- Update to version 0.6.7.4~git41.678ed56:
* rpm: introduce rpm vql plugin
* users: extend DeleteUser testcase to ensure org membership was dropped
* users: ensure baseline user state is correct
* github: run testcases on Linux builds in new workflow
* gui/reporting: update bluemonday dependency to latest
* SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()
* SUSE: Add docker-compose environment
* SUSE: add Docker files
* clients/host-info.js: add MAC addresses to client dashboard
* linux: Add ability to interrogate system and network configuration
* Add Linux.Sys.Bash to Server.Monitor.Shell artifact
* kafka-humio-gateway: add sample config file
* Updating the NewFiles and ProcessStatuses Artifacts
* cronsnoop: rework testcases to use t.TempDir
* vql/linux/cronsnoop: Add cronsnoop() plugin
* Extend audit artifacts to use new interface
* audit: rearchitect plugin to scale better with multiple invocations
* audit: use caller-allocated buffer
* use github.com/jeffmahoney/go-libaudit/v2 for audit
* Kafka.Events.Client: Update to use new artifactset type
* Add artifact for chattrsnoop plugin
* bpflib: ensure it's built only on linux and when requesting bpf
* Add chattrsnoop plugin
* Add artifact to monitor user group updates (#24)
* vql/linux/dnssnoop: Add dnssnoop() plugin
* Log Sudo/root command by auditd
* Add custom artifacts for login and logout attempts recorded by auditd
* Add tcpsnoop plugin
* vql/linux/bpflib: add helper package for bpf plugins
OBS-URL: https://build.opensuse.org/request/show/1040837
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=25
- Update to version 0.6.4.2~git86.b5931f7:
* cleanup: go mod tidy
- Fix vendoring of replaced modules.
- Only require libtsan0 on x86_64
- Only attempt to copy vmlinux.h if /sys/kernel/btf/vmlinux doesn't exist
- Fix building of libbpfgo on i586
- Update to version 0.6.4.2~git84.1b38fda:
* Clean up libbpfgo mess
* libbpfgo: use forked repo for fully static builds
* libbpfgo: sync to v0.4.4-libbpf-1.0.1
* contrib/kafka-humio-gateway: add new debug option for noisy events
* contrib/kafka-humio-gateway: backoff and retry for metadata
* vql/server/kafka: connect sarama logging to velociraptor logging
* vql/server/kafka: add exponential backoff (limited to 30s) for metadata retries
* vql/server/kafka: set appropriate ClientID
* libbpfgo: add selftest to build so testcases work
* cronsnoop: rework testcases to use t.TempDir
* cronsnoop: move external dependencies to end of import list
* SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()
- Update to version 0.6.4.2~git67.85b608e:
* clients/host-info.js: add MAC addresses to client dashboard
* linux: Add ability to interrogate system and network configuration
* SUSE: Add docker-compose environment
* SUSE: add Docker files
* Add Linux.Sys.Bash to Server.Monitor.Shell artifact
* api/authenticators: fix handling of missing oauthstate cookie for OAUTH2
* kafka-humio-gateway: add sample config file
* Updating the NewFiles and ProcessStatuses Artifacts
OBS-URL: https://build.opensuse.org/request/show/1035327
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=22
- Update to upstream 0.6.4-2:
* Reset nanny when client connection failed. (#1780)
* Fix artifacts that use yara parameters to specify yara type (#1779)
* Update release for bugfixes 0.6.4-2
* Add update to ADSHunter for better output on complete system hunts (#28) (#1765)
* SysmonInstall artifact now skips install if not needed (#1777)
* Initial implementation of client side process tracker. (#1768)
* Invalidate transformed cache when the base table changes. (#1742)
* GUI Table widgets now can apply transformations on the table. (#1740)
* Suppress warning message for offline collector (#1776)
* Bug fix (#1774)
* Avoid bash process lingering around while server is running (#1775)
* oidc: Fix typo: Genric -> Generic (#1773)
* Make MaxWait for event table settable. (#1772)
* Fixed bug in Windows.Detection.Yara.Process (#1771)
* fix: upgrade react-scripts from 5.0.0 to 5.0.1 (#1770)
* Bugfix: Client did not update list of query columns (#1767)
* Merge bugfixes from master branch. (#1769)
- Revendored dependencies.
- Update to version 0.6.4~git31.4298eab0:
* Add artifact for chattrsnoop plugin
* bpflib: ensure it's built only on linux and when requesting bpf
* Add chattrsnoop plugin
* tcpsnoop: Properly close module in case of attach error
* Elastic.Events.Client: Update to use new artifactset type
* Kafka.Events.Client: Update to use new artifactset type
* artifacts: add artifactset parameter type
* api: add type and description fields to v1/GetArtifacts endpoint
* Add artifacts for dns/tcp snoop plugins
OBS-URL: https://build.opensuse.org/request/show/976934
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=17
* SUSE: Add SSHLogin artifacts
* Add a Kafka export plugin
* SUSE: Do build tests on every pull request
* Add systemd-dev as build dependency for github workflow
- Update to version 0.6.3~git13.af7fdb00:
* SUSE: Add SSHLogin artifacts
* Add a Kafka export plugin
* SUSE: Do build tests on every pull request
* Add systemd-dev as build dependency for github workflow
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=10
