Jeff Mahoney
3a5ec10ba3
- Update to version 0.6.7.5~git78.2bef6fc: * bpf: fix path to vmlinux.h - Update to version 0.6.7.5~git77.997aa73: * file_store/test_utils/server_config.go: update test certificate * Update bluemonday dependency. * vql/functions/hash: cache results on Linux * libbpfgo: update to velociraptor-branch-v0.4.8-libbpf-1.2.0 * logscale/backport: don't use networking.GetHttpTransport * vql/tools/logscale: add plugin to post events to LogScale ingestion endpoint * file_store/directory: add ability to report pending size - Change clang dependency to clang16 - Fix velociraptor-golang-mage-vendoring.diff to account for newer 'go mod vendor' honoring build flags. - Fix update-vendoring.sh script to actually run the %setup part of the spec. - Merge client package into server spec and use _multibuild to create client package from same spec file. - Adjust changelog to retain changes for client package. - Fix building in static mode on earlier releases. - Added patch: velociraptor-libbpfgo-only-build-libbpf.patch - Tightening the security of the services a bit: - tmp files are now moved to /var/lib/velociraptor{,-client}/tmp from /tmp - run velociraptor server as user velociraptor instead of root we do not really need root permissions here - introduce /var/lib/velociraptor/filestore to make it easier to split out large file upload - change permissions for the data directory and subdirectories to OBS-URL: https://build.opensuse.org/request/show/1085591 OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=46
25 lines
581 B
Desktop File
25 lines
581 B
Desktop File
[Unit]
|
|
Description=Velociraptor Kafka-Humio Gateway Service
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=velociraptor-kafka
|
|
Group=velociraptor-kafka
|
|
UMask=0027
|
|
User=velociraptor
|
|
Group=velociraptor
|
|
EnvironmentFile=-/etc/sysconfig/velociraptor-kafka-humio-gateway
|
|
ExecStart=/usr/bin/velociraptor-kafka-humio-gateway $KAFKA_HUMIO_GATEWAY_OPTS --config $KAFKA_HUMIO_GATEWAY_CONFIG
|
|
|
|
PrivateTmp=true
|
|
PrivateDevices=true
|
|
ProtectHostname=true
|
|
ProtectClock=true
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectControlGroups=true
|
|
MemoryDenyWriteExecute=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|