|
|
|
@989
|
[989]
|
11/07/07 17:13:22 |
xkovah |
adding back in code to create a default value for contents in filesystem … |
|
|
|
@987
|
[987]
|
11/07/07 16:16:47 |
xkovah |
think I have the possibility of filesystem errors taken care of |
|
|
|
@985
|
[985]
|
11/07/07 15:07:04 |
xkovah |
ditto |
|
|
|
@984
|
[984]
|
11/07/07 15:01:44 |
xkovah |
trying to get around the filesystem race condition which can happen … |
|
|
|
@983
|
[983]
|
11/07/07 14:59:25 |
xkovah |
my favoritest test script ever |
|
|
|
@980
|
[980]
|
11/07/07 12:52:13 |
xkovah |
possibly fixed version of CaptureBAT binary |
|
|
|
@977
|
[977]
|
11/06/07 16:11:17 |
xkovah |
decided to add the capture-client install dir so I can just have it … |
|
|
|
@976
|
[976]
|
11/06/07 16:03:17 |
xkovah |
checking in an unmodified CaptureBAT.exe in place of our one, to see if it … |
|
|
|
@975
|
[975]
|
11/06/07 15:39:31 |
xkovah |
bugger…the missing $ got into this code as well |
|
|
|
@974
|
[974]
|
11/06/07 15:35:29 |
xkovah |
checking in experimental capture binary with extra code protection to see … |
|
|
|
@969
|
[969]
|
11/06/07 10:36:56 |
xkovah |
Sanity checks which should allow the database to continue if Capture gets … |
|
|
|
@952
|
[952]
|
10/24/07 16:27:33 |
xkovah |
more hacking to try and make the agent more responsive (while … |
|
|
|
@951
|
[951]
|
10/24/07 16:09:45 |
xkovah |
decided to get rid of the 'no changes' message in integrity |
|
|
|
@950
|
[950]
|
10/24/07 15:32:42 |
xkovah |
using master vm 26 for testing right now |
|
|
|
@949
|
[949]
|
10/24/07 15:30:09 |
xkovah |
removed what I think is some deadcode from agent, updated the run.sh to … |
|
|
|
@948
|
[948]
|
10/24/07 14:54:22 |
xkovah |
checking in the latest standalone installer |
|
|
|
@947
|
[947]
|
10/24/07 14:33:02 |
xkovah |
experimental check after every browse |
|
|
|
@943
|
[943]
|
10/24/07 13:39:55 |
xkovah |
minor change to the Integrity.pm to make it more verbose when there are no … |
|
|
|
@936
|
[936]
|
10/16/07 17:01:33 |
xkovah |
Migrated utility scripts to bin. |
|
|
|
@935
|
[935]
|
10/16/07 16:47:24 |
xkovah |
all of matt's database changes |
|
|
|
@934
|
[934]
|
10/16/07 14:01:53 |
xkovah |
getting 'compromise_time' now in the integrity portion, for use by the … |
|
|
|
@932
|
[932]
|
10/16/07 11:06:36 |
kindlund |
Tweaked run.sh |
|
|
|
@931
|
[931]
|
10/16/07 11:04:10 |
kindlund |
Updated run.sh script to support new infrastructure. |
|
|
|
@930
|
[930]
|
10/16/07 10:52:28 |
xkovah |
local modifications made on HC3 |
|
|
|
@929
|
[929]
|
10/16/07 10:43:21 |
mbriggs |
Reverted honeyclient.xml |
|
|
|
@928
|
[928]
|
10/16/07 10:24:02 |
mbriggs |
Update documentation.\nCan now search using sub components.\nCan now … |
|
|
|
@927
|
[927]
|
10/16/07 10:24:01 |
xkovah |
about to get rid of some deadcode |
|
|
|
@921
|
[921]
|
10/12/07 15:10:35 |
xkovah |
fixed Integrity.pm so that it gets the filename to read from the … |
|
|
|
@920
|
[920]
|
10/12/07 15:10:19 |
xkovah |
fixed Integrity.pm so that it gets the filename to read from the … |
|
|
|
@919
|
[919]
|
10/12/07 14:26:00 |
xkovah |
added documentation for the new hash structure which gets passed to the … |
|
|
|
@918
|
[918]
|
10/12/07 10:42:53 |
mbriggs |
Many Database fixes and cleanup |
|
|
|
@917
|
[917]
|
10/11/07 14:45:27 |
mbriggs |
Fixed Fingerprint hash function |
|
|
|
@915
|
[915]
|
10/11/07 11:08:05 |
mbriggs |
Removed event_type which is now unnecessary |
|
|
|
@912
|
[912]
|
10/10/07 16:37:39 |
xkovah |
changed my mind about merging anything where the pid and the name are the … |
|
|
|
@911
|
[911]
|
10/10/07 16:02:12 |
mbriggs |
Schema updates and random Bug Fixes |
|
|
|
@910
|
[910]
|
10/10/07 15:41:14 |
xkovah |
some major changes to how the integrity piece handles filesystem objects |
|
|
|
@909
|
[909]
|
10/10/07 14:07:20 |
xkovah |
modified to no longer have a process event type, and instead use a … |
|
|
|
@908
|
[908]
|
10/10/07 09:05:09 |
mbriggs |
to _unique in string |
|
|
|
@907
|
[907]
|
10/10/07 08:58:43 |
mbriggs |
Fixed Foreign Key Problem |
|
|
|
@903
|
[903]
|
10/10/07 08:12:55 |
mbriggs |
More Verbose CREATE Table output |
|
|
|
@902
|
[902]
|
10/09/07 22:27:04 |
mbriggs |
— |
|
|
|
@901
|
[901]
|
10/09/07 16:44:33 |
mbriggs |
Update Manager.pm to reflect new schema. |
|
|
|
@900
|
[900]
|
10/09/07 16:20:33 |
mbriggs |
Refer to updates to exp branch mbriggs-db |
|
|
|
@897
|
[897]
|
10/09/07 14:53:53 |
mbriggs |
Major Changes. See Experimental Branch mbriggs-db |
|
|
|
@895
|
[895]
|
10/09/07 08:51:28 |
xkovah |
Fix Schema Modification Bugs |
|
|
|
@894
|
[894]
|
10/08/07 14:26:43 |
xkovah |
Whoops again |
|
|
|
@893
|
[893]
|
10/08/07 14:16:31 |
xkovah |
Whoops |
|
|
|
@892
|
[892]
|
10/08/07 14:02:49 |
xkovah |
fixing the svn info |
|
|
|
@891
|
[891]
|
10/08/07 13:59:48 |
xkovah |
Moved time fields to new class |
|
|
|
@890
|
[890]
|
10/08/07 13:53:29 |
xkovah |
Moved time fields to new class |
|
|
|
@889
|
[889]
|
10/08/07 12:28:09 |
xkovah |
process schema change |
|
|
|
@888
|
[888]
|
10/08/07 12:26:39 |
kindlund |
commented back out parent_(pid,name) |
|
|
|
@887
|
[887]
|
10/08/07 11:42:57 |
kindlund |
setting the parent_pid and parent_name for when empty objects are made by … |
|
|
|
@886
|
[886]
|
10/08/07 11:21:01 |
xkovah |
New database code |
|
|
|
@885
|
[885]
|
10/08/07 10:00:34 |
xkovah |
found another /etc/honeyclient_log.conf and changed it to etc/… |
|
|
|
@884
|
[884]
|
10/08/07 09:50:06 |
kindlund |
typo in Agent.pm |
|
|
|
@883
|
[883]
|
10/05/07 16:35:19 |
xkovah |
Fixed Agent.pm old integrity reference bug |
|
|
|
@881
|
[881]
|
10/05/07 15:38:24 |
xkovah |
adding all the changes for the new DB schema (revert to the prev if there … |
|
|
|
@879
|
[879]
|
09/28/07 15:41:04 |
kindlund |
added a Administrator-specific filesystem exclude entry |
|
|
|
@878
|
[878]
|
09/28/07 09:31:25 |
xkovah |
getting rid of the allowing extra events which accidentally got checked in … |
|
|
|
@877
|
[877]
|
09/27/07 20:54:21 |
xkovah |
workaround for possible failure to give the database the right info when … |
|
|
|
@876
|
[876]
|
09/27/07 13:09:28 |
xkovah |
don't want to have the logs dir in svn |
|
|
|
@875
|
[875]
|
09/27/07 11:16:44 |
xkovah |
FileMonitor.exl additions |
|
|
|
@874
|
[874]
|
09/26/07 20:45:14 |
kindlund |
adding flash player exclusion info |
|
|
|
@873
|
[873]
|
09/26/07 20:11:34 |
kindlund |
the script used for automatically generating exclusion events from capture … |
|
|
|
@872
|
[872]
|
09/26/07 20:10:18 |
kindlund |
windows media player exclusion list additions (due to browsing to an mp3 … |
|
|
|
@871
|
[871]
|
09/26/07 18:12:52 |
xkovah |
slight modification of the ordering |
|
|
|
@870
|
[870]
|
09/26/07 18:03:25 |
kindlund |
re-removed the 'create' entries that I accidentally checked in in the file … |
|
|
|
@869
|
[869]
|
09/26/07 17:45:27 |
xkovah |
the assignment of the file handle for opening files was accidentally … |
|
|
|
@868
|
[868]
|
09/26/07 16:57:31 |
xkovah |
modularized the integrity check pieces, and filled in the file hashes … |
|
|
|
@867
|
[867]
|
09/25/07 17:12:44 |
xkovah |
updated both copies of the registry exclusion list |
|
|
|
@866
|
[866]
|
09/25/07 16:57:48 |
kindlund |
Integration testing. |
|
|
|
@865
|
[865]
|
09/25/07 16:52:22 |
xkovah |
added md5 and sha1 to the filesystem |
|
|
|
@864
|
[864]
|
09/25/07 16:25:17 |
kindlund |
Integration testing. Using file mtime as pseudo-sha1/md5 fields for … |
|
|
|
@863
|
[863]
|
09/25/07 15:52:20 |
xkovah |
padding out the ISO formatted timestamp…again |
|
|
|
@862
|
[862]
|
09/25/07 15:44:23 |
kindlund |
Integration testing. |
|
|
|
@861
|
[861]
|
09/25/07 15:44:04 |
kindlund |
Integration testing. |
|
|
|
@860
|
[860]
|
09/25/07 15:43:36 |
xkovah |
padding out the ISO formatted timestamp |
|
|
|
@859
|
[859]
|
09/25/07 15:22:02 |
xkovah |
fixed key → key_name |
|
|
|
@858
|
[858]
|
09/25/07 15:08:31 |
kindlund |
Integration testing. |
|
|
|
@857
|
[857]
|
09/25/07 15:05:15 |
kindlund |
Integration testing. |
|
|
|
@856
|
[856]
|
09/25/07 15:03:46 |
kindlund |
Integration testing. |
|
|
|
@855
|
[855]
|
09/25/07 15:00:23 |
kindlund |
Integration testing. |
|
|
|
@854
|
[854]
|
09/25/07 15:00:17 |
xkovah |
fixed the path for opening the changes file (got reverted when I had to … |
|
|
|
@853
|
[853]
|
09/25/07 14:56:04 |
xkovah |
changed the time format to ISO 8601 format |
|
|
|
@852
|
[852]
|
09/25/07 14:22:05 |
xkovah |
modified the filesystem and registry code to conform to the filesystem.pm … |
|
|
|
@851
|
[851]
|
09/25/07 13:16:57 |
kindlund |
Integration testing. |
|
|
|
@850
|
[850]
|
09/25/07 13:11:11 |
kindlund |
Integration testing. |
|
|
|
@849
|
[849]
|
09/25/07 13:05:07 |
kindlund |
Integration Testing. |
|
|
|
@848
|
[848]
|
09/25/07 12:56:44 |
kindlund |
Integration testing. |
|
|
|
@847
|
[847]
|
09/25/07 12:31:45 |
xkovah |
mostly changes to the exclusion lists to add firefox info |
|
|
|
@846
|
[846]
|
09/24/07 17:31:26 |
kindlund |
Integration testing; disabled DB support; altered UNKNOWN data reporting. |
|
|
|
@845
|
[845]
|
09/24/07 17:11:17 |
kindlund |
Integration testing. |
|
|
|
@844
|
[844]
|
09/24/07 16:57:20 |
kindlund |
Merged trunk into realtime_integrity branch. |
|
|
|
@843
|
[843]
|
09/24/07 16:12:09 |
kindlund |
Initial integration attempt, back into trunk. |
|
|
|
@842
|
[842]
|
09/24/07 14:53:10 |
xkovah |
updated process exclusion list |
|
|
|
@841
|
[841]
|
09/24/07 14:46:10 |
xkovah |
added a sleep so that the loop will not take up too many resources |
|
|
|
@840
|
[840]
|
09/24/07 14:02:27 |
xkovah |
changed so that capture only quits on 'q', not any input |
|
|
|
@839
|
[839]
|
09/24/07 12:32:39 |
xkovah |
minor path fix |
|
|
|
@838
|
[838]
|
09/24/07 09:38:28 |
xkovah |
adding the compiled stuff so I can just run it in other vms |
