platform/core/security/vist.git
5 years agoAdd programming interface for event subscription
Sangwan Kwon [Wed, 19 Jun 2019 02:54:45 +0000 (11:54 +0900)]
Add programming interface for event subscription

Signed-off-by: Sangwan Kwon <sangwan.kwon@samsung.com>
5 years agoApply meyer's singleton to programming interface
Sangwan Kwon [Wed, 12 Jun 2019 23:47:23 +0000 (08:47 +0900)]
Apply meyer's singleton to programming interface

- Re-design API more simply

Signed-off-by: Sangwan Kwon <sangwan.kwon@samsung.com>
5 years agoAdd programming interface for excuting query
Sangwan Kwon [Mon, 10 Jun 2019 23:34:02 +0000 (08:34 +0900)]
Add programming interface for excuting query

Signed-off-by: Sangwan Kwon <sangwan.kwon@samsung.com>
5 years agoFix build error on gbs
Sangwan Kwon [Tue, 9 Jul 2019 23:44:28 +0000 (08:44 +0900)]
Fix build error on gbs

Signed-off-by: Sangwan Kwon <sangwan.kwon@samsung.com>
5 years agoBump version to upstream-1.4.5 [experimental]
Sangwan Kwon [Thu, 2 Apr 2015 20:31:51 +0000 (13:31 -0700)]
Bump version to upstream-1.4.5 [experimental]

- Fast tests (Test binary is unified to osquery-test)

Added: file_events, osquery_schedule, etc_protocols

Known issues
  - extension tests failed
  - virtual table tests failed (passed only when it runs as standalone)
  - Tizen build failed (gflag issue)

Signed-off-by: Sangwan Kwon <sangwan.kwon@samsung.com>
5 years agoBump version to upstream-1.4.4 [experimental]
Sangwan Kwon [Wed, 18 Mar 2015 19:01:58 +0000 (12:01 -0700)]
Bump version to upstream-1.4.4 [experimental]

- Support specific config source async updating
- Remove libprocps(ng) in favor of parsing proc manually

Known issues
  - extension tests failed
  - Tizen build failed

Signed-off-by: Sangwan Kwon <sangwan.kwon@samsung.com>
5 years agoBump version to upstream-1.4.3 [experimental]
Sangwan Kwon [Wed, 25 Feb 2015 04:29:57 +0000 (21:29 -0700)]
Bump version to upstream-1.4.3 [experimental]

Known issues
  - extension tests failed
  - Tizen build failed

Added: os_version

Signed-off-by: Sangwan Kwon <sangwan.kwon@samsung.com>
5 years agoFix build error on upstream-1.4.2
Sangwan Kwon [Wed, 12 Jun 2019 23:04:03 +0000 (08:04 +0900)]
Fix build error on upstream-1.4.2

Known issues
  - extension tests failed
  - Tizen build failed

Signed-off-by: Sangwan Kwon <sangwan.kwon@samsung.com>
5 years agoBump version to upstream-1.4.2 [experimental]
Sangwan Kwon [Sat, 14 Feb 2015 01:40:02 +0000 (17:40 -0800)]
Bump version to upstream-1.4.2 [experimental]

** Do not merge into stable branch **

- Add flag aliasing (Build error on Tizen)
- Extensions integrations testing (Test failed)

Signed-off-by: Sangwan Kwon <sangwan.kwon@samsung.com>
5 years agoFix build error on upstream-1.4.1
Sangwan Kwon [Wed, 12 Jun 2019 02:28:23 +0000 (11:28 +0900)]
Fix build error on upstream-1.4.1

Signed-off-by: Sangwan Kwon <sangwan.kwon@samsung.com>
5 years agoBump version to upstream-1.4.1
Sangwan Kwon [Tue, 10 Feb 2015 02:18:22 +0000 (18:18 -0800)]
Bump version to upstream-1.4.1

- Add distributed query feature

Signed-off-by: Sangwan Kwon <sangwan.kwon@samsung.com>
5 years agoFix build error
Sangwan Kwon [Wed, 5 Jun 2019 01:37:33 +0000 (10:37 +0900)]
Fix build error

Signed-off-by: Sangwan Kwon <sangwan.kwon@samsung.com>
5 years agoUpdate resource_class in circleci config
Kuenhwan [Tue, 11 Jun 2019 02:53:31 +0000 (11:53 +0900)]
Update resource_class in circleci config

5 years agoMake the docker directory hidden
sangwan.kwon [Tue, 4 Jun 2019 07:37:25 +0000 (16:37 +0900)]
Make the docker directory hidden

Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
5 years agoMake all testcases successful
sangwan.kwon [Tue, 4 Jun 2019 05:00:11 +0000 (14:00 +0900)]
Make all testcases successful

docker:
  1. make docker_run
  2. cd /usr/src & make
  3. make test

tizen-standard:
  1. gbs build -A armv7l -P standard
  2. sdb push ${tizen-osquery}/tools/tests /tools/tests
  3. find /usr/bin -name "osquery*tests" -exec {} \;

Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
5 years agoBump version to upstream-1.4.0
sangwan.kwon [Thu, 22 Jan 2015 22:00:35 +0000 (14:00 -0800)]
Bump version to upstream-1.4.0

- Add a watcher/worker model for osqueryd
- Change to a new registry model
- Add getQueryColumns function to core
- Add extension API with thrift RPC

Added: kernel_info, shared_memory, process_memory_map
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
5 years agoBump version to upstream-1.3.1
sangwan.kwon [Thu, 30 May 2019 04:31:30 +0000 (13:31 +0900)]
Bump version to upstream-1.3.1

- New hash apis

Added: smbios

Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
5 years agoAdd circleci badge to README
sangwan.kwon [Fri, 31 May 2019 02:52:49 +0000 (11:52 +0900)]
Add circleci badge to README

Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
5 years agoAdd circleci config file
sangwan.kwon [Thu, 30 May 2019 04:31:30 +0000 (13:31 +0900)]
Add circleci config file

Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
5 years agoBump version to upstream-1.2.0
sangwan.kwon [Wed, 19 Nov 2014 02:06:33 +0000 (18:06 -0800)]
Bump version to upstream-1.2.0

- Update table generators to use QueryContext
- Amalgamate generated tables
- Add -json output mode for shell

Added: hardware-events(udev)

Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
5 years agoBump version to upstream-1.1.0
sangwan.kwon [Tue, 11 Nov 2014 16:17:28 +0000 (11:17 -0500)]
Bump version to upstream-1.1.0

Added: arp

Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
5 years agoBump version to upstream-1.0.4
sangwan.kwon [Fri, 17 Oct 2014 23:57:03 +0000 (16:57 -0700)]
Bump version to upstream-1.0.4

Added: bash_history, kernel_modules, suid_bin, crontab, mounts,
       process_open_file, process_envs, socket_inode, port_inode
Excepted: cpuid, rpm

Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
5 years agoBump version to upstream-1.0.3
sangwan.kwon [Sat, 4 Oct 2014 01:00:15 +0000 (18:00 -0700)]
Bump version to upstream-1.0.3

Added: routes

Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
5 years agoBump version to upstream-1.0.2
sangwan.kwon [Tue, 21 May 2019 07:33:16 +0000 (16:33 +0900)]
Bump version to upstream-1.0.2

Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
5 years agoImport osqueryd from upstream
sangwan.kwon [Tue, 21 May 2019 07:26:56 +0000 (16:26 +0900)]
Import osqueryd from upstream

Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
5 years agoImport osqueryi from upstream
sangwan.kwon [Tue, 21 May 2019 06:39:54 +0000 (15:39 +0900)]
Import osqueryi from upstream

osqueryi: an interactive SQL query shell.

osquery-sqlite3 version is different from sqlite3 of tizen-repos.
So, use osquery-sqlite3 as is.

Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
5 years agoEnable glog plugin
sangwan.kwon [Tue, 21 May 2019 04:20:47 +0000 (13:20 +0900)]
Enable glog plugin

Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
5 years agoImport build-in tables from upstream
sangwan.kwon [Mon, 20 May 2019 06:57:59 +0000 (15:57 +0900)]
Import build-in tables from upstream

Requires: python-jinja2, libprocps, libsystemd

Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
5 years agoImport event-fw from upstream
sangwan.kwon [Fri, 17 May 2019 05:39:58 +0000 (14:39 +0900)]
Import event-fw from upstream

Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
5 years agoImport dispatcher from upstream
sangwan.kwon [Fri, 17 May 2019 03:53:50 +0000 (12:53 +0900)]
Import dispatcher from upstream

Requires: thrift

Dispatcher is a singleton which can be used to coordinate the parallel
execution of asynchronous tasks across an application. Internally,
Dispatcher is back by the Apache Thrift thread pool.

Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
5 years agoImport scheduler from upstream
sangwan.kwon [Thu, 16 May 2019 04:18:25 +0000 (13:18 +0900)]
Import scheduler from upstream

osquery comes with a scheduler, which schedules a variety of things. This
is one of the core parts of the osqueryd daemon. To use this, simply use
this function as your entry point when creating a new thread.

TBD: Fix sql_tests failed cases. (It should be come with build-in tables.)

Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
5 years agoImport logger from upstream
sangwan.kwon [Tue, 14 May 2019 07:04:03 +0000 (16:04 +0900)]
Import logger from upstream

The logger plugin that you use to define your config receiver can be
defined via a command-line flag, however, if you don't define a logger
plugin to use via the command-line, then the logger receiver which is
represented by the string stored kDefaultLogReceiverName will be used.

Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
5 years agoImport database, configuration, core from upstream
sangwan.kwon [Tue, 14 May 2019 05:11:30 +0000 (14:11 +0900)]
Import database, configuration, core from upstream

- Database
An osquery database is basically just a SQLite3 database with several
virtual tables attached. This method is the main abstraction for creating
SQLite3 databases within osquery.

- Configuration
osquery has two types on configurations. Things that don't change during
the execution of the process should be configured as command-line
arguments. Things that can change during the lifetime of program execution
should be defined using the osquery::config::Config class and the pluggable
plugin interface that is included with it.

Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
5 years agoImport registry from upstream
sangwan.kwon [Mon, 13 May 2019 10:41:38 +0000 (19:41 +0900)]
Import registry from upstream

Requires: sqlite3

Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
5 years agoImport database::results from upstream
sangwan.kwon [Mon, 13 May 2019 07:12:07 +0000 (16:12 +0900)]
Import database::results from upstream

Added data structures: Row, QueryData, DiffResults

Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
5 years agoEnable boost-filesystem
sangwan.kwon [Mon, 13 May 2019 05:38:43 +0000 (14:38 +0900)]
Enable boost-filesystem

Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
5 years agoAdd packaging for database::handle
sangwan.kwon [Mon, 13 May 2019 04:11:38 +0000 (13:11 +0900)]
Add packaging for database::handle

Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
5 years agoImport database::handle from upstream
sangwan.kwon [Thu, 9 May 2019 08:04:13 +0000 (17:04 +0900)]
Import database::handle from upstream

Requires: glog, rocksdb, snappy, z, bz2, lz4, zstd

Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
5 years agoAdd packaging for gbs
sangwan.kwon [Fri, 3 May 2019 08:20:27 +0000 (17:20 +0900)]
Add packaging for gbs

Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
5 years agoInitial build system and test framework
sangwan.kwon [Fri, 3 May 2019 07:20:13 +0000 (16:20 +0900)]
Initial build system and test framework

Requires: gcc-c++, make, cmake
Optional: docker

Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
5 years agoUpdate interface-draft.md
권상완/Security 2Lab(SR)/Engineer/삼성전자 [Tue, 9 Apr 2019 05:25:16 +0000 (14:25 +0900)]
Update interface-draft.md

5 years agoCreate interface-draft.md
권상완/Security 2Lab(SR)/Engineer/삼성전자 [Fri, 22 Mar 2019 05:05:30 +0000 (14:05 +0900)]
Create interface-draft.md

5 years agoUpdate README.md
권상완/Security 2Lab(SR)/Engineer/삼성전자 [Fri, 22 Mar 2019 02:28:47 +0000 (11:28 +0900)]
Update README.md

5 years agoCreate README.md
권상완/Security 2Lab(SR)/Engineer/삼성전자 [Fri, 22 Mar 2019 02:23:08 +0000 (11:23 +0900)]
Create README.md

5 years agoInitial commit
sangwan.kwon [Fri, 22 Mar 2019 01:30:10 +0000 (10:30 +0900)]
Initial commit