` seemed like a pretty generic
symbol to have in our symbol table, so I changed it to
`int msrScandirFilter(const struct dirent*)`
 2015-06-03 20:56:16 -07:00
Teddy Reed
aaedb48a8f Merge pull request #1168 from mofarrell/model-specific-register-table 
Created a table for information in the model specific register.
 2015-06-03 17:56:44 -07:00
Michael O'Farrell
5e9383a16b Created a table for information in the model specific register. 
This infomation is primarily related to the performance of processor
cores.  The information given constitutes only a small portion of
the information in the model specific register, but this table
has been designed so that more information may easily be added.
The table requires osquery be run as the root, and that the msr
kernel module is loaded.  The table reads the msr data from /dev
 2015-06-03 15:55:57 -07:00
Teddy Reed
95dbd11636 Merge pull request #1186 from theopolis/pack_platforms 
Query pack platform binds should match any/all
 2015-06-03 14:32:26 -07:00
Teddy Reed
8aacaca7eb Query pack platform binds should match any/all 2015-06-03 13:56:39 -07:00
Teddy Reed
be0803adb0 Merge pull request #1178 from theopolis/move_specs 
Move specs to a top-level path, add query examples
 2015-06-03 13:40:32 -07:00
Teddy Reed
a105924804 Move specs to a top-level path, add query examples 
1. Example queries will run with an (optional) integration test.
2. Fix bad accesses with OS X package BOMs
3. Move spec files from ./osquery/tables/specs to ./specs
4. Remove server parsers (netlib) from client builds.
 2015-06-03 10:39:05 -07:00
Teddy Reed
c70cddd258 Merge pull request #1184 from theopolis/devmapper-1.02.90 
[Fix #1176] Merge Redhat-based package dependencies
 2015-06-03 10:26:51 -07:00
Teddy Reed
e2599aaa19 Merge Redhat-based package dependencies 2015-06-02 18:10:43 -07:00
Teddy Reed
5899bbb8f5 Merge pull request #1182 from theopolis/osx_rocksdb_portable 
Build RocksDB from source on Darwin
 2015-06-02 15:50:15 -07:00
Teddy Reed
eeab588d8f Build RocksDB from source on Darwin 2015-06-02 15:25:16 -07:00
Teddy Reed
31ee0e35c0 Merge pull request #1177 from sharvilshah/fix_deallocation_build_error 
Fix OS X build: Deallocate array with delete[] instead of delete
 2015-06-02 15:24:24 -07:00
Javier Marcos
64c94f9043 Merge pull request #1179 from javuto/fix_platform_packs_schedule 
Fix that checks the right platform to schedule packs
 2015-06-02 15:22:11 -07:00
Javier Marcos
b87f9f6a50 Final fix for the platform check 2015-06-02 15:11:57 -07:00
Sharvil Shah
4ab79a8bd6 deallocate array with delete[] instead of delete 2015-06-02 15:09:22 -07:00
Teddy Reed
420b4edcef Merge pull request #1181 from theopolis/rhel_6.5_automake 
[Fix #1165] Remove package-manager installed automake for older distros
 2015-06-02 03:19:29 -07:00
Teddy Reed
f41fb6b107 Remove package-manager installed autoconf tools for older distros 2015-06-02 03:05:47 -07:00
Teddy Reed
0669d8205e Merge pull request #1174 from theopolis/remote_logger 
TLS/HTTPS-based logger plugin
 2015-06-02 02:59:34 -07:00
Teddy Reed
db8213c83d Merge pull request #1180 from theopolis/db_check_fix 
Fix DBHandle checking with concurrent processes.
 2015-06-02 02:59:18 -07:00
Teddy Reed
33f53809ad Fix DBHandle checking with concurrent processes. 
`make tests` fails with another osquery process running.
The backing-store check happens after a config plugin is setUp and
the initial load occures. This may involve calls to cached keys, the
check should occur pre-config initialize.
 2015-06-02 02:50:04 -07:00
Teddy Reed
da9bd5801b Migrate HTTP remote logger to TLS logger 2015-06-01 10:12:31 -07:00
Teddy Reed
7d4142b28c Merge pull request #1172 from wxsBSD/freebsd_build_fixes 
Fix build on FreeBSD.
 2015-05-29 21:43:35 -07:00
Wesley Shields
80749c3531 Chase constraint changes introduced in #1170. 
The changes done in #1170 broke some of the tables on FreeBSD.
 2015-05-30 01:42:44 +00:00
Wesley Shields
571fd65796 Fix build on FreeBSD. 
Missing osquery/tables.h include in routes.cpp and need to add gen_users
to blacklist on FreeBSD.
 2015-05-30 01:14:08 +00:00
Teddy Reed
f954e2c7e8 Merge pull request #1170 from mofarrell/exists-all 
Constraint existence now check for constraints using specific operator types.
 2015-05-29 16:10:30 -07:00
Michael O'Farrell
77aa36fa0b Constraint existence now check for constraints using specific operator types. 
This change allows QueryContext constraints to be checked for based on
operator type.  This makes checks for the existence of an equality
operator allow enumeration.

Example:
  if (context.constraints["pid"].exists(EQUALS)) {
    pids = context.constraints["pid"].getAll(EQUALS);
  } else {
    osquery::procProcesses(pids);
  }
 2015-05-29 13:47:04 -07:00
Teddy Reed
4647b8737b Merge pull request #1167 from wxsBSD/freebsd_processes 
Implement process related tables on FreeBSD.
 2015-05-29 12:55:24 -07:00
Wesley Shields
6558f605ff Implement process related tables on FreeBSD. 
This implements the following tables on FreeBSD:

process_envs
process_memory_map
process_open_files
process_open_sockets
processes

All the heavy lifting is done with libprocstat(3). All the tables follow
the same general principle. Use the common function, getProcesses() in
procstat.cpp, to get the processes and then generate the rows for each
process returned. There is also a procstatCleanup() function commonly
used across all the tables.

The one thing I am not able to test is the process_open_sockets table on
an IPv6 machine.
 2015-05-29 19:17:49 +00:00
Mitchell Grenier
418e6495c0 Adding a remote logger for osquery 
The first draft of the remote logger for osquery. This should give a rough idea
of how the code will be structured and function. RFC please.

At the advice of @theopolis, I removed the category type and added the
http_logger key. We figure this should be more efficient and doesn't have to
be known at compile time.
 2015-05-28 17:14:56 -07:00
Teddy Reed
ce3ac8a7e3 Merge pull request #1164 from theopolis/packs 
Pack and testing fixups
 2015-05-28 16:47:35 -07:00
Teddy Reed
56fe564b4e Merge pull request #1166 from theopolis/extensions_docs 
[#1076] RTD wiki article on extensions autoloading
 2015-05-28 16:47:29 -07:00
Teddy Reed
6591916fed [#1076] RTD wiki article on extensions autoloading 2015-05-28 16:27:29 -07:00
Teddy Reed
4064fa6eb5 Pack and testing fixups 2015-05-28 12:17:27 -07:00
Teddy Reed
e9ef8b7a4f Merge pull request #1163 from mark-ignacio/x509-unixtime 
Converted CFAbsoluteTime in X509 certificates to UNIX time
 2015-05-27 17:21:53 -07:00