mirror of
https://github.com/valitydev/osquery-1.git
synced 2024-11-06 17:45:22 +00:00
5c1bf4ff0c
* deb_packages: Fix include order issue * bpf_socket_events, bpf_process_events: Initial implementation * BPF: Add process tracking to process events, remove sockets_event * CMake: Upgrade the C++ standard to C++17 * BPF: Improve initial system state snapshot and event collection * BPF: Add tests for SystemStateTracker * BPF: Add tests for BPFEventPublisher * BPF: Refactor, add tests for ProcessContextFactory * Refactor: Improve initial scan/event handling, fix openat * BPF: Improve event ordering * BPF: Fix test issue in BPFEventPublisher::processOpenAt * BPF: Mark WIP functions as deprecated * BPF: Improve tests * BPF: Add back bpf_socket_events and connect() support * BPF: Add Netlink addr support, add bind() * BPF: Add accept/accept4 support * BPF: Add tests for BPFEventPublisher::processOpenat2Event * BPF: Add remaining tests for BPFEventPublisher * BPF: Add configuration flags for memory management * BPF: Add cmdline support to ProcessContextFactory * BPF: Add additional tests * BPF: Add unit test for SystemStateTracker::accept * BPF: Update cwd handling * BPF: Add tests for bpf_socket_events * BPF: Add tests for bpf_process_events * BPF: Add json_cmdline hidden column to bpf_process_events * BPF: Update all copyright headers * BPF: Add syscall duration in socket_events/process_events * BPF: Code review changes * BPF: Update ebpfpub to the latest version * BPF: Removed unused functions * BPF: Code review changes Add whitespace around namespaces * BPF: Revert header changes in rot13.cpp * BPF: Code review changes Rename the bpf_ntime column in bpf_socket_events/bpf_process_events to ntime and make it the last visible column * BPF: Code review changes Update the dependencies for the BPF tests * BPF: Code review changes Update the dependencies for the BPF table tests * BPF: Code review changes Update how characters are appended to strings in the system state tracker class * BPF: Code review changes Update the string -> integer conversion utilities in the process context factory class. * BPF: Hide failed exec syscalls from bpf_process_events results * BPF: Do not log an error for invalid sockaddr structures * BPF: Code review changes Remove clang-format ignore block * BPF: Code review changes Update log messages in the BPFEventPublisher class * BPF: Code review changes Remove clang-format ignore block around the function tracer descriptors * BPF: Code review changes Document the IFilesystem interface * BPF: Code review changes Document the IProcessContextFactory interface * BPF: Code review changes Document the ISystemStateTracker interface |
||
---|---|---|
.. | ||
darwin | ||
freebsd | ||
linux | ||
linwin | ||
lldpd | ||
macwin | ||
posix | ||
sleuthkit | ||
smart | ||
utility | ||
windows | ||
yara | ||
arp_cache.table | ||
atom_packages.table | ||
azure_instance_metadata.table | ||
azure_instance_tags.table | ||
carbon_black_info.table | ||
carves.table | ||
chrome_extension_content_scripts.table | ||
chrome_extensions.table | ||
CMakeLists.txt | ||
cpuid.table | ||
curl_certificate.table | ||
curl.table | ||
denylist | ||
etc_hosts.table | ||
etc_protocols.table | ||
etc_services.table | ||
example.table | ||
firefox_addons.table | ||
groups.table | ||
hash.table | ||
interface_addresses.table | ||
interface_details.table | ||
kernel_info.table | ||
listening_ports.table | ||
logged_in_users.table | ||
office_mru.table | ||
os_version.table | ||
platform_info.table | ||
process_memory_map.table | ||
process_open_sockets.table | ||
processes.table | ||
python_packages.table | ||
routes.table | ||
ssh_configs.table | ||
system_info.table | ||
uptime.table | ||
user_groups.table | ||
user_ssh_keys.table | ||
users.table |