osquery-1

mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 09:58:54 +00:00

History

drakearonhalt e205458be0 Added is_hidden column to the users and groups tables on macOS. (#5368 ) Summary: This PR is the result of the discussion in a previous PR (#5348) after we determined account_policy_data was the wrong place for the column. Add `is_hidden` column to the users and groups tables in macOS. `is_hidden` is populated by looking for the `dsAttrTypeNative:IsHidden` attribute in the OpenDirectory record for the user/group if the value is `1`, `True`, or `Yes` is_hidden is 1. If the value is anything else it's set to 0. Invalid values have the same affect as the attribute not existing at all. The `dsAttrTypeNative:IsHidden` attribute controls whether a user account is is visible in the preferences panel similar to having a uid < 500. One test failed when running buck test: ``` ====STANDARD OUT==== tests/integration/tables/helper.cpp:159: Failure Value of: boost::get<CustomCheckerType>(validator)(value) Actual: false Expected: true Custom validator of the column "mask" with value "" failed ``` This also fails when I ran the test on the current experimental branch as well. Important to note I had to remove the optimization on both the user and group tables that just called `getpwnam` if the query specified the `uid` or `gid` since the struct returned doesn't contain the `IsHidden` attribute. I'm not sure if or how much this will affect performance since I wasn't able to get the profiling to work with the new version (very likely I'm just doing it incorrectly). Pull Request resolved: https://github.com/facebook/osquery/pull/5368 Differential Revision: D13862375 Pulled By: akindyakov fbshipit-source-id: 1fec88a6ba71884f7e611e1d96ea00630c5be655		2019-01-30 09:07:56 -08:00
..
carver	Fix LICENSE information on file headers (#5375 )	2019-01-21 11:51:54 -08:00
config	Add pack name in the ScheduledQuery	2019-01-30 06:50:07 -08:00
core	Add pack name in the ScheduledQuery	2019-01-30 06:50:07 -08:00
database	Remove duplication of the target names (#5391 )	2019-01-25 07:23:20 -08:00
devtools	Fix LICENSE information on file headers (#5375 )	2019-01-21 11:51:54 -08:00
dispatcher	Rename profiler.[cpp\|h] to code_profiler.[cpp\|h]	2019-01-30 08:11:21 -08:00
distributed	Fix LICENSE information on file headers (#5375 )	2019-01-21 11:51:54 -08:00
ev2	Basic ev2 framework (#5401 )	2019-01-29 09:30:20 -08:00
events	wrapper around perf_event socket to bind ebpf program to some linux event (#5384 )	2019-01-25 09:25:18 -08:00
examples	Fix LICENSE information on file headers (#5375 )	2019-01-21 11:51:54 -08:00
extensions	Remove duplication of the target names (#5391 )	2019-01-25 07:23:20 -08:00
filesystem	Fix LICENSE information on file headers (#5375 )	2019-01-21 11:51:54 -08:00
hashing	Fix LICENSE information on file headers (#5375 )	2019-01-21 11:51:54 -08:00
include/osquery	Remove duplicated ScheduledQuery	2019-01-30 06:50:07 -08:00
killswitch	Fix LICENSE information on file headers (#5375 )	2019-01-21 11:51:54 -08:00
logger	Remove duplication of the target names (#5391 )	2019-01-25 07:23:20 -08:00
main	Fix LICENSE information on file headers (#5375 )	2019-01-21 11:51:54 -08:00
numeric_monitoring	Remove duplication of the target names (#5391 )	2019-01-25 07:23:20 -08:00
process	remove unused include of boost/optional.hpp in process.h	2019-01-23 04:49:47 -08:00
profiler	Rename profiler.[cpp\|h] to code_profiler.[cpp\|h]	2019-01-30 08:11:21 -08:00
registry	Remove duplication of the target names (#5391 )	2019-01-25 07:23:20 -08:00
remote	Fix LICENSE information on file headers (#5375 )	2019-01-21 11:51:54 -08:00
sql	Tweak: Use long instead of int64_t	2019-01-22 20:49:09 -08:00
tables	Added is_hidden column to the users and groups tables on macOS. (#5368 )	2019-01-30 09:07:56 -08:00
utils	Fix link to expected tests on comment. (#5398 )	2019-01-27 06:53:38 -08:00
BUCK	Make system utils target name unique	2019-01-22 05:28:28 -08:00