Accepting request 998240 from home:jeff_mahoney:branches:security:sensor

- Update to version 0.6.4.2~git59.5ebb49db:
  * api/authenticators: fix handling of missing oauthstate cookie for OAUTH2

- Update to version 0.6.4.2~git57.fcb11adf:
  * kafka-humio-gateway: add sample config file

- Updated BuildRequires to use go 1.17 after updating vendoring

- Add vmlinux.h from 5.18.9-2-default to provide type information (x86_64 only)

- Update to version 0.6.4.2~git56.47b4adb4:
  * Updating the NewFiles and ProcessStatuses Artifacts
  * cronsnoop: Add plugin which is able to snoop removal/addition of cron… (#37)
  * third_party/go-libaudit: don't directly use unix.*
  * Add Linux.Remediation.Quarantine artifact
  * Extend audit artifacts to use new interface
  * audit: rearchitect plugin to scale better with multiple invocations
  * third_party/go-libaudit: move handling of receive buffer to caller
  * third_party/go-libaudit: move buffer handling from netlink to audit
  * third_party/go-libaudit: allow audit fd to be pollable
  * third_party/go-libaudit: Add support for removing individual rules
  * third_party/go-libaudit: rule.Rule.Build: Don't assume that no syscalls means all syscalls
  * third_party/go-libaudit: Report missing rules during deletion
  * import go-libaudit as a third-party module
  * quarantine: actually call the OS-specific artifact
  * artifactset: add ability to select named sources
  * GUI: Artifact selector (#1790)
  * host-info: make quarantine UI more robust with non-Windows client hosts
  * shell-viewer: default to Bash on non-Windows clients

OBS-URL: https://build.opensuse.org/request/show/998240
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=18

_servicedata

@@ -3,4 +3,4 @@
                 <param name="url">https://github.com/jeffmahoney/linux-security-sensor</param>
               <param name="changesrevision">45393b11957049ed841f559cf9f3b88dc5a588d9</param></service><service name="tar_scm">
                 <param name="url">https://github.com/SUSE/linux-security-sensor</param>
-              <param name="changesrevision">45393b11957049ed841f559cf9f3b88dc5a588d9</param></service></servicedata>
+              <param name="changesrevision">87123d4614a0479dd645dccacddffbdd2eab6c19</param></service></servicedata>

velociraptor-0.6.4.2~git31.e1b7fc0e.obscpio

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:02c13973d8a025778b51c537e62cc669fc71c35c2ee019435e5e4d3c31b8b9b4
-size 35173389

velociraptor-0.6.4.2~git59.5ebb49db.obscpio

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:81dc5205be0d262528fb8ba2a1b60e5ca8d58565eb1e90bc809eed3409ce32c5
+size 36168205

velociraptor-client.changes

@@ -1,3 +1,48 @@
+-------------------------------------------------------------------
+Fri Aug 19 01:59:35 UTC 2022 - jeffm@suse.com
+
+- Update to version 0.6.4.2~git59.5ebb49db:
+  * api/authenticators: fix handling of missing oauthstate cookie for OAUTH2
+
+-------------------------------------------------------------------
+Thu Aug 11 19:40:21 UTC 2022 - jeffm@suse.com
+
+- Update to version 0.6.4.2~git57.fcb11adf:
+  * kafka-humio-gateway: add sample config file
+
+-------------------------------------------------------------------
+Fri Jul 15 14:30:49 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
+
+- Updated BuildRequires to use go 1.17 after updating vendoring
+
+-------------------------------------------------------------------
+Fri Jul 15 02:24:03 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
+
+- Add vmlinux.h from 5.18.9-2-default to provide type information (x86_64 only)
+
+-------------------------------------------------------------------
+Fri Jul 15 00:00:39 UTC 2022 - jeffm@suse.com
+
+- Update to version 0.6.4.2~git56.47b4adb4:
+  * Updating the NewFiles and ProcessStatuses Artifacts
+  * cronsnoop: Add plugin which is able to snoop removal/addition of cron… (#37)
+  * third_party/go-libaudit: don't directly use unix.*
+  * Add Linux.Remediation.Quarantine artifact
+  * Extend audit artifacts to use new interface
+  * audit: rearchitect plugin to scale better with multiple invocations
+  * third_party/go-libaudit: move handling of receive buffer to caller
+  * third_party/go-libaudit: move buffer handling from netlink to audit
+  * third_party/go-libaudit: allow audit fd to be pollable
+  * third_party/go-libaudit: Add support for removing individual rules
+  * third_party/go-libaudit: rule.Rule.Build: Don't assume that no syscalls means all syscalls
+  * third_party/go-libaudit: Report missing rules during deletion
+  * import go-libaudit as a third-party module
+  * quarantine: actually call the OS-specific artifact
+  * artifactset: add ability to select named sources
+  * GUI: Artifact selector (#1790)
+  * host-info: make quarantine UI more robust with non-Windows client hosts
+  * shell-viewer: default to Bash on non-Windows clients
+
 -------------------------------------------------------------------
 Thu May 12 20:15:26 UTC 2022 - jeffm@suse.com
 

velociraptor-client.spec

@@ -16,20 +16,21 @@
 #
 
 %define projname velociraptor
-%define vendor_version 0.6.4.2~git31.e1b7fc0e
+%define vendor_version 0.6.4.2~git56.47b4adb4
+%define vmlinux_h_version 5.18.9-2-default
 
 Name:           velociraptor-client
-Version:        0.6.4.2~git31.e1b7fc0e
+Version:        0.6.4.2~git59.5ebb49db
 Release:        0
 Summary:        Endpoint visibility and collection tool (endpoint only)
-
+Group:		System/Monitoring
-# FIXME: Select a correct license from https://github.com/openSUSE/spec-cleaner#spdx-licenses
 License:        AGPL-3.0-only
 URL:            https://github.com/Velocidex/velociraptor
 Source:         %{projname}-%{version}.tar.xz
 Source1:        vendor-golang-%{vendor_version}.tar.xz
 Source2:        %{name}.service
 Source3:        %{name}.config.placeholder
+Source4:	vmlinux.h-%{vmlinux_h_version}.tar.xz
 Patch1:         velociraptor-golang-mage-vendoring.diff
 Patch2:		velociraptor-skip-git-submodule-import-for-OBS-build.patch
 Patch3:		velociraptor-makefile-add-bpf-rules-to-linux_bare.patch
@@ -37,7 +38,8 @@ Patch4:		make-libbpfgo-vendorable.patch
 BuildRequires:  golang-packaging
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  systemd-devel
-BuildRequires:  golang(API) >= 1.14
+# We actually only require >= 1.17
+BuildRequires:  golang(API) = 1.17
 BuildRequires:  fileb0x
 BuildRequires:  mage
 BuildRequires:  libtsan0
@@ -60,7 +62,7 @@ install the 'velociraptor' package.
 
 
 %prep
-%setup -q -a 1 -n %{projname}-%{version}
+%setup -q -a 1 -a 4 -n %{projname}-%{version}
 %autopatch -p1
 
 # Without this, the libbpfgo tests want to vendor the external version
@@ -69,6 +71,10 @@ rm -rf third_party/libbpfgo/selftest third_party/libbpfgo/helpers/example_tracel
 # Set the version to something more specific than <next-tag>-dev
 sed -ie "s/\(VERSION *= \).*/\1 \"%{version}\"/" constants/constants.go
 
+mkdir -p third_party/libbpfgo/output
+cp vmlinux.h-%{vmlinux_h_version}/vmlinux-%{_arch}.h \
+   third_party/libbpfgo/output/vmlinux.h
+
 # These just clutter the GUI and we don't have Windows clients
 # Note: There are dependencies on these that need to be resolved before
 # removing them outright.

velociraptor.changes

@@ -1,3 +1,48 @@
+-------------------------------------------------------------------
+Fri Aug 19 01:59:35 UTC 2022 - jeffm@suse.com
+
+- Update to version 0.6.4.2~git59.5ebb49db:
+  * api/authenticators: fix handling of missing oauthstate cookie for OAUTH2
+
+-------------------------------------------------------------------
+Thu Aug 11 19:40:21 UTC 2022 - jeffm@suse.com
+
+- Update to version 0.6.4.2~git57.fcb11adf:
+  * kafka-humio-gateway: add sample config file
+
+-------------------------------------------------------------------
+Fri Jul 15 14:30:49 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
+
+- Updated BuildRequires to use go 1.17 after updating vendoring
+
+-------------------------------------------------------------------
+Fri Jul 15 02:24:03 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
+
+- Add vmlinux.h from 5.18.9-2-default to provide type information (x86_64 only)
+
+-------------------------------------------------------------------
+Fri Jul 15 00:00:39 UTC 2022 - jeffm@suse.com
+
+- Update to version 0.6.4.2~git56.47b4adb4:
+  * Updating the NewFiles and ProcessStatuses Artifacts
+  * cronsnoop: Add plugin which is able to snoop removal/addition of cron… (#37)
+  * third_party/go-libaudit: don't directly use unix.*
+  * Add Linux.Remediation.Quarantine artifact
+  * Extend audit artifacts to use new interface
+  * audit: rearchitect plugin to scale better with multiple invocations
+  * third_party/go-libaudit: move handling of receive buffer to caller
+  * third_party/go-libaudit: move buffer handling from netlink to audit
+  * third_party/go-libaudit: allow audit fd to be pollable
+  * third_party/go-libaudit: Add support for removing individual rules
+  * third_party/go-libaudit: rule.Rule.Build: Don't assume that no syscalls means all syscalls
+  * third_party/go-libaudit: Report missing rules during deletion
+  * import go-libaudit as a third-party module
+  * quarantine: actually call the OS-specific artifact
+  * artifactset: add ability to select named sources
+  * GUI: Artifact selector (#1790)
+  * host-info: make quarantine UI more robust with non-Windows client hosts
+  * shell-viewer: default to Bash on non-Windows clients
+
 -------------------------------------------------------------------
 Thu May 12 20:15:26 UTC 2022 - jeffm@suse.com
 

velociraptor.obsinfo

@@ -1,4 +1,4 @@
 name: velociraptor
-version: 0.6.4.2~git31.e1b7fc0e
+version: 0.6.4.2~git59.5ebb49db
-mtime: 1652386495
+mtime: 1660874322
-commit: e1b7fc0e393db0f2f098ee8a181831df333c88e6
+commit: 5ebb49db07717905c8dd9774dc0ab3f38b71c1ba

velociraptor.spec

@@ -16,14 +16,14 @@
 #
 
 %define projname velociraptor
-%define vendor_version 0.6.4.2~git31.e1b7fc0e
+%define vendor_version 0.6.4.2~git56.47b4adb4
+%define vmlinux_h_version 5.18.9-2-default
 
 Name:           velociraptor
-Version:        0.6.4.2~git31.e1b7fc0e
+Version:        0.6.4.2~git59.5ebb49db
 Release:        0
 Summary:	Endpoint visibility and collection tool
-
+Group:		System/Monitoring
-# FIXME: Select a correct license from https://github.com/openSUSE/spec-cleaner#spdx-licenses
 License:        AGPL-3.0-only
 URL:            https://github.com/Velocidex/velociraptor
 Source:         %{projname}-%{version}.tar.xz
@@ -34,6 +34,7 @@ Source4:        %{name}.service
 Source5:        %{name}-server.config.placeholder
 Source6:        %{name}-client.service
 Source7:        %{name}-client.config.placeholder
+Source8:	vmlinux.h-%{vmlinux_h_version}.tar.xz
 Patch1:		velociraptor-golang-mage-vendoring.diff
 Patch2:		velociraptor-skip-git-submodule-import-for-OBS-build.patch
 Patch3:		velociraptor-makefile-add-bpf-rules-to-linux_bare.patch
@@ -41,7 +42,8 @@ Patch4:		make-libbpfgo-vendorable.patch
 BuildRequires:  golang-packaging
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  systemd-devel
-BuildRequires:  golang(API) >= 1.14
+# We actually only require >= 1.17
+BuildRequires:  golang(API) = 1.17
 BuildRequires:	fileb0x
 BuildRequires:	mage
 BuildRequires:	libtsan0
@@ -66,14 +68,14 @@ For just the endpoint agent, please install the 'velociraptor-client' package.
 
 %package kafka-humio-gateway
 Summary: Gateway between Kafka and Humio for Velociraptor Artifacts
-Version: 0.6.4.2~git31.e1b7fc0e
+Version: 0.6.4.2~git59.5ebb49db
 
 %description kafka-humio-gateway
 This tool is used to consume events generated by the Kafka Velociraptor plugin
 and post them to a Humio cluster.
 
 %prep
-%setup -q -a 1 -a 2 -a 3 -n %{projname}-%{version}
+%setup -q -a 1 -a 2 -a 3 -a 8 -n %{projname}-%{version}
 %autopatch -p1
 
 # Without this, the libbpfgo tests want to vendor the external version
@@ -82,6 +84,10 @@ rm -rf third_party/libbpfgo/selftest third_party/libbpfgo/helpers/example_tracel
 # Set the version to something more specific than <next-tag>-dev
 sed -ie "s/\(VERSION *= \).*/\1 \"%{version}\"/" constants/constants.go
 
+mkdir -p third_party/libbpfgo/output
+cp vmlinux.h-%{vmlinux_h_version}/vmlinux-%{_arch}.h \
+   third_party/libbpfgo/output/vmlinux.h
+
 # These just clutter the GUI and we don't have Windows clients
 # Note: There are dependencies on these that need to be resolved before
 # removing them outright.
@@ -91,7 +97,7 @@ sed -ie "s/\(VERSION *= \).*/\1 \"%{version}\"/" constants/constants.go
 (cd gui/velociraptor ; npm run build)
 PATH=$PATH:/usr/sbin make linux
 
-(cd contrib/kafka-humio-gateway; go build -o velociraptor-kafka-humio-gateway)
+(cd contrib/kafka-humio-gateway; go build -o %{name}-kafka-humio-gateway)
 
 %install
 mkdir -p %buildroot/%{_bindir}
@@ -100,14 +106,17 @@ mkdir -p %buildroot/%{_unitdir}
 mkdir -p %buildroot/%{_sharedstatedir}/velociraptor/data
 mkdir -p %buildroot/%{_sharedstatedir}/velociraptor/logs
 mkdir -p %buildroot/%{_sharedstatedir}/velociraptor-client
-install -m 755 output/velociraptor-v%{version}-linux-* %buildroot/%{_bindir}/velociraptor
+mkdir -p %buildroot/%{_datadir}/%{name}-kafka-humio-gateway
-install -m 755 contrib/kafka-humio-gateway/velociraptor-kafka-humio-gateway %buildroot/%{_bindir}
+install -m 0755 output/velociraptor-v%{version}-linux-* %buildroot/%{_bindir}/velociraptor
+install -m 0755 contrib/kafka-humio-gateway/%{name}-kafka-humio-gateway %buildroot/%{_bindir}
+install -m 0644 contrib/kafka-humio-gateway/sample-config.yml %buildroot/%{_datadir}/%{name}-kafka-humio-gateway/sample-config.yml
 install -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/%{name}.service
 install -m 0600 %{SOURCE5} %{buildroot}%{_sysconfdir}/velociraptor/server.config
 install -m 0644 %{SOURCE6} %{buildroot}%{_unitdir}/%{name}-client.service
 install -m 0600 %{SOURCE7} %{buildroot}%{_sysconfdir}/velociraptor/client.config
 
 %files
+%defattr(-, root, root)
 %license LICENSE
 %doc README.md
 %dir %{_sysconfdir}/velociraptor
@@ -122,9 +131,12 @@ install -m 0600 %{SOURCE7} %{buildroot}%{_sysconfdir}/velociraptor/client.config
 %dir %{_sharedstatedir}/velociraptor-client
 
 %files kafka-humio-gateway
+%defattr(-, root, root)
 %license LICENSE
 %doc contrib/kafka-humio-gateway/README.md
-%{_bindir}/velociraptor-kafka-humio-gateway
+%{_bindir}/%{name}-kafka-humio-gateway
+%dir %{_datadir}/%{name}-kafka-humio-gateway
+%{_datadir}/%{name}-kafka-humio-gateway/sample-config.yml
 
 %pre
 %service_add_pre %{name}.service

vendor-golang-0.6.4.2~git31.e1b7fc0e.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5dad594f42ddcbebd18fe553ef5068081701561a72e229bd39ad99811a2fe39b
-size 7817752

vendor-golang-0.6.4.2~git56.47b4adb4.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a7d38ad45be8b27e563fadac89059951f60d1d231f2d8fec3df1b827447a5901
+size 7868504

vendor-golang-kafka-humio-gateway-0.6.4.2~git31.e1b7fc0e.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:43bc2686bdf5fb270650c77cbff22e7728188a0e9d7eb010dfb84d8c5f484f14
-size 454376

vendor-golang-kafka-humio-gateway-0.6.4.2~git56.47b4adb4.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:886a5eeed9e6c9188a634e2cd19735f9260b0916ebb1a024f6b0de848219b652
+size 454252

vendor-nodejs-0.6.4.2~git31.e1b7fc0e.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:554186cd098a64de8979b4f4c7ecb09ed1a2e2ffb4db09cfd58da5b14b4e9d6b
-size 37044384

vendor-nodejs-0.6.4.2~git56.47b4adb4.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c2c6afab53fa7d9860738ee4c3e0a720594fdc17e3414c0ba812dec7d21f3d41
+size 36978488

vmlinux.h-5.18.9-2-default.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:75a6a812bbed4f1e7abd5a3c02d1658a96b43d3c4fc99a155739c256a8da8245
+size 457380