Accepting request 955746 from home:jeff_mahoney:branches:security:sensor

Update to follow sensor-base-0.6.3 branch. OBS-URL: https://build.opensuse.org/request/show/955746 OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=9
2022-02-18 01:36:48 +00:00 · 2022-02-18 01:36:48 +00:00 · 52390d084f
commit 52390d084f
parent 2f3558a31c
12 changed files with 93 additions and 17 deletions
--- a/2
+++ b/2
@ -3,7 +3,7 @@
    <param name="url">https://github.com/SUSE/linux-security-sensor</param>
    <param name="filename">velociraptor</param>
    <param name="versionformat">@PARENT_TAG@~git@TAG_OFFSET@.%h</param>
-    <param name="revision">main</param>
+    <param name="revision">sensor-base-0.6.3</param>
    <param name="scm">git</param>
    <param name="parent-tag">v0.6.3</param>
    <param name="versionrewrite-pattern">v(.*)</param>
--- a/2
+++ b/2
@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                <param name="url">https://github.com/SUSE/linux-security-sensor</param>
-              <param name="changesrevision">69e0fffa28e2dc22bfaa7961d31b667c9f4388cd</param></service></servicedata>
+              <param name="changesrevision">d95ed32e93c0d38ea795c4efe17617546a528040</param></service></servicedata>
--- a/update-vendoring.sh
+++ b/update-vendoring.sh
@ -45,4 +45,6 @@ tar Jcf ../vendor-nodejs-${version}.tar.xz gui/velociraptor/node_modules
 cd ..
 mv vendor-golang-${version}.tar.xz vendor-nodejs-${version}.tar.xz ..

+sed -i "s/^%define vendor_version.*/%define vendor_version %{version}/" *.spec
+
 echo "Done"
--- a/velociraptor-0.6.3~git0.69e0fffa.obscpio
+++ b/velociraptor-0.6.3~git0.69e0fffa.obscpio
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9cd66625e5dde3ace77aaf6a5b2936ba62440806a4d807ca2a7e0fea66f0158f
-size 19361293
--- a/velociraptor-0.6.3~git6.d95ed32e.obscpio
+++ b/velociraptor-0.6.3~git6.d95ed32e.obscpio
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b7e2cc59f03a0f1650dc2e4f2e80e2480a03e0da157ae5a5530e1aaf6a0c86c4
+size 19444237
--- a/velociraptor-client.changes
+++ b/velociraptor-client.changes
@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Fri Feb 18 00:52:01 UTC 2022 - jeffm@suse.com
+
+- Update to version 0.6.3~git6.d95ed32e:
+  * Update the Linux.Events.SSHLogin artifact to scan the systemd journal
+  * Update the Linux.Syslog.SSHLogin artifact to scan the systemd journal
+  * Add parser to read systemd journal on Linux
+  * Add an artifact to enumerate immutable files under a path
+  * Add chattr function support for linux
+  * Make GitHub actions more flexible on Windows
+
+-------------------------------------------------------------------
+Thu Feb 10 02:13:36 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
+
+- Add simple default config and provide /var/lib/velociraptor-client.
+
 -------------------------------------------------------------------
 Wed Feb  2 18:24:32 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

--- a/velociraptor-client.config.placeholder
+++ b/velociraptor-client.config.placeholder
@ -1,2 +1,20 @@
 # This configuration file can be generated by using
 # velociraptor-client config client --config /path/to/server.conf
+# The following config needs server_urls and ca_certificate defined.
+Client:
+#  server_urls:
+#  - https://velociraptor-server.local:8000/
+#  ca_certificate: |
+#    -----BEGIN CERTIFICATE-----
+#    [CERTIFICATE DATA]
+#    -----END CERTIFICATE-----
+  nonce: oLWIjJR+zJ8=
+  writeback_linux: /var/lib/velociraptor/velociraptor.writeback.yaml
+  max_poll: 60
+  pinned_server_name: VelociraptorServer
+  max_upload_size: 5242880
+  local_buffer:
+    memory_size: 52428800
+    disk_size: 1073741824
+    filename_linux: /var/lib/velociraptor/Velociraptor_Buffer.bin
+
--- a/velociraptor-client.spec
+++ b/velociraptor-client.spec
@ -16,9 +16,10 @@
 #

 %define projname velociraptor
+%define vendor_version 0.6.3~git0.69e0fffa

 Name:           velociraptor-client
-Version:        0.6.3~git0.69e0fffa
+Version:        0.6.3~git6.d95ed32e
 Release:        0
 Summary:        Endpoint visibility and collection tool (endpoint only)

@ -26,12 +27,13 @@ Summary:        Endpoint visibility and collection tool (endpoint only)
 License:        AGPL-3.0-only
 URL:            https://github.com/Velocidex/velociraptor
 Source:         %{projname}-%{version}.tar.xz
-Source1:        vendor-golang-%{version}.tar.xz
+Source1:        vendor-golang-%{vendor_version}.tar.xz
 Source2:        %{name}.service
 Source3:        %{name}.config.placeholder
 Patch1:         velociraptor-golang-mage-vendoring.diff
 BuildRequires:  golang-packaging
 BuildRequires:  systemd-rpm-macros
+BuildRequires:  systemd-devel
 BuildRequires:  golang(API) >= 1.14
 BuildRequires:  fileb0x
 BuildRequires:  mage
@ -67,6 +69,7 @@ make linux_bare
 mkdir -p %buildroot/%{_bindir}
 mkdir -p %buildroot/%{_sysconfdir}/velociraptor
 mkdir -p %buildroot/%{_unitdir}
+mkdir -p %buildroot/%{_sharedstatedir}/velociraptor-client
 install -m 0755 output/velociraptor-v%{version}-linux-* %buildroot/%{_bindir}/velociraptor
 install -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service
 install -m 0600 %{SOURCE3} %{buildroot}%{_sysconfdir}/velociraptor/client.config
@ -79,6 +82,7 @@ install -m 0600 %{SOURCE3} %{buildroot}%{_sysconfdir}/velociraptor/client.config
 %{_bindir}/velociraptor
 %config(noreplace) %{_sysconfdir}/velociraptor/client.config
 %{_unitdir}/%{name}.service
+%dir %{_sharedstatedir}/velociraptor-client

 %pre
 %service_add_pre %{name}.service
--- a/velociraptor-server.config.placeholder
+++ b/velociraptor-server.config.placeholder
@ -1,2 +1,19 @@
 # This configuration file can be generated by using
 # velociraptor config generate
+
+Datastore:
+  implementation: FileBaseDataStore
+  location: /var/lib/velociraptor/data
+Writeback: {}
+Logging:
+  output_directory: /var/lib/velociraptor/logs
+  separate_logs_per_component: true
+  debug:
+    disabled: true
+  info:
+    rotation_time: 604800
+    max_age: 31536000
+  error:
+    rotation_time: 604800
+    max_age: 31536000
+
--- a/velociraptor.changes
+++ b/velociraptor.changes
@ -1,9 +1,19 @@
 -------------------------------------------------------------------
-Tue Feb  8 17:25:58 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
+Fri Feb 18 00:52:01 UTC 2022 - jeffm@suse.com

- Added client systemd unit files to velociraptor package (LSS#5).
-  Since the velociraptor binary in the 'server' package can
-  also function as the client, we'll need the client config as well.
+- Update to version 0.6.3~git6.d95ed32e:
+  * Update the Linux.Events.SSHLogin artifact to scan the systemd journal
+  * Update the Linux.Syslog.SSHLogin artifact to scan the systemd journal
+  * Add parser to read systemd journal on Linux
+  * Add an artifact to enumerate immutable files under a path
+  * Add chattr function support for linux
+  * Make GitHub actions more flexible on Windows
+
+-------------------------------------------------------------------
+Thu Feb 10 02:12:54 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
+
+- Add simple default configs and provide dirs in /var/lib for client
+  and server.

 -------------------------------------------------------------------
 Mon Feb  7 14:40:47 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
--- a/velociraptor.obsinfo
+++ b/velociraptor.obsinfo
@ -1,4 +1,4 @@
 name: velociraptor
-version: 0.6.3~git0.69e0fffa
-mtime: 1643193558
-commit: 69e0fffa28e2dc22bfaa7961d31b667c9f4388cd
+version: 0.6.3~git6.d95ed32e
+mtime: 1645143958
+commit: d95ed32e93c0d38ea795c4efe17617546a528040
--- a/velociraptor.spec
+++ b/velociraptor.spec
@ -16,9 +16,10 @@
 #

 %define projname velociraptor
+%define vendor_version 0.6.3~git0.69e0fffa

 Name:           velociraptor
-Version:        0.6.3~git0.69e0fffa
+Version:        0.6.3~git6.d95ed32e
 Release:        0
 Summary:	Endpoint visibility and collection tool

@ -26,8 +27,8 @@ Summary:	Endpoint visibility and collection tool
 License:        AGPL-3.0-only
 URL:            https://github.com/Velocidex/velociraptor
 Source:         %{projname}-%{version}.tar.xz
-Source1:	vendor-golang-%{version}.tar.xz
-Source2:	vendor-nodejs-%{version}.tar.xz
+Source1:	vendor-golang-%{vendor_version}.tar.xz
+Source2:	vendor-nodejs-%{vendor_version}.tar.xz
 Source3:        %{name}.service
 Source4:        %{name}-server.config.placeholder
 Source5:        %{name}-client.service
@ -35,6 +36,7 @@ Source6:        %{name}-client.config.placeholder
 Patch1:		velociraptor-golang-mage-vendoring.diff
 BuildRequires:  golang-packaging
 BuildRequires:  systemd-rpm-macros
+BuildRequires:  systemd-devel
 BuildRequires:  golang(API) >= 1.14
 BuildRequires:	fileb0x
 BuildRequires:	mage
@ -75,6 +77,9 @@ make linux
 mkdir -p %buildroot/%{_bindir}
 mkdir -p %buildroot/%{_sysconfdir}/velociraptor
 mkdir -p %buildroot/%{_unitdir}
+mkdir -p %buildroot/%{_sharedstatedir}/velociraptor/data
+mkdir -p %buildroot/%{_sharedstatedir}/velociraptor/logs
+mkdir -p %buildroot/%{_sharedstatedir}/velociraptor-client
 install -m 755 output/velociraptor-v%{version}-linux-* %buildroot/%{_bindir}/velociraptor
 install -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/%{name}.service
 install -m 0600 %{SOURCE4} %{buildroot}%{_sysconfdir}/velociraptor/server.config
@ -90,6 +95,10 @@ install -m 0600 %{SOURCE6} %{buildroot}%{_sysconfdir}/velociraptor/client.config
 %config(noreplace) %{_sysconfdir}/velociraptor/client.config
 %{_unitdir}/%{name}.service
 %{_unitdir}/%{name}-client.service
+%dir %{_sharedstatedir}/velociraptor
+%dir %{_sharedstatedir}/velociraptor/data
+%dir %{_sharedstatedir}/velociraptor/logs
+%dir %{_sharedstatedir}/velociraptor-client

 %pre
 %service_add_pre %{name}.service