diff --git a/sysconfig.velociraptor b/sysconfig.velociraptor new file mode 100644 index 0000000..76988ce --- /dev/null +++ b/sysconfig.velociraptor @@ -0,0 +1,9 @@ +## Path: Security/Monitoring +## Description: Velociraptor server settings +## Type: string +## Default: "" +## ServiceRestart: velociraptor +# +# Options for velociraptor +# +VELOCIRAPTOR_OPTS="" diff --git a/sysconfig.velociraptor-client b/sysconfig.velociraptor-client new file mode 100644 index 0000000..e4cc6e3 --- /dev/null +++ b/sysconfig.velociraptor-client @@ -0,0 +1,9 @@ +## Path: Security/Monitoring +## Description: Velociraptor client settings +## Type: string +## Default: "" +## ServiceRestart: velociraptor-client +# +# Options for velociraptor-client +# +VELOCIRAPTOR_CLIENT_OPTS="-v" diff --git a/velociraptor-client.changes b/velociraptor-client.changes index c362317..88eab43 100644 --- a/velociraptor-client.changes +++ b/velociraptor-client.changes @@ -1,5 +1,16 @@ +--------------------------------------------------------------------- +Thu Jan 19 15:17:22 UTC 2023 - Jeff Mahoney + +- Restore requirement to build with clang13. Newer versions + cause libbpfgo to crash immediately. + +----------------------------------------------------------------- +Thu Jan 19 14:36:42 UTC 2023 - Jeff Mahoney + +- Added support for setting command line options via sysconfig + ------------------------------------------------------------------- -Thu Jan 19 05:00:55 UTC 2023 - jeffm@suse.com +Thu Jan 19 05:00:55 UTC 2023 - Jeff Mahoney - Update to version 0.6.7.4~git53.0e85855: * sdjournal: work around missing _SYSTEMD_UNIT fields diff --git a/velociraptor-client.service b/velociraptor-client.service index 3acdb99..77a0e2b 100644 --- a/velociraptor-client.service +++ b/velociraptor-client.service @@ -6,7 +6,8 @@ Type=simple User=root Group=root UMask=0027 -ExecStart=/usr/bin/velociraptor client --config /etc/velociraptor/client.config +EnvironmentFile=-/etc/sysconfig/velociraptor-client +ExecStart=/usr/bin/velociraptor client --config /etc/velociraptor/client.config $VELOCIRAPTOR_CLIENT_OPTS PrivateTmp=true PrivateDevices=true diff --git a/velociraptor-client.spec b/velociraptor-client.spec index e619d6d..020b339 100644 --- a/velociraptor-client.spec +++ b/velociraptor-client.spec @@ -38,11 +38,12 @@ Source2: %{name}.service Source3: %{name}.config.placeholder Source4: vmlinux.h-%{vmlinux_h_version}.tar.xz Source5: update-vendoring.sh +Source6: sysconfig.%{name} Patch1: velociraptor-golang-mage-vendoring.diff Patch2: velociraptor-skip-git-submodule-import-for-OBS-build.patch BuildRequires: golang-packaging BuildRequires: systemd-rpm-macros -BuildRequires: systemd-devel +BuildRequires: pkgconfig(libsystemd) BuildRequires: golang(API) >= 1.19 BuildRequires: fileb0x BuildRequires: mage @@ -50,8 +51,9 @@ BuildRequires: mage BuildRequires: libtsan0 %endif %if %{with bpf} -BuildRequires: clang >= 13 -BuildRequires: llvm >= 13 +# clang15 causes libbpfo to crash immediately +BuildRequires: clang13 +BuildRequires: llvm13 BuildRequires: bpftool BuildRequires: libelf-devel BuildRequires: zlib-devel-static @@ -101,6 +103,8 @@ mkdir -p %buildroot/%{_sharedstatedir}/velociraptor-client install -m 0755 output/velociraptor-v%{version}-linux-* %buildroot/%{_bindir}/velociraptor install -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service install -m 0600 %{SOURCE3} %{buildroot}%{_sysconfdir}/velociraptor/client.config +install -d -m 755 %{buildroot}%{_fillupdir} +install -m 0644 %{SOURCE6} %{buildroot}%{_fillupdir} %files %license LICENSE @@ -110,11 +114,13 @@ install -m 0600 %{SOURCE3} %{buildroot}%{_sysconfdir}/velociraptor/client.config %config(noreplace) %{_sysconfdir}/velociraptor/client.config %{_unitdir}/%{name}.service %dir %{_sharedstatedir}/velociraptor-client +%{_fillupdir}/sysconfig.%{name} %pre %service_add_pre %{name}.service %post +%{fillup_only} %service_add_post %{name}.service %preun diff --git a/velociraptor.changes b/velociraptor.changes index 2eb88da..732b49c 100644 --- a/velociraptor.changes +++ b/velociraptor.changes @@ -1,5 +1,16 @@ ------------------------------------------------------------------- -Thu Jan 19 05:00:55 UTC 2023 - jeffm@suse.com +Thu Jan 19 15:17:22 UTC 2023 - Jeff Mahoney + +- Restore requirement to build with clang13. Newer versions + cause libbpfgo to crash immediately. + +------------------------------------------------------------------- +Thu Jan 19 14:36:42 UTC 2023 - Jeff Mahoney + +- Added support for setting command line options via sysconfig + +------------------------------------------------------------------- +Thu Jan 19 05:00:55 UTC 2023 - Jeff Mahoney - Update to version 0.6.7.4~git53.0e85855: * sdjournal: work around missing _SYSTEMD_UNIT fields diff --git a/velociraptor.service b/velociraptor.service index b78e473..e5fe38a 100644 --- a/velociraptor.service +++ b/velociraptor.service @@ -6,7 +6,8 @@ Type=simple User=root Group=root UMask=0027 -ExecStart=/usr/bin/velociraptor frontend --verbose --config /etc/velociraptor/server.config +EnvironmentFile=-/etc/sysconfig/velociraptor +ExecStart=/usr/bin/velociraptor frontend --verbose --config /etc/velociraptor/server.config $VELOCIRAPTOR_OPTS PrivateTmp=true PrivateDevices=true diff --git a/velociraptor.spec b/velociraptor.spec index 22b97a9..bb28079 100644 --- a/velociraptor.spec +++ b/velociraptor.spec @@ -42,12 +42,14 @@ Source6: %{name}-client.service Source7: %{name}-client.config.placeholder Source8: vmlinux.h-%{vmlinux_h_version}.tar.xz Source9: update-vendoring.sh +Source10: sysconfig.%{name} +Source11: sysconfig.%{name}-client Patch1: velociraptor-golang-mage-vendoring.diff Patch2: velociraptor-skip-git-submodule-import-for-OBS-build.patch BuildRequires: golang-packaging BuildRequires: systemd-rpm-macros -BuildRequires: systemd-devel -BuildRequires: golang(API) >= 1.19 +BuildRequires: pkgconfig(libsystemd) +BuildRequires: golang(API) >= 1.18 BuildRequires: fileb0x BuildRequires: mage %ifarch x86_64 @@ -56,8 +58,9 @@ BuildRequires: libtsan0 BuildRequires: nodejs >= 16 BuildRequires: npm >= 16 %if %{with bpf} -BuildRequires: clang >= 13 -BuildRequires: llvm >= 13 +# clang15 causes libbpfo to crash immediately +BuildRequires: clang13 +BuildRequires: llvm13 BuildRequires: bpftool BuildRequires: libelf-devel BuildRequires: zlib-devel-static @@ -124,6 +127,9 @@ install -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/%{name}.service install -m 0600 %{SOURCE5} %{buildroot}%{_sysconfdir}/velociraptor/server.config install -m 0644 %{SOURCE6} %{buildroot}%{_unitdir}/%{name}-client.service install -m 0600 %{SOURCE7} %{buildroot}%{_sysconfdir}/velociraptor/client.config +install -d -m 755 %{buildroot}%{_fillupdir} +install -m 0644 %{SOURCE10} %{buildroot}%{_fillupdir} +install -m 0644 %{SOURCE11} %{buildroot}%{_fillupdir} %files %license LICENSE @@ -138,6 +144,8 @@ install -m 0600 %{SOURCE7} %{buildroot}%{_sysconfdir}/velociraptor/client.config %dir %{_sharedstatedir}/velociraptor/data %dir %{_sharedstatedir}/velociraptor/logs %dir %{_sharedstatedir}/velociraptor-client +%{_fillupdir}/sysconfig.%{name} +%{_fillupdir}/sysconfig.%{name}-client %files kafka-humio-gateway %license LICENSE @@ -150,6 +158,8 @@ install -m 0600 %{SOURCE7} %{buildroot}%{_sysconfdir}/velociraptor/client.config %service_add_pre %{name}.service %{name}-client.service %post +%{fillup_only} +%{fillup_only -s client} %service_add_post %{name}.service %{name}-client.service %preun