valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 02:18:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
885 Commits 2 Branches 109 Tags 25 MiB
f651254bc5
Commit Graph

885 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sean Williams
f651254bc5 Remove hooking of init module: it should really go in an LSM proper; also fix Makefile when SMAP is not specified 2014-12-06 12:47:59 -08:00
Sean Williams
09230fc192 Makefile more flexible; fix a few bugs; optionally naively hide module 2014-11-24 16:26:03 -08:00
Sean Williams
aaee4d99ed Makefile more flexible; fix a few bugs; optionally naively hide module 2014-11-24 16:26:03 -08:00
mike@arpaia.co
bdf68e2e67 removing trailing content 2014-11-24 16:26:03 -08:00
mike@arpaia.co
542c7d83a9 new headers 2014-11-24 16:26:03 -08:00
mike@arpaia.co
f958b18984 moving to top-level kernel directory 2014-11-24 16:26:02 -08:00
Sean Williams
4ed1e10017 Fix a couple bugs; cleanup unused code/includes 2014-11-24 16:26:02 -08:00
Sean Williams
70d2b1038a Detect some linux kernel tampering. initial branch; not yet complete 
-Download kernel headers, enter camb directory, and type 'make'
-New sysfs directory /sys/kernel/camb created with two files undearneath it:
syscall_addr_modified and text_segment_hash.

File `syscall_addr_modified` is either 1 or 0 representing whether the syscall function pointers were modified or not respectively.
File `text_segment_hash` is the current sha1 hash of the kernel's .text segment (excluding loaded modules)

The address range that camb currently hashes is subject to change because it's probably not comprehensive. However, it caught the rootkits that I've thrown at it, one of which is suterusu (https://github.com/mncoppola/suterusu).
 2014-11-24 16:26:02 -08:00
Mike Arpaia
6b525af149 Update README.md 2014-11-24 08:56:56 -08:00
Mike Arpaia
20065157f1 update build matrix text 2014-11-24 08:56:28 -08:00
mike@arpaia.co
077fc936c9 updating master api references 2014-11-22 23:41:22 -08:00
Teddy Reed
54536e5915 Merge pull request #490 from theopolis/universal-darwin-pkg 
Towards a more universal darwin package
 2014-11-22 18:54:01 -08:00
Teddy Reed
4d19f4c97a Merge pull request #491 from theopolis/iokit_usb 
OS X IOKit's USB Devices virtual table
 2014-11-22 18:53:46 -08:00
Teddy Reed
4de3c8a0cf Fix memory leaks in USB Devices for OSX 2014-11-22 18:04:47 -08:00
Nick
acad6d8e8d Added USB device support for Mac (Linux coming next) 2014-11-22 17:42:56 -08:00
Teddy Reed
38bc5542b3 Towards a more universal darwin package 2014-11-22 17:42:02 -08:00
Teddy Reed
5620510414 Merge pull request #488 from wxsBSD/macros 
Using SQLite type macros
 2014-11-22 13:04:49 -08:00
Wesley Shields
059403eac4 Merge branch 'master' into macros 
Conflicts:
	osquery/tables/system/darwin/processes.cpp
 2014-11-22 15:12:21 -05:00
Javier Marcos
4b5d8c4903 Merge pull request #485 from facebook/improve_build_script 
Changes to build scripts
 2014-11-21 15:41:42 -08:00
Javier Marcos
00d1d8f563 Avoiding unnecessary download of cmake in Ubuntu, removing Travis support and adding new dependency in osx needed to build a package 2014-11-21 15:33:47 -08:00
Teddy Reed
5da3ce9a24 Merge pull request #484 from theopolis/remove-host-routes 
Remove 'host' from OS X route types #483
 2014-11-21 11:05:46 -08:00
Teddy Reed
1caba72c30 Remove 'host' from OS X route types #483 2014-11-21 10:59:25 -08:00
Teddy Reed
863d99350b Merge pull request #481 from theopolis/unsigned-bigint-type 
Add basic support for unsigned long long int
 2014-11-21 10:49:07 -08:00
Teddy Reed
44181b7aeb Add basic support for unsigned long long int 2014-11-21 10:32:56 -08:00
Teddy Reed
6fc014b390 Merge pull request #478 from theopolis/darwin_min_abi 
Support at least darwin/OSX 10.9+
 2014-11-20 18:10:39 -08:00
Teddy Reed
011c0f0d47 Support at least darwin/OSX 10.9+ 2014-11-20 18:02:38 -08:00
Teddy Reed
e9f3162e6d Merge pull request #477 from theopolis/darwin_process_improvements 
Pull process_open_files out of processes.cpp and reduce logging
 2014-11-20 17:27:39 -08:00
Teddy Reed
7cee788be5 Add build matrix 2014-11-20 17:26:11 -08:00
Teddy Reed
1961921d95 Pull process_open_files out of processes.cpp and reduce logging 2014-11-20 17:19:04 -08:00
Javier Marcos
f247287b37 Merge pull request #476 from facebook/master_build_per_platform 
Adding one build badge per supported system
 2014-11-20 15:25:44 -08:00
Javier Marcos
0a161bcd2f Adding one build badge per supported system 2014-11-20 15:02:27 -08:00
Teddy Reed
a84c20a468 Merge pull request #472 from theopolis/cleanup-inode-tables 
Cleanup inode table implementations and unblacklist.
 2014-11-19 17:04:23 -08:00
Teddy Reed
b2debf509a Cleanup inode table implementations and unblacklist 2014-11-19 16:56:48 -08:00
Javier Marcos
bdaed6390e Merge pull request #473 from facebook/improve_build_script 
FIRST! 👍
 2014-11-19 16:40:45 -08:00
Javier Marcos
2ca0e44d5c Comment to test PR builds, again 2014-11-19 16:33:33 -08:00
Javier Marcos
a190b41720 Comment to test PR builds 2014-11-19 16:23:25 -08:00
Teddy Reed
9a6a69a224 Merge pull request #469 from theopolis/logging-nits 
Move expected errors to info log
 2014-11-19 14:54:32 -08:00
Javier Marcos
0dabad43af Merge pull request #471 from facebook/apt_get_update_errors 
Fix problem with apt-get update and hash mismatch
 2014-11-19 13:08:03 -08:00
Javier Marcos
e585fffacb Fix problem with apt-get update and hash mismatch 2014-11-19 12:59:40 -08:00
Mike Arpaia
ac70916719 Merge pull request #434 from lwhsu/freebsd-build 
FreeBSD support of build infrastructure
 2014-11-19 09:23:17 -08:00
Teddy Reed
bc9a5ed3b4 Move expected errors to info log 2014-11-19 09:03:58 -08:00
Li-Wen Hsu
babb13240d Install build dependencies and fix checksum command for FreeBSD 2014-11-19 17:58:31 +08:00
Li-Wen Hsu
ac54355db6 Install gmake while provision, later build process depends on it 
While here, rename box because major version is enough
 2014-11-19 17:58:16 +08:00
Li-Wen Hsu
c81dd40a24 Add FreeBSD VM in Vagrantfile 2014-11-19 15:35:40 +08:00
Mike Arpaia
c823de82a0 Merge pull request #467 from facebook/launchd-tests 
Fixing the tests
 2014-11-18 18:35:06 -08:00
mike@arpaia.co
6c0230933b arbitrary whitespace 2014-11-18 18:23:46 -08:00
Javier Marcos
e54e2f2bec Merge pull request #466 from facebook/include_jenkins_build_status 
Shows master build status icon
 2014-11-18 18:19:47 -08:00
mike@arpaia.co
756f755aa4 fixing typo in config tests 2014-11-18 18:06:33 -08:00
mike@arpaia.co
ee15228819 fixing naming of columns in tests 2014-11-18 17:43:16 -08:00
Javier Marcos
82c842590c Link to master build only 2014-11-18 17:13:05 -08:00