Commit Graph

770 Commits

Author SHA1 Message Date
Thomas Stromberg 2700c780b7
Add a runnable osquery.conf example 2023-03-04 13:03:30 -05:00
Thomas Strömberg 6d05dbc2da
Merge pull request #211 from tstromberg/keyfinder
Add RSA key finders, and mdfind-based GCP key finder
2023-03-01 11:08:09 -05:00
Thomas Stromberg fa7a0971d4
Add RSA key finders, and mdfind-based GCP key finder 2023-03-01 11:05:35 -05:00
Thomas Strömberg b7d7ad1a1b
Update README.md 2023-02-24 18:30:31 -05:00
Thomas Strömberg 3f3033ad5c
Merge pull request #210 from tstromberg/make
Makefile: Add 'detect' rule, fix collection/IR rules
2023-02-24 18:29:32 -05:00
Thomas Strömberg 4bde3791a3
Update README.md 2023-02-24 18:29:24 -05:00
Thomas Stromberg 3df885d9bc
Makefile: Add 'detect' rule, fix collection/IR rules 2023-02-24 18:19:22 -05:00
Thomas Strömberg fd935d6c89
Update README.md 2023-02-24 18:05:58 -05:00
Thomas Strömberg 713c1babc1
Update README.md 2023-02-24 18:00:25 -05:00
Thomas Strömberg ea01dea23c
Rename response -> incident_response 2023-02-24 17:58:03 -05:00
Thomas Strömberg e58cbbc7a9
Merge pull request #209 from tstromberg/make
Add privacy-aware version of the IR rules
2023-02-24 17:48:54 -05:00
Thomas Stromberg 063eb1691c
Add privacy-aware version of the IR rules 2023-02-24 17:47:07 -05:00
Thomas Strömberg 6dba4e03cf
Merge pull request #208 from tstromberg/make
Remove wireless-networks rule, rename collection to collect
2023-02-24 17:31:03 -05:00
Thomas Stromberg b9cefa0d09
Remove wireless-networks rule, rename collection to collect 2023-02-24 17:30:43 -05:00
Thomas Strömberg 020145f207
Merge pull request #207 from tstromberg/kindle
Optimize recently-created-executables-macos
2023-02-24 17:27:07 -05:00
Thomas Stromberg 12a5507907
Optimize recently-created-executables-macos 2023-02-24 17:24:09 -05:00
Thomas Strömberg 243b4d04e6
Merge pull request #206 from tstromberg/kindle
macOS: Exceptions for TestFlight apps & specifically Kindle
2023-02-24 17:08:54 -05:00
Thomas Stromberg 4150b1ee7c
macOS: Exceptions for TestFlight apps & specifically Kindle 2023-02-24 17:04:34 -05:00
Thomas Strömberg 5f1d801b68
Merge pull request #205 from tstromberg/fpr-eow
Fix broken IR non-Wireless rule
2023-02-24 16:57:59 -05:00
Thomas Stromberg fc08a698ec
Fix broken IR non-Wireless rule 2023-02-24 16:56:17 -05:00
Thomas Strömberg eaa15112b5
Merge pull request #203 from tstromberg/fpr-eow
fpr: abrt-dbus, gdm, chrome, ff, act, qemu, lima, etc.
2023-02-24 16:52:18 -05:00
Thomas Stromberg fb022f8005
verify: 10s for IR 2023-02-24 16:49:53 -05:00
Thomas Stromberg 2f25ce9c2a
Merge branch 'main' into fpr-eow 2023-02-24 16:49:07 -05:00
Thomas Strömberg d359147e57
Merge pull request #204 from tstromberg/ci
Add verify-ci Makefile rule
2023-02-24 16:47:57 -05:00
Thomas Stromberg 39ad038c04
Add verify-ci Makefile rule 2023-02-24 16:44:00 -05:00
Thomas Stromberg fe2e1a60b2
verify: increase max duration to 15s for IR 2023-02-24 16:32:02 -05:00
Thomas Stromberg fb7cd56249
fpr: abrt-dbus, gdm, chrome, ff, etc 2023-02-24 16:30:17 -05:00
Thomas Strömberg 98be2abf1b
Fix CI badge 2023-02-24 16:27:20 -05:00
Thomas Strömberg c04901d50a
Merge pull request #202 from tstromberg/ci
Add Github CI job
2023-02-24 12:19:08 -05:00
Thomas Stromberg 804a345da7
Add Github CI job 2023-02-24 12:18:29 -05:00
Thomas Strömberg be31037062
Merge pull request #201 from tstromberg/ci
Introduce CI testing & 'make verify' command.
2023-02-24 12:17:16 -05:00
Thomas Stromberg 995c1e1104
Fixes so that ODK can run under CI 2023-02-24 12:15:56 -05:00
Thomas Strömberg de899a68bb
Merge pull request #200 from tstromberg/makefile
Makefile: collect as root
2023-02-23 21:46:11 -05:00
Thomas Stromberg 1ac3d4fbb8
Makefile: collect as root 2023-02-23 21:45:34 -05:00
Thomas Strömberg 6c9f275bbc
Merge pull request #199 from tstromberg/main
Makefile: add "make collection" target, improve others
2023-02-23 21:30:43 -05:00
Thomas Stromberg 3984b82701
Makefile: add "make collection" target, improve others 2023-02-23 21:29:28 -05:00
Thomas Strömberg 1ec25c8d53
Merge pull request #198 from tstromberg/ir
incident_response: bugfixes across queries
2023-02-23 21:25:36 -05:00
Thomas Stromberg 5fa706805e
incident_response: bugfixes across queries 2023-02-23 21:24:52 -05:00
Thomas Strömberg e50a84f382
Merge pull request #197 from tstromberg/rootkit-detection
incident response: remove ever-changing columns from process table
2023-02-23 17:13:06 -05:00
Thomas Stromberg db792dc3c2
incident response: remove ever-changing columns from process table 2023-02-23 17:12:45 -05:00
Thomas Strömberg a7c2b1d2fd
Merge pull request #196 from tstromberg/rootkit-detection
incident response: Rename files-from-proc to process-files.
2023-02-23 17:12:18 -05:00
Thomas Stromberg 8ce348dfc4
Rename files-from-proc to process-files. 2023-02-23 17:11:35 -05:00
Thomas Strömberg 6eff54d7f3
Merge pull request #195 from tstromberg/rootkit-detection
incident response: Add dump of /dev files
2023-02-23 17:11:10 -05:00
Thomas Strömberg c198de4133
Merge pull request #194 from tstromberg/rootkit-detection
Add detectors for the reveng_rtkit rootkit
2023-02-23 17:10:39 -05:00
Thomas Stromberg c8ecc36079
incident response: Add dump of /dev files 2023-02-23 17:09:25 -05:00
Thomas Stromberg a7c2ef97e1
Add detectors for the reveng_rtkit rootkit 2023-02-23 17:05:11 -05:00
Thomas Strömberg 0cba2837bc
Merge pull request #193 from tstromberg/debian
Debian uid0: add dhclient and unattended-upgr
2023-02-23 10:39:15 -05:00
Thomas Stromberg d253820cf2
Debian: add dhclient and unattended-upgr 2023-02-23 10:35:26 -05:00
Thomas Strömberg ab5c01a998
Merge pull request #190 from zestysoft/fpr-2
Add osquery to keyboard_sniffer
2023-02-23 10:34:04 -05:00
Thomas Strömberg f1e7474b3f
Merge pull request #192 from tstromberg/debian
Add exceptions for Debian running under lima
2023-02-23 10:33:46 -05:00