valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 02:18:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,995 Commits 2 Branches 109 Tags 25 MiB
f48619ed28
Commit Graph

1995 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Teddy Reed
f48619ed28 [#1285, #1276] Faster, optimized subscriber results 2015-07-07 00:59:28 -07:00
Teddy Reed
d2685cfa41 [#1142] Move path resolution into publisher logic 2015-07-07 00:45:55 -07:00
Teddy Reed
bf65e3d2d6 Event index time and streaming 2015-07-07 00:44:57 -07:00
Teddy Reed
f30ef54097 Merge pull request #1305 from mlw/master 
Minor fixes to support building on Ubuntu 10.04
 2015-07-07 00:04:43 -07:00
Teddy Reed
0e3eb388de Merge pull request #1308 from arirubinstein/master 
Fix version string for TLS plugins
 2015-07-06 23:52:55 -07:00
Ari Rubinstein
be72e42bf1 Fix version string for TLS plugins 
Before, osqueryd would send `osquery/OSQUERY_BUILD_VERSION` as the user agent and appeared broken.  I copied the logic from the osquery version table and used that var here also so the user agent now reads 1.4.7
 2015-07-06 22:12:26 -07:00
Matthew White
11f447a959 Minor fixes to support building on Ubuntu 10.04 2015-07-06 15:18:11 -07:00
Teddy Reed
efe1ff18ee Merge pull request #1274 from theopolis/read_limits 
[Fix #1171, #1089] Add configurable max reads
 2015-07-06 01:06:12 -07:00
Teddy Reed
dd9fa25d78 [Fix #1171, #1089] Add configurable max reads 
There are 3 new options that control how files are read:
--read_max: controls the maximum size, in bytes, for file reads. If a file is larger than `read_max` the read will fail.
--read_user_max: similar to `read_max` but applies additional limitations to user-controlled files.
--read_user_links: a boolean control to enable/disable following symlinks for user-controlled files.

Important highlights:
If files exceed the configured max, those reads will fail.
The `read_max` will override `read_user_max` if it is set lower.
A default integer value of `0` will disable the limitations.

The default `read_max` is set to 50M and the default `read_user_max` is 10M.
 2015-07-06 00:49:43 -07:00
Teddy Reed
33ea79b8f7 Merge pull request #1300 from zi0r/freebsdfixes 
Fix build under FreeBSD
 2015-07-03 18:59:16 -07:00
Ryan Steinmetz
6f6bd8cabc - Fix build under FreeBSD 2015-07-03 19:47:47 -04:00
Teddy Reed
e73a867b75 Merge pull request #1269 from theopolis/fsevents_symlinks 
[Fix #1063] Allow configure-time symlink resolution in FSEvents
 2015-07-03 00:37:58 -07:00
Mike Arpaia
4f94c0034c Merge pull request #1290 from timzimmermann/uptime 
Uptime
 2015-07-03 00:23:44 -07:00
Tim Zimmermann
fa988b4e56 Add uptime table 
The table contains information about the time passed since the last boot.
 2015-07-02 22:32:48 -07:00
Michael O'Farrell
4e93902932 Merge pull request #1296 from mofarrell/processes-table-fix 
[Fix #1295] `processes` table to report gid correctly.
 2015-07-02 17:28:03 -07:00
Michael O'Farrell
a712cd5036 Fix processes table to report gid correctly. 2015-07-02 17:03:25 -07:00
Teddy Reed
546aaa885d [Fix #1063] Allow configure-time symlink resolution in FSEvents 2015-07-02 16:50:27 -07:00
Teddy Reed
66e5802818 Merge pull request #1266 from theopolis/glob 
Replace custom wildcarding with POSIX-glob
 2015-07-02 16:46:37 -07:00
Teddy Reed
7aac5fd358 Replace custom wildcarding with POSIX-glob 
POSIX-globbing will allow event publishers/subscribers to post-check
results against glob-syntax, fnpath matching, and POSIX C-regex.
These checks are anecdotally speedy.
 2015-07-02 13:53:16 -07:00
Teddy Reed
64e4afa136 Merge pull request #1294 from theopolis/relax_test_timesouts 
Relax extensions and shell timeouts
 2015-07-02 13:50:07 -07:00
Teddy Reed
89e5b6c729 Relax extensions and shell timeouts 2015-07-02 12:14:44 -07:00
Teddy Reed
409414d8aa Merge pull request #1283 from Rasoran/master 
add epoch number to device-mapper version
 2015-07-02 10:39:16 -07:00
Teddy Reed
e24614c959 Merge pull request #1286 from theopolis/relay_status_logs 
[#1277] Forward status logs to osqueryd workers
 2015-07-02 10:33:58 -07:00
Mike Arpaia
4ef32fc343 Merge pull request #1291 from marpaia/readme-cleaning 
README updates
 2015-07-01 23:50:06 -07:00
Mike Arpaia
1a6a6d4a1c README updates 
Moving platform specific build instructions to the wiki, to keep the
README brief.
 2015-07-01 23:47:41 -07:00
Nicholas Sun
df716fb589 manually specify device-mapper, treating amazon as rhel7 2015-07-01 22:06:08 -04:00
Nicholas Sun
82db123f6a changed to only set epoch number for cent7 2015-07-01 21:16:19 -04:00
Mike Arpaia
51f594e2bf Merge pull request #1284 from marpaia/whats-snappenin 
Install snappy headers instead of just the library
 2015-07-01 16:25:04 -07:00
Mike Arpaia
ba89b67cc5 Install snappy headers instead of just the library 
We found that not installing the headers for snappy caused RocksDB's
snappy detection to not find that snappy was installed:
https://goo.gl/YOWJl0

The snippet there requires that the headers are installed, not just the
library. By installing the headers, we can ensure that snappy is linked.

OR, alternatively, we could just leave it and not link snappy. It's
uncertain what the specific benefits of including snappy are for our
use-case. (CC @igorcanadi)
 2015-07-01 16:14:06 -07:00
Teddy Reed
79de0a5def [#1277] Forward status logs to osqueryd workers 
If watcher processes generate warning or error status logs they
will "relay" to the worker processes upon successful sanity check.
 2015-07-01 15:26:26 -07:00
Nicholas Sun
1389b5e8f9 add epoch number to device-mapper version 2015-07-01 14:47:22 +00:00
Mike Arpaia
5ef01b4075 Merge pull request #1272 from marpaia/getConfig 
rename osquery::getConfig to osquery::makeTLSConfigRequest
 2015-06-29 23:45:15 -07:00
Mike Arpaia
a2ec9d5885 rename osquery::getConfig to osquery::makeTLSConfigRequest 2015-06-29 23:33:40 -07:00
Mike Arpaia
06793f9d00 Merge pull request #1267 from marpaia/osquery-latest-no-more 
Remove "latest" from the osquery package names
 2015-06-29 15:09:31 -07:00
Teddy Reed
0e4962fde0 Merge pull request #1268 from theopolis/fix_yara_events_cmake 
Yara events was not building
 2015-06-29 14:58:30 -07:00
Teddy Reed
0d6ab16281 Yara events was not building 2015-06-29 14:45:31 -07:00
Mike Arpaia
d6719f9ef7 Remove "latest" from the osquery package names 2015-06-29 11:18:49 -07:00
Mike Arpaia
661e46ae48 Merge pull request #1253 from theopolis/better_print 
Fix small issue with printing
 2015-06-28 17:22:53 -07:00
Teddy Reed
6011ad06eb Fix small issue with printing 2015-06-28 11:18:35 -07:00
Teddy Reed
6c8814bcb9 Merge pull request #1257 from theopolis/fix_1198 
[Fix #1198] Add a small retry to ext watcher
 2015-06-28 02:54:28 -07:00
Teddy Reed
8db6ca4a3f [Fix #1198] Add a small retry to ext watcher 2015-06-28 02:12:50 -07:00
Teddy Reed
5566d8cd96 Merge pull request #1194 from theopolis/lucid-build 
Loose support for building on Ubuntu 10.04
 2015-06-27 20:47:53 -07:00
Teddy Reed
55ecfc7058 Merge pull request #1250 from theopolis/fast_ext_tests 
[Fix #1198] Faster death/timeout checks in extensions tests
 2015-06-25 13:03:26 -07:00
Teddy Reed
e7ed68e187 [Fix #1198] Faster death/timeout checks in extensions tests 2015-06-25 02:53:53 -07:00
Teddy Reed
66dcedcd54 Merge pull request #1249 from d0ugal/master 
Updated the MkDocs config from the deprecated format
 2015-06-25 01:34:34 -07:00
Dougal Matthews
bcffd4a2a0 Updated the MkDocs config from the deprecated format 2015-06-25 08:35:40 +01:00
Teddy Reed
6437ddb82d Merge pull request #1235 from sharvilshah/remove_os_x_10_9_code 
Remove OS X 10.9 code path
 2015-06-24 15:18:32 -07:00
Teddy Reed
3c69ee8e53 Merge pull request #1238 from sharvilshah/fix_watchdog_tests 
[Fix #1220] osqueryd watchdog tests
 2015-06-24 15:18:09 -07:00
Mike Arpaia
7d5cb221dd Merge pull request #1239 from marpaia/1237-segfault 
Check for nullptr in CreatePropertyFromCertificate
 2015-06-24 08:25:25 -07:00
Mike Arpaia
d6389dc64d Check for nullptr in CreatePropertyFromCertificate 2015-06-23 21:45:46 -07:00