Commit Graph

36 Commits

Author SHA1 Message Date
Teddy Reed
cf170c4278 cleanup: Move query out of database header (#3576) 2017-08-20 02:44:38 -07:00
Teddy Reed
a9799a9426 Allow caching for tables with indexes and additionals (#3472) 2017-07-18 00:08:38 -07:00
Teddy Reed
8ad086098c watcher: Add initial watchdog delay (#3360) 2017-06-08 18:03:30 +01:00
Teddy Reed
bc13431394 freebsd: Fix tests and additional_tests (process, config) (#3239) 2017-04-29 19:53:53 -07:00
yying
31b78cb996 Adding hostIdentifier, calendarTime, unixTime to status logging (#3146) 2017-04-10 11:56:23 -07:00
Teddy Reed
f6f9480874 extensions: Preserve environment in auto-loaded extensions (#3101) 2017-03-24 18:47:23 -07:00
Teddy Reed
bdf65e360e Allow autoload extensions to retry loading (#2932) 2017-01-26 12:33:23 -08:00
Teddy Reed
0e9733f94c Simplify Registry and plugin concepts (#2887) 2017-01-07 12:21:35 -08:00
Jonathan Lee
383e07e5be [Fix #2734] Remove OpenSSL link dependency for osquery core (#2750) 2016-12-22 00:37:59 -08:00
Teddy Reed
ae19b7797d Allow EINTR within ThriftTransport (#2879) 2016-12-16 18:12:02 -08:00
Teddy Reed
0017de5bf1 Add memory and utilization limit override flags (#2858) 2016-12-11 21:59:32 -08:00
Teddy Reed
bf2efcb8c0 Use syscalls for dropping effective gid/uid on POSIX (#2806) 2016-11-29 09:30:56 -08:00
Aditya Srivastava
ef4f8af3b8 Issue #2651 : Changed all NULLs to nullptrs (#2657) 2016-10-21 11:20:28 -07:00
Teddy Reed
62edfd46fe Toggle --utc to true (#2504) 2016-09-23 10:14:27 -07:00
Teddy Reed
a6589c49e3 [Fix #2482] Use atomic member in Dispatcher tests (#2494) 2016-09-21 10:52:52 -07:00
yying
a27d6567e4 Core and Additional Tests (#2441) 2016-09-12 09:46:52 -07:00
Teddy Reed
f3f605e26a Introduce a PLATFORM_MASK and isPlatform (#2334)
Along with the platform defines and platform string defines provided by
CMake to the build, add a PLATFORM_MASK define.

Use this define as a platform-type mask with the PlatformType enum.
2016-08-09 20:27:42 -07:00
Teddy Reed
6df4c8c4d4 The watcher process should apply memory limits to itself (#2263) 2016-07-21 12:33:14 -07:00
Teddy Reed
48cb4d555d Add systemLog API (#2229)
This includes a minor SDK refactor as it move quite a few specialized
functions and facilities from core.h into system.h. There was a breaking point
for needing to frequently update core includes.

The new logger systemLog function allows a call site to bypass logging config
and write a line to the OS logger (aka syslog).
2016-07-07 15:16:28 -07:00
Nick Anderson
cf30388705 Moved test_utils to it's own directory out of core. Updated references (#2154) 2016-06-09 10:49:26 -07:00
yying
26ad131c38 Building osquery unit tests on Windows 10 (#2100)
Integrated process abstraction code into more locations
Defined new macros for abstracting across various platforms
Added GLOG_NO_ABBREVIATED_SEVERITIES for glog to support Windows
Fixed some minor CMake issues involving thrift
Updated gflags package; reflecting change in provision script
Preparing CMake config files for WIN32 support
2016-05-17 12:39:11 -07:00
yying
15d1455957 Process Operations - osquery/core Integration (#2087)
This integrates the process abstraction operations within osquery core.
2016-05-13 19:47:45 -07:00
yying
63c0258aec Abstracted platform specific process operations into a common interface. (#2069)
Added Windows support for process operations.
Added unit tests for process abstraction code for POSIX and Windows.
Modified CMake config files to support building the new code and unit tests.
2016-05-11 14:16:32 -07:00
Teddy Reed
5a56805970 Introduce --utc flag to convert all calendar UNIX times to UTC (#2064)
Beginning in version 1.8.0 all time uses will converge on an osquery-provided
getUnixTime() API call that returns, by default, UNIX time integers converted
to UTC/GMT. The 'time' table will respond with the parsed time for the
configuration. If the timezone is not UTC then osquery is using localtime.

This configuration option will affect the 'unix_time' response in the 'time'
table. Because of this configurable-effect the table is extended to include
'local_time' which is always the system local UNIX time.
2016-05-03 13:00:31 -07:00
Teddy Reed
9c42ba51b3 Merge pull request #1858 from theopolis/sqlite_3.11
Bump sqlite to 3.11.0
2016-02-21 23:35:01 -08:00
Teddy Reed
9a54af29ce Bump sqlite to 3.11.0 2016-02-21 22:40:37 -08:00
Teddy Reed
8dc0fc1c95 Consolidate string/text conversions outside of API 2016-02-12 11:38:15 -08:00
Baraa Hamodi
21c2237eca [osquery] Update copyright headers to new format. 2016-02-11 11:48:58 -08:00
Teddy Reed
2bad9d6a74 Changes to suport node-based configs 2015-11-24 14:44:56 -08:00
Teddy Reed
e1d7511600 Remove column type string representations 2015-11-14 15:57:30 -08:00
Teddy Reed
c2be670806 Table results caching
1. Table implementations (spec files) can mark the table as 'cachable'.
2. Cached results depend on the shortest/quickest interval of scheduled
queries that act on results of the table.
3. The table API generator blocks caching on index/additional/required
table column options.
2015-11-14 15:57:23 -08:00
Teddy Reed
09e4e3c42e Expand the scope of permissions dropping 2015-10-30 09:56:33 -07:00
Robert C. Seacord
e57828aac3 changes for integer sign problems 2015-10-17 00:18:35 +00:00
Michael O'Farrell
77aa36fa0b Constraint existence now check for constraints using specific operator types.
This change allows QueryContext constraints to be checked for based on
operator type.  This makes checks for the existence of an equality
operator allow enumeration.

Example:
  if (context.constraints["pid"].exists(EQUALS)) {
    pids = context.constraints["pid"].getAll(EQUALS);
  } else {
    osquery::procProcesses(pids);
  }
2015-05-29 13:47:04 -07:00
Teddy Reed
700384dedc Minify tables namespace, extra CMake macros 2015-05-22 10:29:04 -07:00
Teddy Reed
be65922569 Fast tests 2015-04-27 09:40:31 -07:00