diff --git a/_constraints b/_constraints
new file mode 100644
index 0000000..4988ecd
--- /dev/null
+++ b/_constraints
@@ -0,0 +1,7 @@
+
+
+
+ 10
+
+
+
diff --git a/_servicedata b/_servicedata
index a3f67ce..0599e20 100644
--- a/_servicedata
+++ b/_servicedata
@@ -1,6 +1,6 @@
https://github.com/jeffmahoney/linux-security-sensor
- 5d88d8095b52fea3fd0c30ad1f8673ffabd1d63c
+ a588d6e4e6191afe15dc0755fe1562cadd7af636
https://github.com/SUSE/linux-security-sensor
b5931f73eb6c171a558d09d4ef8b3d4d7292d519
\ No newline at end of file
diff --git a/libbpfgo-i386.patch b/libbpfgo-i386.patch
deleted file mode 100644
index b979a17..0000000
--- a/libbpfgo-i386.patch
+++ /dev/null
@@ -1,15 +0,0 @@
----
- third_party/libbpfgo/Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/third_party/libbpfgo/Makefile
-+++ b/third_party/libbpfgo/Makefile
-@@ -15,7 +15,7 @@ VAGRANT = vagrant
- CLANG_FMT = clang-format
-
- HOSTOS = $(shell uname)
--ARCH ?= $(shell uname -m | sed 's/x86_64/amd64/g; s/aarch64/arm64/g')
-+ARCH ?= $(shell uname -m | sed 's/x86_64/amd64/g; s/aarch64/arm64/g; s/i.86/386/g')
-
- BTFFILE = /sys/kernel/btf/vmlinux
- BPFTOOL = $(shell which bpftool || /bin/false)
diff --git a/velociraptor-0.6.7.4~git46.5d88d80.obscpio b/velociraptor-0.6.7.4~git46.5d88d80.obscpio
deleted file mode 100644
index 04f725d..0000000
--- a/velociraptor-0.6.7.4~git46.5d88d80.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:bd2c70fec3076bf0e467f2ced43d2fe6ecba51ab5541d72f1cac6bc2dd4564cd
-size 127591438
diff --git a/velociraptor-0.6.7.4~git51.a588d6e4.obscpio b/velociraptor-0.6.7.4~git51.a588d6e4.obscpio
new file mode 100644
index 0000000..d26e7b3
--- /dev/null
+++ b/velociraptor-0.6.7.4~git51.a588d6e4.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3db17d9852160d1db093ef7eeb25a3b5e72282ba58bcb11446562de76007aeca
+size 127595022
diff --git a/velociraptor-client.changes b/velociraptor-client.changes
index 9121267..e52d75c 100644
--- a/velociraptor-client.changes
+++ b/velociraptor-client.changes
@@ -1,11 +1,30 @@
-------------------------------------------------------------------
-Wed Jan 18 15:50:30 UTC 2023 - Jeff Mahoney
+Thu Jan 19 01:01:09 UTC 2023 - Jeff Mahoney
-- Define ExclusiveArch for x86_64, ppc64le, aarch64, and s390x
- Neither the client or server builds on ix86.
+- Clean up for Factory submission:
+ - Make bpf-enabled builds conditional
+ - Removed %defattr and combined service lines.
+ - Change clang and llvm dependencies to use >= 13
+ - Newer versions of clang hit a DWARF parsing bug in go < 1.19,
+ so increase go version dependecy
+ - Define ExclusiveArch for x86_64, ppc64le, aarch64, and s390x
+ Neither the client or server builds on ix86.
-------------------------------------------------------------------
-Wed Dec 07 04:21:36 UTC 2022 - jeffm@suse.com
+Mon Jan 9 16:01:44 UTC 2023 - Jeff Mahoney
+
+- Added Restart=on-failure to restart the client automatically.
+
+-------------------------------------------------------------------
+Mon Dec 12 20:03:03 UTC 2022 - Jeff Mahoney
+
+- Update to version 0.6.7.4~git51.a588d6e4:
+ * magefile.go: use current architecture for Linux builds
+ * Update libbpfgo submodule to include non-AMD64 build fixes
+ * bpf: bpf expects s390 instead of s390x
+
+-------------------------------------------------------------------
+Wed Dec 07 04:21:36 UTC 2022 - Jeff Mahoney
- Update to version 0.6.7.4~git46.5d88d80:
* contrib/kafka-humio-gateway: add new debug option for noisy events
@@ -15,7 +34,7 @@ Wed Dec 07 04:21:36 UTC 2022 - jeffm@suse.com
* vql/server/kafka: set appropriate ClientID
-------------------------------------------------------------------
-Wed Dec 07 02:49:56 UTC 2022 - jeffm@suse.com
+Wed Dec 07 02:49:56 UTC 2022 - Jeff Mahoney
- Update to version 0.6.7.4~git41.678ed56:
* rpm: introduce rpm vql plugin
@@ -63,7 +82,7 @@ Wed Dec 07 02:49:56 UTC 2022 - jeffm@suse.com
* Bugfix: When org is not specified this JS code raised (#2315) (#2316)
-------------------------------------------------------------------
-Tue Dec 06 21:53:43 UTC 2022 - jeffm@suse.com
+Tue Dec 06 21:53:43 UTC 2022 - Jeff Mahoney
- Update to version 0.6.7.3~git41.fa6afa7:
* rpm: introduce rpm vql plugin
@@ -414,7 +433,7 @@ Tue Dec 06 21:53:43 UTC 2022 - jeffm@suse.com
* Update FilenameSearch.yaml (#1741)
-------------------------------------------------------------------
-Fri Nov 11 21:12:02 UTC 2022 - jeffm@suse.com
+Fri Nov 11 21:12:02 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4.2~git86.b5931f7:
* cleanup: go mod tidy
@@ -423,7 +442,7 @@ Fri Nov 11 21:12:02 UTC 2022 - jeffm@suse.com
- Only attempt to copy vmlinux.h if /sys/kernel/btf/vmlinux doesn't exist
-------------------------------------------------------------------
-Fri Nov 11 20:13:00 UTC 2022 - jeffm@suse.com
+Fri Nov 11 20:13:00 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4.2~git84.1b38fda:
* Clean up libbpfgo mess
@@ -440,7 +459,7 @@ Fri Nov 11 20:13:00 UTC 2022 - jeffm@suse.com
* SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()
-------------------------------------------------------------------
-Fri Nov 11 20:08:20 UTC 2022 - jeffm@suse.com
+Fri Nov 11 20:08:20 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4.2~git67.85b608e:
* clients/host-info.js: add MAC addresses to client dashboard
@@ -470,13 +489,13 @@ Fri Nov 11 20:08:20 UTC 2022 - jeffm@suse.com
* shell-viewer: default to Bash on non-Windows clients
-------------------------------------------------------------------
-Thu Nov 10 15:22:27 UTC 2022 - jeffm@suse.com
+Thu Nov 10 15:22:27 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4.2~git70.b7df8172:
* file_store: handle watching artifacts with named sources
-------------------------------------------------------------------
-Thu Sep 29 14:16:05 UTC 2022 - jeffm@suse.com
+Thu Sep 29 14:16:05 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4.2~git68.5226b23b:
* api/authenticators/basic: fix logoff endpoint
@@ -493,13 +512,13 @@ Fri Aug 19 21:07:30 UTC 2022 - Jeff Mahoney
- Fixed update-vendoring script to use an independent go module cache.
-------------------------------------------------------------------
-Fri Aug 19 01:59:35 UTC 2022 - jeffm@suse.com
+Fri Aug 19 01:59:35 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4.2~git59.5ebb49db:
* api/authenticators: fix handling of missing oauthstate cookie for OAUTH2
-------------------------------------------------------------------
-Thu Aug 11 19:40:21 UTC 2022 - jeffm@suse.com
+Thu Aug 11 19:40:21 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4.2~git57.fcb11adf:
* kafka-humio-gateway: add sample config file
@@ -515,7 +534,7 @@ Fri Jul 15 02:24:03 UTC 2022 - Jeff Mahoney
- Add vmlinux.h from 5.18.9-2-default to provide type information (x86_64 only)
-------------------------------------------------------------------
-Fri Jul 15 00:00:39 UTC 2022 - jeffm@suse.com
+Fri Jul 15 00:00:39 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4.2~git56.47b4adb4:
* Updating the NewFiles and ProcessStatuses Artifacts
@@ -538,7 +557,7 @@ Fri Jul 15 00:00:39 UTC 2022 - jeffm@suse.com
* shell-viewer: default to Bash on non-Windows clients
-------------------------------------------------------------------
-Thu May 12 20:15:26 UTC 2022 - jeffm@suse.com
+Thu May 12 20:15:26 UTC 2022 - Jeff Mahoney
- Update to upstream 0.6.4-2:
* Reset nanny when client connection failed. (#1780)
@@ -561,7 +580,7 @@ Thu May 12 20:15:26 UTC 2022 - jeffm@suse.com
- Revendored dependencies.
-------------------------------------------------------------------
-Thu May 12 19:21:56 UTC 2022 - jeffm@suse.com
+Thu May 12 19:21:56 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4~git31.4298eab0:
* Add artifact for chattrsnoop plugin
@@ -577,7 +596,7 @@ Thu May 12 19:21:56 UTC 2022 - jeffm@suse.com
* dnssnoop: Add timestamp to generated events
-------------------------------------------------------------------
-Thu May 12 17:54:31 UTC 2022 - jeffm@suse.com
+Thu May 12 17:54:31 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4~git31.4298eab0:
* Elastic.Events.Client: Update to use new artifactset type
@@ -586,7 +605,7 @@ Thu May 12 17:54:31 UTC 2022 - jeffm@suse.com
* api: add type and description fields to v1/GetArtifacts endpoint
-------------------------------------------------------------------
-Thu May 12 13:30:42 UTC 2022 - jeffm@suse.com
+Thu May 12 13:30:42 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4~git26.4407b9b7:
* Add artifact for chattrsnoop plugin
@@ -772,7 +791,7 @@ Tue May 3 13:45:09 UTC 2022 - Jeff Mahoney
* fix APIConfigLoader not applying command line args (#1463)
-------------------------------------------------------------------
-Mon May 02 14:55:07 UTC 2022 - jeffm@suse.com
+Mon May 02 14:55:07 UTC 2022 - Jeff Mahoney
- Resync with git repository:
* Add artifact to monitor user group updates (#24)
@@ -781,13 +800,13 @@ Mon May 02 14:55:07 UTC 2022 - jeffm@suse.com
* Add custom artifacts for login and logout attempts recorded by auditd
-------------------------------------------------------------------
-Fri Mar 18 14:12:59 UTC 2022 - jeffm@suse.com
+Fri Mar 18 14:12:59 UTC 2022 - Jeff Mahoney
- Update to version 0.6.3~git19.640f7a1c:
* Add tcpsnoop plugin
-------------------------------------------------------------------
-Tue Mar 15 13:31:21 UTC 2022 - jeffm@suse.com
+Tue Mar 15 13:31:21 UTC 2022 - Jeff Mahoney
- Update to version 0.6.3~git17.741ebb59:
* kafka-humio-gateway: update README.md
@@ -795,7 +814,7 @@ Tue Mar 15 13:31:21 UTC 2022 - jeffm@suse.com
* Add Kafka-Humio Gateway [Depends on PR#10] (#8)
-------------------------------------------------------------------
-Tue Mar 15 01:04:29 UTC 2022 - jeffm@suse.com
+Tue Mar 15 01:04:29 UTC 2022 - Jeff Mahoney
- Update to version 0.6.3~git13.af7fdb00:
* SUSE: Add SSHLogin artifacts
@@ -804,7 +823,7 @@ Tue Mar 15 01:04:29 UTC 2022 - jeffm@suse.com
* Add systemd-dev as build dependency for github workflow
-------------------------------------------------------------------
-Fri Feb 18 00:52:01 UTC 2022 - jeffm@suse.com
+Fri Feb 18 00:52:01 UTC 2022 - Jeff Mahoney
- Update to version 0.6.3~git6.d95ed32e:
* Update the Linux.Events.SSHLogin artifact to scan the systemd journal
@@ -830,7 +849,7 @@ Wed Feb 2 04:44:49 UTC 2022 - William Brown
- Add client service file
-------------------------------------------------------------------
-Thu Jan 27 17:33:45 UTC 2022 - jeffm@suse.com
+Thu Jan 27 17:33:45 UTC 2022 - Jeff Mahoney
- Update to version 0.6.3~git0.69e0fffa:
* Prepare for 0.6.3 release (#1515)
@@ -949,7 +968,7 @@ Thu Jan 27 17:33:45 UTC 2022 - jeffm@suse.com
* Fixed bug in CSS (#1337)
-------------------------------------------------------------------
-Thu Jan 27 17:27:42 UTC 2022 - jeffm@suse.com
+Thu Jan 27 17:27:42 UTC 2022 - Jeff Mahoney
- Update to version 0.6.2~git0.8dd598b2:
* Update ese parser to fix timestamp bug
@@ -969,7 +988,7 @@ Thu Jan 6 21:50:43 UTC 2022 - Jeff Mahoney
- Remove dependencies on nodejs since we don't use it in client mode.
-------------------------------------------------------------------
-Thu Jan 06 20:14:39 UTC 2022 - jeffm@suse.com
+Thu Jan 06 20:14:39 UTC 2022 - Jeff Mahoney
- Update to version 0.6.2~git73.dc02b45e:
* Update PrivateKeys.yaml (#1459)
diff --git a/velociraptor-client.service b/velociraptor-client.service
index 4fe0810..3acdb99 100644
--- a/velociraptor-client.service
+++ b/velociraptor-client.service
@@ -16,6 +16,7 @@ ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
MemoryDenyWriteExecute=true
+Restart=on-failure
[Install]
WantedBy=multi-user.target
diff --git a/velociraptor-client.spec b/velociraptor-client.spec
index 398c36d..777df0f 100644
--- a/velociraptor-client.spec
+++ b/velociraptor-client.spec
@@ -19,8 +19,14 @@
%define vendor_version 0.6.7.4~git41.678ed56
%define vmlinux_h_version 5.14.21150400.22-150400-default
+%if 0%{?suse_version} >= 1500
+%bcond_without bpf
+%else
+%bcond_with bpf
+%endif
+
Name: velociraptor-client
-Version: 0.6.7.4~git46.5d88d80
+Version: 0.6.7.4~git51.a588d6e4
Release: 0
Summary: Endpoint visibility and collection tool (endpoint only)
Group: System/Monitoring
@@ -34,21 +40,22 @@ Source4: vmlinux.h-%{vmlinux_h_version}.tar.xz
Source5: update-vendoring.sh
Patch1: velociraptor-golang-mage-vendoring.diff
Patch2: velociraptor-skip-git-submodule-import-for-OBS-build.patch
-Patch4: libbpfgo-i386.patch
BuildRequires: golang-packaging
BuildRequires: systemd-rpm-macros
BuildRequires: systemd-devel
-BuildRequires: golang(API) >= 1.18
+BuildRequires: golang(API) >= 1.19
BuildRequires: fileb0x
BuildRequires: mage
%ifarch x86_64
BuildRequires: libtsan0
%endif
-BuildRequires: clang13
-BuildRequires: llvm13
+%if %{with bpf}
+BuildRequires: clang >= 13
+BuildRequires: llvm >= 13
BuildRequires: bpftool
BuildRequires: libelf-devel
BuildRequires: zlib-devel-static
+%endif
Conflicts: velociraptor
ExclusiveArch: x86_64 ppc64le aarch64 s390x
@@ -71,10 +78,12 @@ install the 'velociraptor' package.
# Set the version to something more specific than -dev
sed -ie "s/\(VERSION *= \).*/\1 \"%{version}\"/" constants/constants.go
+%if %{with bpf}
mkdir -p third_party/libbpfgo/output
cp vmlinux.h-%{vmlinux_h_version}/vmlinux-%{_arch}.h \
third_party/libbpfgo/output/vmlinux.h
+%endif
# These just clutter the GUI and we don't have Windows clients
# Note: There are dependencies on these that need to be resolved before
@@ -82,7 +91,7 @@ cp vmlinux.h-%{vmlinux_h_version}/vmlinux-%{_arch}.h \
# rm -rf artifacts/definitions/Windows
%build
-PATH=$PATH:/usr/sbin make linux_bare
+PATH=$PATH:/usr/sbin make linux_bare BUILD_LIBBPFGO=%{with bpf}
%install
mkdir -p %buildroot/%{_bindir}
@@ -94,7 +103,6 @@ install -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service
install -m 0600 %{SOURCE3} %{buildroot}%{_sysconfdir}/velociraptor/client.config
%files
-%defattr(-,root,root)
%license LICENSE
%doc README.md
%dir %{_sysconfdir}/velociraptor
diff --git a/velociraptor.changes b/velociraptor.changes
index b03b5ed..39eaf0c 100644
--- a/velociraptor.changes
+++ b/velociraptor.changes
@@ -1,11 +1,25 @@
-------------------------------------------------------------------
-Wed Jan 18 15:50:02 UTC 2023 - Jeff Mahoney
+Thu Jan 19 01:01:09 UTC 2023 - Jeff Mahoney
-- Define ExclusiveArch for x86_64, ppc64le, aarch64, and s390x
- Neither the client or server builds on ix86.
+- Clean up for Factory submission:
+ - Make bpf-enabled builds conditional
+ - Removed %defattr and combined service lines.
+ - Change clang and llvm dependencies to use >= 13
+ - Newer versions of clang hit a DWARF parsing bug in go < 1.19,
+ so increase go version dependecy
+ - Define ExclusiveArch for x86_64, ppc64le, aarch64, and s390x
+ Neither the client or server builds on ix86.
-------------------------------------------------------------------
-Wed Dec 07 04:21:36 UTC 2022 - jeffm@suse.com
+Mon Dec 12 20:03:23 UTC 2022 - Jeff Mahoney
+
+- Update to version 0.6.7.4~git51.a588d6e4:
+ * magefile.go: use current architecture for Linux builds
+ * Update libbpfgo submodule to include non-AMD64 build fixes
+ * bpf: bpf expects s390 instead of s390x
+
+-------------------------------------------------------------------
+Wed Dec 07 04:21:36 UTC 2022 - Jeff Mahoney
- Update to version 0.6.7.4~git46.5d88d80:
* contrib/kafka-humio-gateway: add new debug option for noisy events
@@ -15,7 +29,7 @@ Wed Dec 07 04:21:36 UTC 2022 - jeffm@suse.com
* vql/server/kafka: set appropriate ClientID
-------------------------------------------------------------------
-Wed Dec 07 02:49:56 UTC 2022 - jeffm@suse.com
+Wed Dec 07 02:49:56 UTC 2022 - Jeff Mahoney
- Update to version 0.6.7.4~git41.678ed56:
* rpm: introduce rpm vql plugin
@@ -63,7 +77,7 @@ Wed Dec 07 02:49:56 UTC 2022 - jeffm@suse.com
* Bugfix: When org is not specified this JS code raised (#2315) (#2316)
-------------------------------------------------------------------
-Tue Dec 06 21:53:43 UTC 2022 - jeffm@suse.com
+Tue Dec 06 21:53:43 UTC 2022 - Jeff Mahoney
- Update to version 0.6.7.3~git41.fa6afa7:
* rpm: introduce rpm vql plugin
@@ -414,7 +428,7 @@ Tue Dec 06 21:53:43 UTC 2022 - jeffm@suse.com
* Update FilenameSearch.yaml (#1741)
-------------------------------------------------------------------
-Fri Nov 11 21:12:02 UTC 2022 - jeffm@suse.com
+Fri Nov 11 21:12:02 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4.2~git86.b5931f7:
* cleanup: go mod tidy
@@ -423,7 +437,7 @@ Fri Nov 11 21:12:02 UTC 2022 - jeffm@suse.com
- Only attempt to copy vmlinux.h if /sys/kernel/btf/vmlinux doesn't exist
-------------------------------------------------------------------
-Fri Nov 11 20:13:00 UTC 2022 - jeffm@suse.com
+Fri Nov 11 20:13:00 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4.2~git84.1b38fda:
* Clean up libbpfgo mess
@@ -440,7 +454,7 @@ Fri Nov 11 20:13:00 UTC 2022 - jeffm@suse.com
* SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()
-------------------------------------------------------------------
-Fri Nov 11 20:08:20 UTC 2022 - jeffm@suse.com
+Fri Nov 11 20:08:20 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4.2~git67.85b608e:
* clients/host-info.js: add MAC addresses to client dashboard
@@ -470,13 +484,13 @@ Fri Nov 11 20:08:20 UTC 2022 - jeffm@suse.com
* shell-viewer: default to Bash on non-Windows clients
-------------------------------------------------------------------
-Thu Nov 10 15:22:27 UTC 2022 - jeffm@suse.com
+Thu Nov 10 15:22:27 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4.2~git70.b7df8172:
* file_store: handle watching artifacts with named sources
-------------------------------------------------------------------
-Thu Sep 29 14:16:05 UTC 2022 - jeffm@suse.com
+Thu Sep 29 14:16:05 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4.2~git68.5226b23b:
* api/authenticators/basic: fix logoff endpoint
@@ -493,13 +507,13 @@ Fri Aug 19 21:07:15 UTC 2022 - Jeff Mahoney
- Fixed update-vendoring script to use an independent go module cache.
-------------------------------------------------------------------
-Fri Aug 19 01:59:35 UTC 2022 - jeffm@suse.com
+Fri Aug 19 01:59:35 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4.2~git59.5ebb49db:
* api/authenticators: fix handling of missing oauthstate cookie for OAUTH2
-------------------------------------------------------------------
-Thu Aug 11 19:40:21 UTC 2022 - jeffm@suse.com
+Thu Aug 11 19:40:21 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4.2~git57.fcb11adf:
* kafka-humio-gateway: add sample config file
@@ -515,7 +529,7 @@ Fri Jul 15 02:24:03 UTC 2022 - Jeff Mahoney
- Add vmlinux.h from 5.18.9-2-default to provide type information (x86_64 only)
-------------------------------------------------------------------
-Fri Jul 15 00:00:39 UTC 2022 - jeffm@suse.com
+Fri Jul 15 00:00:39 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4.2~git56.47b4adb4:
* Updating the NewFiles and ProcessStatuses Artifacts
@@ -538,7 +552,7 @@ Fri Jul 15 00:00:39 UTC 2022 - jeffm@suse.com
* shell-viewer: default to Bash on non-Windows clients
-------------------------------------------------------------------
-Thu May 12 20:15:26 UTC 2022 - jeffm@suse.com
+Thu May 12 20:15:26 UTC 2022 - Jeff Mahoney
- Update to upstream 0.6.4-2:
* Reset nanny when client connection failed. (#1780)
@@ -561,7 +575,7 @@ Thu May 12 20:15:26 UTC 2022 - jeffm@suse.com
- Revendored dependencies.
-------------------------------------------------------------------
-Thu May 12 17:54:31 UTC 2022 - jeffm@suse.com
+Thu May 12 17:54:31 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4~git31.4298eab0:
* Elastic.Events.Client: Update to use new artifactset type
@@ -570,7 +584,7 @@ Thu May 12 17:54:31 UTC 2022 - jeffm@suse.com
* api: add type and description fields to v1/GetArtifacts endpoint
-------------------------------------------------------------------
-Thu May 12 13:30:42 UTC 2022 - jeffm@suse.com
+Thu May 12 13:30:42 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4~git26.4407b9b7:
* Add artifact for chattrsnoop plugin
@@ -756,7 +770,7 @@ Tue May 3 13:45:09 UTC 2022 - Jeff Mahoney
* fix APIConfigLoader not applying command line args (#1463)
-------------------------------------------------------------------
-Mon May 02 14:55:07 UTC 2022 - jeffm@suse.com
+Mon May 02 14:55:07 UTC 2022 - Jeff Mahoney
- Resync with git repository:
* Add artifact to monitor user group updates (#24)
@@ -765,13 +779,13 @@ Mon May 02 14:55:07 UTC 2022 - jeffm@suse.com
* Add custom artifacts for login and logout attempts recorded by auditd
-------------------------------------------------------------------
-Fri Mar 18 14:12:59 UTC 2022 - jeffm@suse.com
+Fri Mar 18 14:12:59 UTC 2022 - Jeff Mahoney
- Update to version 0.6.3~git19.640f7a1c:
* Add tcpsnoop plugin
-------------------------------------------------------------------
-Tue Mar 15 13:31:21 UTC 2022 - jeffm@suse.com
+Tue Mar 15 13:31:21 UTC 2022 - Jeff Mahoney
- Update to version 0.6.3~git17.741ebb59:
* kafka-humio-gateway: update README.md
@@ -779,7 +793,7 @@ Tue Mar 15 13:31:21 UTC 2022 - jeffm@suse.com
* Add Kafka-Humio Gateway [Depends on PR#10] (#8)
-------------------------------------------------------------------
-Tue Mar 15 01:04:29 UTC 2022 - jeffm@suse.com
+Tue Mar 15 01:04:29 UTC 2022 - Jeff Mahoney
- Update to version 0.6.3~git13.af7fdb00:
* SUSE: Add SSHLogin artifacts
@@ -788,7 +802,7 @@ Tue Mar 15 01:04:29 UTC 2022 - jeffm@suse.com
* Add systemd-dev as build dependency for github workflow
-------------------------------------------------------------------
-Fri Feb 18 00:52:01 UTC 2022 - jeffm@suse.com
+Fri Feb 18 00:52:01 UTC 2022 - Jeff Mahoney
- Update to version 0.6.3~git6.d95ed32e:
* Update the Linux.Events.SSHLogin artifact to scan the systemd journal
@@ -815,7 +829,7 @@ Wed Feb 2 18:10:19 UTC 2022 - Jeff Mahoney
- Added systemd unit file and placeholder config file.
-------------------------------------------------------------------
-Thu Jan 27 17:33:45 UTC 2022 - jeffm@suse.com
+Thu Jan 27 17:33:45 UTC 2022 - Jeff Mahoney
- Update to version 0.6.3~git0.69e0fffa:
* Prepare for 0.6.3 release (#1515)
@@ -934,7 +948,7 @@ Thu Jan 27 17:33:45 UTC 2022 - jeffm@suse.com
* Fixed bug in CSS (#1337)
-------------------------------------------------------------------
-Thu Jan 27 17:27:42 UTC 2022 - jeffm@suse.com
+Thu Jan 27 17:27:42 UTC 2022 - Jeff Mahoney
- Update to version 0.6.2~git0.8dd598b2:
* Update ese parser to fix timestamp bug
@@ -949,7 +963,7 @@ Thu Jan 27 17:27:42 UTC 2022 - jeffm@suse.com
* Propagate column types from artifact to flow notebook. (#1346)
-------------------------------------------------------------------
-Thu Jan 06 20:14:39 UTC 2022 - jeffm@suse.com
+Thu Jan 06 20:14:39 UTC 2022 - Jeff Mahoney
- Update to version 0.6.2~git73.dc02b45e:
* Update PrivateKeys.yaml (#1459)
diff --git a/velociraptor.obsinfo b/velociraptor.obsinfo
index cfcd8fa..43b89ed 100644
--- a/velociraptor.obsinfo
+++ b/velociraptor.obsinfo
@@ -1,4 +1,4 @@
name: velociraptor
-version: 0.6.7.4~git46.5d88d80
-mtime: 1670386624
-commit: 5d88d8095b52fea3fd0c30ad1f8673ffabd1d63c
+version: 0.6.7.4~git51.a588d6e4
+mtime: 1670873734
+commit: a588d6e4e6191afe15dc0755fe1562cadd7af636
diff --git a/velociraptor.spec b/velociraptor.spec
index e12e2bb..210fad4 100644
--- a/velociraptor.spec
+++ b/velociraptor.spec
@@ -19,8 +19,14 @@
%define vendor_version 0.6.7.4~git41.678ed56
%define vmlinux_h_version 5.14.21150400.22-150400-default
+%if 0%{?suse_version} >= 1500
+%bcond_without bpf
+%else
+%bcond_with bpf
+%endif
+
Name: velociraptor
-Version: 0.6.7.4~git46.5d88d80
+Version: 0.6.7.4~git51.a588d6e4
Release: 0
Summary: Endpoint visibility and collection tool
Group: System/Monitoring
@@ -38,11 +44,10 @@ Source8: vmlinux.h-%{vmlinux_h_version}.tar.xz
Source9: update-vendoring.sh
Patch1: velociraptor-golang-mage-vendoring.diff
Patch2: velociraptor-skip-git-submodule-import-for-OBS-build.patch
-Patch4: libbpfgo-i386.patch
BuildRequires: golang-packaging
BuildRequires: systemd-rpm-macros
BuildRequires: systemd-devel
-BuildRequires: golang(API) >= 1.18
+BuildRequires: golang(API) >= 1.19
BuildRequires: fileb0x
BuildRequires: mage
%ifarch x86_64
@@ -50,11 +55,13 @@ BuildRequires: libtsan0
%endif
BuildRequires: nodejs >= 16
BuildRequires: npm >= 16
-BuildRequires: clang13
-BuildRequires: llvm13
+%if %{with bpf}
+BuildRequires: clang >= 13
+BuildRequires: llvm >= 13
BuildRequires: bpftool
BuildRequires: libelf-devel
BuildRequires: zlib-devel-static
+%endif
Conflicts: velociraptor-client
ExclusiveArch: x86_64 ppc64le aarch64 s390x
@@ -71,7 +78,7 @@ For just the endpoint agent, please install the 'velociraptor-client' package.
%package kafka-humio-gateway
Summary: Gateway between Kafka and Humio for Velociraptor Artifacts
-Version: 0.6.7.4~git46.5d88d80
+Version: 0.6.7.4~git51.a588d6e4
%description kafka-humio-gateway
This tool is used to consume events generated by the Kafka Velociraptor plugin
@@ -84,10 +91,12 @@ and post them to a Humio cluster.
# Set the version to something more specific than -dev
sed -ie "s/\(VERSION *= \).*/\1 \"%{version}\"/" constants/constants.go
+%if %{with bpf}
mkdir -p third_party/libbpfgo/output
cp vmlinux.h-%{vmlinux_h_version}/vmlinux-%{_arch}.h \
third_party/libbpfgo/output/vmlinux.h
+%endif
# These just clutter the GUI and we don't have Windows clients
# Note: There are dependencies on these that need to be resolved before
@@ -96,7 +105,7 @@ cp vmlinux.h-%{vmlinux_h_version}/vmlinux-%{_arch}.h \
%build
(cd gui/velociraptor ; npm run build)
-PATH=$PATH:/usr/sbin make linux
+PATH=$PATH:/usr/sbin make linux BUILD_LIBBPFGO=%{with bpf}
(cd contrib/kafka-humio-gateway; go build -o %{name}-kafka-humio-gateway)
@@ -117,7 +126,6 @@ install -m 0644 %{SOURCE6} %{buildroot}%{_unitdir}/%{name}-client.service
install -m 0600 %{SOURCE7} %{buildroot}%{_sysconfdir}/velociraptor/client.config
%files
-%defattr(-, root, root)
%license LICENSE
%doc README.md
%dir %{_sysconfdir}/velociraptor
@@ -132,7 +140,6 @@ install -m 0600 %{SOURCE7} %{buildroot}%{_sysconfdir}/velociraptor/client.config
%dir %{_sharedstatedir}/velociraptor-client
%files kafka-humio-gateway
-%defattr(-, root, root)
%license LICENSE
%doc contrib/kafka-humio-gateway/README.md
%{_bindir}/%{name}-kafka-humio-gateway
@@ -140,19 +147,15 @@ install -m 0600 %{SOURCE7} %{buildroot}%{_sysconfdir}/velociraptor/client.config
%{_datadir}/%{name}-kafka-humio-gateway/sample-config.yml
%pre
-%service_add_pre %{name}.service
-%service_add_pre %{name}-client.service
+%service_add_pre %{name}.service %{name}-client.service
%post
-%service_add_post %{name}.service
-%service_add_post %{name}-client.service
+%service_add_post %{name}.service %{name}-client.service
%preun
-%service_del_preun %{name}.service
-%service_del_preun %{name}-client.service
+%service_del_preun %{name}.service %{name}-client.service
%postun
-%service_del_postun %{name}.service
-%service_del_postun %{name}-client.service
+%service_del_postun %{name}.service %{name}-client.service
%changelog