valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 18:33:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
801 Commits 2 Branches 109 Tags 25 MiB
f94fd67d29
Commit Graph

801 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mike Arpaia
f94fd67d29 Merge pull request #455 from theopolis/feature-understandable-logging 
More appropriate logging controls
 2014-11-17 20:08:39 -08:00
Mike Arpaia
744b740ee9 Merge pull request #458 from facebook/floating-point-foo 
handling case where max and min are the same
 2014-11-17 20:08:24 -08:00
mike@arpaia.co
62605dc187 handling case where max and min are the same 2014-11-17 20:06:29 -08:00
Teddy Reed
2a60fb7e16 More appropriate logging controls 2014-11-17 20:31:30 -07:00
Mike Arpaia
49da6387ea Merge pull request #454 from facebook/pidfile 
pidfile for osqueryd
 2014-11-17 19:27:08 -08:00
Mike Arpaia
27e1612fb0 Merge pull request #452 from theopolis/feature-ld-timeout 
Add throttle to LD plist
 2014-11-17 19:25:36 -08:00
mike@arpaia.co
a680e173dd i'm not ok 2014-11-17 19:25:06 -08:00
mike@arpaia.co
89da66458c making the name of the flag more concise 2014-11-17 19:17:07 -08:00
Mike Arpaia
a028b15858 Merge pull request #449 from facebook/config-splay 
Add a splay of 10% to scheduled queries so that they don't stack
 2014-11-17 19:09:50 -08:00
mike@arpaia.co
81ace6a890 adding some better logging 2014-11-17 19:08:51 -08:00
mike@arpaia.co
c56b663261 pidfile for osqueryd 
close #442
 2014-11-17 18:42:36 -08:00
Teddy Reed
8fd957dd65 Add throttle to LD plist 2014-11-17 19:35:37 -07:00
Teddy Reed
7287ad5e63 Fix process free regression for libprocps 2014-11-17 16:52:20 -08:00
Javier Marcos
27c1147f75 Merge pull request #451 from facebook/sudo_env_support_mountain_lion 
Support of osx 10.8 broke the other builds with the -E parameter
 2014-11-17 15:54:45 -08:00
Javier Marcos
0c59fc9d9f Support of osx 10.8 broke the other builds with the -E parameter 2014-11-17 15:48:27 -08:00
Teddy Reed
00de10db95 Merge pull request #440 from mgoffin/mounts_table 
Mounts table for OSX
 2014-11-17 15:43:33 -08:00
mike@arpaia.co
f8c27bde85 Add a splay of 10% to scheduled queries so that they don't stack 
close #446
 2014-11-17 14:19:09 -08:00
mike@arpaia.co
ca2c63419a incorrect namespacing 2014-11-17 13:47:44 -08:00
Mike Goffin
57faad63fa Merge branch 'master' into mounts_table 2014-11-17 15:03:50 -05:00
Mike Goffin
2ce6882317 Format fixes. 
- ran clang-format.
- lowercased column names for table.
- removed include for boost as it's no longer being used.
 2014-11-17 15:02:33 -05:00
Mike Arpaia
3c2059227e Merge pull request #448 from facebook/444 
Change glog max log size to 10MB
 2014-11-17 11:39:50 -08:00
mike@arpaia.co
715e10a738 Change glog max log size to 10MB 
close #444
 2014-11-17 11:39:35 -08:00
Teddy Reed
1116d6a928 Merge pull request #438 from theopolis/feature-arp-table 
arp_cache vtable for OSX and Linux
 2014-11-17 11:36:46 -08:00
Mike Arpaia
c56d045f7a Merge pull request #447 from facebook/445 
Get rid of superfluous logging in launchQueries
 2014-11-17 11:29:55 -08:00
mike@arpaia.co
f707253537 close #445 2014-11-17 11:29:14 -08:00
Mike Arpaia
c5e50ff26e Merge pull request #439 from wxsBSD/macros 
Use INTEGER macro.
 2014-11-17 11:19:08 -08:00
Mike Goffin
0b4e382e96 Merge branch 'master' into mounts_table 2014-11-17 13:46:59 -05:00
Mike Goffin
6cddf4ad39 Mounts table for Darwin. 
Associated with #255, this adds Mounts table support for Darwin.
 2014-11-17 13:43:59 -05:00
Wesley Shields
c764226b77 Use INTEGER macro. 
This makes the code match the example at:

https://github.com/facebook/osquery/wiki/creating-a-new-table
 2014-11-17 13:30:46 -05:00
Teddy
968f8027e6 Cleaner arp_table->arp_cache on Linux/OSX 2014-11-17 02:37:15 -08:00
Javier Marcos
093c857aea Merge pull request #437 from facebook/centos_build_fix 
Fixes building in CentOS, sudo was missing from some commands
 2014-11-16 22:51:06 -08:00
Javier Marcos
5db8dcbae6 Fixes building in CentOS, sudo was missing from some commands 2014-11-16 22:46:12 -08:00
Teddy Reed
d50d1cf3a7 Faster build on Ubuntu 2014-11-16 19:49:41 -08:00
Teddy Reed
ee015343f9 Simplify arp, move to arp_table 2014-11-16 19:49:40 -08:00
Pablo S. Torralba
65c4ed4a7d Fix boost split on linux to remove sscanf 2014-11-16 19:49:40 -08:00
Pablo S. Torralba
2b32673445 Some fixes: 
- clang-format on code
- NULL -> nullptr
- some (char *) changed in std::string favour
- Removed a memory leak.
- Moved struct inside the table namespace
 2014-11-16 19:49:40 -08:00
Pablo S. Torralba
778951d6a4 Remove osx dependency on system() call to get arp information 2014-11-16 19:49:40 -08:00
Pablo S. Torralba
c7fc2cee22 rename vtable field arp->mac 2014-11-16 19:49:40 -08:00
Pablo S. Torralba
4f524abbea arp vtable different implementation in osx and linux 2014-11-16 19:49:40 -08:00
Pablo S. Torralba
413d6f068b Change fgetln (osx specific) in favour of getline (both osx and linux) 2014-11-16 19:49:40 -08:00
Pablo S. Torralba
1843d80660 arp vtable with ip, arp and interface where it was seen 2014-11-16 19:49:40 -08:00
Mike Arpaia
c594c67dae Merge pull request #436 from facebook/launchd-customization 
Customizable LaunchDaemon via a command-line flag
 2014-11-16 13:01:17 -08:00
Mike Arpaia
a4b9920ed9 Merge pull request #435 from facebook/blacklist-inode 
blacklisting port_inode and socket_inode
 2014-11-16 13:01:01 -08:00
mike@arpaia.co
2e49debd70 Customizable LaunchDaemon via a command-line flag 
This is in response to #411. Allowing you to specify arguments on the
command-line has more edge-cases than I'd prefer, so I think this is a
bit more of a sustainable solution, especially given that you're already
supplying the tool with a path to your config file (now you can just
track one additional file).
 2014-11-16 11:07:52 -08:00
mike@arpaia.co
bfceaf8453 blacklisting port_inode and socket_inode 
port_inode and socket_inode have caused a few issues lately and, as of
right now, they both have open issues against them. For the time being,
I'm going to blacklist them. When the tables are production-ready, we
can re-add them back in to the base linux build.
 2014-11-16 09:42:57 -08:00
Teddy Reed
816faec3db Merge pull request #429 from cdown/llvm_license 
Add missing LLVM license referenced in git-clang-format.py
 2014-11-14 18:46:22 -08:00
Teddy Reed
f725e1c01d Merge pull request #431 from cdown/its_lintmas 
Add PEP8 and general lint conformance to in-house scripts
 2014-11-14 18:46:11 -08:00
Chris Down
8082313cce Revert removal of unused symbols in genapi per @theopolis' comment: 
At https://github.com/cdown/osquery/commit/2a93de#commitcomment-8583208:
> Although the removed symbols aren't referenced in this script they are
> used in the spec evaluation.
 2014-11-15 01:39:29 +00:00
Chris Down
2a93def805 Add PEP8 and general lint conformance to in-house scripts 
My intent in this diff was mostly style linting, so I disabled
non-stylistic pylint linters that fired in the interests of making this
a sane diff with one purpose: stylistic consistency and conformance. If
I disabled them it means they were thrown somewhere and should probably
be looked into some time :-)

This diff adds:
- PEP8 conformance (tested with pep8)
- A cleanup of stuff shown by `pylint`, with quite a few linters
  disabled. See above for rationale to disable these -- in the end this
  was mostly unused variables, unused imports, etc). These are the
  linters I disabled:
  - attribute-defined-outside-init
  - bad-classmethod-argument
  - bare-except
  - broad-except
  - exec-used
  - invalid-name
  - logging-not-lazy
  - method-hidden
  - missing-docstring
  - redefined-outer-name
  - too-few-public-methods
  - too-many-instance-attributes
  - too-many-locals
  - unused-argument
- flake8 warnings fixed (warnings were about redefinition of previous
  variables in a listcomp)

I didn't do anything with git-clang-format since it's from an external
project and it's possible that there may be a wish to merge it in again
later if it gets updated upstream, but you could, of course, apply this
to that script as well if you so wish. Right now it's not at all PEP8
conformant.
 2014-11-14 23:36:36 +00:00
Teddy Reed
0cb30d8ccb Merge pull request #430 from theopolis/fix-biging 
Check tables row vector size before access
 2014-11-14 15:25:39 -08:00