velociraptor/velociraptor.changes

570 lines
28 KiB
Plaintext
Raw Normal View History

Accepting request 1035327 from home:jeff_mahoney:security:sensor - Update to version 0.6.4.2~git86.b5931f7: * cleanup: go mod tidy - Fix vendoring of replaced modules. - Only require libtsan0 on x86_64 - Only attempt to copy vmlinux.h if /sys/kernel/btf/vmlinux doesn't exist - Fix building of libbpfgo on i586 - Update to version 0.6.4.2~git84.1b38fda: * Clean up libbpfgo mess * libbpfgo: use forked repo for fully static builds * libbpfgo: sync to v0.4.4-libbpf-1.0.1 * contrib/kafka-humio-gateway: add new debug option for noisy events * contrib/kafka-humio-gateway: backoff and retry for metadata * vql/server/kafka: connect sarama logging to velociraptor logging * vql/server/kafka: add exponential backoff (limited to 30s) for metadata retries * vql/server/kafka: set appropriate ClientID * libbpfgo: add selftest to build so testcases work * cronsnoop: rework testcases to use t.TempDir * cronsnoop: move external dependencies to end of import list * SSHLogin: require _TRANSPORT != 'kernel' from watch_journal() - Update to version 0.6.4.2~git67.85b608e: * clients/host-info.js: add MAC addresses to client dashboard * linux: Add ability to interrogate system and network configuration * SUSE: Add docker-compose environment * SUSE: add Docker files * Add Linux.Sys.Bash to Server.Monitor.Shell artifact * api/authenticators: fix handling of missing oauthstate cookie for OAUTH2 * kafka-humio-gateway: add sample config file * Updating the NewFiles and ProcessStatuses Artifacts OBS-URL: https://build.opensuse.org/request/show/1035327 OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=22
2022-11-12 02:51:37 +01:00
-------------------------------------------------------------------
Fri Nov 11 21:12:02 UTC 2022 - jeffm@suse.com
- Update to version 0.6.4.2~git86.b5931f7:
* cleanup: go mod tidy
- Fix vendoring of replaced modules.
- Only require libtsan0 on x86_64
- Only attempt to copy vmlinux.h if /sys/kernel/btf/vmlinux doesn't exist
-------------------------------------------------------------------
Fri Nov 11 20:13:00 UTC 2022 - jeffm@suse.com
- Update to version 0.6.4.2~git84.1b38fda:
* Clean up libbpfgo mess
* libbpfgo: use forked repo for fully static builds
* libbpfgo: sync to v0.4.4-libbpf-1.0.1
* contrib/kafka-humio-gateway: add new debug option for noisy events
* contrib/kafka-humio-gateway: backoff and retry for metadata
* vql/server/kafka: connect sarama logging to velociraptor logging
* vql/server/kafka: add exponential backoff (limited to 30s) for metadata retries
* vql/server/kafka: set appropriate ClientID
* libbpfgo: add selftest to build so testcases work
* cronsnoop: rework testcases to use t.TempDir
* cronsnoop: move external dependencies to end of import list
* SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()
-------------------------------------------------------------------
Fri Nov 11 20:08:20 UTC 2022 - jeffm@suse.com
- Update to version 0.6.4.2~git67.85b608e:
* clients/host-info.js: add MAC addresses to client dashboard
* linux: Add ability to interrogate system and network configuration
* SUSE: Add docker-compose environment
* SUSE: add Docker files
* Add Linux.Sys.Bash to Server.Monitor.Shell artifact
* api/authenticators: fix handling of missing oauthstate cookie for OAUTH2
* kafka-humio-gateway: add sample config file
* Updating the NewFiles and ProcessStatuses Artifacts
* cronsnoop: Add plugin which is able to snoop removal/addition of cron… (#37)
* third_party/go-libaudit: don't directly use unix.*
* Add Linux.Remediation.Quarantine artifact
* Extend audit artifacts to use new interface
* audit: rearchitect plugin to scale better with multiple invocations
* third_party/go-libaudit: move handling of receive buffer to caller
* third_party/go-libaudit: move buffer handling from netlink to audit
* third_party/go-libaudit: allow audit fd to be pollable
* third_party/go-libaudit: Add support for removing individual rules
* third_party/go-libaudit: rule.Rule.Build: Don't assume that no syscalls means all syscalls
* third_party/go-libaudit: Report missing rules during deletion
* import go-libaudit as a third-party module
* quarantine: actually call the OS-specific artifact
* artifactset: add ability to select named sources
* GUI: Artifact selector (#1790)
* host-info: make quarantine UI more robust with non-Windows client hosts
* shell-viewer: default to Bash on non-Windows clients
-------------------------------------------------------------------
Thu Nov 10 15:22:27 UTC 2022 - jeffm@suse.com
- Update to version 0.6.4.2~git70.b7df8172:
* file_store: handle watching artifacts with named sources
-------------------------------------------------------------------
Thu Sep 29 14:16:05 UTC 2022 - jeffm@suse.com
- Update to version 0.6.4.2~git68.5226b23b:
* api/authenticators/basic: fix logoff endpoint
* clients/host-info.js: add MAC addresses to client dashboard
* linux: Add ability to interrogate system and network configuration
* SUSE: Add docker-compose environment
* SUSE: add Docker files
* Add Linux.Sys.Bash to Server.Monitor.Shell artifact
-------------------------------------------------------------------
Fri Aug 19 21:07:15 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
- Updated vendoring.
- Fixed update-vendoring script to use an independent go module cache.
Accepting request 998240 from home:jeff_mahoney:branches:security:sensor - Update to version 0.6.4.2~git59.5ebb49db: * api/authenticators: fix handling of missing oauthstate cookie for OAUTH2 - Update to version 0.6.4.2~git57.fcb11adf: * kafka-humio-gateway: add sample config file - Updated BuildRequires to use go 1.17 after updating vendoring - Add vmlinux.h from 5.18.9-2-default to provide type information (x86_64 only) - Update to version 0.6.4.2~git56.47b4adb4: * Updating the NewFiles and ProcessStatuses Artifacts * cronsnoop: Add plugin which is able to snoop removal/addition of cron… (#37) * third_party/go-libaudit: don't directly use unix.* * Add Linux.Remediation.Quarantine artifact * Extend audit artifacts to use new interface * audit: rearchitect plugin to scale better with multiple invocations * third_party/go-libaudit: move handling of receive buffer to caller * third_party/go-libaudit: move buffer handling from netlink to audit * third_party/go-libaudit: allow audit fd to be pollable * third_party/go-libaudit: Add support for removing individual rules * third_party/go-libaudit: rule.Rule.Build: Don't assume that no syscalls means all syscalls * third_party/go-libaudit: Report missing rules during deletion * import go-libaudit as a third-party module * quarantine: actually call the OS-specific artifact * artifactset: add ability to select named sources * GUI: Artifact selector (#1790) * host-info: make quarantine UI more robust with non-Windows client hosts * shell-viewer: default to Bash on non-Windows clients OBS-URL: https://build.opensuse.org/request/show/998240 OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=18
2022-08-19 20:30:12 +02:00
-------------------------------------------------------------------
Fri Aug 19 01:59:35 UTC 2022 - jeffm@suse.com
- Update to version 0.6.4.2~git59.5ebb49db:
* api/authenticators: fix handling of missing oauthstate cookie for OAUTH2
-------------------------------------------------------------------
Thu Aug 11 19:40:21 UTC 2022 - jeffm@suse.com
- Update to version 0.6.4.2~git57.fcb11adf:
* kafka-humio-gateway: add sample config file
-------------------------------------------------------------------
Fri Jul 15 14:30:49 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
- Updated BuildRequires to use go 1.17 after updating vendoring
-------------------------------------------------------------------
Fri Jul 15 02:24:03 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
- Add vmlinux.h from 5.18.9-2-default to provide type information (x86_64 only)
-------------------------------------------------------------------
Fri Jul 15 00:00:39 UTC 2022 - jeffm@suse.com
- Update to version 0.6.4.2~git56.47b4adb4:
* Updating the NewFiles and ProcessStatuses Artifacts
* cronsnoop: Add plugin which is able to snoop removal/addition of cron… (#37)
* third_party/go-libaudit: don't directly use unix.*
* Add Linux.Remediation.Quarantine artifact
* Extend audit artifacts to use new interface
* audit: rearchitect plugin to scale better with multiple invocations
* third_party/go-libaudit: move handling of receive buffer to caller
* third_party/go-libaudit: move buffer handling from netlink to audit
* third_party/go-libaudit: allow audit fd to be pollable
* third_party/go-libaudit: Add support for removing individual rules
* third_party/go-libaudit: rule.Rule.Build: Don't assume that no syscalls means all syscalls
* third_party/go-libaudit: Report missing rules during deletion
* import go-libaudit as a third-party module
* quarantine: actually call the OS-specific artifact
* artifactset: add ability to select named sources
* GUI: Artifact selector (#1790)
* host-info: make quarantine UI more robust with non-Windows client hosts
* shell-viewer: default to Bash on non-Windows clients
Accepting request 976934 from home:jeff_mahoney:branches:security:sensor - Update to upstream 0.6.4-2: * Reset nanny when client connection failed. (#1780) * Fix artifacts that use yara parameters to specify yara type (#1779) * Update release for bugfixes 0.6.4-2 * Add update to ADSHunter for better output on complete system hunts (#28) (#1765) * SysmonInstall artifact now skips install if not needed (#1777) * Initial implementation of client side process tracker. (#1768) * Invalidate transformed cache when the base table changes. (#1742) * GUI Table widgets now can apply transformations on the table. (#1740) * Suppress warning message for offline collector (#1776) * Bug fix (#1774) * Avoid bash process lingering around while server is running (#1775) * oidc: Fix typo: Genric -> Generic (#1773) * Make MaxWait for event table settable. (#1772) * Fixed bug in Windows.Detection.Yara.Process (#1771) * fix: upgrade react-scripts from 5.0.0 to 5.0.1 (#1770) * Bugfix: Client did not update list of query columns (#1767) * Merge bugfixes from master branch. (#1769) - Revendored dependencies. - Update to version 0.6.4~git31.4298eab0: * Add artifact for chattrsnoop plugin * bpflib: ensure it's built only on linux and when requesting bpf * Add chattrsnoop plugin * tcpsnoop: Properly close module in case of attach error * Elastic.Events.Client: Update to use new artifactset type * Kafka.Events.Client: Update to use new artifactset type * artifacts: add artifactset parameter type * api: add type and description fields to v1/GetArtifacts endpoint * Add artifacts for dns/tcp snoop plugins OBS-URL: https://build.opensuse.org/request/show/976934 OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=17
2022-05-12 22:23:00 +02:00
-------------------------------------------------------------------
Thu May 12 20:15:26 UTC 2022 - jeffm@suse.com
- Update to upstream 0.6.4-2:
* Reset nanny when client connection failed. (#1780)
* Fix artifacts that use yara parameters to specify yara type (#1779)
* Update release for bugfixes 0.6.4-2
* Add update to ADSHunter for better output on complete system hunts (#28) (#1765)
* SysmonInstall artifact now skips install if not needed (#1777)
* Initial implementation of client side process tracker. (#1768)
* Invalidate transformed cache when the base table changes. (#1742)
* GUI Table widgets now can apply transformations on the table. (#1740)
* Suppress warning message for offline collector (#1776)
* Bug fix (#1774)
* Avoid bash process lingering around while server is running (#1775)
* oidc: Fix typo: Genric -> Generic (#1773)
* Make MaxWait for event table settable. (#1772)
* Fixed bug in Windows.Detection.Yara.Process (#1771)
* fix: upgrade react-scripts from 5.0.0 to 5.0.1 (#1770)
* Bugfix: Client did not update list of query columns (#1767)
* Merge bugfixes from master branch. (#1769)
- Revendored dependencies.
-------------------------------------------------------------------
Thu May 12 17:54:31 UTC 2022 - jeffm@suse.com
- Update to version 0.6.4~git31.4298eab0:
* Elastic.Events.Client: Update to use new artifactset type
* Kafka.Events.Client: Update to use new artifactset type
* artifacts: add artifactset parameter type
* api: add type and description fields to v1/GetArtifacts endpoint
-------------------------------------------------------------------
Thu May 12 13:30:42 UTC 2022 - jeffm@suse.com
- Update to version 0.6.4~git26.4407b9b7:
* Add artifact for chattrsnoop plugin
* bpflib: ensure it's built only on linux and when requesting bpf
* Add chattrsnoop plugin
* tcpsnoop: Properly close module in case of attach error
* Add artifacts for dns/tcp snoop plugins
* tcpsnoop: Add timestamp to generated events
* dnssnoop: Add timestamp to generated events
Accepting request 975255 from home:jeff_mahoney:security:sensor:devel - Fix error handling in tcpsnoop and dnssnoop. * If BTF information is unavailable, there is no indication that the query has failed. - Rebase on 0.6.4: * Updated dependencies * Bugfix: startup bugs (#1680) * bugfix: Server event notebook not correctly created (#1737) * Bugfix: Start a dummy indexing service (#1736) * Add bugfix which would return no rows if the user removed whitelist (#1735) * Fixed bug in read_reg_key (#1734) * BUGFIX: Do not include config flag when darwin installer is repacked (#1733) * Refactored index into its own service. (#1730) * Bugfix: Write one index item per JSONL record. (#1727) * Bugfix: Estimating client impact should consider last active status (#1726) * Add complete ntfs metadata option to MFT output (#1725) * Various bugfixes. (#1724) * Update Usn.yaml (#1723) * Fixed a bug in hunt download preparation. (#1722) * Add Windows.Forensics.Usn filter and presentation updates (#1720) * Optimize writing event monitoring records (#1721) * Add Generic.Detection.Yara.Zip (#1718) * Fixed crash on master-pong response. (#1719) * Remove _type option from elastic. (#1715) * Opportunistically update directly connected client's ping times (#1713) * Fixed a bug in hunt download preparation. (#1722) * Add Windows.Forensics.Usn filter and presentation updates (#1720) * Optimize writing event monitoring records (#1721) * Add Generic.Detection.Yara.Zip (#1718) * Fixed crash on master-pong response. (#1719) OBS-URL: https://build.opensuse.org/request/show/975255 OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=14
2022-05-05 20:38:36 +02:00
-------------------------------------------------------------------
Tue May 3 20:35:57 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
- Fix error handling in tcpsnoop and dnssnoop.
* If BTF information is unavailable, there is no indication that the
query has failed.
-------------------------------------------------------------------
Tue May 3 13:45:09 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
- Rebase on 0.6.4:
* Updated dependencies
* Bugfix: startup bugs (#1680)
* bugfix: Server event notebook not correctly created (#1737)
* Bugfix: Start a dummy indexing service (#1736)
* Add bugfix which would return no rows if the user removed whitelist (#1735)
* Fixed bug in read_reg_key (#1734)
* BUGFIX: Do not include config flag when darwin installer is repacked (#1733)
* Refactored index into its own service. (#1730)
* Bugfix: Write one index item per JSONL record. (#1727)
* Bugfix: Estimating client impact should consider last active status (#1726)
* Add complete ntfs metadata option to MFT output (#1725)
* Various bugfixes. (#1724)
* Update Usn.yaml (#1723)
* Fixed a bug in hunt download preparation. (#1722)
* Add Windows.Forensics.Usn filter and presentation updates (#1720)
* Optimize writing event monitoring records (#1721)
* Add Generic.Detection.Yara.Zip (#1718)
* Fixed crash on master-pong response. (#1719)
* Remove _type option from elastic. (#1715)
* Opportunistically update directly connected client's ping times (#1713)
* Fixed a bug in hunt download preparation. (#1722)
* Add Windows.Forensics.Usn filter and presentation updates (#1720)
* Optimize writing event monitoring records (#1721)
* Add Generic.Detection.Yara.Zip (#1718)
* Fixed crash on master-pong response. (#1719)
* Remove _type option from elastic. (#1715)
* Opportunistically update directly connected client's ping times (#1713)
* Fixed bug in VQL cell splitting. (#1712)
* artifact for parsing macos packages (#1706)
* Bugfix: Create a cell for each collected source (#1710)
* artifact for parsing macos packages (#1706)
* Bugfix: Create a cell for each collected source (#1710)
* Added Server.Utils.CollectClient to simplify direct collections (#1708)
* fix: gui/velociraptor/package.json & gui/velociraptor/package-lock.json to reduce vulnerabilities (#1705)
* Fix build on Go 1.18 (#1704)
* build(deps): bump minimist from 1.2.5 to 1.2.6 in /gui/velociraptor (#1703)
* Mft update - add uSecZeros (#1701)
* Server monitoring service will reload if an artifact is modified (#1702)
* Refactor client info manager (#1700)
* A number of bugfixes (#1699)
* Update Windows.NTFS.MFT (#1698)
* Actually export HumanString attribute on OSPath (#1689)
* RHEL/CentOS/Fedora dnf packages (#1684)
* Implemented Human Readable OSPath method. (#1688)
* Added lazy MFT attributes (#1685)
* Maintain OSPath in mft artifacts (#1683)
* Fix bug in deaddisk remapping of directories. (#1682)
* Bugfix: startup bugs (#1680)
* Updated SQLECmd artifacts (#1677)
* Artifact repository needs to watch for changes across nodes. (#1676)
* Update auto accessor to re-open file with ntfs if read failed (#1674)
* Fix MacOS.System.Plist artifact (#1673)
* Error collection based on VQL logs (#1672)
* Add memory limiting to offline collector (#1666)
* Allow mount overlays (#1664)
* build(deps): bump node-forge from 1.2.1 to 1.3.0 in /gui/velociraptor (#1661)
* Fixed bugs in remapping logic. (#1660)
* Fixed bug in the windows auto accessor. (#1658)
* Elastic.Events.Clients: synchronize parameters with Elastic.Flows.Upload (#1657)
* Add initial commit for Windows.NTFS.ExtendedAttributes (#1656)
* Added a shadow remapping type (#1655)
* Implemented an event notebook (#1654)
* Add Windows.System.WMIQuery (#1651)
* Fixed data race in progress throttler. (#1653)
* Implemented timeout and cpu limits on offline collector. (#1650)
* Added an rpm server command. (#1647)
* Artifacts can now define suggestions for notebook cells. (#1646)
* Allow multiple OIDC authenticators to be specified. (#1645)
* Added a multi authenticator. (#1644)
* Add HashHunter hash() update for performance (#1643)
* Change the DNSCache Artifact to WMI (#1640)
* Added an uploader for notebooks. (#1639)
* Added hashselect arg option to hash() (#1637)
* Add Generic.Detection.HashHunter and tests (#1638)
* Added Generic.Collectors.SQLECmd (#1635)
* Add BinaryHunter (#1634)
* String artifact parameters can now have validator regex (#1628)
* Implemented CPU rate limited for better control (#1622)
* Added a client nanny to detect deadlocks (#1621)
* Linux.Sys.Services artifact, parse services from systemctl (#1619)
* Collect MAC addresses during interrogation and index them (#1611)
* Allow parse_ntfs() to operate on an image file. (#1610)
* Fix regression in VFSGetBuffer (#1605)
* Added rekey() VQL function (#1604)
* switch to uninstall string (#1603)
* freebsd /etc/rc.d/velociraptor service script (#1602)
* Add Windows.Registry.BackupRestore (#1601)
* Optimized NTFS code for better speed and added more fields to parse_mft (#1599)
* Update BinaryRename.yaml (#1598)
* Added LinuxM1 (#1597)
* Add explicit check of sticky keys (#1592)
* Remote data store should identify retryable errors (#1590)
* fix: gui/velociraptor/package.json & gui/velociraptor/package-lock.json to reduce vulnerabilities (#1588)
* Add test improvement clear system log (#18) (#1586)
* Modified Windows.Forensics.Prefetch to use VQL binary parser (#1585)
* add Windows.NTFS.ADSHunter first commit (#17) (#1583)
* Resolves Velocidex/velociraptor#1543 Create new VQL entropy() function (#1574)
* Remove C time and updating naming (#1546)
* fix: gui/velociraptor/package.json & gui/velociraptor/package-lock.json to reduce vulnerabilities (#1568)
* Update OSPath protocols to support slices. (#1575)
* Implement array slice notation in VQL and Server.Import.PreviousReleases (#1573)
* add rtf TemplateInjection to Windows.Detection.TemplateInjection (#1572)
* Change accessors API to deal with OSPath objects directly. (#1570)
* Bump follow-redirects from 1.14.4 to 1.14.8 in /gui/velociraptor (#1567)
* Added a deaddisk command to generate config (#1564)
* Fix bug in Windows.System.Services (#1565)
* Fixed glob expand braces order of operations. (#1560)
* Added an offset and raw_file accessors (#1559)
* Update CertUtil.yaml (#1558)
* remove users to include the system path (#1536)
* Implement remap() VQL function and remapping config (#1555)
* Make GitHub actions more flexible on Windows (#1549)
* Bump normalize-url from 4.5.0 to 4.5.1 in /gui/velociraptor (#1548)
* Fix typo (#1547)
* Refractor of accessors and path manipulations (#1545)
* Dns etw update (#1544)
* add PowershellProfile (#1542)
* Added dynamic pubsub attributes (#1540)
* Fix Windows.Applications.Chrome.History (#1539)
* windows.application to windows.applications merge. New firefox history artefact (#1534)
* Fixed race condition in zip accessor reference counting. (#1531)
* Added Windows.Persistence.SilentProcessExit (#1530)
* Add limitations section and lastwrite timestamp (#1529)
* Offline collector FetchBinary should respect the IsExecutable flag (#1528)
* update description, order by, and hidden keypath (#1527)
* add limitations section (#1520)
* Avoid holding index lock for too long. (#1519)
* re-introduce Windows.Collectors.File with deprecation note (#1516)
* add limitations to description and key path to query (#1514)
* Retry remote datastore connections (#1513)
* Write minion log files and autocert in its own dir. (#1512)
* Synced KapeFiles artifacts (#1511)
* Added data retention server artifacts (#1510)
* Set an upper limit for ttl in memcache (#1508)
* Add updates to Windows.System.Services (#15) (#1509)
* Ensure collector container is properly closed when interrupted. (#1507)
* Continually rebuild the index at runtime. (#1506)
* Harder vacuum - directly move client task directories to the attic. (#1505)
* add limitation disclaimer (#1504)
* Reduce critial section to avoid deadlock in repository manager (#1503)
* Implemented a vacuum command to remove old tasks from client queues. (#1501)
* Better format profile metrics output. (#1495)
* Cap size of directories and report large directories. (#1493)
* Set ACE completers per editor to avoid global state. (#1492)
* Add HttpOnly flag to all cookies. (#1491)
* Refactor completion routine calls (#1490)
* Limit size of cached directories. (#1483)
* Add more instrumentation to memory caches. (#1482)
* Fixed chart resizing bug (#1481)
* Removed the old queries: list from artifacts. (#1480)
* [Snyk] Fix for 9 vulnerabilities (#1479)
* Remove lock around critical section. (#1478)
* Added MacOS.Forensics.AppleDoubleZip (#1476)
* Update Windows.Persistence.PermanentWMIEvents to add blind custom namespace detection (#13) (#1475)
* Make index snapshot frequency configurable (#1474)
* Bugfix: Setting notebook index did not escape username (#1471)
* Flush index from memory to disk (#1470)
* Fixed 2 bugs with the memcache file store (#1469)
* Update flow active time when the result set is completed (#1468)
* Tag artifacts as built ins (#1467)
* Fixed bug in the pathspec() VQL function. (#1465)
* fix APIConfigLoader not applying command line args (#1463)
-------------------------------------------------------------------
Mon May 02 14:55:07 UTC 2022 - jeffm@suse.com
- Resync with git repository:
* Add artifact to monitor user group updates (#24)
* Add dnssnoop plugin (#15)
* Log Sudo/root command by auditd
* Add custom artifacts for login and logout attempts recorded by auditd
-------------------------------------------------------------------
Fri Mar 18 14:12:59 UTC 2022 - jeffm@suse.com
- Update to version 0.6.3~git19.640f7a1c:
* Add tcpsnoop plugin
-------------------------------------------------------------------
Tue Mar 15 13:31:21 UTC 2022 - jeffm@suse.com
- Update to version 0.6.3~git17.741ebb59:
* kafka-humio-gateway: update README.md
* kafka-humio-gateway: Fix missing variable rename
* Add Kafka-Humio Gateway [Depends on PR#10] (#8)
-------------------------------------------------------------------
Tue Mar 15 01:04:29 UTC 2022 - jeffm@suse.com
- Update to version 0.6.3~git13.af7fdb00:
* SUSE: Add SSHLogin artifacts
* Add a Kafka export plugin
* SUSE: Do build tests on every pull request
* Add systemd-dev as build dependency for github workflow
-------------------------------------------------------------------
Fri Feb 18 00:52:01 UTC 2022 - jeffm@suse.com
- Update to version 0.6.3~git6.d95ed32e:
* Update the Linux.Events.SSHLogin artifact to scan the systemd journal
* Update the Linux.Syslog.SSHLogin artifact to scan the systemd journal
* Add parser to read systemd journal on Linux
* Add an artifact to enumerate immutable files under a path
* Add chattr function support for linux
* Make GitHub actions more flexible on Windows
-------------------------------------------------------------------
Thu Feb 10 02:12:54 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
- Add simple default configs and provide dirs in /var/lib for client
and server.
-------------------------------------------------------------------
Mon Feb 7 14:40:47 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
- Temporarily re-enable Windows artifacts (LSS#4).
Accepting request 950798 from home:jeff_mahoney:branches:security:sensor - Resolved some rpmlint warnings and added client config placeholder. - Update to version 0.6.3~git0.69e0fffa: * Prepare for 0.6.3 release (#1515) * add limitations to description and key path to query (#1514) * Retry remote datastore connections (#1513) * Write minion log files and autocert in its own dir. (#1512) * Synced KapeFiles artifacts (#1511) * Added data retention server artifacts (#1510) * Set an upper limit for ttl in memcache (#1508) * Add updates to Windows.System.Services (#15) (#1509) * Ensure collector container is properly closed when interrupted. (#1507) * Continually rebuild the index at runtime. (#1506) * Harder vacuum - directly move client task directories to the attic. (#1505) * add limitation disclaimer (#1504) * Reduce critial section to avoid deadlock in repository manager (#1503) * Implemented a vacuum command to remove old tasks from client queues. (#1501) * Better format profile metrics output. (#1495) * Cap size of directories and report large directories. (#1493) * Set ACE completers per editor to avoid global state. (#1492) * Add HttpOnly flag to all cookies. (#1491) * Refactor completion routine calls (#1490) * fix: upgrade react-bootstrap from 1.3.0 to 1.6.4 (#1486) * fix: upgrade http-proxy-middleware from 1.0.5 to 1.3.1 (#1485) * fix: upgrade react-ace from 9.1.3 to 9.5.0 (#1487) * fix: upgrade recharts from 2.0.9 to 2.1.8 (#1488) * fix: upgrade react-datetime-picker from 3.0.4 to 3.4.3 (#1489) * Limit size of cached directories. (#1483) * Add more instrumentation to memory caches. (#1482) * Fixed chart resizing bug (#1481) OBS-URL: https://build.opensuse.org/request/show/950798 OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=3
2022-02-02 19:59:59 +01:00
-------------------------------------------------------------------
Wed Feb 2 18:10:19 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
- Added systemd unit file and placeholder config file.
-------------------------------------------------------------------
Thu Jan 27 17:33:45 UTC 2022 - jeffm@suse.com
- Update to version 0.6.3~git0.69e0fffa:
* Prepare for 0.6.3 release (#1515)
* add limitations to description and key path to query (#1514)
* Retry remote datastore connections (#1513)
* Write minion log files and autocert in its own dir. (#1512)
* Synced KapeFiles artifacts (#1511)
* Added data retention server artifacts (#1510)
* Set an upper limit for ttl in memcache (#1508)
* Add updates to Windows.System.Services (#15) (#1509)
* Ensure collector container is properly closed when interrupted. (#1507)
* Continually rebuild the index at runtime. (#1506)
* Harder vacuum - directly move client task directories to the attic. (#1505)
* add limitation disclaimer (#1504)
* Reduce critial section to avoid deadlock in repository manager (#1503)
* Implemented a vacuum command to remove old tasks from client queues. (#1501)
* Better format profile metrics output. (#1495)
* Cap size of directories and report large directories. (#1493)
* Set ACE completers per editor to avoid global state. (#1492)
* Add HttpOnly flag to all cookies. (#1491)
* Refactor completion routine calls (#1490)
* fix: upgrade react-bootstrap from 1.3.0 to 1.6.4 (#1486)
* fix: upgrade http-proxy-middleware from 1.0.5 to 1.3.1 (#1485)
* fix: upgrade react-ace from 9.1.3 to 9.5.0 (#1487)
* fix: upgrade recharts from 2.0.9 to 2.1.8 (#1488)
* fix: upgrade react-datetime-picker from 3.0.4 to 3.4.3 (#1489)
* Limit size of cached directories. (#1483)
* Add more instrumentation to memory caches. (#1482)
* Fixed chart resizing bug (#1481)
* Removed the old queries: list from artifacts. (#1480)
* [Snyk] Fix for 9 vulnerabilities (#1479)
* Remove lock around critical section. (#1478)
* Added MacOS.Forensics.AppleDoubleZip (#1476)
* Update Windows.Persistence.PermanentWMIEvents to add blind custom namespace detection (#13) (#1475)
* Make index snapshot frequency configurable
* fix APIConfigLoader not applying command line args (#1463)
* Flush index from memory to disk (#1470)
* Prepare RC2 (#1473)
* Bugfix: Setting notebook index did not escape username (#1471)
* Fixed 2 bugs with the memcache file store (#1469)
* Update flow active time when the result set is completed (#1468)
* Tag artifacts as built ins (#1467)
* Fixed bug in the pathspec() VQL function. (#1465)
* Update PrivateKeys.yaml (#1459)
* Added recursion_callback option to the glob plugin (#1461)
* Added config wizard for multi-frontend configuration (#1460)
* Calculate the sha256 hash of the offline container. (#1458)
* Artifact inspection GUI now allows pivot. (#1457)
* Client certs can now be specified in the config file. (#1456)
* New Upload File Form element (#1455)
* Added a sparse accessor (#1453)
* Hunt wizard estimates clients affected (#1452)
* Make the interrogation process customizable. (#1451)
* Update Info.yaml (#1427)
* Improved Lnk parser to include additional fields. (#1449)
* Added a Yara GUI element editor. (#1447)
* Added patch and merge to `config show` and `config generate` (#1445)
* Remove usage of FatalIfError from main module (#1443)
* Introduced a dedicated pathspec object (#1440)
* Bump is-svg from 4.2.2 to 4.3.0 in /gui/velociraptor (#1437)
* Only pass client config in the client VQL scope. (#1436)
* rework protobuf message generator (#1435)
* Update Autoruns.yaml
* Added test for filefinder (#1431)
* fix filters in filefinder artifact (#1430)
* Add Artifact to collect KapeFile targets on Linux (#1426)
* Enabled lazy quotes on csv parser (#1424)
* Fixed bug in client comms. (#1423)
* Add document filter for better usability (#1421)
* Added resource information to the output of parse_pe() (#1420)
* Low latency client connectivity discovery (#1419)
* Add RecentDocs collection (#1416)
* Update Amcache artifact for clarity (#1415)
* Added extra parameters to parse_csv() (#1413)
* Added netcat plugin to read from socket (#1412)
* Updated SRUM with Network Usage and Upload option (#1408)
* Synced darwin and freebsd file accessor with the linux one. (#1409)
* Added Windows.Forensics.SAM artifact (#1404)
* Initial artifacts can be specified in config (#1403)
* Add conhost.exe to binary rename (#1402)
* Add update Prefetch Btime execution fix (#1398)
* Update Prefetch timeline (#1397)
* Cleanup search API (#1396)
* Update protobuf dependencies. (#1394)
* More multi-frontend optimizations (#1393)
* Client info manager now keeps track of scheduled tasks. (#1392)
* add sid and lookupsid plugin (#1388)
* Add Mutant whitelist (#1387)
* Notify currently connected clients on new hunts (#1386)
* Index rebuild command loads new index service. (#1385)
* Changes to support distributed architecture. (#1384)
* Added procdump and procdump64 (#1382)
* Fixed heavy mutex contention in the labeler. (#1375)
* Add shellcode to CobaltStrike carver (#10) (#1373)
* Added an index rebuild command. (#1369)
* GUI artifact form was ignoring the friendly name attribute (#1368)
* Added a specialized form element for regex parameters. (#1367)
* Added a gRPC based remote datastore (#1366)
* Display all subauthorities for GUID in SRUM (#1365)
* Verify all gRPC peer certificates were signed by the Velociraptor CA (#1362)
* Implemented MemcacheFileDatastore - memory caching with file backend (#1361)
* Added new plugins to manipulate event tables easier. (#1355)
* Refactored in memory datastore to be more efficient. (#1353)
* Sync vfilter (#1351)
* Add both fqdn and hostname to the client search table (#1350)
* BUGFIX: Datastore on windows is unable to represent files with . (#1348)
* Added buffer_size parameter to parse_records_with_regex() (#1347)
* Propagate column types from artifact to flow notebook. (#1346)
* Cobalt parser update (#1345)
* Allow listener to not use file buffer. (#1344)
* Fix Deployment documentation link in README (#1343)
* Preserve uint64 types across Listener (#1341)
* Fix spelling (#1339)
* Refactored queue listener to preserve order. (#1340)
* Added a magic() VQL function (#1338)
* Fixed bug in CSS (#1337)
-------------------------------------------------------------------
Thu Jan 27 17:27:42 UTC 2022 - jeffm@suse.com
- Update to version 0.6.2~git0.8dd598b2:
* Update ese parser to fix timestamp bug
* Prepare final 0.6.2 release (#1363)
* Verify all gRPC peer certificates were signed by the Velociraptor CA
* Removed search index parallelism (#1358)
* Added new plugins to manipulate event tables easier. (#1355)
* Sync vfilter (#1351)
* Add both fqdn and hostname to the client search table (#1350)
* BUGFIX: Datastore on windows is unable to represent files with . (#1348)
* Added buffer_size parameter to parse_records_with_regex() (#1347)
* Propagate column types from artifact to flow notebook. (#1346)
-------------------------------------------------------------------
Thu Jan 06 20:14:39 UTC 2022 - jeffm@suse.com
- Update to version 0.6.2~git73.dc02b45e:
* Update PrivateKeys.yaml (#1459)
* Added recursion_callback option to the glob plugin (#1461)
* Added config wizard for multi-frontend configuration (#1460)
* Calculate the sha256 hash of the offline container. (#1458)
* Artifact inspection GUI now allows pivot. (#1457)
* Client certs can now be specified in the config file. (#1456)
* New Upload File Form element (#1455)
* Added a sparse accessor (#1453)
* Hunt wizard estimates clients affected (#1452)
* Make the interrogation process customizable. (#1451)
-------------------------------------------------------------------
Tue Dec 21 20:25:43 UTC 2021 - Jeff Mahoney <jeffm@suse.com>
- Disable Windows artifacts. We don't target Windows endpoints and
the queries clutter the GUI.
-------------------------------------------------------------------
Thu Dec 16 14:12:05 UTC 2021 - Jeff Mahoney <jeffm@suse.com>
- Switch to using master branch via service files.
- Added update-vendoring.sh to update the nodejs and go dependencies
after version update.
- Patch the version string to reflect the package version instead
of an indistinguishable <next-tag>-dev.
-------------------------------------------------------------------
Thu Dec 2 01:46:34 UTC 2021 - Jeff Mahoney <jeffm@suse.com>
- Initial packaging.