valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 01:55:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
5c47e2b91e
osquery-1/specs/utility/file.table
Teddy Reed 9a54af29ce Bump sqlite to 3.11.0
2016-02-21 22:40:37 -08:00

28 lines
1.2 KiB
Plaintext
Raw Blame History

table_name("file")
description("Interactive filesystem attributes and metadata.")
schema([
Column("path", TEXT, "Absolute file path", required=True),
Column("directory", TEXT, "Directory of file(s)", required=True),
Column("filename", TEXT, "Name portion of file path"),
Column("inode", BIGINT, "Filesystem inode number"),
Column("uid", BIGINT, "Owning user ID"),
Column("gid", BIGINT, "Owning group ID"),
Column("mode", TEXT, "Permission bits"),
Column("device", BIGINT, "Device ID (optional)"),
Column("size", BIGINT, "Size of file in bytes"),
Column("block_size", INTEGER, "Block size of filesystem"),
Column("atime", BIGINT, "Last access time"),
Column("mtime", BIGINT, "Last modification time"),
Column("ctime", BIGINT, "Last status change time"),
Column("btime", BIGINT, "(B)irth or (cr)eate time"),
Column("hard_links", INTEGER, "Number of hard links"),
Column("type", TEXT, "File status"),
])
attributes(utility=True)
implementation("utility/file@genFile")
examples([
"select * from file where path = '/etc/passwd'",
"select * from file where directory = '/etc/'",
"select * from file where path LIKE '/etc/%'",
])
Reference in New Issue View Git Blame Copy Permalink