valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 18:33:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
d27a7ecc4c
osquery-1/osquery/tables/networking
History
Teddy Reed b81b6de6ae This refactors a bit of config/packs and adds a socket_events table to Linux. 
The refactor of config/packs was initiated because event subscribers needed
a method for toggling `::init` based on some configurable option. In the case
of auditd, turning on the support with `--disable_audit=false` used to start
auditing the EXECVE syscall. It was understandable that this would cause
latency based on the number of processes executing per measure of time.

A new `socket_events` table will do the same but for `bind` and `connect`. These
are less-obvious and for now, require a scan of /proc for socket tuples. In the
future this file descriptor to socket tuple will be faster.
2015-10-27 15:13:02 -07:00
..
darwin Add optional TLS config plugin refresh 2015-07-17 14:59:08 -07:00
freebsd Fix build on FreeBSD. 2015-05-30 01:14:08 +00:00
linux This refactors a bit of config/packs and adds a socket_events table to Linux. 2015-10-27 15:13:02 -07:00
tests Add state, group, and nice to processes 2015-09-24 13:11:46 -07:00
etc_hosts.cpp fixes for problems related to unsigned to signed integer comparisons 2015-10-16 16:10:36 +00:00
etc_protocols.cpp Various shell fixups 2015-04-27 16:40:05 -07:00
etc_services.cpp Remove some non-warning/error log lines from tables 2015-07-24 00:09:06 -07:00
interfaces.cpp Fixed some type problems, casting away const, integer types, old style casts, etc. 2015-10-21 20:56:58 +00:00
listening_ports.cpp Split OSX process_open_files into files/sockets 2015-01-13 11:05:54 -08:00
utils.cpp Fix getifaddrs checking 2015-07-08 22:37:35 -07:00
utils.h Removing trailing whitespace 2015-05-11 23:31:13 -07:00