Antonio Teixeira
8ffa39547e
* Fixes CVE-2024-39338 (bsc#1229424) * Remove CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch as the update is included. OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=82
1965 lines
98 KiB
Plaintext
1965 lines
98 KiB
Plaintext
-------------------------------------------------------------------
|
|
Mon Aug 19 20:45:30 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
|
|
|
|
- Update node modules with security fixes.
|
|
* Fixes CVE-2024-39338 (bsc#1229424)
|
|
* Remove CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
|
|
as the update is included.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 12 20:47:33 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
|
|
|
|
- Move system-user-velociraptor to the client flavor build in order
|
|
to build it on all architectures.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 03 17:01:54 UTC 2024 - antonio.teixeira@suse.com
|
|
|
|
- Update to version 0.7.0.4.git97.675e45f9:
|
|
* kafka-humio-gateway: update go version and dependency list
|
|
* kafka-humio-gateway: specific mTLS cert paths in config.yml
|
|
* docker-compose: set kafka replication factor and min ISRs
|
|
* kafka-humio-gateway: add http post retry mechanism
|
|
* kafka-humio-gateway: add pprof debugging option
|
|
* kafka-humio-gateway: format with gofmt
|
|
* kafka-humio-gateway: fix go-staticcheck issues
|
|
* kafka-humio-gateway: fix sendEvents() never exiting
|
|
* Kafka.Events.Client: Update to use new artifactset type
|
|
* docker-compose: add optional Kafka cluser
|
|
* kafka-humio-gateway: add mTLS support
|
|
* contrib/kafka-humio-gateway: add new debug option for noisy events
|
|
* contrib/kafka-humio-gateway: backoff and retry for metadata
|
|
* kafka-humio-gateway: add sample config file
|
|
* kafka-humio-gateway: update sarama and dependencies
|
|
* Add Kafka-Humio Gateway [Depends on PR#10] (#8)
|
|
* vql/server/kafka: connect sarama logging to velociraptor logging
|
|
* vql/server/kafka: add exponential backoff (limited to 30s) for metadata retries
|
|
* vql/server/kafka: set appropriate ClientID
|
|
* Add a Kafka export plugin
|
|
- Use llvm17 when available
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 28 16:45:51 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
|
|
|
|
- Patches changes:
|
|
* Change CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
|
|
to update the follow-redirects package instead of patching directly.
|
|
* Added CVE-2022-25883-npm-watch-semver-deps.patch (bsc#1212572)
|
|
- Add a package-lock.json to the package
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Apr 27 16:11:14 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
|
|
|
|
- Fix group(velociraptor) dependency for SLE 15 SP3
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 23 10:28:10 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
|
|
|
|
- Change system-user-velociraptor to noarch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 17 21:53:20 UTC 2024 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Fix unresolveable Debian group-velociraptor dependency.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 17 15:52:52 UTC 2024 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Restore velociraptor group for client
|
|
- Add %{name}(project:%_project) Provides for SLE15 and newer
|
|
- Fixed SLE12-SP5 build
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 5 13:01:05 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
|
|
|
|
- Obsolete old velociraptor-kafka-humio-gateway package
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 03 14:21:30 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
|
|
|
|
- Update to version 0.7.0.4.git74.3426c0a:
|
|
* Fix services artifact symbol pid not found error
|
|
* chattrsnoop: correct read size for flags
|
|
* chattrsnoop: fix wrong FS_IOC_SETFLAGS value for ppc
|
|
* chattrsnoop: fix do_vfs_ioctl kprobe failure
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 3 13:54:19 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
|
|
|
|
- Remove nodejs sources from main spec file.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 02 21:52:32 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
|
|
|
|
- Update to version 0.7.0.4.git68.ad1f4e5:
|
|
* Fix undefined binary.NativeEndian build errors
|
|
- Add llvm16-libclang13 dependency for SLE 15 SP5 and above
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 2 12:02:12 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
|
|
|
|
- Disable eBPF for SLE 15 SP2
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Mar 31 23:38:18 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
|
|
|
|
- Fix builds for SLE 15 SP3 and SLE 12
|
|
* Revert to gzip compression instead of zstd for go modules
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 25 17:19:16 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
|
|
|
|
- Update to version 0.7.0.4.git66.eea7659:
|
|
* dnssnoop: fix loading protocol from ip header on s390
|
|
* dnssnoop: fix htons() so it works on s390 too
|
|
* Fix systemd Services artifact missing events
|
|
* chattrsnoop: replace global variables with locals
|
|
* tcpsnoop: fix garbled results on s390
|
|
* chattrsnoop: fix immutable attribute set on s390
|
|
* chattrsnoop: fix bpf_probe_read for s390
|
|
* tcpsnoop: remove unused filtering code
|
|
* Add artifact to collect new files without owner
|
|
* bpf plugins: set a logger callback
|
|
- Add CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
|
|
(bsc#1221456)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 29 18:48:52 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
|
|
|
|
- Reintroduce system-user-velociraptor package due to client %pre
|
|
and %postun scripts depending on velociraptor user and group.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 27 22:37:09 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
|
|
|
|
- Obsolete old system-user-velociraptor package.
|
|
- Use zst compression for go modules.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 22 20:11:34 UTC 2024 - doreilly@suse.com
|
|
|
|
- Update to version 0.7.0.4.git47.0f8a4de1:
|
|
* Rename SUSE specific artifacts to have SUSE prefix
|
|
* Add SUSE.Linux.Events.NewZeroSizeLogFile artifact
|
|
* Move NewFiles artifact to SUSE
|
|
* Move ImmutableFile artifact to SUSE
|
|
* Make ImmutableFile artifact consistent with others
|
|
* Fix absolute path case in ExecutableFiles artifact
|
|
* Add client monitoring artifact for RPMs
|
|
* Add artifact to collect new hidden files
|
|
* Add artifact to monitor ssh authorized_keys files
|
|
* Fix split_records error on older clients
|
|
* Add hash fields to Linux.Events.ProcessExecutions
|
|
* Add artifact to collect systemd service events
|
|
* Fix SystemLogins artifacts file extensions
|
|
* Add SUSE.Linux.Events.Timers artifact
|
|
* Fix audit filter key typo in Linux.Events.NewFiles
|
|
* Add server artifact to delete old client data on server
|
|
* Add SUSE.Linux.Sys.At artifact
|
|
* chattrsnoop: include full error details in logs
|
|
* chattrsnoop: handle os.Stat() error properly
|
|
* chattrsnoop: don't log.Fatal() on hash error
|
|
* Fix Linux.Events.ImmutableFile not showing hash in GUI
|
|
* SUSE.Linux.Events.Crontab: Add task execution artifacts
|
|
* Raise client connection log level to ERROR
|
|
* sdjournal: Correctly seek to current tail
|
|
- Remove verbose flag from client config
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 22 15:56:44 UTC 2024 - doreilly@suse.com
|
|
|
|
- Update to version 0.7.0.4.git6.7b40b8b:
|
|
* go.mod: increase go version to 1.19
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 22 13:19:14 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
|
|
|
|
- Use clang16 for SLE 15 SP4 and above.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 18 15:36:50 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
|
|
|
|
- Fixed Debian %postun scripts being used for other distros.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 20 21:08:36 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Added workaround for missing Maintainers tag in Debian-based packages.
|
|
obs-service-format_spec_file strips the Packager tag from the spec file
|
|
before committing. The build service replaces it with its own. debbuild
|
|
expects the Packager field to be present to generate the Maintainers tag
|
|
in the output but it only receives the "cleaned" spec file.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 19 21:53:37 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Added Recommends: auditd
|
|
- Technically not *required* but Velociraptor's audit client enables
|
|
audit and then listens on the multicast socket. Without a listener
|
|
on the unicast socket, the kernel will spam the system log with events.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 19 19:29:06 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Fixed debian packaging:
|
|
* /etc/sysconfig -> /etc/default
|
|
* %postun for systemd service cleanup
|
|
* Note: obs-service-format_spec_file strips the Packager tag that
|
|
debbuild uses to generate the Maintainer tag
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 19 14:24:44 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Fix %SOURCE references.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 15 22:35:01 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Temporarily use the NODE_MODULES BEGIN/END form of the node_modules
|
|
service due to a bug in debbuild preventing Debian builds from succeeding.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 15 19:32:04 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.7.0.4.git4.c1b68a5b:
|
|
* hash: fix nil pointer dereference panic
|
|
* velociraptor: add dummy main function for mage
|
|
- Removed patch:
|
|
* velociraptor-golang-mage-vendoring.diff
|
|
- Rebased patch:
|
|
* velociraptor-reproducible-timestamp.diff
|
|
- Switched to using go_modules and node_modules source services
|
|
* Eliminated bespoke vendoring scripts.
|
|
- Pulled sysuser definition into the velociraptor package.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 5 13:54:03 UTC 2023 - Darragh O'Reilly <doreilly@suse.com>
|
|
|
|
- Remove PrivateTmp and PrivateDevices settings in velociraptor-client.service (SENS-70)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 15 18:17:04 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.7.0.4.git0.e09a0df8:
|
|
* Add additional sanitization to HTML templates on JS side. (#2) (#3077) (CVE-2023-5950)
|
|
* vql/linux/sdjournal: Fix open/close lifetimes
|
|
* vql/linux/audit: fix shutdown races
|
|
* vql/linux/audit: fix goroutine lifetimes
|
|
* vql/linux/audit: limit messageQueue to within runService
|
|
* vql/linux/audit: add auditService.Log()
|
|
* vql/linux/audit: pull parts of shutdown into shutdown watcher
|
|
* vql/linux/audit: remove unnecessary error handling for reassembler
|
|
* vql/linux/audit: remove unused waitgroup from main event loop
|
|
* vql/linux/audit: handle top-level cancelation properly
|
|
* vql/linux/audit: make explicit that goroutines in the main errgroup don't return errors
|
|
* vql/linux/audit: make stats reporting separate from debug prints
|
|
* vql/linux/audit: simplify polling in listener
|
|
* vql/linux/audit: tests, check various rule scenarios
|
|
* vql/linux/audit: Add more client failure test cases
|
|
* vql/linux/audit: Fix audit client lifecycle
|
|
* vql/linux/audit: Change listener lifecycle to enable testing
|
|
* vql/linux/audit: Fix DeleteRule in mock client
|
|
* vql/linux/audit: Fix typo causing double-lock in notifyMissingRule
|
|
* vql/linux/audit: Close reassembler if NewListenerBytes fails
|
|
* vql/linux/audit: limit messageQueue scope to within runService
|
|
* vql/linux/audit: Make messageQueue lifetime more apparent
|
|
* vql/linux/audit: mainEventLoop shouldn't exit on canceled context
|
|
* vql/linux/audit: Clean up context handling in shutdown goroutine
|
|
* vql/linux/audit: fix test suite handling
|
|
* bpf: only build libbpf in the go generate stage
|
|
* bpf: add libbpf/include/uapi to the include path for bpf.h
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 3 01:36:35 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Enabled builds on CentOS 7/8 (currently without eBPF, needs llvm)
|
|
- Enabled builds on Ubuntu 20.04 and 22.04 (23.* pending OBS changes)
|
|
- Enabled builds on Debian 11, 12, Unstable, Testing, and Next
|
|
- Limit server builds to x86_64 until esbuild issue is sorted
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 31 20:07:16 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version sensor-base-0.7.0~git0.602f673:
|
|
* vql/linux/audit: fix staticcheck checks
|
|
* vql/linux/audit: gofumpt -extra
|
|
* vql/linux/audit: don't overload EAGAIN
|
|
* vql/linux/audit: actually add test cases
|
|
* cronsnoop: fix panic when crontab has empty line
|
|
* SUSE: Add docker-compose environment
|
|
* SUSE: add Docker files
|
|
* SUSE: Do build tests on every pull request
|
|
* Github: Run build workflow on each pull request
|
|
* vql/functions/hash: cache results on Linux
|
|
* rpm: introduce rpm vql plugin
|
|
* Add Linux.Sys.Bash to Server.Monitor.Shell artifact
|
|
* Updating the NewFiles and ProcessStatuses Artifacts
|
|
* vql/linux/cronsnoop: Add cronsnoop() plugin
|
|
* Extend audit artifacts to use new interface
|
|
* vql/linux/audit: rearchitect plugin for scalability
|
|
* vql/linux/audit: use go-libaudit v2 for live audit message processing
|
|
* file_store/directory/listener_bytes: Add listener to use serialized interface
|
|
* utils/refcount: add simple refcount implementation
|
|
* file_store/directory/buffer: add direct-serialized interface
|
|
* Add artifact to monitor user group updates (#24)
|
|
* Linux.Events.ProcessExecutions: catch 32-bit execve calls
|
|
* Add custom artifacts for login and logout attempts recorded by auditd
|
|
* vql/linux/bpflib: add sample vmlinux.h includes for test builds
|
|
* vql/linux/bpf/chattrsnoop: Add plugin to catch changes to inode attributes
|
|
* vql/linux/bpf/dnssnoop: Add dnssnoop() plugin
|
|
* vql/linux/bpf/tcpsnoop: Add tcpsnoop plugin
|
|
* vql/linux/bpf: add support to add bpf plugins for Linux
|
|
* SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()
|
|
* SUSE: Add SSHLogin artifacts
|
|
* Update the Linux.Events.SSHLogin artifact to scan the systemd journal
|
|
* Update the Linux.Syslog.SSHLogin artifact to scan the systemd journal
|
|
* Add parser to read systemd journal on Linux
|
|
* Linux.Detection.ImmutableFiles: Enumerate immutable files under a path
|
|
* linux: add lsattr() function to enumerate file attributes
|
|
* github/workflows/linux: do apt-get update to refresh package lists
|
|
* github: run testcases on Linux builds in new workflow
|
|
* Add systemd-dev as build dependency for github workflow
|
|
* magefile.go: use current architecture for Linux builds
|
|
* build: update to mage 0.15
|
|
* Update tool dependencies on each build (#2987) (#2989)
|
|
* Various Bugfixes (#2981)
|
|
* Fixed IPv6 formatting in Windows.Forensics.UserAccessLogs (#2980)
|
|
* Add Yara device scanning (#44) (#2978)
|
|
* Added a sample bash script for offline collector generation. (#2975)
|
|
* Implemented a fix for Windows.Timeline.Prefetch (#2974)
|
|
* Include MAC addresses in client host dashboard (#2943)
|
|
* logscale: fix stats_interval parameter handling (#2973)
|
|
* Update Lnk.yaml (#2972)
|
|
* [Snyk] Upgrade: @babel/core, @babel/plugin-transform-react-jsx, @babel/runtime (#2970)
|
|
* add suspicious field and targeted default (#2971)
|
|
* Add filesystem type to data returned by file accessor on Unix (#2967)
|
|
* [Snyk] Upgrade axios-retry from 3.6.1 to 3.7.0 (#2963)
|
|
* Implemented a writeback service to manage the writeback file. (#2966)
|
|
* [Snyk] Upgrade axios-retry from 3.6.0 to 3.6.1 (#2949)
|
|
* Added FAT accessor for parsing FAT filesystems (#2961)
|
|
* [Snyk] Upgrade recharts from 2.7.3 to 2.8.0 (#2950)
|
|
* [Snyk] Upgrade axios from 1.4.0 to 1.5.0 (#2951)
|
|
* Fix device major/minor number calculations (#2958)
|
|
* Relay hunt creation errors to the Hunts API (#2953)
|
|
* [Snyk] Upgrade: @babel/core, @babel/runtime (#2948)
|
|
* Improve various bits of VQL documentation (#2945)
|
|
* Update bluemonday dependency. (#2941)
|
|
* Users testcases (#2942)
|
|
* Order columns in hostname flatten output (#2939)
|
|
* Add a generic hostsfile artifact (#2930)
|
|
* Report process names as well as pid for errors (#2937)
|
|
* Send hard coded labels in periodic client info updates (#2935)
|
|
* [Snyk] Upgrade ace-builds from 1.24.0 to 1.24.1 (#2932)
|
|
* Add Modify() method to client info manager. (#2933)
|
|
* Remove unused parameter by Bloodhound artifact (#2924)
|
|
* [Snyk] Upgrade ace-builds from 1.23.4 to 1.24.0 (#2928)
|
|
* Fix AptSources deb822 parsing bug and add deb822 test (#2926)
|
|
* Bugfixes: Artifact bugs due to FullPath->OSPath refactor (#2923)
|
|
* [Snyk] Upgrade: @babel/core, @babel/runtime (#2917)
|
|
* fix: upgrade recharts from 2.7.2 to 2.7.3
|
|
* Update the config file docs.
|
|
* Bugfix: Include tool versions from root org (#2913)
|
|
* Fix issues in AptSources artifact and support deb822 format (#2851)
|
|
* Disable compatibility with URL style paths (#2912)
|
|
* [Snyk] Upgrade: @fortawesome/fontawesome-svg-core, @fortawesome/free-solid-svg-icons (#2907)
|
|
* Added Windows.ETW.FileCreation (#2905)
|
|
* Various documentation improvements (#2904)
|
|
* [Snyk] Upgrade interactjs from 1.10.17 to 1.10.18 (#2902)
|
|
* Update to latest SQLiteHunter (#2901)
|
|
* [Snyk] Upgrade axios-retry from 3.5.1 to 3.6.0 (#2900)
|
|
* Fix URL for VelociraptorWindowsMSI (#2868)
|
|
* Allow embedded config to come from an external file (#2899)
|
|
* Add OriginalFileName to Name regex search for better hunting (#2895)
|
|
* Bugfix: Allow serve url to be set without materializing (#2894)
|
|
* Bugfix: accessors should provide their underlying file (#2893)
|
|
* Shuffle the list of URLs (#2888)
|
|
* Create Mutants.yaml (#2877)
|
|
* Added profile_memory() and profile_goroutines() VQL functions (#2887)
|
|
* [Snyk] Upgrade ace-builds from 1.23.3 to 1.23.4 (#2883)
|
|
* Create Notification.yaml (#2878)
|
|
* Fix the issue of full cpus/ram when handling corrupted org (#2886)
|
|
* [Snyk] Upgrade ace-builds from 1.23.2 to 1.23.3 (#2854)
|
|
* Fix copy-pasted comment in Admin.Client.Uninstall artifact (#2872)
|
|
* Create Windows.Detection.Registry.yaml (#2861)
|
|
* [Snyk] Upgrade @babel/core from 7.22.8 to 7.22.9 (#2862)
|
|
* fix: upgrade humanize-duration from 3.28.0 to 3.29.0
|
|
* fix test
|
|
* Bugfix: Hunt creation with labels
|
|
* Bugfix: CreateCollector bug in uploading to the cloud (#2852)
|
|
* [Snyk] Upgrade ace-builds from 1.23.1 to 1.23.2 (#2850)
|
|
* Merge fix for ntfs library, add back KapeTriage SDS target (#2849)
|
|
* Encode download filename in UTF8 to support better i8n (#2848)
|
|
* [Snyk] Upgrade @babel/core from 7.22.6 to 7.22.8 (#2846)
|
|
* [Snyk] Upgrade axios-retry from 3.5.0 to 3.5.1 (#2847)
|
|
* Bugfix: Add Cell From Flow adapted to new flow widgets (#2844)
|
|
* Feature/humio plugin (#2617)
|
|
* [Snyk] Upgrade @babel/runtime from 7.22.5 to 7.22.6 (#2841)
|
|
* Implemented memory protections for notebook cell calculations (#2842)
|
|
* Added search term label:none for unlabeled clients. (#2840)
|
|
* Incorporate SQLiteHunter project (#2839)
|
|
* Add RDP cache (#43) (#2838)
|
|
* Leave collection behind when uploading to cloud (#2834)
|
|
* Added a VSS accessor to automatically diff files from different vss (#2833)
|
|
* Added query debug endpoint at http://localhost:6060/debug/query (#2832)
|
|
* Fixed bug in KapeFiles Extract (#2830)
|
|
* Various bug fixes (#2829)
|
|
* [Snyk] Upgrade axios-retry from 3.5.0 to 3.5.1 (#2827)
|
|
* [Snyk] Upgrade ace-builds from 1.23.0 to 1.23.1 (#2826)
|
|
* Implement src IP filtering for the GUI (#2825)
|
|
* Refactor code to wrap gopsutils (#2824)
|
|
* Extended Client Event GUI to allow specifying max_wait (#2821)
|
|
* Bump word-wrap from 1.2.3 to 1.2.4 in /gui/velociraptor (#2820)
|
|
* Bugfix: Max Wait deadline was reset when a query returned a row (#2819)
|
|
* Implemented better uploads UI for notebooks (#2816)
|
|
* [Snyk] Upgrade ace-builds from 1.22.1 to 1.23.0 (#2812)
|
|
* Modified glob() to return the globs that hit the result. (#2813)
|
|
* [Snyk] Upgrade ace-builds from 1.22.0 to 1.22.1 (#2786)
|
|
* Update ServiceCreationComspec.yaml (#2806)
|
|
* [Snyk] Upgrade recharts from 2.7.1 to 2.7.2 (#2809)
|
|
* [Snyk] Security upgrade @babel/core from 7.22.5 to 7.22.6 (#2787)
|
|
* [Snyk] Upgrade recharts from 2.6.2 to 2.7.1 (#2794)
|
|
* Bump semver from 5.7.1 to 5.7.2 in /gui/velociraptor (#2803)
|
|
* Bugfix: Update GUI shell interface to use the new GetClientFlows API. (#2802)
|
|
* RPM packaging: architecture autodetection & spec compliance (#2797)
|
|
* Debian packaging: architecture autodetection & spec compliance (#2796)
|
|
* Added Linux.Forensics.Journal artifact (#2799)
|
|
* Bring back highlight for urgent collections. (#2795)
|
|
* Update flow list view to use paged table (#2791)
|
|
* Add lnk and test refresh (#2790)
|
|
* Report total number of matching clients in search (#2789)
|
|
* Rebuild the index from the client info snapshot (#2781)
|
|
* [Snyk] Upgrade: @babel/core, @babel/plugin-syntax-flow, @babel/plugin-transform-react-jsx, @babel/runtime (#2783)
|
|
* Update Favicons.yaml (#2780)
|
|
* Write client info database to a snapshot (#2776)
|
|
* Added an S3 accessor (#2774)
|
|
* Removed unknown parameter 'Separator' from options in call of Artifac… (#2773)
|
|
* Trimmed Spaces around labels in labels.go (#2771)
|
|
* Bugfix: Allow `user_grant` to set roles through the policy (#2769)
|
|
* [Snyk] Upgrade @popperjs/core from 2.11.7 to 2.11.8 (#2758)
|
|
* Introduces the `really_do_it` argument to `org_delete` (#2767)
|
|
* Audit user creation and user role modifications. (#2766)
|
|
* Update Bam.yaml due to a dead link. Previous link is dead due to a website restructuring. (#2763)
|
|
* [Snyk] Upgrade styled-components from 5.3.10 to 5.3.11 (#2759)
|
|
* [Snyk] Upgrade: @babel/core, @babel/plugin-transform-react-jsx, @babel/runtime (#2757)
|
|
* Update and rename Kerbroasting.yaml to Kerberoasting.yaml (#2754)
|
|
* Bugfix: Org admin should see all orgs (#2753)
|
|
* [Snyk] Upgrade ace-builds from 1.21.1 to 1.22.0 (#2750)
|
|
* Correct UI typo and update translations (#2748)
|
|
* Correct `scope` plugin reference typo (#2747)
|
|
* [Snyk] Upgrade axios-retry from 3.4.0 to 3.5.0 (#2743)
|
|
* Log error messages during rekeying (#2745)
|
|
* [Snyk] Upgrade ace-builds from 1.21.0 to 1.21.1 (#2738)
|
|
* Bump fast-xml-parser from 4.1.3 to 4.2.4 in /gui/velociraptor (#2739)
|
|
* Bugfix: Sort flows before fetching them into the GUI (#2740)
|
|
* Bump vite from 4.1.4 to 4.1.5 in /gui/velociraptor (#2736)
|
|
* [Snyk] Upgrade ace-builds from 1.20.0 to 1.21.0 (#2733)
|
|
* [Snyk] Upgrade qs from 6.11.1 to 6.11.2 (#2734)
|
|
* Allow in place updating of simple result sets (#2732)
|
|
* [Snyk] Upgrade recharts from 2.6.0 to 2.6.2 (#2727)
|
|
* [Snyk] Upgrade ace-builds from 1.19.0 to 1.20.0 (#2728)
|
|
* Update NetstatEnriched.yaml (#2724)
|
|
* Update NetstatEnriched (#2723)
|
|
* Added a leveldb plugin and parser for Chrome Session Storage. (#2722)
|
|
* [Snyk] Upgrade recharts from 2.5.0 to 2.6.0 (#2720)
|
|
* Allow SQLite files to be copied always. (#2719)
|
|
* Add Linux.SuSE.Packages artifact (#2712)
|
|
* Ehancement: Add Source field to Windows.Applicaiton.History to show sync status (#2716)
|
|
* Revert "Add SyncStatus to History.yaml" (#2715)
|
|
* Add SyncStatus to History.yaml (#2714)
|
|
* Propagate default hunt expiry from the config to the GUI (#2713)
|
|
* [Snyk] Upgrade ace-builds from 1.18.0 to 1.19.0 (#2709)
|
|
* [Snyk] Upgrade react-bootstrap from 1.6.6 to 1.6.7 (#2710)
|
|
* Updated the SQLECmd artifact to support MacOS and Linux (#2708)
|
|
* Bugfix: http_client parameters did not handle url().Query objects (#2706)
|
|
* [Snyk] Upgrade @babel/core from 7.21.5 to 7.21.8 (#2704)
|
|
* Linux.RHEL.Packages: Silence dnf output (#2703)
|
|
* Allow the inventory service to disable external fetching (#2701)
|
|
* S3_Upload: Adding KMS and Prefix arguments (#2699)
|
|
* [Snyk] Upgrade: @babel/core, @babel/plugin-transform-react-jsx, @babel/runtime (#2693)
|
|
* http_client(): Don't drop responses with empty Content (#2696)
|
|
* Treat Tool name+version as a unique tool. (#2697)
|
|
* Updated Windows.KapeFiles.Targets to support multiple drives (#2692)
|
|
* Added tgz support to the unzip() plugin. (#2691)
|
|
* Bugfix: SkipVerify did not remove custom verification function. (#2690)
|
|
* [Snyk] Upgrade axios from 1.3.6 to 1.4.0 (#2686)
|
|
* Fix typo in vi.jsx (#2684)
|
|
* Update Vietnamese language (#2681)
|
|
* Copy scope responder when calling an VQL function. (#2682)
|
|
* Added Vietnamese translation (#2680)
|
|
* Bugfix: Miscounting total rows (#2679)
|
|
* [Snyk] Upgrade axios from 1.3.5 to 1.3.6 (#2672)
|
|
* Added a Certs authenticator (#2678)
|
|
* [Snyk] Upgrade ace-builds from 1.17.0 to 1.18.0 (#2674)
|
|
* [Snyk] Upgrade styled-components from 5.3.9 to 5.3.10 (#2677)
|
|
* Block collections in locked down servers (#2667)
|
|
* Allow additional event artifacts to be specified in client config. (#2664)
|
|
* add fixed decoded data output as preview_upload method (#2663)
|
|
* [Snyk] Upgrade ace-builds from 1.16.0 to 1.17.0 (#2662)
|
|
* Added context menu for downloading VFS files. (#2659)
|
|
* Bugfix: Total row count was inaccurate (#2658)
|
|
* Refactored vfs widget (#2657)
|
|
* Refactored VFS download GUI (#2656)
|
|
* Add filters for hunting to Windows.System.Powershell.ModuleAnalysisCache (#2655)
|
|
* Improved the artifact import GUI (#2654)
|
|
* Modify Windows.EventLogs.ScheduledTasks (#2652)
|
|
* [Snyk] Upgrade axios from 1.3.4 to 1.3.5 (#2650)
|
|
* Fix typo - "filesyste" to "filesystem" (#2649)
|
|
* Added binary parser for appcompatcache (#2645)
|
|
* Improved eslint score (#2642)
|
|
* Added a more complete text viewer implementation (#2641)
|
|
* [Snyk] Upgrade react-datetime-picker from 4.2.0 to 4.2.1 (#2640)
|
|
* [Snyk] Upgrade: @babel/core, @babel/plugin-syntax-flow (#2637)
|
|
* [Snyk] Upgrade moment-timezone from 0.5.42 to 0.5.43 (#2638)
|
|
* Added a filter to the artifact search screen (#2639)
|
|
* Add network usage transfer summary suggestion (#2636)
|
|
* Extend http_client() to support SMB urls. (#2635)
|
|
* Handle client crashes by reporting to the server (#2634)
|
|
* [Snyk] Upgrade: @fortawesome/fontawesome-svg-core, @fortawesome/free-solid-svg-icons (#2633)
|
|
* [Snyk] Upgrade @popperjs/core from 2.11.6 to 2.11.7 (#2626)
|
|
* [Snyk] Upgrade moment-timezone from 0.5.41 to 0.5.42 (#2627)
|
|
* Initial implementation of alerting framework. (#2631)
|
|
* Update tool definitions to support expected_hash and version (#2629)
|
|
* Update test certs (#2625)
|
|
* Refactored repository service. (#2624)
|
|
* Forward audit events to a server artifact (#2623)
|
|
* Document vql plugin and function permissions (#2620)
|
|
* Added a lockdown mode to the server config. (#2619)
|
|
* Added a VQL function upload_smb() (#2618)
|
|
* Added upload_azure() function (#2616)
|
|
* Added the EXPLAIN keyword (#2614)
|
|
* [Snyk] Upgrade ace-builds from 1.15.3 to 1.16.0 (#2612)
|
|
* [Snyk] Upgrade recharts from 2.4.3 to 2.5.0 (#2613)
|
|
* Create monitoring_logs.go (#2611)
|
|
* [Snyk] Upgrade @babel/core from 7.21.0 to 7.21.3 (#2609)
|
|
* Add UserAccessLogs and formatting fix (#2607)
|
|
* Bugfix: Preparing flow export from server artifact flows (#2606)
|
|
* [Snyk] Upgrade styled-components from 5.3.8 to 5.3.9 (#2605)
|
|
* Refactor launcher to split writing record and queuing message (#2604)
|
|
* Added an SMB accessor (#2601)
|
|
* Uplift client id validation to the client info manager (#2598)
|
|
* Refactor launcher service to use a storage dependency (#2597)
|
|
* Update Amcache.yaml (#2596)
|
|
* Rework table filtering UI (#2595)
|
|
* Splunk Configuration Details (#2594)
|
|
* Implement TLS certificate pinning and Fallback Address (#2585)
|
|
* [Snyk] Upgrade qs from 6.11.0 to 6.11.1 (#2593)
|
|
* Fixed bug in grok library (#2592)
|
|
* Add functionality to get efi variables (#2583)
|
|
* Bugfix: Flow Deletion did not remove uploaded bulk files. (#2589)
|
|
* Added hunt_update() VQL function to allow stopping/starting hunt (#2587)
|
|
* Protect CryptCATAdmin functions behind dangerous api flag (#2586)
|
|
* Close the WinVerifyTrust structure regardless of error. (#2584)
|
|
* Added DISABLE_DANGEROUS_API_CALLS parameter (#2582)
|
|
* [Snyk] Upgrade ace-builds from 1.15.2 to 1.15.3 (#2580)
|
|
* [Snyk] Upgrade styled-components from 5.3.7 to 5.3.8 (#2581)
|
|
* Bugfix: Trace file generator regression (#2579)
|
|
* Restrict VerifyFileSignature to only run on a single thread. (#2578)
|
|
* Dedudplicate labels in GUI (#2577)
|
|
* Build(deps): Bump github.com/crewjam/saml from 0.4.12 to 0.4.13 (#2575)
|
|
* Suppress logging to files for admin commands (#2571)
|
|
* Add client id to client monitoring events (#2569)
|
|
* Added START_HUNT permission to control who can start a hunt (#2566)
|
|
* Added automated translations for missing terms (#2565)
|
|
* More work on pedump vql function (#2557)
|
|
* Add a hunt reconstruct command to recover hunt objects from logs. (#2556)
|
|
* Bugfix: When exporting a sparse file also export the idx file. (#2555)
|
|
* [Snyk] Upgrade moment-timezone from 0.5.40 to 0.5.41 (#2553)
|
|
* Added pe_dump VQL function (#2554)
|
|
* Bugfix: Race condition in minions (#2552)
|
|
* Bugfix: Fixed bug in fifo plugin. (#2550)
|
|
* Support reading raw devices with the file accessor. (#2549)
|
|
* Bugfix: Lstat of device using NTFS accessor (#2547)
|
|
* Refactored path handling in auth handlers (#2546)
|
|
* Fixed base path bug (#2545)
|
|
* Bugfix: Do not require repack to load a valid config (#2543)
|
|
* Fixed incorrect usage of HTTP transport that broke in go1.19.6 (#2536)
|
|
* Disabled http2 client. (#2535)
|
|
* Build With go 1.19 (#2534)
|
|
* Fix bug in template (#2533)
|
|
* Prepare for 0.6.8-rc2 (#2529)
|
|
* Bugfix: Parsing OSPath from list of components (#2528)
|
|
* Bugfix: notebook export did not include uploads (#2527)
|
|
* Bugfix: Client delete in non-root org did not invalidate cache (#2525)
|
|
* Add 'Headers' to output
|
|
* Sync KapeFiles.Targets artifact (#2522)
|
|
* Allow http_client() to handle cookies. (#2520)
|
|
* [Snyk] Upgrade ace-builds from 1.15.1 to 1.15.2 (#2519)
|
|
* Added some Linux artifacts (#2514)
|
|
* Refactoring side panel navigation as "main menu" navigation, tweaked the hamburger button (#2497)
|
|
* Add Windows.Registry.PuttyHostKeys (#2516)
|
|
* [Snyk] Security upgrade styled-components from 5.3.6 to 5.3.7 (#2491)
|
|
* [Snyk] Upgrade ace-builds from 1.15.0 to 1.15.1 (#2504)
|
|
* Update ModuleAnalysisCache.yaml (#2512)
|
|
* Update description formatting (#2509)
|
|
* Add first round of yara context updates (#2505)
|
|
* Trigger client and server monitoring table rebuild (#2501)
|
|
* Added more uploader tests (#2500)
|
|
* Bugfix: Notebook Uploader so it reports filestore components. (#2499)
|
|
* Added a max_row_buffer_size parameter (#2498)
|
|
* Revamped the Metadata UI (#2496)
|
|
* Added new artifact parameter type: server_metadata (#2494)
|
|
* Bugfix: Server artifact running should use parent context for save (#2493)
|
|
* Deduplicate glob hits (#2490)
|
|
* Hex column types did not required hex encoding (#2488)
|
|
* Pass collection_context to server artifact runner directly. (#2487)
|
|
* [Snyk] Security upgrade is-svg from 4.3.2 to 4.4.0 (#2485)
|
|
* Additional button labels, alt text for screen readers (#2486)
|
|
* Reload inventory service from an event artifact (#2484)
|
|
* Client summary react call should be ignored if call was cancelled. (#2483)
|
|
* Record the client's install time in the writeback file. (#2482)
|
|
* Fix bug in uploading of sparse files. (#2481)
|
|
* Adding eslint support (#2480)
|
|
* Explicitly set the data length in FileBuffer messages (#2479)
|
|
* Adding label names to various buttons for accessibility (#2474)
|
|
* Fixed x86 autoruns tool definition (#2477)
|
|
* Use a more compact flow_id for hunts. (#2472)
|
|
* Reuse the same session id for all flows in the same hunt. (#2471)
|
|
* Implemented file_nocase for Linux and Darwin (#2468)
|
|
* Bugfix: Timestamp detection assumed entire cell is a timestamp (#2467)
|
|
* Implemented utf8 preserving Zip encoding. (#2464)
|
|
* Bump golang.org/x/net from 0.5.0 to 0.7.0 (#2462)
|
|
* Refactored repack functionality into a VQL function (#2461)
|
|
* [Snyk] Upgrade axios from 1.2.5 to 1.2.6 (#2460)
|
|
* [Snyk] Upgrade ace-builds from 1.14.0 to 1.15.0 (#2455)
|
|
* [Snyk] Upgrade axios from 1.2.4 to 1.2.5 (#2456)
|
|
* Fix crashes when parsing malformed PE and OLE files. (#2457)
|
|
* Allow redirect when changing org selection (#2453)
|
|
* [Snyk] Upgrade axios from 1.2.3 to 1.2.4 (#2448)
|
|
* Store client path components in the uploads metadata (#2451)
|
|
* Bugfix: syslog and csv watchers did not initialize scope (#2450)
|
|
* Bugfix: missing rows in VFS ListDirectory (#2449)
|
|
* Updated mail plugin to support skip_verify (#2447)
|
|
* Fixed some race conditions (#2446)
|
|
* [Snyk] Upgrade axios-retry from 3.3.1 to 3.4.0 (#2445)
|
|
* Refactor and reimplement the pool client. (#2444)
|
|
* Update ClientInfo message for pool client (#2442)
|
|
* [Snyk] Upgrade: @babel/plugin-transform-react-jsx, @babel/runtime (#2440)
|
|
* Track tool definitions by defining artifact (#2439)
|
|
* [Snyk] Upgrade axios-retry from 3.3.1 to 3.4.0 (#2438)
|
|
* Refactored event monitoring to not use globals (#2437)
|
|
* Update WDigest.yaml (#2434)
|
|
* Refactor and add tests for Linux.Remediation.Quarantine (#2433)
|
|
* Reworked split_records() and parse_records_with_regex() (#2431)
|
|
* [Snyk] Upgrade axios from 1.2.2 to 1.2.3 (#2429)
|
|
* [Snyk] Upgrade react-datetime-picker from 4.1.1 to 4.2.0 (#2430)
|
|
* minor changed to PSlist and DllList (#2428)
|
|
* Fixed GUI to handle tables with varying columns per row. (#2425)
|
|
* Split Windows.Sys.Users into two different artifacts (#2424)
|
|
* Added progress reporting to offline collector (#2423)
|
|
* Allow client side collections to be traced. (#2422)
|
|
* [Snyk] Upgrade humanize-duration from 3.27.3 to 3.28.0 (#2421)
|
|
* Added a tempfile based materializer to have safe queries (#2420)
|
|
* Update Process.yaml (#2419)
|
|
* Brought back the pool client (#2418)
|
|
* Update Process.yaml (#2417)
|
|
* [Snyk] Upgrade recharts from 2.3.1 to 2.3.2 (#2416)
|
|
* Uploads are now deduplicated on store_as_name. (#2415)
|
|
* Enrich SRUM artifact with the Username as well as SID (#2413)
|
|
* Implemented a preview Column renderer (#2412)
|
|
* [Snyk] Upgrade recharts from 2.3.0 to 2.3.1 (#2411)
|
|
* Add PSList filters (#2407)
|
|
* Put back the extra ForemanCheckin message on each post (#2410)
|
|
* Send ClientInfo messages all the time (#2409)
|
|
* Implement limits on server artifacts (#2406)
|
|
* Support backwards compatibility comms with older clients. (#2405)
|
|
* Implement collection limits on client (#2403)
|
|
* Update go.yml (#2401)
|
|
* Read flow object from storage for System.Flow.Completion (#2400)
|
|
* Refactor client flow context manager (#2399)
|
|
* [Snyk] Upgrade @babel/core from 7.20.7 to 7.20.12 (#2396)
|
|
* Bump ua-parser-js from 0.7.32 to 0.7.33 in /gui/velociraptor (#2398)
|
|
* utils/time.jsx: fix handling of nanosecond-resolution timestamps (#2397)
|
|
* Memory uplift (#39) (#2394)
|
|
* http_comms: create ring buffer temporary file in the same directory (#2393)
|
|
* Update server artifact runner to use FlowRequests (#2392)
|
|
* Added new client message type FlowRequest (#2391)
|
|
* Allow default timezone to be specified on commandline (#2388)
|
|
* [Snyk] Upgrade axios from 1.2.1 to 1.2.2 (#2387)
|
|
* Verify FILESYSTEM_WRITE permission on copy() function (#2384)
|
|
* Apply Minimum TLS version to the API server (#2383)
|
|
* [Snyk] Upgrade: @babel/core, @babel/plugin-transform-react-jsx, @babel/runtime (#2382)
|
|
* [Snyk] Security upgrade recharts from 2.2.0 to 2.3.0 (#2381)
|
|
* Update and rename Server.Alerts.ProcessCreation.yaml to ProcessCreati… (#2380)
|
|
* Update collection artifacts_with_results during execution (#2379)
|
|
* Process monitoring messages with the new comms protocol. (#2378)
|
|
* Create Windows.Detection.ProcessCreation (#2362)
|
|
* Create Server.Alerts.ProcessCreation.yaml (#2363)
|
|
* Fix time factor in FlowStat (#2377)
|
|
* Refactored comms between client and server (#2375)
|
|
* Update Splunk Artifact and notebook cells (#2374)
|
|
* Allow for dynamic base_path (#2365)
|
|
* Update ParentProcess.yaml (#2369)
|
|
* Refactor: TLS config is now consitant for all TLS servers (#2367)
|
|
* Bump json5 from 1.0.1 to 1.0.2 in /gui/velociraptor (#2366)
|
|
* [Snyk] Upgrade ace-builds from 1.13.2 to 1.14.0 (#2361)
|
|
* Add rate limits for client connections. (#2360)
|
|
* Batch client log messages into JSONL groups (#2359)
|
|
* Added client manager to keep track of all queries in the same flow. (#2358)
|
|
* [Snyk] Upgrade ace-builds from 1.13.1 to 1.13.2 (#2356)
|
|
* Added a client plugin vfs_ls (#2355)
|
|
* Correct uninstall args for RPM based agents (#2354)
|
|
* Fix download link colors in themes (#2349)
|
|
* Theme fixes (#2346)
|
|
* Refactored hunt and collection export code (#2347)
|
|
* Use pageable tables for the VFS (#2343)
|
|
* Compress all assets with brotli and serve them already compressed. (#2342)
|
|
* Add BinaryRename update (#2341)
|
|
* Vite improvements (#2340)
|
|
* Update History.yaml (#2339)
|
|
* Migrate GUI from create-react-app (CRA) to Vite (#2332)
|
|
* Fix Linux.Sys.LastUserLogin (#2333)
|
|
* Use 'auto' accessor to prevent issues with uploads (#2331)
|
|
* Refactored audit logging (#2328)
|
|
* Fix typo - 'Passowrd' to 'Password' (#2327)
|
|
* Disable escape to close artifact editor (#2324)
|
|
* Add starlark,yaml,xml, and float params (#2323)
|
|
* Bump express from 4.17.2 to 4.18.2 in /gui/velociraptor (#2321)
|
|
* [Snyk] Upgrade moment-timezone from 0.5.38 to 0.5.39 (#2319)
|
|
* More fixes for Windows.System.VAD (#2317)
|
|
* Bugfix: When org is not specified this JS code raised (#2315)
|
|
* Fixed typo in VAD PR (#2313)
|
|
* Add VAD protection message, status and type for completeness (#2312)
|
|
* Bugfix: Do not materialize the VAD array in Windows.System.VAD (#2310)
|
|
* Bugfix: Reset crypto cache when client is deleted (#2308)
|
|
* Fixed Windows.Sys.Users artifact. (#2306)
|
|
* Theme fixes and improvements (#2305)
|
|
* Added an --msi flag to the config repack command (#2304)
|
|
* Fix golden tests (#2302)
|
|
* [Snyk] Upgrade ace-builds from 1.12.5 to 1.13.0 (#2301)
|
|
* Bump decode-uri-component from 0.2.0 to 0.2.2 in /gui/velociraptor (#2299)
|
|
* Fix freebsd build (#2298)
|
|
* Bugfix: Collector timeout was set in ns (#2297)
|
|
* Added write_jsonl plugin. (#2296)
|
|
* Bugfix: Export notebook to zip broken (#2295)
|
|
* Theme fixes (#2291)
|
|
* User admin management screeb (#2212)
|
|
* Use 'HuntDescription' value for hunt() 'description' value (#2289)
|
|
* Add shaded container around artifact description content (#2287)
|
|
* ACE editor font corrections (#2285)
|
|
* Ensure reserved user names can not be used (#2284)
|
|
* Theme fixes and improvements (#2283)
|
|
* Fix example for dummy proxy in documentation (#2281)
|
|
* Bugfix: uploads.json in the flow download refered to filestore paths (#2282)
|
|
* Bugfix: Downloading CSV from table breaks with error. (#2280)
|
|
* Theme fixes and improvements (#2278)
|
|
* Upgrade Velociraptor's yara plugin to support yara 4.2.3 (#2277)
|
|
* Fixed the Windows.KapeFiles.Extract artifact (#2275)
|
|
* [Snyk] Upgrade ace-builds from 1.12.4 to 1.12.5 (#2269)
|
|
* Added code to automatically reformat VQL in notebook. (#2271)
|
|
* Bugfix: http_client was unable to open unix domain sockets (#2270)
|
|
* [Snyk] Upgrade ace-builds from 1.12.3 to 1.12.4 (#2264)
|
|
* Bugfix: Minions should not start the ServerMonitoringService (#2260)
|
|
* Made threshold for sparse file expansions configurable. (#2259)
|
|
* Bugfix: Export download supports expanding sparse files (#2258)
|
|
* Bugfix: Do not expand sparse files when importing (#2257)
|
|
* Bugfix: Store client specific dashboard in client space. (#2255)
|
|
* Bugfix: Dashboard refresh button did not refresh it (#2254)
|
|
* Return EOF from timed result set when reading past the end (#2253)
|
|
* Fix context management in event table updates. (#2252)
|
|
* Bugfix: Dashboard refresh button did not refresh it (#2251)
|
|
* Theme fixes (#2250)
|
|
* Bump loader-utils from 1.4.1 to 1.4.2 in /gui/velociraptor (#2249)
|
|
* Fixed bug in line splitting in execve() plugin (#2248)
|
|
* Fixed bug in VQL Drilldown view (#2246)
|
|
* Update Server.Import.PreviousReleases (#2245)
|
|
* Update colors in tree widget to match theme (#2243)
|
|
* Font adjustments in themes (#2242)
|
|
* Refactor the Windows.NTFS.MFT artifact for back compatibility (#2241)
|
|
* Theme improvements and alignment (#2240)
|
|
* Update user delete VQL and grant (#2238)
|
|
* Refactored Org to OrgRecord protobuf (#2237)
|
|
* Update parse_mft() and parse_usn() to allow drive prefix. (#2236)
|
|
* Add choice to config wizard for allow list (#2234)
|
|
* Bugfix: Allow client metadata with , (#2233)
|
|
* [Snyk] Upgrade ace-builds from 1.12.0 to 1.12.3 (#2230)
|
|
* Propagate user's prefered timezone for export tables (#2232)
|
|
* MappingNameRegex fix (#2231)
|
|
* More documentation of the config file. (#2228)
|
|
* Bump loader-utils from 1.4.0 to 1.4.1 in /gui/velociraptor (#2225)
|
|
* users: AddUserToOrg needs GetUserWithHashes or it will remove passwor… (#2227)
|
|
* Refactored user management code into a separate module. (#2224)
|
|
* [Snyk] Upgrade ace-builds from 1.11.1 to 1.12.0 (#2221)
|
|
* [Snyk] Upgrade moment-timezone from 0.5.37 to 0.5.38 (#2222)
|
|
* Added an LRU for ACL manager (#2223)
|
|
* Enforce an allow list on plugins, functions and accessors (#2214)
|
|
* tests: fix binary copying in CollectorSetupTest (#2210)
|
|
* Update protobuf generation script (#2213)
|
|
* Linux quarantine (#2211)
|
|
* Bugfix: Flush server artifact logs into storage frequently (#2207)
|
|
* Fix HTTP Params/Add HTTP Method Validation (#2203)
|
|
* Bugfix: Sync NTFS (#2206)
|
|
* file_store: handle watching artifacts with named sources (#2204)
|
|
* Add Provider and ProviderRegex (#2198)
|
|
* Bugfix: sparse files were not properly detected. (#2200)
|
|
* Add timestamp_field, hostname_field, and hostname param to splunk_upload (#2187)
|
|
- Removed velociraptor-kafka-humio-gateway package.
|
|
* kafka-humio-gateway was dropped in favor of the new upstream LogScale plugin
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 18 09:31:19 UTC 2023 - Marcus Meissner <meissner@suse.com>
|
|
|
|
- require the group / user only in the server build
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 10 00:49:09 UTC 2023 - jeffm@suse.com
|
|
|
|
- Update to version 0.6.7.5~git81.01be570:
|
|
* libbpfgo: pull fix for double-free
|
|
* logscale: add documentation for plugin
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 9 14:10:31 UTC 2023 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- bump minimum nodejs to 18:
|
|
building against 16 causes errors
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 9 01:25:01 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Provide sysuser template for velociraptor user and group.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 08 20:21:03 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.6.7.5~git78.2bef6fc:
|
|
* bpf: fix path to vmlinux.h
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 08 19:42:58 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.6.7.5~git77.997aa73:
|
|
* file_store/test_utils/server_config.go: update test certificate
|
|
* Update bluemonday dependency.
|
|
* vql/functions/hash: cache results on Linux
|
|
* libbpfgo: update to velociraptor-branch-v0.4.8-libbpf-1.2.0
|
|
* logscale/backport: don't use networking.GetHttpTransport
|
|
* vql/tools/logscale: add plugin to post events to LogScale ingestion endpoint
|
|
* file_store/directory: add ability to report pending size
|
|
- Change clang dependency to clang16
|
|
- Fix velociraptor-golang-mage-vendoring.diff to account for newer
|
|
'go mod vendor' honoring build flags.
|
|
- Fix update-vendoring.sh script to actually run the %setup part of
|
|
the spec.
|
|
- Merge client package into server spec and use _multibuild to create
|
|
client package from same spec file.
|
|
- Adjust changelog to retain changes for client package.
|
|
- Fix building in static mode on earlier releases.
|
|
- Added patch: velociraptor-libbpfgo-only-build-libbpf.patch
|
|
- Removed patch: velociraptor-skip-git-submodule-import-for-OBS-build.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 10 18:54:37 UTC 2023 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- Tightening the security of the services a bit:
|
|
- tmp files are now moved to /var/lib/velociraptor{,-client}/tmp
|
|
from /tmp
|
|
- run velociraptor server as user velociraptor instead of root
|
|
we do not really need root permissions here
|
|
- introduce /var/lib/velociraptor/filestore to make it easier to
|
|
split out large file upload
|
|
- change permissions for the data directory and subdirectories to
|
|
/var/lib/velociraptor/ u=rwX,go= velociraptor:velociraptor
|
|
/var/lib/velociraptor-client/ u=rwX,go= root:root
|
|
- change permissions of config directory to:
|
|
/etc/velociraptor/ u=rwX,g=rX,o= root:velociraptor
|
|
/etc/velociraptor/server.config u=rw,g=r,o= root:velociraptor
|
|
/etc/velociraptor/client.config u=rw,go= root:root
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 10 15:36:18 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.6.7.5~git6.73efb2a:
|
|
* libbpfgo: update submodule to require libzstd for newer libelf
|
|
* utils/time.js: fix handling of nanosecond-resolution timestamps
|
|
* libbpfgo: switch to using regular static builds
|
|
* Create a new 0.6.7-5 release (#2385)
|
|
- Verify FILESYSTEM_WRITE permission on copy() function (#2384) (bsc#1207936, CVE-2023-0242)
|
|
- Also ensure client id is considered unsafe (bsc#1207937, CVE-2023-0290)
|
|
* github/workflows/linux: do apt-get update to refresh package lists
|
|
- Remove unnecessary dependency on libtsan0.
|
|
- Allow velociraptor and velociraptor-client packages to coexist.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 26 20:06:09 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.6.7.4~git63.4a1ed09d:
|
|
* utils/time.js: fix handling of nanosecond-resolution timestamps
|
|
- Added patches:
|
|
* velociraptor-reproducible-timestamp.diff
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 24 20:57:08 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Use obsinfo mtime to produce stable build timestamp (bsc#1207369).
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 24 15:07:09 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.6.7.4~git60.8abed37a:
|
|
* http_comms: create ring buffer temporary file in the same directory
|
|
* cronsnoop: plumb in real scope logging
|
|
* cronsnoop: don't treat routine errors as fatal
|
|
* cronsnoop: fix typo
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jan 21 04:07:38 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Fixed release detection to include Tumblweed
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jan 21 02:20:07 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Increase required release to enable eBPF to SLE 15 SP2 and
|
|
openSUSE Leap 15.2. Earlier versions don't have a usable eBPF
|
|
and can't easily build llvm13.
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jan 21 01:44:59 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Remove dependency on bpftool. We use the vmlinux.h archive
|
|
to provide vmlinux.h.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 20 20:18:49 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Restored %defattr due to SLE12 using rpm-4.11.
|
|
- Fix builds in vendor code on SLE12
|
|
- Fix build in third_party/sdjournal due to older systemd on SLE12
|
|
- Added patches:
|
|
- vendor-build-fixes-for-SLE12.patch
|
|
- sdjournal-build-fix-for-SLE12.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 20 16:37:17 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
|
|
|
- client: add memory limit to systemd unit
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 19 15:17:22 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Restore requirement to build with clang13. Newer versions
|
|
cause libbpfgo to crash immediately.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 19 14:36:42 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Added support for setting command line options via sysconfig
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 19 05:00:55 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.6.7.4~git53.0e85855:
|
|
* sdjournal: work around missing _SYSTEMD_UNIT fields
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 19 01:01:09 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Clean up for Factory submission:
|
|
- Make bpf-enabled builds conditional
|
|
- Removed %defattr and combined service lines.
|
|
- Change clang and llvm dependencies to use >= 13
|
|
- Newer versions of clang hit a DWARF parsing bug in go < 1.19,
|
|
so increase go version dependecy
|
|
- Define ExclusiveArch for x86_64, ppc64le, aarch64, and s390x
|
|
Neither the client or server builds on ix86.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 9 16:01:44 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Added Restart=on-failure to restart the client automatically.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Dec 12 20:03:23 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.6.7.4~git51.a588d6e4:
|
|
* magefile.go: use current architecture for Linux builds
|
|
* Update libbpfgo submodule to include non-AMD64 build fixes
|
|
* bpf: bpf expects s390 instead of s390x
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 07 04:21:36 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.6.7.4~git46.5d88d80:
|
|
* contrib/kafka-humio-gateway: add new debug option for noisy events
|
|
* contrib/kafka-humio-gateway: backoff and retry for metadata
|
|
* vql/server/kafka: connect sarama logging to velociraptor logging
|
|
* vql/server/kafka: add exponential backoff (limited to 30s) for metadata retries
|
|
* vql/server/kafka: set appropriate ClientID
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 07 02:49:56 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.6.7.4~git41.678ed56:
|
|
* rpm: introduce rpm vql plugin
|
|
* users: extend DeleteUser testcase to ensure org membership was dropped
|
|
* users: ensure baseline user state is correct
|
|
* github: run testcases on Linux builds in new workflow
|
|
* gui/reporting: update bluemonday dependency to latest
|
|
* SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()
|
|
* SUSE: Add docker-compose environment
|
|
* SUSE: add Docker files
|
|
* clients/host-info.js: add MAC addresses to client dashboard
|
|
* linux: Add ability to interrogate system and network configuration
|
|
* Add Linux.Sys.Bash to Server.Monitor.Shell artifact
|
|
* kafka-humio-gateway: add sample config file
|
|
* Updating the NewFiles and ProcessStatuses Artifacts
|
|
* cronsnoop: rework testcases to use t.TempDir
|
|
* vql/linux/cronsnoop: Add cronsnoop() plugin
|
|
* Extend audit artifacts to use new interface
|
|
* audit: rearchitect plugin to scale better with multiple invocations
|
|
* audit: use caller-allocated buffer
|
|
* use github.com/jeffmahoney/go-libaudit/v2 for audit
|
|
* Kafka.Events.Client: Update to use new artifactset type
|
|
* Add artifact for chattrsnoop plugin
|
|
* bpflib: ensure it's built only on linux and when requesting bpf
|
|
* Add chattrsnoop plugin
|
|
* Add artifact to monitor user group updates (#24)
|
|
* vql/linux/dnssnoop: Add dnssnoop() plugin
|
|
* Log Sudo/root command by auditd
|
|
* Add custom artifacts for login and logout attempts recorded by auditd
|
|
* Add tcpsnoop plugin
|
|
* vql/linux/bpflib: add helper package for bpf plugins
|
|
* libbpfgo: add submodule with forked repo for fully static builds
|
|
* Add Kafka-Humio Gateway [Depends on PR#10] (#8)
|
|
* Add a Kafka export plugin
|
|
* SUSE: Add SSHLogin artifacts
|
|
* SUSE: Do build tests on every pull request
|
|
* Add systemd-dev as build dependency for github workflow
|
|
* Update the Linux.Events.SSHLogin artifact to scan the systemd journal
|
|
* Update the Linux.Syslog.SSHLogin artifact to scan the systemd journal
|
|
* Add parser to read systemd journal on Linux
|
|
* Linux.Detection.ImmutableFiles: Enumerate immutable files under a path
|
|
* linux: add lsattr() function to enumerate file attributes
|
|
* Github: Run build workflow on each pull request
|
|
* More fixes for Windows.System.VAD (#2317) (#2318)
|
|
* Bugfix: When org is not specified this JS code raised (#2315) (#2316)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 06 21:53:43 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.6.7.3~git41.fa6afa7:
|
|
* rpm: introduce rpm vql plugin
|
|
* users: extend DeleteUser testcase to ensure org membership was dropped
|
|
* users: ensure baseline user state is correct
|
|
* github: run testcases on Linux builds
|
|
* gui/reporting: update bluemonday dependency to latest
|
|
* SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()
|
|
* SUSE: Add docker-compose environment
|
|
* SUSE: add Docker files
|
|
* clients/host-info.js: add MAC addresses to client dashboard
|
|
* linux: Add ability to interrogate system and network configuration
|
|
* Add Linux.Sys.Bash to Server.Monitor.Shell artifact
|
|
* kafka-humio-gateway: add sample config file
|
|
* Updating the NewFiles and ProcessStatuses Artifacts
|
|
* cronsnoop: rework testcases to use t.TempDir
|
|
* vql/linux/cronsnoop: Add cronsnoop() plugin
|
|
* Extend audit artifacts to use new interface
|
|
* audit: rearchitect plugin to scale better with multiple invocations
|
|
* audit: use caller-allocated buffer
|
|
* use github.com/jeffmahoney/go-libaudit/v2 for audit
|
|
* Kafka.Events.Client: Update to use new artifactset type
|
|
* Add artifact for chattrsnoop plugin
|
|
* bpflib: ensure it's built only on linux and when requesting bpf
|
|
* Add chattrsnoop plugin
|
|
* Add artifact to monitor user group updates (#24)
|
|
* vql/linux/dnssnoop: Add dnssnoop() plugin
|
|
* Log Sudo/root command by auditd
|
|
* Add custom artifacts for login and logout attempts recorded by auditd
|
|
* Add tcpsnoop plugin
|
|
* vql/linux/bpflib: add helper package for bpf plugins
|
|
* libbpfgo: add submodule with forked repo for fully static builds
|
|
* Add Kafka-Humio Gateway [Depends on PR#10] (#8)
|
|
* Add a Kafka export plugin
|
|
* SUSE: Add SSHLogin artifacts
|
|
* SUSE: Do build tests on every pull request
|
|
* Add systemd-dev as build dependency for github workflow
|
|
* Update the Linux.Events.SSHLogin artifact to scan the systemd journal
|
|
* Update the Linux.Syslog.SSHLogin artifact to scan the systemd journal
|
|
* Add parser to read systemd journal on Linux
|
|
* Linux.Detection.ImmutableFiles: Enumerate immutable files under a path
|
|
* linux: add lsattr() function to enumerate file attributes
|
|
* Github: Run build workflow on each pull request
|
|
* Bugfix: Do not materialize the VAD array in Windows.System.VAD (#2311)
|
|
* Sync to master's bugfixes (#2309)
|
|
* Prepare for 0.6.7-2 release (#2300)
|
|
* 0.6.7 sync (#2261)
|
|
* 0.6.7 sync3 (#2256)
|
|
* 0.6.7 sync (#2239)
|
|
* Prepare a 0.6.7-rc3 (#2217)
|
|
* Bugfix: sparse files were not properly detected. (#2200) (#2201)
|
|
* Propagate progress timeout for collections. (#2193)
|
|
* Verify client's key with or without the org id. (#2192)
|
|
* Add Windows.System.Shares (#2191)
|
|
* Allow artifacts to have aliases (#2190)
|
|
* Added a regex_array column type to allow multiple regex to be set. (#2188)
|
|
* [Snyk] Upgrade react-router-dom from 5.3.3 to 5.3.4 (#2180)
|
|
* Add 'UsedBy' column to results (#2186)
|
|
* Update flow and hunt download exports to use the container (#2185)
|
|
* Disable toolbar buttons when no options are available (#2183)
|
|
* Allow hunts to be scheduled on multiple orgs (#2182)
|
|
* Update WIndows PSList and VAD artifacts (#38) (#2181)
|
|
* Add in amcache (#2176)
|
|
* Added additional sources for UserAccessLogs (aka SUM) artifact (#2179)
|
|
* Fixed tests (#2177)
|
|
* [Snyk] Upgrade styled-components from 5.3.5 to 5.3.6 (#2174)
|
|
* Page Cell logs in notebook (#2172)
|
|
* Break client connection stats by org id (#2171)
|
|
* Added a remapping export to Windows.Registry.NTUser (#2170)
|
|
* Added tlsh hash (#2169)
|
|
* Check sparse files for large size before padding them out. (#2167)
|
|
* Linux and macOS Packet Capture Artifact Updates (#2168)
|
|
* Update deps (#2166)
|
|
* Add some suggested groks for parsing IIS logs (#2165)
|
|
* Refactor collection container (#2163)
|
|
* Implement transparent decryption for collector accessor (#2162)
|
|
* [Snyk] Upgrade ace-builds from 1.11.0 to 1.11.1 (#2161)
|
|
* Automatically decrypt collections with collector accessor (#2159)
|
|
* Fix css colors. (#2158)
|
|
* [Snyk] Upgrade ace-builds from 1.10.1 to 1.11.0 (#2156)
|
|
* Retry reads on EOF in NTFS accessor (#2157)
|
|
* Updated zip implementation to support crypto (#2155)
|
|
* Target 'Cmdline' instead of 'CommandLine' (#2154)
|
|
* Bugfix: Extra interpolation when client logs messages with % (#2152)
|
|
* Add 'Active' column to show whether or not a firewall rule is enabled. (#2150)
|
|
* Added test for encrypted offline collector. (#2149)
|
|
* Update parsing for Dock plist details (#2148)
|
|
* Implement filter for large artifact forms (#2147)
|
|
* Add Public Key Encryption Support to Offline Collections (#2133)
|
|
* Implemented a max memory grouper (#2146)
|
|
* Check if setgid flag is set (#2145)
|
|
* [Snyk] Upgrade react-overlays from 5.2.0 to 5.2.1 (#2144)
|
|
* Add context to yara.NTFS (#36) (#2143)
|
|
* Add `auth_redirect_template` config for handling unauthorized API calls (#2140)
|
|
* Allow the user to specify a collection as urgent (#2139)
|
|
* Fix typo, slightly improve translations (de,fr) (#2137)
|
|
* Add 'CronScripts' query/source and 'Length' option (#2138)
|
|
* Check sanity of inventory service for all orgs (#2136)
|
|
* Change 'filename' to 'file' for upload (#2135)
|
|
* Sync with latest NTFS changes. (#2134)
|
|
* [Snyk] Upgrade classnames from 2.3.1 to 2.3.2 (#2130)
|
|
* Added URLRegex to FireFox history (#2129)
|
|
* Link to collection in host shell (#2128)
|
|
* additional references (#2126)
|
|
* Sync to go-ntfs (#2125)
|
|
* Provide the option to expand sparse files in export (#2124)
|
|
* Bugfix: Process address space lockup under some conditions (#2123)
|
|
* Added URLRegex to Firefox and Chrome history (#2122)
|
|
* Add note about RecentApps key not being available after Windows 10, version 1803 (#2119)
|
|
* Expose the communicator's crypto manager (#2118)
|
|
* Further refactor of the download handler. (#2117)
|
|
* [Snyk] Upgrade ace-builds from 1.10.0 to 1.10.1 (#2114)
|
|
* Uploaded files are now shows with client paths (#2116)
|
|
* [Snyk] Upgrade recharts from 2.1.13 to 2.1.14 (#2115)
|
|
* Maintain row count per query. (#2113)
|
|
* Update Trackaccount.yaml (#2112)
|
|
* Clean up artifact references (#2111)
|
|
* Prevent null error when choosing to calculate hash and when providing authenticode information (#2109)
|
|
* Add Length option and re-arrange output (#2107)
|
|
* Bugfix: Merge file option should work with config show (#2108)
|
|
* Always write content to lock files (#2106)
|
|
* [Snyk] Upgrade ace-builds from 1.9.6 to 1.10.0 (#2102)
|
|
* Authentication configuration error reporting/validation (#2101)
|
|
* auth: don't return a base path with two leading slashes (#2100)
|
|
* Added org report in root org dashboard (#2098)
|
|
* [Snyk] Upgrade react-bootstrap from 1.6.5 to 1.6.6 (#2094)
|
|
* [Snyk] Upgrade humanize-duration from 3.27.2 to 3.27.3 (#2095)
|
|
* authenticode is a function and not a plug (#2092)
|
|
* Allow '+' in usernames (#2093)
|
|
* Attempt to decompress client messages if errors occur. (#2088)
|
|
* Pass org config to mutations in MemcacheFileDataStore (#2087)
|
|
* Support oauth with a different base path. (#2082)
|
|
* Allow client->server compression to be disabled (#2081)
|
|
* Keep track of collected results using collection status (#2075)
|
|
* Enforce a hard timeout for incoming processing (#2074)
|
|
* Expand API of user service to include context (#2071)
|
|
* When creating a new org pass the new org id to the acl function (#2068)
|
|
* Allow collect_client() etc to accept ArtifactSpec protobuf (#2067)
|
|
* Only create initial orgs on first run. (#2066)
|
|
* Bugfix: Do not start multiple communicators in windows service. (#2064)
|
|
* Added initial_orgs to the config (#2063)
|
|
* Bugfix- Server.Utils.DeleteClient over sanitized client id (#2061)
|
|
* Fixed backwards compatible bug (#2057)
|
|
* [Snyk] Upgrade ace-builds from 1.9.5 to 1.9.6 (#2055)
|
|
* Fixed CSS for column selector ui (#2053)
|
|
* Split server sanity checks into root org and other orgs (#2052)
|
|
* collect each query's status separately (#2049)
|
|
* Pass org ids in href parameters (#2047)
|
|
* Org manager maintains services lifetime (#2045)
|
|
* Added org_delete() function to remove orgs. (#2042)
|
|
* Updated themes for context menu (#2041)
|
|
* Made context menus settable in the config file (#2040)
|
|
* Added Send to CyberChef context menu on table cells. (#2039)
|
|
* [Snyk] Upgrade ace-builds from 1.9.3 to 1.9.5 (#2037)
|
|
* [Snyk] Upgrade ace-builds from 1.8.1 to 1.9.3 (#2033)
|
|
* Bugfix: watch_usn() was not flushing the mft LRU properly (#2032)
|
|
* Bugfix: Maintain field order in sysmon based tracker (#2030)
|
|
* Added regex protocols for int, float etc. (#2028)
|
|
* Refactor client monitoring API to use service (#2027)
|
|
* Bugfix: Switch GUI to first available org (#2025)
|
|
* Update Linux pslist() to use CommandLine column (#2024)
|
|
* Add embedded stager parse usecase (#34) (#2023)
|
|
* update to clean up null fields (#2020)
|
|
* Refactor code to propagate the context in more cases. (#2019)
|
|
* Bugix: Raw file accessor had different behaviour on Windows (#2018)
|
|
* Cater for unknown parents in process tracker. (#2015)
|
|
* Fix sense of multiple regexp in all() function (#2014)
|
|
* Added all() and any() VQL functions (#2013)
|
|
* Capitalize 'i' in config generation output (#2012)
|
|
* Fixed crash in api_client command (#2010)
|
|
* Update UserAccessLogs.yaml (#2009)
|
|
* Fixed bug in UserAccessLog artifact (#2008)
|
|
* api/authenticators: fix handling of missing oauthstate cookie for OAUTH2 (#2000)
|
|
* Collect domain role info on interrogate (#1998)
|
|
* Added new GUI column type for tree (#1997)
|
|
* Fixed CSS to make column selector more visible (#1996)
|
|
* Send a System.Upload.Completion event on server artifact upload (#1995)
|
|
* Refactor of oauth code (#1993)
|
|
* Added some helpful server artifacts (#1992)
|
|
* Bugfix: "rpm server" command did not produce minion packages (#1991)
|
|
* Add ability to delete monitoring events. (#1990)
|
|
* Allow notebook GUI to set notebooks to public. (#1989)
|
|
* Allow the user to change password in the GUI (#1988)
|
|
* Added a delay() VQL function (#1987)
|
|
* Fixed a crash when add_monitoring was called without parameters. (#1986)
|
|
* Allow hunt() to limit by OS condition (#1985)
|
|
* [Snyk] Upgrade ace-builds from 1.7.1 to 1.8.1 (#1984)
|
|
* Fix "last_visit_time" timestamp (#1983)
|
|
* Added Generic.System.ProcessSiblings (#1982)
|
|
* [Snyk] Upgrade bootstrap from 4.6.1 to 4.6.2 (#1979)
|
|
* General cleanup (#1977)
|
|
* Update BinaryRename.yaml (#1976)
|
|
* Support multi orgs in server-server communication (#1975)
|
|
* Inventory service should upload tools to global public directory (#1973)
|
|
* fixed path issue (#1972)
|
|
* Support REG_MULTI_SZ in raw registry accessor (#1969)
|
|
* fix: upgrade interactjs from 1.10.16 to 1.10.17 (#1968)
|
|
* Update prefetch library to fix bug (#1965)
|
|
* The "fs" accessor should also be org sensitive. (#1964)
|
|
* Added user_grant() VQL function (#1963)
|
|
* fix: upgrade interactjs from 1.10.14 to 1.10.16 (#1961)
|
|
* fix: gui/velociraptor/package.json & gui/velociraptor/package-lock.json to reduce vulnerabilities (#1960)
|
|
* Several security related bugfixes. (#1962)
|
|
* Fixed bug in watch_evtx() (#1955)
|
|
* fix: upgrade ace-builds from 1.7.0 to 1.7.1 (#1952)
|
|
* Fixed visted_url typo (#1953)
|
|
* Added NewOrg artifact to make creating new orgs easier. (#1951)
|
|
* Fix broken deps due to snyke merge (#1950)
|
|
* build(deps): bump terser from 4.8.0 to 4.8.1 in /gui/velociraptor (#1946)
|
|
* fix: upgrade recharts from 2.1.11 to 2.1.12 (#1945)
|
|
* fix: upgrade @fortawesome/react-fontawesome from 0.1.18 to 0.2.0 (#1948)
|
|
* Added orgs() plugin and user management (#1949)
|
|
* fix: upgrade ace-builds from 1.6.1 to 1.7.0 (#1944)
|
|
* Add new embedded pe in data section parse (#1943)
|
|
* Refactor startup code (#1942)
|
|
* fix: upgrade qs from 6.10.4 to 6.11.0 (#1941)
|
|
* fix: upgrade recharts from 2.1.10 to 2.1.11 (#1939)
|
|
* fix: upgrade ace-builds from 1.6.0 to 1.6.1 (#1938)
|
|
* Added artifact Windows.Attack.IncorrectImagePath (#1927)
|
|
* Account for pid reuse in process tracker. (#1936)
|
|
* add precondition for only windows (#1935)
|
|
* Make ddclient service parameters configurable (#1933)
|
|
* fix: gui/velociraptor/package.json & gui/velociraptor/package-lock.json to reduce vulnerabilities (#1930)
|
|
* fix: upgrade interactjs from 1.10.13 to 1.10.14 (#1918)
|
|
* replace YaraUrl type (#1922)
|
|
* Add other url yara fixes (#1921)
|
|
* Update Glob.yaml (#1920)
|
|
* Fixed bug in startup code. (#1919)
|
|
* Initial commit of multitenant support (#1917)
|
|
* Adds three Linux artifacts (#1916)
|
|
* Fixed a crash when using artifact plugin with tools (#1915)
|
|
* Added a collector accessor (#1912)
|
|
* fix: upgrade interactjs from 1.10.11 to 1.10.13 (#1909)
|
|
* fix: upgrade qs from 6.10.3 to 6.10.4 (#1910)
|
|
* Japanese translation (#1906)
|
|
* Fix spanish translations. (#1907)
|
|
* fix: upgrade react-overlays from 5.1.2 to 5.2.0 (#1904)
|
|
* Add Shimcache reformat (#1892)
|
|
* A couple of performance tweaks. (#1903)
|
|
* Fix Amcache artifact (#1902)
|
|
* Retry axios requests (#1901)
|
|
* Revert "fix: upgrade ace-builds from 1.5.2 to 1.5.3 (#1899)" (#1900)
|
|
* fix: upgrade ace-builds from 1.5.2 to 1.5.3 (#1899)
|
|
* Use the auto accessor as first level of VFS (#1898)
|
|
* Theme fixes (#1895)
|
|
* Added additional logging for windows client service (#1894)
|
|
* Theme updates (#1893)
|
|
* Prepare for release 0.6.5 (#1890)
|
|
* Bugfix: CPU limit was not properly enforced on endpoint. (#1889)
|
|
* fix: upgrade react-calendar-timeline from 0.27.0 to 0.28.0 (#1887)
|
|
* fix: upgrade ace-builds from 1.5.1 to 1.5.2 (#1888)
|
|
* Improve the Windows.Sys.StartupItems artifact (#1886)
|
|
* Fixed the --remap flag (#1883)
|
|
* Fixed bug in client_delete() (#1882)
|
|
* Added a delete_flow VQL plugin (#1880)
|
|
* Add fix for generic bin file payload (#1879)
|
|
* Bugfix: Notebook calculation did not update cell (#1878)
|
|
* fix: upgrade humanize-duration from 3.27.1 to 3.27.2 (#1877)
|
|
* Revised Portuguese translation (#1876)
|
|
* Update usn.go (#1873)
|
|
* Added French language (#1874)
|
|
* Updated german translation (#1875)
|
|
* Refactor artifact plugin to be more efficient. (#1871)
|
|
* Update de.js (#1870)
|
|
* fix: upgrade ace-builds from 1.5.0 to 1.5.1 (#1867)
|
|
* Refactor server artifacts service (#1868)
|
|
* Refactored notebook into a service (#1863)
|
|
* fix: upgrade react-router-dom from 5.3.2 to 5.3.3 (#1861)
|
|
* fix: upgrade recharts from 2.1.9 to 2.1.10 (#1862)
|
|
* Bugfix: raw registry accessor supports read_file() (#1859)
|
|
* Add LogHunter - a generic grep over log capability (#1853)
|
|
* Added a GUI element to easily filter log messages (#1858)
|
|
* Added an oidc-cognito authenticator (#1854)
|
|
* build(deps): bump tar from 6.0.5 to 6.1.11 in /gui/velociraptor (#1852)
|
|
* fix: upgrade react-router-dom from 5.3.1 to 5.3.2 (#1850)
|
|
* Fix ACE font handling (#1849)
|
|
* Format timestamps opportunistically. (#1848)
|
|
* Update cidr_contains() to return true if any of the ranges match. (#1847)
|
|
* Sync KapeFiles and SQLECmd artifacts (#1845)
|
|
* Prepare 0.6.5-rc1 release (#1844)
|
|
* Added a default process tracker (#1843)
|
|
* Implement log levels in VQL (#1839)
|
|
* Theme development checkpoint (#1838)
|
|
* fix: upgrade ace-builds from 1.4.14 to 1.5.0 (#1836)
|
|
* fix: upgrade react-bootstrap from 1.6.4 to 1.6.5 (#1837)
|
|
* Added an LRU VQL function (#1835)
|
|
* Bugfix: VFS viewer was unable to access files with \ in name (#1832)
|
|
* use group SID instead of name to get local admins (#1833)
|
|
* Added Portuguese and Spanish languages (#1831)
|
|
* fix: upgrade react-overlays from 5.1.1 to 5.1.2 (#1830)
|
|
* Make display timezone user selectable (#1827)
|
|
* Added Musl build target (#1826)
|
|
* Fix deadlock in hunt dispatcher (#1825)
|
|
* Theme tweaks (#1821)
|
|
* add groupname parameter to LocalAdmins artifact (#1823)
|
|
* Fix/activitescache glob expression - Timeline.yaml (#1824)
|
|
* Update TemplateInjection.yaml (#1820)
|
|
* Prevent text wrap on sidebar (#1819)
|
|
* Added some missing translations (#1817)
|
|
* Added Deutsch UI Language (#1816)
|
|
* Support UNC paths in windows accessors. (#1815)
|
|
* Add enrichment callback for process tracker (#1814)
|
|
* Prevent null FailureActions error (#1811)
|
|
* Make ACL manager pluggable. (#1813)
|
|
* Allow custom override for GUI artifacts by default (#1810)
|
|
* Refactored hunt related functions to use the hunt_dispatcher (#1807)
|
|
* artifactset: add ability to select named sources (#1809)
|
|
* UI enhancements (#1805)
|
|
* Refactor: Create user manager service (#1804)
|
|
* New themes and refactoring of existing CSS (#1801)
|
|
* Bugfix: Server monitoring queries were not correctly cancelled. (#1803)
|
|
* Add gunzip function (#1802)
|
|
* GUI: Artifact selector (#1790)
|
|
* Refactor and improve the way clients send query related information (#1800)
|
|
* fix: upgrade axios from 0.26.1 to 0.27.2 (#1798)
|
|
* Add Cobalt Strike carver sleep function capability (#1795)
|
|
* Bugfix: Create new buffer to accumulate VQL results (#1794)
|
|
* Make velociraptor_client executable in postint script (#1788)
|
|
* Support addition on dicts (#1785)
|
|
* fix: upgrade moment from 2.29.2 to 2.29.3 (#1782)
|
|
* fix: upgrade react-router-dom from 5.3.0 to 5.3.1 (#1783)
|
|
* Reset nanny when client connection failed. (#1780)
|
|
* Fix artifacts that use yara parameters to specify yara type (#1779)
|
|
* SysmonInstall artifact now skips install if not needed (#1777)
|
|
* Suppress warning message for offline collector (#1776)
|
|
* Bug fix (#1774)
|
|
* Avoid bash process lingering around while server is running (#1775)
|
|
* oidc: Fix typo: Genric -> Generic (#1773)
|
|
* Make MaxWait for event table settable. (#1772)
|
|
* Fixed bug in Windows.Detection.Yara.Process (#1771)
|
|
* fix: upgrade react-scripts from 5.0.0 to 5.0.1 (#1770)
|
|
* Initial implementation of client side process tracker. (#1768)
|
|
* Bugfix: Client did not update list of query columns (#1767)
|
|
* Fixed bug in ETWSessions artifact (#1766)
|
|
* build(deps): bump async from 2.6.3 to 2.6.4 in /gui/velociraptor (#1761)
|
|
* Add update to ADSHunter for better output on complete system hunts (#28) (#1765)
|
|
* Add fix for dupliate entries from flattern bug (#1760)
|
|
* build(deps): bump ejs from 3.1.6 to 3.1.7 in /gui/velociraptor (#1758)
|
|
* build(deps): bump cross-fetch from 3.1.3 to 3.1.5 in /gui/velociraptor (#1759)
|
|
* Fix undefined types in some artifact parameters (#1757)
|
|
* Update Glob.yaml (#1754)
|
|
* Bugfix: Unable to set cpu limits in hunt GUI (#1751)
|
|
* Support case insensitive notebook cell types (#1747)
|
|
* Fixed a bug in the Userassist artifact (#1746)
|
|
* Bugfix: Hunt stats were not properly incremented (#1744)
|
|
* Invalidate transformed cache when the base table changes. (#1742)
|
|
* GUI Table widgets now can apply transformations on the table. (#1740)
|
|
* Update FilenameSearch.yaml (#1741)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 11 21:12:02 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.6.4.2~git86.b5931f7:
|
|
* cleanup: go mod tidy
|
|
- Fix vendoring of replaced modules.
|
|
- Only require libtsan0 on x86_64
|
|
- Only attempt to copy vmlinux.h if /sys/kernel/btf/vmlinux doesn't exist
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 11 20:13:00 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.6.4.2~git84.1b38fda:
|
|
* Clean up libbpfgo mess
|
|
* libbpfgo: use forked repo for fully static builds
|
|
* libbpfgo: sync to v0.4.4-libbpf-1.0.1
|
|
* contrib/kafka-humio-gateway: add new debug option for noisy events
|
|
* contrib/kafka-humio-gateway: backoff and retry for metadata
|
|
* vql/server/kafka: connect sarama logging to velociraptor logging
|
|
* vql/server/kafka: add exponential backoff (limited to 30s) for metadata retries
|
|
* vql/server/kafka: set appropriate ClientID
|
|
* libbpfgo: add selftest to build so testcases work
|
|
* cronsnoop: rework testcases to use t.TempDir
|
|
* cronsnoop: move external dependencies to end of import list
|
|
* SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 11 20:08:20 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.6.4.2~git67.85b608e:
|
|
* clients/host-info.js: add MAC addresses to client dashboard
|
|
* linux: Add ability to interrogate system and network configuration
|
|
* SUSE: Add docker-compose environment
|
|
* SUSE: add Docker files
|
|
* Add Linux.Sys.Bash to Server.Monitor.Shell artifact
|
|
* api/authenticators: fix handling of missing oauthstate cookie for OAUTH2
|
|
* kafka-humio-gateway: add sample config file
|
|
* Updating the NewFiles and ProcessStatuses Artifacts
|
|
* cronsnoop: Add plugin which is able to snoop removal/addition of cron… (#37)
|
|
* third_party/go-libaudit: don't directly use unix.*
|
|
* Add Linux.Remediation.Quarantine artifact
|
|
* Extend audit artifacts to use new interface
|
|
* audit: rearchitect plugin to scale better with multiple invocations
|
|
* third_party/go-libaudit: move handling of receive buffer to caller
|
|
* third_party/go-libaudit: move buffer handling from netlink to audit
|
|
* third_party/go-libaudit: allow audit fd to be pollable
|
|
* third_party/go-libaudit: Add support for removing individual rules
|
|
* third_party/go-libaudit: rule.Rule.Build: Don't assume that no syscalls means all syscalls
|
|
* third_party/go-libaudit: Report missing rules during deletion
|
|
* import go-libaudit as a third-party module
|
|
* quarantine: actually call the OS-specific artifact
|
|
* artifactset: add ability to select named sources
|
|
* GUI: Artifact selector (#1790)
|
|
* host-info: make quarantine UI more robust with non-Windows client hosts
|
|
* shell-viewer: default to Bash on non-Windows clients
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 10 15:22:27 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.6.4.2~git70.b7df8172:
|
|
* file_store: handle watching artifacts with named sources
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 29 14:16:05 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.6.4.2~git68.5226b23b:
|
|
* api/authenticators/basic: fix logoff endpoint
|
|
* clients/host-info.js: add MAC addresses to client dashboard
|
|
* linux: Add ability to interrogate system and network configuration
|
|
* SUSE: Add docker-compose environment
|
|
* SUSE: add Docker files
|
|
* Add Linux.Sys.Bash to Server.Monitor.Shell artifact
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 19 21:07:15 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Updated vendoring.
|
|
- Fixed update-vendoring script to use an independent go module cache.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 19 01:59:35 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.6.4.2~git59.5ebb49db:
|
|
* api/authenticators: fix handling of missing oauthstate cookie for OAUTH2
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 11 19:40:21 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.6.4.2~git57.fcb11adf:
|
|
* kafka-humio-gateway: add sample config file
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 15 14:30:49 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Updated BuildRequires to use go 1.17 after updating vendoring
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 15 02:24:03 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Add vmlinux.h from 5.18.9-2-default to provide type information (x86_64 only)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 15 00:00:39 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.6.4.2~git56.47b4adb4:
|
|
* Updating the NewFiles and ProcessStatuses Artifacts
|
|
* cronsnoop: Add plugin which is able to snoop removal/addition of cron… (#37)
|
|
* third_party/go-libaudit: don't directly use unix.*
|
|
* Add Linux.Remediation.Quarantine artifact
|
|
* Extend audit artifacts to use new interface
|
|
* audit: rearchitect plugin to scale better with multiple invocations
|
|
* third_party/go-libaudit: move handling of receive buffer to caller
|
|
* third_party/go-libaudit: move buffer handling from netlink to audit
|
|
* third_party/go-libaudit: allow audit fd to be pollable
|
|
* third_party/go-libaudit: Add support for removing individual rules
|
|
* third_party/go-libaudit: rule.Rule.Build: Don't assume that no syscalls means all syscalls
|
|
* third_party/go-libaudit: Report missing rules during deletion
|
|
* import go-libaudit as a third-party module
|
|
* quarantine: actually call the OS-specific artifact
|
|
* artifactset: add ability to select named sources
|
|
* GUI: Artifact selector (#1790)
|
|
* host-info: make quarantine UI more robust with non-Windows client hosts
|
|
* shell-viewer: default to Bash on non-Windows clients
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 12 20:15:26 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to upstream 0.6.4.2~git16.e1b7fc0:
|
|
* Rebase on 0.6.4-2
|
|
* Reset nanny when client connection failed. (#1780)
|
|
* Fix artifacts that use yara parameters to specify yara type (#1779)
|
|
* Update release for bugfixes 0.6.4-2
|
|
* Add update to ADSHunter for better output on complete system hunts (#28) (#1765)
|
|
* SysmonInstall artifact now skips install if not needed (#1777)
|
|
* Initial implementation of client side process tracker. (#1768)
|
|
* Invalidate transformed cache when the base table changes. (#1742)
|
|
* GUI Table widgets now can apply transformations on the table. (#1740)
|
|
* Suppress warning message for offline collector (#1776)
|
|
* Bug fix (#1774)
|
|
* Avoid bash process lingering around while server is running (#1775)
|
|
* oidc: Fix typo: Genric -> Generic (#1773)
|
|
* Make MaxWait for event table settable. (#1772)
|
|
* Fixed bug in Windows.Detection.Yara.Process (#1771)
|
|
* fix: upgrade react-scripts from 5.0.0 to 5.0.1 (#1770)
|
|
* Bugfix: Client did not update list of query columns (#1767)
|
|
* Merge bugfixes from master branch. (#1769)
|
|
- Revendored dependencies.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 12 17:54:31 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.6.4~git31.4298eab0:
|
|
* Elastic.Events.Client: Update to use new artifactset type
|
|
* Kafka.Events.Client: Update to use new artifactset type
|
|
* artifacts: add artifactset parameter type
|
|
* api: add type and description fields to v1/GetArtifacts endpoint
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 12 13:30:42 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.6.4~git26.4407b9b7:
|
|
* Add artifact for chattrsnoop plugin
|
|
* bpflib: ensure it's built only on linux and when requesting bpf
|
|
* Add chattrsnoop plugin
|
|
* tcpsnoop: Properly close module in case of attach error
|
|
* Add artifacts for dns/tcp snoop plugins
|
|
* tcpsnoop: Add timestamp to generated events
|
|
* dnssnoop: Add timestamp to generated events
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 3 20:35:57 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Fix error handling in tcpsnoop and dnssnoop.
|
|
* If BTF information is unavailable, there is no indication that the
|
|
query has failed.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 3 13:45:09 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Rebase on 0.6.4:
|
|
* Updated dependencies
|
|
* Bugfix: startup bugs (#1680)
|
|
* bugfix: Server event notebook not correctly created (#1737)
|
|
* Bugfix: Start a dummy indexing service (#1736)
|
|
* Add bugfix which would return no rows if the user removed whitelist (#1735)
|
|
* Fixed bug in read_reg_key (#1734)
|
|
* BUGFIX: Do not include config flag when darwin installer is repacked (#1733)
|
|
* Refactored index into its own service. (#1730)
|
|
* Bugfix: Write one index item per JSONL record. (#1727)
|
|
* Bugfix: Estimating client impact should consider last active status (#1726)
|
|
* Add complete ntfs metadata option to MFT output (#1725)
|
|
* Various bugfixes. (#1724)
|
|
* Update Usn.yaml (#1723)
|
|
* Fixed a bug in hunt download preparation. (#1722)
|
|
* Add Windows.Forensics.Usn filter and presentation updates (#1720)
|
|
* Optimize writing event monitoring records (#1721)
|
|
* Add Generic.Detection.Yara.Zip (#1718)
|
|
* Fixed crash on master-pong response. (#1719)
|
|
* Remove _type option from elastic. (#1715)
|
|
* Opportunistically update directly connected client's ping times (#1713)
|
|
* Fixed a bug in hunt download preparation. (#1722)
|
|
* Add Windows.Forensics.Usn filter and presentation updates (#1720)
|
|
* Optimize writing event monitoring records (#1721)
|
|
* Add Generic.Detection.Yara.Zip (#1718)
|
|
* Fixed crash on master-pong response. (#1719)
|
|
* Remove _type option from elastic. (#1715)
|
|
* Opportunistically update directly connected client's ping times (#1713)
|
|
* Fixed bug in VQL cell splitting. (#1712)
|
|
* artifact for parsing macos packages (#1706)
|
|
* Bugfix: Create a cell for each collected source (#1710)
|
|
* artifact for parsing macos packages (#1706)
|
|
* Bugfix: Create a cell for each collected source (#1710)
|
|
* Added Server.Utils.CollectClient to simplify direct collections (#1708)
|
|
* fix: gui/velociraptor/package.json & gui/velociraptor/package-lock.json to reduce vulnerabilities (#1705)
|
|
* Fix build on Go 1.18 (#1704)
|
|
* build(deps): bump minimist from 1.2.5 to 1.2.6 in /gui/velociraptor (#1703)
|
|
* Mft update - add uSecZeros (#1701)
|
|
* Server monitoring service will reload if an artifact is modified (#1702)
|
|
* Refactor client info manager (#1700)
|
|
* A number of bugfixes (#1699)
|
|
* Update Windows.NTFS.MFT (#1698)
|
|
* Actually export HumanString attribute on OSPath (#1689)
|
|
* RHEL/CentOS/Fedora dnf packages (#1684)
|
|
* Implemented Human Readable OSPath method. (#1688)
|
|
* Added lazy MFT attributes (#1685)
|
|
* Maintain OSPath in mft artifacts (#1683)
|
|
* Fix bug in deaddisk remapping of directories. (#1682)
|
|
* Bugfix: startup bugs (#1680)
|
|
* Updated SQLECmd artifacts (#1677)
|
|
* Artifact repository needs to watch for changes across nodes. (#1676)
|
|
* Update auto accessor to re-open file with ntfs if read failed (#1674)
|
|
* Fix MacOS.System.Plist artifact (#1673)
|
|
* Error collection based on VQL logs (#1672)
|
|
* Add memory limiting to offline collector (#1666)
|
|
* Allow mount overlays (#1664)
|
|
* build(deps): bump node-forge from 1.2.1 to 1.3.0 in /gui/velociraptor (#1661)
|
|
* Fixed bugs in remapping logic. (#1660)
|
|
* Fixed bug in the windows auto accessor. (#1658)
|
|
* Elastic.Events.Clients: synchronize parameters with Elastic.Flows.Upload (#1657)
|
|
* Add initial commit for Windows.NTFS.ExtendedAttributes (#1656)
|
|
* Added a shadow remapping type (#1655)
|
|
* Implemented an event notebook (#1654)
|
|
* Add Windows.System.WMIQuery (#1651)
|
|
* Fixed data race in progress throttler. (#1653)
|
|
* Implemented timeout and cpu limits on offline collector. (#1650)
|
|
* Added an rpm server command. (#1647)
|
|
* Artifacts can now define suggestions for notebook cells. (#1646)
|
|
* Allow multiple OIDC authenticators to be specified. (#1645)
|
|
* Added a multi authenticator. (#1644)
|
|
* Add HashHunter hash() update for performance (#1643)
|
|
* Change the DNSCache Artifact to WMI (#1640)
|
|
* Added an uploader for notebooks. (#1639)
|
|
* Added hashselect arg option to hash() (#1637)
|
|
* Add Generic.Detection.HashHunter and tests (#1638)
|
|
* Added Generic.Collectors.SQLECmd (#1635)
|
|
* Add BinaryHunter (#1634)
|
|
* String artifact parameters can now have validator regex (#1628)
|
|
* Implemented CPU rate limited for better control (#1622)
|
|
* Added a client nanny to detect deadlocks (#1621)
|
|
* Linux.Sys.Services artifact, parse services from systemctl (#1619)
|
|
* Collect MAC addresses during interrogation and index them (#1611)
|
|
* Allow parse_ntfs() to operate on an image file. (#1610)
|
|
* Fix regression in VFSGetBuffer (#1605)
|
|
* Added rekey() VQL function (#1604)
|
|
* switch to uninstall string (#1603)
|
|
* freebsd /etc/rc.d/velociraptor service script (#1602)
|
|
* Add Windows.Registry.BackupRestore (#1601)
|
|
* Optimized NTFS code for better speed and added more fields to parse_mft (#1599)
|
|
* Update BinaryRename.yaml (#1598)
|
|
* Added LinuxM1 (#1597)
|
|
* Add explicit check of sticky keys (#1592)
|
|
* Remote data store should identify retryable errors (#1590)
|
|
* fix: gui/velociraptor/package.json & gui/velociraptor/package-lock.json to reduce vulnerabilities (#1588)
|
|
* Add test improvement clear system log (#18) (#1586)
|
|
* Modified Windows.Forensics.Prefetch to use VQL binary parser (#1585)
|
|
* add Windows.NTFS.ADSHunter first commit (#17) (#1583)
|
|
* Resolves Velocidex/velociraptor#1543 Create new VQL entropy() function (#1574)
|
|
* Remove C time and updating naming (#1546)
|
|
* fix: gui/velociraptor/package.json & gui/velociraptor/package-lock.json to reduce vulnerabilities (#1568)
|
|
* Update OSPath protocols to support slices. (#1575)
|
|
* Implement array slice notation in VQL and Server.Import.PreviousReleases (#1573)
|
|
* add rtf TemplateInjection to Windows.Detection.TemplateInjection (#1572)
|
|
* Change accessors API to deal with OSPath objects directly. (#1570)
|
|
* Bump follow-redirects from 1.14.4 to 1.14.8 in /gui/velociraptor (#1567)
|
|
* Added a deaddisk command to generate config (#1564)
|
|
* Fix bug in Windows.System.Services (#1565)
|
|
* Fixed glob expand braces order of operations. (#1560)
|
|
* Added an offset and raw_file accessors (#1559)
|
|
* Update CertUtil.yaml (#1558)
|
|
* remove users to include the system path (#1536)
|
|
* Implement remap() VQL function and remapping config (#1555)
|
|
* Make GitHub actions more flexible on Windows (#1549)
|
|
* Bump normalize-url from 4.5.0 to 4.5.1 in /gui/velociraptor (#1548)
|
|
* Fix typo (#1547)
|
|
* Refractor of accessors and path manipulations (#1545)
|
|
* Dns etw update (#1544)
|
|
* add PowershellProfile (#1542)
|
|
* Added dynamic pubsub attributes (#1540)
|
|
* Fix Windows.Applications.Chrome.History (#1539)
|
|
* windows.application to windows.applications merge. New firefox history artefact (#1534)
|
|
* Fixed race condition in zip accessor reference counting. (#1531)
|
|
* Added Windows.Persistence.SilentProcessExit (#1530)
|
|
* Add limitations section and lastwrite timestamp (#1529)
|
|
* Offline collector FetchBinary should respect the IsExecutable flag (#1528)
|
|
* update description, order by, and hidden keypath (#1527)
|
|
* add limitations section (#1520)
|
|
* Avoid holding index lock for too long. (#1519)
|
|
* re-introduce Windows.Collectors.File with deprecation note (#1516)
|
|
* add limitations to description and key path to query (#1514)
|
|
* Retry remote datastore connections (#1513)
|
|
* Write minion log files and autocert in its own dir. (#1512)
|
|
* Synced KapeFiles artifacts (#1511)
|
|
* Added data retention server artifacts (#1510)
|
|
* Set an upper limit for ttl in memcache (#1508)
|
|
* Add updates to Windows.System.Services (#15) (#1509)
|
|
* Ensure collector container is properly closed when interrupted. (#1507)
|
|
* Continually rebuild the index at runtime. (#1506)
|
|
* Harder vacuum - directly move client task directories to the attic. (#1505)
|
|
* add limitation disclaimer (#1504)
|
|
* Reduce critial section to avoid deadlock in repository manager (#1503)
|
|
* Implemented a vacuum command to remove old tasks from client queues. (#1501)
|
|
* Better format profile metrics output. (#1495)
|
|
* Cap size of directories and report large directories. (#1493)
|
|
* Set ACE completers per editor to avoid global state. (#1492)
|
|
* Add HttpOnly flag to all cookies. (#1491)
|
|
* Refactor completion routine calls (#1490)
|
|
* Limit size of cached directories. (#1483)
|
|
* Add more instrumentation to memory caches. (#1482)
|
|
* Fixed chart resizing bug (#1481)
|
|
* Removed the old queries: list from artifacts. (#1480)
|
|
* [Snyk] Fix for 9 vulnerabilities (#1479)
|
|
* Remove lock around critical section. (#1478)
|
|
* Added MacOS.Forensics.AppleDoubleZip (#1476)
|
|
* Update Windows.Persistence.PermanentWMIEvents to add blind custom namespace detection (#13) (#1475)
|
|
* Make index snapshot frequency configurable (#1474)
|
|
* Bugfix: Setting notebook index did not escape username (#1471)
|
|
* Flush index from memory to disk (#1470)
|
|
* Fixed 2 bugs with the memcache file store (#1469)
|
|
* Update flow active time when the result set is completed (#1468)
|
|
* Tag artifacts as built ins (#1467)
|
|
* Fixed bug in the pathspec() VQL function. (#1465)
|
|
* fix APIConfigLoader not applying command line args (#1463)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 02 14:55:07 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Resync with git repository:
|
|
* Add artifact to monitor user group updates (#24)
|
|
* Add dnssnoop plugin (#15)
|
|
* Log Sudo/root command by auditd
|
|
* Add custom artifacts for login and logout attempts recorded by auditd
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 18 14:12:59 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.6.3~git19.640f7a1c:
|
|
* Add tcpsnoop plugin
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 15 13:31:21 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.6.3~git17.741ebb59:
|
|
* kafka-humio-gateway: update README.md
|
|
* kafka-humio-gateway: Fix missing variable rename
|
|
* Add Kafka-Humio Gateway [Depends on PR#10] (#8)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 15 01:04:29 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.6.3~git13.af7fdb00:
|
|
* SUSE: Add SSHLogin artifacts
|
|
* Add a Kafka export plugin
|
|
* SUSE: Do build tests on every pull request
|
|
* Add systemd-dev as build dependency for github workflow
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 18 00:52:01 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.6.3~git6.d95ed32e:
|
|
* Update the Linux.Events.SSHLogin artifact to scan the systemd journal
|
|
* Update the Linux.Syslog.SSHLogin artifact to scan the systemd journal
|
|
* Add parser to read systemd journal on Linux
|
|
* Add an artifact to enumerate immutable files under a path
|
|
* Add chattr function support for linux
|
|
* Make GitHub actions more flexible on Windows
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 10 02:12:54 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Add simple default configs and provide dirs in /var/lib for client
|
|
and server.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 7 14:40:47 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Temporarily re-enable Windows artifacts (LSS#4).
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 2 18:10:19 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Added systemd unit file and placeholder config file.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 27 17:33:45 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.6.3~git0.69e0fffa:
|
|
* Prepare for 0.6.3 release (#1515)
|
|
* add limitations to description and key path to query (#1514)
|
|
* Retry remote datastore connections (#1513)
|
|
* Write minion log files and autocert in its own dir. (#1512)
|
|
* Synced KapeFiles artifacts (#1511)
|
|
* Added data retention server artifacts (#1510)
|
|
* Set an upper limit for ttl in memcache (#1508)
|
|
* Add updates to Windows.System.Services (#15) (#1509)
|
|
* Ensure collector container is properly closed when interrupted. (#1507)
|
|
* Continually rebuild the index at runtime. (#1506)
|
|
* Harder vacuum - directly move client task directories to the attic. (#1505)
|
|
* add limitation disclaimer (#1504)
|
|
* Reduce critial section to avoid deadlock in repository manager (#1503)
|
|
* Implemented a vacuum command to remove old tasks from client queues. (#1501)
|
|
* Better format profile metrics output. (#1495)
|
|
* Cap size of directories and report large directories. (#1493)
|
|
* Set ACE completers per editor to avoid global state. (#1492)
|
|
* Add HttpOnly flag to all cookies. (#1491)
|
|
* Refactor completion routine calls (#1490)
|
|
* fix: upgrade react-bootstrap from 1.3.0 to 1.6.4 (#1486)
|
|
* fix: upgrade http-proxy-middleware from 1.0.5 to 1.3.1 (#1485)
|
|
* fix: upgrade react-ace from 9.1.3 to 9.5.0 (#1487)
|
|
* fix: upgrade recharts from 2.0.9 to 2.1.8 (#1488)
|
|
* fix: upgrade react-datetime-picker from 3.0.4 to 3.4.3 (#1489)
|
|
* Limit size of cached directories. (#1483)
|
|
* Add more instrumentation to memory caches. (#1482)
|
|
* Fixed chart resizing bug (#1481)
|
|
* Removed the old queries: list from artifacts. (#1480)
|
|
* [Snyk] Fix for 9 vulnerabilities (#1479)
|
|
* Remove lock around critical section. (#1478)
|
|
* Added MacOS.Forensics.AppleDoubleZip (#1476)
|
|
* Update Windows.Persistence.PermanentWMIEvents to add blind custom namespace detection (#13) (#1475)
|
|
* Make index snapshot frequency configurable
|
|
* fix APIConfigLoader not applying command line args (#1463)
|
|
* Flush index from memory to disk (#1470)
|
|
* Prepare RC2 (#1473)
|
|
* Bugfix: Setting notebook index did not escape username (#1471)
|
|
* Fixed 2 bugs with the memcache file store (#1469)
|
|
* Update flow active time when the result set is completed (#1468)
|
|
* Tag artifacts as built ins (#1467)
|
|
* Fixed bug in the pathspec() VQL function. (#1465)
|
|
* Update PrivateKeys.yaml (#1459)
|
|
* Added recursion_callback option to the glob plugin (#1461)
|
|
* Added config wizard for multi-frontend configuration (#1460)
|
|
* Calculate the sha256 hash of the offline container. (#1458)
|
|
* Artifact inspection GUI now allows pivot. (#1457)
|
|
* Client certs can now be specified in the config file. (#1456)
|
|
* New Upload File Form element (#1455)
|
|
* Added a sparse accessor (#1453)
|
|
* Hunt wizard estimates clients affected (#1452)
|
|
* Make the interrogation process customizable. (#1451)
|
|
* Update Info.yaml (#1427)
|
|
* Improved Lnk parser to include additional fields. (#1449)
|
|
* Added a Yara GUI element editor. (#1447)
|
|
* Added patch and merge to `config show` and `config generate` (#1445)
|
|
* Remove usage of FatalIfError from main module (#1443)
|
|
* Introduced a dedicated pathspec object (#1440)
|
|
* Bump is-svg from 4.2.2 to 4.3.0 in /gui/velociraptor (#1437)
|
|
* Only pass client config in the client VQL scope. (#1436)
|
|
* rework protobuf message generator (#1435)
|
|
* Update Autoruns.yaml
|
|
* Added test for filefinder (#1431)
|
|
* fix filters in filefinder artifact (#1430)
|
|
* Add Artifact to collect KapeFile targets on Linux (#1426)
|
|
* Enabled lazy quotes on csv parser (#1424)
|
|
* Fixed bug in client comms. (#1423)
|
|
* Add document filter for better usability (#1421)
|
|
* Added resource information to the output of parse_pe() (#1420)
|
|
* Low latency client connectivity discovery (#1419)
|
|
* Add RecentDocs collection (#1416)
|
|
* Update Amcache artifact for clarity (#1415)
|
|
* Added extra parameters to parse_csv() (#1413)
|
|
* Added netcat plugin to read from socket (#1412)
|
|
* Updated SRUM with Network Usage and Upload option (#1408)
|
|
* Synced darwin and freebsd file accessor with the linux one. (#1409)
|
|
* Added Windows.Forensics.SAM artifact (#1404)
|
|
* Initial artifacts can be specified in config (#1403)
|
|
* Add conhost.exe to binary rename (#1402)
|
|
* Add update Prefetch Btime execution fix (#1398)
|
|
* Update Prefetch timeline (#1397)
|
|
* Cleanup search API (#1396)
|
|
* Update protobuf dependencies. (#1394)
|
|
* More multi-frontend optimizations (#1393)
|
|
* Client info manager now keeps track of scheduled tasks. (#1392)
|
|
* add sid and lookupsid plugin (#1388)
|
|
* Add Mutant whitelist (#1387)
|
|
* Notify currently connected clients on new hunts (#1386)
|
|
* Index rebuild command loads new index service. (#1385)
|
|
* Changes to support distributed architecture. (#1384)
|
|
* Added procdump and procdump64 (#1382)
|
|
* Fixed heavy mutex contention in the labeler. (#1375)
|
|
* Add shellcode to CobaltStrike carver (#10) (#1373)
|
|
* Added an index rebuild command. (#1369)
|
|
* GUI artifact form was ignoring the friendly name attribute (#1368)
|
|
* Added a specialized form element for regex parameters. (#1367)
|
|
* Added a gRPC based remote datastore (#1366)
|
|
* Display all subauthorities for GUID in SRUM (#1365)
|
|
* Verify all gRPC peer certificates were signed by the Velociraptor CA (#1362)
|
|
* Implemented MemcacheFileDatastore - memory caching with file backend (#1361)
|
|
* Added new plugins to manipulate event tables easier. (#1355)
|
|
* Refactored in memory datastore to be more efficient. (#1353)
|
|
* Sync vfilter (#1351)
|
|
* Add both fqdn and hostname to the client search table (#1350)
|
|
* BUGFIX: Datastore on windows is unable to represent files with . (#1348)
|
|
* Added buffer_size parameter to parse_records_with_regex() (#1347)
|
|
* Propagate column types from artifact to flow notebook. (#1346)
|
|
* Cobalt parser update (#1345)
|
|
* Allow listener to not use file buffer. (#1344)
|
|
* Fix Deployment documentation link in README (#1343)
|
|
* Preserve uint64 types across Listener (#1341)
|
|
* Fix spelling (#1339)
|
|
* Refactored queue listener to preserve order. (#1340)
|
|
* Added a magic() VQL function (#1338)
|
|
* Fixed bug in CSS (#1337)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 27 17:27:42 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.6.2~git0.8dd598b2:
|
|
* Update ese parser to fix timestamp bug
|
|
* Prepare final 0.6.2 release (#1363)
|
|
* Verify all gRPC peer certificates were signed by the Velociraptor CA
|
|
* Removed search index parallelism (#1358)
|
|
* Added new plugins to manipulate event tables easier. (#1355)
|
|
* Sync vfilter (#1351)
|
|
* Add both fqdn and hostname to the client search table (#1350)
|
|
* BUGFIX: Datastore on windows is unable to represent files with . (#1348)
|
|
* Added buffer_size parameter to parse_records_with_regex() (#1347)
|
|
* Propagate column types from artifact to flow notebook. (#1346)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 6 21:50:43 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- client: Remove dependencies on nodejs since we don't use it in client mode.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 6 20:14:39 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Update to version 0.6.2~git73.dc02b45e:
|
|
* Update PrivateKeys.yaml (#1459)
|
|
* Added recursion_callback option to the glob plugin (#1461)
|
|
* Added config wizard for multi-frontend configuration (#1460)
|
|
* Calculate the sha256 hash of the offline container. (#1458)
|
|
* Artifact inspection GUI now allows pivot. (#1457)
|
|
* Client certs can now be specified in the config file. (#1456)
|
|
* New Upload File Form element (#1455)
|
|
* Added a sparse accessor (#1453)
|
|
* Hunt wizard estimates clients affected (#1452)
|
|
* Make the interrogation process customizable. (#1451)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 21 20:25:43 UTC 2021 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Disable Windows artifacts. We don't target Windows endpoints and
|
|
the queries clutter the GUI.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 16 14:12:05 UTC 2021 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Switch to using master branch via service files.
|
|
- Added update-vendoring.sh to update the nodejs and go dependencies
|
|
after version update.
|
|
- Now building the client with linux_bare target that disables
|
|
the GUI for endpoint usage.
|
|
- Patch the version string to reflect the package version instead
|
|
of an indistinguishable <next-tag>-dev.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 2 01:46:34 UTC 2021 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Initial packaging.
|