Commit Graph

7 Commits

Author SHA256 Message Date
0c4d6def1a Accepting request 1134354 from home:jeff_mahoney:branches:security:sensor
- Added workaround for missing Maintainers tag in Debian-based packages.
  obs-service-format_spec_file strips the Packager tag from the spec file
  before committing.  The build service replaces it with its own.  debbuild
  expects the Packager field to be present to generate the Maintainers tag
  in the output but it only receives the "cleaned" spec file.

- Added Recommends: auditd
  - Technically not *required* but Velociraptor's audit client enables
    audit and then listens on the multicast socket.  Without a listener
    on the unicast socket, the kernel will spam the system log with events.

- Fixed debian packaging:
  * /etc/sysconfig -> /etc/default
  * %postun for systemd service cleanup
  * Note: obs-service-format_spec_file strips the Packager tag that
    debbuild uses to generate the Maintainer tag

OBS-URL: https://build.opensuse.org/request/show/1134354
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=59
2023-12-21 00:29:28 +00:00
ac85413735 Accepting request 1133905 from home:jeff_mahoney:branches:security:sensor
- Temporarily use the NODE_MODULES BEGIN/END form of the node_modules
  service due to a bug in debbuild preventing Debian builds from succeeding.
- Update to version 0.7.0.4.git4.c1b68a5b:
  * hash: fix nil pointer dereference panic
  * velociraptor: add dummy main function for mage
- Removed patch:
  * velociraptor-golang-mage-vendoring.diff
- Switched to using go_modules and node_modules source services
  - Eliminated bespoke vendoring scripts.
- Pulled sysuser definition into the velociraptor package.

- Remove PrivateTmp and PrivateDevices settings in velociraptor-client.service (SENS-70)

- Update to version 0.7.0.4.git0.e09a0df8:
  * Add additional sanitization to HTML templates on JS side. (#2) (#3077) (CVE-2023-5950)
  * vql/linux/sdjournal: Fix open/close lifetimes
  * vql/linux/audit: fix shutdown races
  * vql/linux/audit: fix goroutine lifetimes
  * vql/linux/audit: limit messageQueue to within runService
  * vql/linux/audit: add auditService.Log()
  * vql/linux/audit: pull parts of shutdown into shutdown watcher
  * vql/linux/audit: remove unnecessary error handling for reassembler
  * vql/linux/audit: remove unused waitgroup from main event loop
  * vql/linux/audit: handle top-level cancelation properly
  * vql/linux/audit: make explicit that goroutines in the main errgroup don't return errors
  * vql/linux/audit: make stats reporting separate from debug prints
  * vql/linux/audit: simplify polling in listener
  * vql/linux/audit: tests, check various rule scenarios
  * vql/linux/audit: Add more client failure test cases
  * vql/linux/audit: Fix audit client lifecycle

OBS-URL: https://build.opensuse.org/request/show/1133905
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=55
2023-12-18 18:44:23 +00:00
3a5ec10ba3 Accepting request 1085591 from home:jeff_mahoney:branches:security:sensor:updates
- Update to version 0.6.7.5~git78.2bef6fc:
  * bpf: fix path to vmlinux.h

- Update to version 0.6.7.5~git77.997aa73:
  * file_store/test_utils/server_config.go: update test certificate
  * Update bluemonday dependency.
  * vql/functions/hash: cache results on Linux
  * libbpfgo: update to velociraptor-branch-v0.4.8-libbpf-1.2.0
  * logscale/backport: don't use networking.GetHttpTransport
  * vql/tools/logscale: add plugin to post events to LogScale ingestion endpoint
  * file_store/directory: add ability to report pending size
- Change clang dependency to clang16
- Fix velociraptor-golang-mage-vendoring.diff to account for newer
  'go mod vendor' honoring build flags.
- Fix update-vendoring.sh script to actually run the %setup part of
  the spec.
- Merge client package into server spec and use _multibuild to create
  client package from same spec file.
- Adjust changelog to retain changes for client package.
- Fix building in static mode on earlier releases.
  - Added patch: velociraptor-libbpfgo-only-build-libbpf.patch

- Tightening the security of the services a bit:
  - tmp files are now moved to /var/lib/velociraptor{,-client}/tmp
    from /tmp
  - run velociraptor server as user velociraptor instead of root
    we do not really need root permissions here
  - introduce /var/lib/velociraptor/filestore to make it easier to
    split out large file upload
  - change permissions for the data directory and subdirectories to

OBS-URL: https://build.opensuse.org/request/show/1085591
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=46
2023-05-09 00:49:51 +00:00
b16a5f1b3e Accepting request 1060003 from home:dirkmueller:Factory
- add memory limit to systemd unit

OBS-URL: https://build.opensuse.org/request/show/1060003
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=34
2023-01-20 16:50:46 +00:00
6fbff8f638 Accepting request 1059625 from home:jeff_mahoney:branches:security:sensor
---------------------------------------------------------------------
- Restore requirement to build with clang13.  Newer versions
  cause libbpfgo to crash immediately.
-----------------------------------------------------------------
- Added support for setting command line options via sysconfig
- Restore requirement to build with clang13.  Newer versions
  cause libbpfgo to crash immediately.

- Added support for setting command line options via sysconfig

OBS-URL: https://build.opensuse.org/request/show/1059625
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=32
2023-01-19 15:27:12 +00:00
3f054c52ce Accepting request 1059461 from home:jeff_mahoney:branches:security:sensor
- Clean up for Factory submission:
  - Make bpf-enabled builds conditional
  - Removed %defattr and combined service lines.
  - Change clang and llvm dependencies to use >= 13
  - Newer versions of clang hit a DWARF parsing bug in go < 1.19,
    so increase go version dependecy
  - Define ExclusiveArch for x86_64, ppc64le, aarch64, and s390x
    Neither the client or server builds on ix86.
- Added Restart=on-failure to restart the client automatically.

- Update to version 0.6.7.4~git51.a588d6e4:
  * magefile.go: use current architecture for Linux builds
  * Update libbpfgo submodule to include non-AMD64 build fixes
  * bpf: bpf expects s390 instead of s390x

- Clean up for Factory submission:
  - Make bpf-enabled builds conditional
  - Removed %defattr and combined service lines.
  - Change clang and llvm dependencies to use >= 13
  - Newer versions of clang hit a DWARF parsing bug in go < 1.19,
    so increase go version dependecy
  - Define ExclusiveArch for x86_64, ppc64le, aarch64, and s390x
    Neither the client or server builds on ix86.
- Update to version 0.6.7.4~git51.a588d6e4:
  * magefile.go: use current architecture for Linux builds
  * Update libbpfgo submodule to include non-AMD64 build fixes
  * bpf: bpf expects s390 instead of s390x

OBS-URL: https://build.opensuse.org/request/show/1059461
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=30
2023-01-19 01:05:43 +00:00
Christian Almeida de Oliveira
5288159631 Accepting request 950594 from home:firstyear:branches:security:sensor
- Add client service file

OBS-URL: https://build.opensuse.org/request/show/950594
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=2
2022-02-02 07:01:30 +00:00