Commit Graph

10 Commits

Author SHA256 Message Date
3a5ec10ba3 Accepting request 1085591 from home:jeff_mahoney:branches:security:sensor:updates
- Update to version 0.6.7.5~git78.2bef6fc:
  * bpf: fix path to vmlinux.h

- Update to version 0.6.7.5~git77.997aa73:
  * file_store/test_utils/server_config.go: update test certificate
  * Update bluemonday dependency.
  * vql/functions/hash: cache results on Linux
  * libbpfgo: update to velociraptor-branch-v0.4.8-libbpf-1.2.0
  * logscale/backport: don't use networking.GetHttpTransport
  * vql/tools/logscale: add plugin to post events to LogScale ingestion endpoint
  * file_store/directory: add ability to report pending size
- Change clang dependency to clang16
- Fix velociraptor-golang-mage-vendoring.diff to account for newer
  'go mod vendor' honoring build flags.
- Fix update-vendoring.sh script to actually run the %setup part of
  the spec.
- Merge client package into server spec and use _multibuild to create
  client package from same spec file.
- Adjust changelog to retain changes for client package.
- Fix building in static mode on earlier releases.
  - Added patch: velociraptor-libbpfgo-only-build-libbpf.patch

- Tightening the security of the services a bit:
  - tmp files are now moved to /var/lib/velociraptor{,-client}/tmp
    from /tmp
  - run velociraptor server as user velociraptor instead of root
    we do not really need root permissions here
  - introduce /var/lib/velociraptor/filestore to make it easier to
    split out large file upload
  - change permissions for the data directory and subdirectories to

OBS-URL: https://build.opensuse.org/request/show/1085591
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=46
2023-05-09 00:49:51 +00:00
d5a3e31f79 Accepting request 1060929 from home:jeff_mahoney:branches:security:sensor
- Use obsinfo mtime to produce stable build timestamp (bsc#1207369).

- Update to version 0.6.7.4~git60.8abed37a:
  * http_comms: create ring buffer temporary file in the same directory
  * cronsnoop: plumb in real scope logging
  * cronsnoop: don't treat routine errors as fatal
  * cronsnoop: fix typo

- Use obsinfo mtime to produce stable build timestamp (bsc#1207369).

- Update to version 0.6.7.4~git60.8abed37a:
  * http_comms: create ring buffer temporary file in the same directory
  * cronsnoop: plumb in real scope logging
  * cronsnoop: don't treat routine errors as fatal
  * cronsnoop: fix typo

OBS-URL: https://build.opensuse.org/request/show/1060929
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=41
2023-01-25 13:29:03 +00:00
62de5286f7 Accepting request 1040837 from home:jeff_mahoney:branches:security:sensor
- Update to version 0.6.7.4~git41.678ed56:
  * rpm: introduce rpm vql plugin
  * users: extend DeleteUser testcase to ensure org membership was dropped
  * users: ensure baseline user state is correct
  * github: run testcases on Linux builds in new workflow
  * gui/reporting: update bluemonday dependency to latest
  * SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()
  * SUSE: Add docker-compose environment
  * SUSE: add Docker files
  * clients/host-info.js: add MAC addresses to client dashboard
  * linux: Add ability to interrogate system and network configuration
  * Add Linux.Sys.Bash to Server.Monitor.Shell artifact
  * kafka-humio-gateway: add sample config file
  * Updating the NewFiles and ProcessStatuses Artifacts
  * cronsnoop: rework testcases to use t.TempDir
  * vql/linux/cronsnoop: Add cronsnoop() plugin
  * Extend audit artifacts to use new interface
  * audit: rearchitect plugin to scale better with multiple invocations
  * audit: use caller-allocated buffer
  * use github.com/jeffmahoney/go-libaudit/v2 for audit
  * Kafka.Events.Client: Update to use new artifactset type
  * Add artifact for chattrsnoop plugin
  * bpflib: ensure it's built only on linux and when requesting bpf
  * Add chattrsnoop plugin
  * Add artifact to monitor user group updates (#24)
  * vql/linux/dnssnoop: Add dnssnoop() plugin
  * Log Sudo/root command by auditd
  * Add custom artifacts for login and logout attempts recorded by auditd
  * Add tcpsnoop plugin
  * vql/linux/bpflib: add helper package for bpf plugins

OBS-URL: https://build.opensuse.org/request/show/1040837
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=25
2022-12-07 03:37:22 +00:00
9b25021947 Accepting request 976934 from home:jeff_mahoney:branches:security:sensor
- Update to upstream 0.6.4-2:
  * Reset nanny when client connection failed. (#1780)
  * Fix artifacts that use yara parameters to specify yara type (#1779)
  * Update release for bugfixes 0.6.4-2
  * Add update to ADSHunter for better output on complete system hunts (#28) (#1765)
  * SysmonInstall artifact now skips install if not needed (#1777)
  * Initial implementation of client side process tracker. (#1768)
  * Invalidate transformed cache when the base table changes. (#1742)
  * GUI Table widgets now can apply transformations on the table. (#1740)
  * Suppress warning message for offline collector (#1776)
  * Bug fix (#1774)
  * Avoid bash process lingering around while server is running (#1775)
  * oidc: Fix typo: Genric -> Generic (#1773)
  * Make MaxWait for event table settable. (#1772)
  * Fixed bug in Windows.Detection.Yara.Process (#1771)
  * fix: upgrade react-scripts from 5.0.0 to 5.0.1 (#1770)
  * Bugfix: Client did not update list of query columns (#1767)
  * Merge bugfixes from master branch. (#1769)
- Revendored dependencies.

- Update to version 0.6.4~git31.4298eab0:
  * Add artifact for chattrsnoop plugin
  * bpflib: ensure it's built only on linux and when requesting bpf
  * Add chattrsnoop plugin
  * tcpsnoop: Properly close module in case of attach error
  * Elastic.Events.Client: Update to use new artifactset type
  * Kafka.Events.Client: Update to use new artifactset type
  * artifacts: add artifactset parameter type
  * api: add type and description fields to v1/GetArtifacts endpoint
  * Add artifacts for dns/tcp snoop plugins

OBS-URL: https://build.opensuse.org/request/show/976934
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=17
2022-05-12 20:23:00 +00:00
2d6a29d947 Accepting request 975255 from home:jeff_mahoney:security:sensor:devel
- Fix error handling in tcpsnoop and dnssnoop.
  * If BTF information is unavailable, there is no indication that the
    query has failed.

- Rebase on 0.6.4:
  * Updated dependencies
  * Bugfix: startup bugs (#1680)
  * bugfix: Server event notebook not correctly created (#1737)
  * Bugfix: Start a dummy indexing service (#1736)
  * Add bugfix which would return no rows if the user removed whitelist (#1735)
  * Fixed bug in read_reg_key (#1734)
  * BUGFIX: Do not include config flag when darwin installer is repacked (#1733)
  * Refactored index into its own service. (#1730)
  * Bugfix: Write one index item per JSONL record. (#1727)
  * Bugfix: Estimating client impact should consider last active status (#1726)
  * Add complete ntfs metadata option to MFT output (#1725)
  * Various bugfixes. (#1724)
  * Update Usn.yaml (#1723)
  * Fixed a bug in hunt download preparation. (#1722)
  * Add Windows.Forensics.Usn filter and presentation updates (#1720)
  * Optimize writing event monitoring records (#1721)
  * Add Generic.Detection.Yara.Zip (#1718)
  * Fixed crash on master-pong response. (#1719)
  * Remove _type option from elastic. (#1715)
  * Opportunistically update directly connected client's ping times (#1713)
  * Fixed a bug in hunt download preparation. (#1722)
  * Add Windows.Forensics.Usn filter and presentation updates (#1720)
  * Optimize writing event monitoring records (#1721)
  * Add Generic.Detection.Yara.Zip (#1718)
  * Fixed crash on master-pong response. (#1719)

OBS-URL: https://build.opensuse.org/request/show/975255
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=14
2022-05-05 18:38:36 +00:00
ae02f616a5 - Update to version 0.6.3~git19.640f7a1c:
* Add tcpsnoop plugin

- Update to version 0.6.3~git19.640f7a1c:
  * Add tcpsnoop plugin

OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=13
2022-03-18 16:16:16 +00:00
52390d084f Accepting request 955746 from home:jeff_mahoney:branches:security:sensor
Update to follow sensor-base-0.6.3 branch.

OBS-URL: https://build.opensuse.org/request/show/955746
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=9
2022-02-18 01:36:48 +00:00
2f3558a31c OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=7 2022-02-17 23:17:31 +00:00
0365dcf377 Accepting request 950798 from home:jeff_mahoney:branches:security:sensor
- Resolved some rpmlint warnings and added client config placeholder.

- Update to version 0.6.3~git0.69e0fffa:
  * Prepare for 0.6.3 release (#1515)
  * add limitations to description and key path to query (#1514)
  * Retry remote datastore connections (#1513)
  * Write minion log files and autocert in its own dir.  (#1512)
  * Synced KapeFiles artifacts (#1511)
  * Added data retention server artifacts (#1510)
  * Set an upper limit for ttl in memcache (#1508)
  * Add updates to Windows.System.Services (#15) (#1509)
  * Ensure collector container is properly closed when interrupted. (#1507)
  * Continually rebuild the index at runtime. (#1506)
  * Harder vacuum - directly move client task directories to the attic. (#1505)
  * add limitation disclaimer (#1504)
  * Reduce critial section to avoid deadlock in repository manager (#1503)
  * Implemented a vacuum command to remove old tasks from client queues. (#1501)
  * Better format profile metrics output. (#1495)
  * Cap size of directories and report large directories. (#1493)
  * Set ACE completers per editor to avoid global state. (#1492)
  * Add HttpOnly flag to all cookies. (#1491)
  * Refactor completion routine calls (#1490)
  * fix: upgrade react-bootstrap from 1.3.0 to 1.6.4 (#1486)
  * fix: upgrade http-proxy-middleware from 1.0.5 to 1.3.1 (#1485)
  * fix: upgrade react-ace from 9.1.3 to 9.5.0 (#1487)
  * fix: upgrade recharts from 2.0.9 to 2.1.8 (#1488)
  * fix: upgrade react-datetime-picker from 3.0.4 to 3.4.3 (#1489)
  * Limit size of cached directories. (#1483)
  * Add more instrumentation to memory caches. (#1482)
  * Fixed chart resizing bug (#1481)

OBS-URL: https://build.opensuse.org/request/show/950798
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=3
2022-02-02 18:59:59 +00:00
13a001b73e osc copypac from project:home:jeff_mahoney:security:sensor package:velociraptor revision:2
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=1
2022-01-21 17:45:44 +00:00