valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 02:18:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,474 Commits 2 Branches 109 Tags 25 MiB
f2361bca21
Commit Graph

1399 Commits

Author SHA1 Message Date
Teddy Reed
f2361bca21 Merge pull request #1680 from sharvilshah/clang_analyzer_fixes 
Fix clang-analyzer warning
 2015-11-24 07:04:06 -08:00
Sharvil Shah
4ac0e68c08 Fix clang-analyzer warning -- Use uint32_t instead of size_t for uniform_int_distribution 2015-11-24 00:56:37 -08:00
Teddy Reed
fe8b9246e9 Merge pull request #1673 from theopolis/replace_run_profile 
[#1527] Add a --profile option to the shell, replace 'run'
 2015-11-23 21:32:51 -08:00
Teddy Reed
5370fef950 Merge pull request #1678 from theopolis/audit_user_events 
[#1497] Add user_events table based on audit user-type messages
 2015-11-23 21:31:37 -08:00
Teddy Reed
07fd718e00 Add user_events table based on audit user-type messages 2015-11-23 18:13:31 -08:00
Teddy Reed
a3a05e7e1e [#1527] Add a --profile option to the shell, replace 'run' 2015-11-21 22:45:40 -08:00
Teddy Reed
08c7911eb7 Merge pull request #1655 from theopolis/iokit_events 
Rewrite OS X hardware events to use IOKit proper
 2015-11-21 19:45:10 -08:00
Teddy Reed
6748fdb024 Rewrite OS X hardware events to use IOKit proper 2015-11-21 19:31:05 -08:00
Teddy Reed
7ca7974dfb Merge pull request #1668 from cdown/f/freebsd_uid 
freebsd process table: Fix EUID/EGID to not use saved IDs
 2015-11-21 11:19:36 -08:00
Teddy Reed
283f7c6d59 Fix clang analyze failures in signature table 2015-11-21 09:56:19 -08:00
Chris Down
d4d87a69ce freebsd process table: Fix EUID/EGID to not use saved IDs 
It's not totally clear why saved IDs were used here. There is some precident in
sigar (https://github.com/hyperic/sigar), where they also use the saved UID,
but me and @wxsBSD are not really sure why. Maybe it's because kinfo_proc feels
different than similar structs on other Unices.

Fixes #1662.
 2015-11-21 02:52:06 -08:00
Teddy Reed
8425010874 Merge pull request #1664 from stripe/andrew-better-homebrew 
Determine Homebrew Cellar from binary
 2015-11-20 16:06:30 -08:00
Andrew Dunham
161f8b9fd0 Determine Homebrew Cellar from binary 
We look at the location of the Homebrew binary `brew` on disk, and use
the real path (i.e. path with all symlinks resolved) from that binary to
determine the Cellar.  This behavior mirrors that of Homebrew itself.
 2015-11-20 15:15:18 -08:00
Teddy Reed
9ae53f2158 Merge pull request #1663 from cdown/f/saved_ids 
Add saved UIDs and GIDs to process table
 2015-11-20 14:35:20 -08:00
Teddy Reed
5cd040eb35 Merge pull request #1667 from theopolis/add_hash_check 
Use a noexcept method of directory checking for hash
 2015-11-20 14:24:43 -08:00
Teddy Reed
a72fa19536 Use a noexcept method of directory checking for hash 2015-11-20 13:32:56 -08:00
Teddy Reed
a673a793fe Merge pull request #1659 from PickmanSec/knownhosts 
Added known_hosts table
 2015-11-20 12:46:13 -08:00
Teddy Reed
9f5154eb4b Merge pull request #1652 from theopolis/better_types 
Add a SQLite query planner for type detection
 2015-11-19 09:11:26 -08:00
Teddy Reed
16247f10e8 Merge pull request #1624 from PickmanSec/master 
added authorized_keys table
 2015-11-19 09:10:59 -08:00
Chris Down
39bdec4c8d Add saved UIDs and GIDs to process table 2015-11-18 16:44:07 -08:00
Michael George
dde59f8c18 Added known_hosts file 
added known_hosts table
 2015-11-17 12:38:19 -08:00
Michael George
a649bf6733 Added authorized_keys table 
Fixed mislabled variable from line parsing

Update authorized_keys.cpp

Update authorized_keys.cpp

Check if line is empty
 2015-11-16 10:36:24 -08:00
Teddy Reed
98f212e7a9 Add a SQLite query planner for type detection 2015-11-15 13:56:16 -08:00
Teddy Reed
cef8f59054 Merge pull request #1639 from theopolis/cache 
Table results caching
 2015-11-14 16:22:24 -08:00
Teddy Reed
e1d7511600 Remove column type string representations 2015-11-14 15:57:30 -08:00
Teddy Reed
c2be670806 Table results caching 
1. Table implementations (spec files) can mark the table as 'cachable'.
2. Cached results depend on the shortest/quickest interval of scheduled
queries that act on results of the table.
3. The table API generator blocks caching on index/additional/required
table column options.
 2015-11-14 15:57:23 -08:00
Teddy Reed
7480003eb6 Merge pull request #1646 from stripe/andrew-refactor-signature 
Refactor how we determine the OS version in the signature table
 2015-11-11 14:18:48 -08:00
Teddy Reed
ee84f35632 Merge pull request #1645 from stripe/andrew-configure-perms 
Allow setting the mode of log files
 2015-11-11 13:46:24 -08:00
Andrew Dunham
4ccdcc7864 Allow setting the mode of log files 
This also sets the appropriate flags in glog
 2015-11-11 11:37:55 -08:00
Andrew Dunham
a0932105f6 Refactor how we determine the OS version in the signature table 2015-11-11 11:34:15 -08:00
Jaime
f7ee2437cf Removed result= in the Syslog plugin 2015-11-11 09:16:50 +01:00
Teddy Reed
aa4973a1b3 Merge pull request #1644 from stripe/andrew-add-timezone 
Add timezone field to time table
 2015-11-10 16:41:39 -08:00
Teddy Reed
daee71919a Merge pull request #1642 from stripe/andrew-add-codesign 
Add a `signature` table on Darwin
 2015-11-10 16:23:16 -08:00
Andrew Dunham
0ae380297f Add timezone field to time table 2015-11-10 15:17:49 -08:00
Andrew Dunham
dea93c8aa5 Add a signature table on Darwin 
This table allows verifying the signature of files (or bundles) on
Darwin.  It also provides the signing identifier that is a part of the
signature.
 2015-11-10 13:21:18 -08:00
Teddy Reed
c441de27aa Merge pull request #1643 from theopolis/fix_wifi_analysis 
Fix missed nullptr checks in wifi
 2015-11-10 12:56:45 -08:00
Teddy Reed
0a6d334f27 Fix missed nullptr checks in wifi 2015-11-10 01:01:12 -08:00
Teddy Reed
0d01a382b6 [Fix #1634] Add sys/stat to filesystem 2015-11-09 01:33:17 -08:00
Teddy Reed
988daeb9e6 Merge pull request #1635 from theopolis/drop_gid 
Add GID to PrivilegeDropper
 2015-11-09 00:05:51 -08:00
Teddy Reed
4c2319f8dd Add GID to PrivilegeDropper 2015-11-08 01:03:08 -08:00
Teddy Reed
18b1947e5b Config/Schedule should not populate in extensions 2015-11-06 09:52:10 -08:00
Teddy Reed
41ba637030 Linux inotify should accept non-glob dirs 2015-11-04 13:46:47 -08:00
Teddy Reed
b29168a7b7 Use a null DB for the run test binary 2015-11-04 10:39:40 -08:00
Teddy Reed
57e8ef2ab3 [#1546] Add computer_name to system_info and extend to Linux 2015-11-04 10:31:16 -08:00
Teddy Reed
2cf9e95fa1 Allow user-controlled FIFOs 2015-11-04 01:29:54 -08:00
Teddy Reed
084ccaf080 Use default blank value for startup_items Alias 2015-11-03 22:58:00 -08:00
Teddy Reed
7c70183a87 Merge pull request #1625 from theopolis/pack_delim 
Add pack_delimiter option
 2015-11-03 21:05:44 -08:00
Teddy Reed
cd4de8023f Merge pull request #1630 from theopolis/fix_1626 
[Fix #1626] Add schedule blacklist and protect DBHandle
 2015-11-03 21:05:29 -08:00
Teddy Reed
edea3d6edd [Fix #1626] Add schedule blacklist and protect DBHandle 2015-11-03 20:50:22 -08:00
Teddy Reed
15c4673c5a Add pack_delimiter option 2015-11-02 18:05:46 -08:00