forked from pool/velociraptor
Accepting request 1040837 from home:jeff_mahoney:branches:security:sensor
- Update to version 0.6.7.4~git41.678ed56: * rpm: introduce rpm vql plugin * users: extend DeleteUser testcase to ensure org membership was dropped * users: ensure baseline user state is correct * github: run testcases on Linux builds in new workflow * gui/reporting: update bluemonday dependency to latest * SSHLogin: require _TRANSPORT != 'kernel' from watch_journal() * SUSE: Add docker-compose environment * SUSE: add Docker files * clients/host-info.js: add MAC addresses to client dashboard * linux: Add ability to interrogate system and network configuration * Add Linux.Sys.Bash to Server.Monitor.Shell artifact * kafka-humio-gateway: add sample config file * Updating the NewFiles and ProcessStatuses Artifacts * cronsnoop: rework testcases to use t.TempDir * vql/linux/cronsnoop: Add cronsnoop() plugin * Extend audit artifacts to use new interface * audit: rearchitect plugin to scale better with multiple invocations * audit: use caller-allocated buffer * use github.com/jeffmahoney/go-libaudit/v2 for audit * Kafka.Events.Client: Update to use new artifactset type * Add artifact for chattrsnoop plugin * bpflib: ensure it's built only on linux and when requesting bpf * Add chattrsnoop plugin * Add artifact to monitor user group updates (#24) * vql/linux/dnssnoop: Add dnssnoop() plugin * Log Sudo/root command by auditd * Add custom artifacts for login and logout attempts recorded by auditd * Add tcpsnoop plugin * vql/linux/bpflib: add helper package for bpf plugins OBS-URL: https://build.opensuse.org/request/show/1040837 OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=25
This commit is contained in:
parent
9dd9ebd585
commit
62de5286f7
6
_service
6
_service
@ -1,11 +1,11 @@
|
||||
<services>
|
||||
<service mode="manual" name="obs_scm">
|
||||
<param name="url">https://github.com/SUSE/linux-security-sensor</param>
|
||||
<param name="url">https://github.com/jeffmahoney/linux-security-sensor</param>
|
||||
<param name="filename">velociraptor</param>
|
||||
<param name="versionformat">@PARENT_TAG@~git@TAG_OFFSET@.%h</param>
|
||||
<param name="revision">sensor-base-0.6.4</param>
|
||||
<param name="revision">sensor-base-0.6.7</param>
|
||||
<param name="scm">git</param>
|
||||
<param name="parent-tag">v0.6.4-2</param>
|
||||
<param name="parent-tag">v0.6.7-4</param>
|
||||
<param name="versionrewrite-pattern">v([0-9\.]*)-(.*)</param>
|
||||
<param name="versionrewrite-replacement">\1.\2</param>
|
||||
<param name="changesgenerate">enable</param>
|
||||
|
@ -1,6 +1,6 @@
|
||||
<servicedata>
|
||||
<service name="tar_scm">
|
||||
<param name="url">https://github.com/jeffmahoney/linux-security-sensor</param>
|
||||
<param name="changesrevision">85b608e2da06a90d5e51ae39fe79adbdb8511a3f</param></service><service name="tar_scm">
|
||||
<param name="changesrevision">678ed562b0dc36217e5fc081936a57bc1e40be22</param></service><service name="tar_scm">
|
||||
<param name="url">https://github.com/SUSE/linux-security-sensor</param>
|
||||
<param name="changesrevision">b5931f73eb6c171a558d09d4ef8b3d4d7292d519</param></service></servicedata>
|
@ -33,7 +33,7 @@ cpio -D "${dir}" -id < velociraptor-${version}.obscpio
|
||||
|
||||
echo "Running %prep"
|
||||
cd "${dir}/velociraptor-${version}"
|
||||
tar Jxf ${topdir}/vmlinux.h-5.18.9-2-default.tar.xz
|
||||
tar Jxf ${topdir}/vmlinux.h-5.14.21150400.22-150400-default.tar.xz
|
||||
sh ${dir}/setup.sh
|
||||
|
||||
echo "Re-vendoring Go code..."
|
||||
@ -50,13 +50,12 @@ replace_module() {
|
||||
rm -rf "vendor/${mod}"
|
||||
rel="$(echo $mod|tr A-Za-z0-9_- .|sed -e 's/\.\.\.*/../g')"
|
||||
ln -s "${rel}/${path}" "vendor/${mod}"
|
||||
set -x
|
||||
ls -la vendor/${mod}/
|
||||
set +x
|
||||
}
|
||||
|
||||
replace_module github.com/aquasecurity/libbpfgo third_party/libbpfgo
|
||||
replace_module github.com/elastic/go-libaudit/v2 third_party/go-libaudit
|
||||
|
||||
sh
|
||||
|
||||
tar Jcf ${dir}/vendor-golang-${version}.tar.xz vendor
|
||||
cd "${dir}"
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:cdf58a89e754e17e9f4bd837d71dc744e08539581cce39fb06aedd3f9a4f0f19
|
||||
size 36331021
|
3
velociraptor-0.6.7.4~git41.678ed56.obscpio
Normal file
3
velociraptor-0.6.7.4~git41.678ed56.obscpio
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:1e6ccc02e8e3e223fb1db4ee8f432f29d6d0b8f4da8aecb5bb4eed0e5758c37d
|
||||
size 127589902
|
@ -1,3 +1,402 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Dec 07 02:49:56 UTC 2022 - jeffm@suse.com
|
||||
|
||||
- Update to version 0.6.7.4~git41.678ed56:
|
||||
* rpm: introduce rpm vql plugin
|
||||
* users: extend DeleteUser testcase to ensure org membership was dropped
|
||||
* users: ensure baseline user state is correct
|
||||
* github: run testcases on Linux builds in new workflow
|
||||
* gui/reporting: update bluemonday dependency to latest
|
||||
* SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()
|
||||
* SUSE: Add docker-compose environment
|
||||
* SUSE: add Docker files
|
||||
* clients/host-info.js: add MAC addresses to client dashboard
|
||||
* linux: Add ability to interrogate system and network configuration
|
||||
* Add Linux.Sys.Bash to Server.Monitor.Shell artifact
|
||||
* kafka-humio-gateway: add sample config file
|
||||
* Updating the NewFiles and ProcessStatuses Artifacts
|
||||
* cronsnoop: rework testcases to use t.TempDir
|
||||
* vql/linux/cronsnoop: Add cronsnoop() plugin
|
||||
* Extend audit artifacts to use new interface
|
||||
* audit: rearchitect plugin to scale better with multiple invocations
|
||||
* audit: use caller-allocated buffer
|
||||
* use github.com/jeffmahoney/go-libaudit/v2 for audit
|
||||
* Kafka.Events.Client: Update to use new artifactset type
|
||||
* Add artifact for chattrsnoop plugin
|
||||
* bpflib: ensure it's built only on linux and when requesting bpf
|
||||
* Add chattrsnoop plugin
|
||||
* Add artifact to monitor user group updates (#24)
|
||||
* vql/linux/dnssnoop: Add dnssnoop() plugin
|
||||
* Log Sudo/root command by auditd
|
||||
* Add custom artifacts for login and logout attempts recorded by auditd
|
||||
* Add tcpsnoop plugin
|
||||
* vql/linux/bpflib: add helper package for bpf plugins
|
||||
* libbpfgo: add submodule with forked repo for fully static builds
|
||||
* Add Kafka-Humio Gateway [Depends on PR#10] (#8)
|
||||
* Add a Kafka export plugin
|
||||
* SUSE: Add SSHLogin artifacts
|
||||
* SUSE: Do build tests on every pull request
|
||||
* Add systemd-dev as build dependency for github workflow
|
||||
* Update the Linux.Events.SSHLogin artifact to scan the systemd journal
|
||||
* Update the Linux.Syslog.SSHLogin artifact to scan the systemd journal
|
||||
* Add parser to read systemd journal on Linux
|
||||
* Linux.Detection.ImmutableFiles: Enumerate immutable files under a path
|
||||
* linux: add lsattr() function to enumerate file attributes
|
||||
* Github: Run build workflow on each pull request
|
||||
* More fixes for Windows.System.VAD (#2317) (#2318)
|
||||
* Bugfix: When org is not specified this JS code raised (#2315) (#2316)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 06 21:53:43 UTC 2022 - jeffm@suse.com
|
||||
|
||||
- Update to version 0.6.7.3~git41.fa6afa7:
|
||||
* rpm: introduce rpm vql plugin
|
||||
* users: extend DeleteUser testcase to ensure org membership was dropped
|
||||
* users: ensure baseline user state is correct
|
||||
* github: run testcases on Linux builds
|
||||
* gui/reporting: update bluemonday dependency to latest
|
||||
* SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()
|
||||
* SUSE: Add docker-compose environment
|
||||
* SUSE: add Docker files
|
||||
* clients/host-info.js: add MAC addresses to client dashboard
|
||||
* linux: Add ability to interrogate system and network configuration
|
||||
* Add Linux.Sys.Bash to Server.Monitor.Shell artifact
|
||||
* kafka-humio-gateway: add sample config file
|
||||
* Updating the NewFiles and ProcessStatuses Artifacts
|
||||
* cronsnoop: rework testcases to use t.TempDir
|
||||
* vql/linux/cronsnoop: Add cronsnoop() plugin
|
||||
* Extend audit artifacts to use new interface
|
||||
* audit: rearchitect plugin to scale better with multiple invocations
|
||||
* audit: use caller-allocated buffer
|
||||
* use github.com/jeffmahoney/go-libaudit/v2 for audit
|
||||
* Kafka.Events.Client: Update to use new artifactset type
|
||||
* Add artifact for chattrsnoop plugin
|
||||
* bpflib: ensure it's built only on linux and when requesting bpf
|
||||
* Add chattrsnoop plugin
|
||||
* Add artifact to monitor user group updates (#24)
|
||||
* vql/linux/dnssnoop: Add dnssnoop() plugin
|
||||
* Log Sudo/root command by auditd
|
||||
* Add custom artifacts for login and logout attempts recorded by auditd
|
||||
* Add tcpsnoop plugin
|
||||
* vql/linux/bpflib: add helper package for bpf plugins
|
||||
* libbpfgo: add submodule with forked repo for fully static builds
|
||||
* Add Kafka-Humio Gateway [Depends on PR#10] (#8)
|
||||
* Add a Kafka export plugin
|
||||
* SUSE: Add SSHLogin artifacts
|
||||
* SUSE: Do build tests on every pull request
|
||||
* Add systemd-dev as build dependency for github workflow
|
||||
* Update the Linux.Events.SSHLogin artifact to scan the systemd journal
|
||||
* Update the Linux.Syslog.SSHLogin artifact to scan the systemd journal
|
||||
* Add parser to read systemd journal on Linux
|
||||
* Linux.Detection.ImmutableFiles: Enumerate immutable files under a path
|
||||
* linux: add lsattr() function to enumerate file attributes
|
||||
* Github: Run build workflow on each pull request
|
||||
* Bugfix: Do not materialize the VAD array in Windows.System.VAD (#2311)
|
||||
* Sync to master's bugfixes (#2309)
|
||||
* Prepare for 0.6.7-2 release (#2300)
|
||||
* 0.6.7 sync (#2261)
|
||||
* 0.6.7 sync3 (#2256)
|
||||
* 0.6.7 sync (#2239)
|
||||
* Prepare a 0.6.7-rc3 (#2217)
|
||||
* Bugfix: sparse files were not properly detected. (#2200) (#2201)
|
||||
* Propagate progress timeout for collections. (#2193)
|
||||
* Verify client's key with or without the org id. (#2192)
|
||||
* Add Windows.System.Shares (#2191)
|
||||
* Allow artifacts to have aliases (#2190)
|
||||
* Added a regex_array column type to allow multiple regex to be set. (#2188)
|
||||
* [Snyk] Upgrade react-router-dom from 5.3.3 to 5.3.4 (#2180)
|
||||
* Add 'UsedBy' column to results (#2186)
|
||||
* Update flow and hunt download exports to use the container (#2185)
|
||||
* Disable toolbar buttons when no options are available (#2183)
|
||||
* Allow hunts to be scheduled on multiple orgs (#2182)
|
||||
* Update WIndows PSList and VAD artifacts (#38) (#2181)
|
||||
* Add in amcache (#2176)
|
||||
* Added additional sources for UserAccessLogs (aka SUM) artifact (#2179)
|
||||
* Fixed tests (#2177)
|
||||
* [Snyk] Upgrade styled-components from 5.3.5 to 5.3.6 (#2174)
|
||||
* Page Cell logs in notebook (#2172)
|
||||
* Break client connection stats by org id (#2171)
|
||||
* Added a remapping export to Windows.Registry.NTUser (#2170)
|
||||
* Added tlsh hash (#2169)
|
||||
* Check sparse files for large size before padding them out. (#2167)
|
||||
* Linux and macOS Packet Capture Artifact Updates (#2168)
|
||||
* Update deps (#2166)
|
||||
* Add some suggested groks for parsing IIS logs (#2165)
|
||||
* Refactor collection container (#2163)
|
||||
* Implement transparent decryption for collector accessor (#2162)
|
||||
* [Snyk] Upgrade ace-builds from 1.11.0 to 1.11.1 (#2161)
|
||||
* Automatically decrypt collections with collector accessor (#2159)
|
||||
* Fix css colors. (#2158)
|
||||
* [Snyk] Upgrade ace-builds from 1.10.1 to 1.11.0 (#2156)
|
||||
* Retry reads on EOF in NTFS accessor (#2157)
|
||||
* Updated zip implementation to support crypto (#2155)
|
||||
* Target 'Cmdline' instead of 'CommandLine' (#2154)
|
||||
* Bugfix: Extra interpolation when client logs messages with % (#2152)
|
||||
* Add 'Active' column to show whether or not a firewall rule is enabled. (#2150)
|
||||
* Added test for encrypted offline collector. (#2149)
|
||||
* Update parsing for Dock plist details (#2148)
|
||||
* Implement filter for large artifact forms (#2147)
|
||||
* Add Public Key Encryption Support to Offline Collections (#2133)
|
||||
* Implemented a max memory grouper (#2146)
|
||||
* Check if setgid flag is set (#2145)
|
||||
* [Snyk] Upgrade react-overlays from 5.2.0 to 5.2.1 (#2144)
|
||||
* Add context to yara.NTFS (#36) (#2143)
|
||||
* Add `auth_redirect_template` config for handling unauthorized API calls (#2140)
|
||||
* Allow the user to specify a collection as urgent (#2139)
|
||||
* Fix typo, slightly improve translations (de,fr) (#2137)
|
||||
* Add 'CronScripts' query/source and 'Length' option (#2138)
|
||||
* Check sanity of inventory service for all orgs (#2136)
|
||||
* Change 'filename' to 'file' for upload (#2135)
|
||||
* Sync with latest NTFS changes. (#2134)
|
||||
* [Snyk] Upgrade classnames from 2.3.1 to 2.3.2 (#2130)
|
||||
* Added URLRegex to FireFox history (#2129)
|
||||
* Link to collection in host shell (#2128)
|
||||
* additional references (#2126)
|
||||
* Sync to go-ntfs (#2125)
|
||||
* Provide the option to expand sparse files in export (#2124)
|
||||
* Bugfix: Process address space lockup under some conditions (#2123)
|
||||
* Added URLRegex to Firefox and Chrome history (#2122)
|
||||
* Add note about RecentApps key not being available after Windows 10, version 1803 (#2119)
|
||||
* Expose the communicator's crypto manager (#2118)
|
||||
* Further refactor of the download handler. (#2117)
|
||||
* [Snyk] Upgrade ace-builds from 1.10.0 to 1.10.1 (#2114)
|
||||
* Uploaded files are now shows with client paths (#2116)
|
||||
* [Snyk] Upgrade recharts from 2.1.13 to 2.1.14 (#2115)
|
||||
* Maintain row count per query. (#2113)
|
||||
* Update Trackaccount.yaml (#2112)
|
||||
* Clean up artifact references (#2111)
|
||||
* Prevent null error when choosing to calculate hash and when providing authenticode information (#2109)
|
||||
* Add Length option and re-arrange output (#2107)
|
||||
* Bugfix: Merge file option should work with config show (#2108)
|
||||
* Always write content to lock files (#2106)
|
||||
* [Snyk] Upgrade ace-builds from 1.9.6 to 1.10.0 (#2102)
|
||||
* Authentication configuration error reporting/validation (#2101)
|
||||
* auth: don't return a base path with two leading slashes (#2100)
|
||||
* Added org report in root org dashboard (#2098)
|
||||
* [Snyk] Upgrade react-bootstrap from 1.6.5 to 1.6.6 (#2094)
|
||||
* [Snyk] Upgrade humanize-duration from 3.27.2 to 3.27.3 (#2095)
|
||||
* authenticode is a function and not a plug (#2092)
|
||||
* Allow '+' in usernames (#2093)
|
||||
* Attempt to decompress client messages if errors occur. (#2088)
|
||||
* Pass org config to mutations in MemcacheFileDataStore (#2087)
|
||||
* Support oauth with a different base path. (#2082)
|
||||
* Allow client->server compression to be disabled (#2081)
|
||||
* Keep track of collected results using collection status (#2075)
|
||||
* Enforce a hard timeout for incoming processing (#2074)
|
||||
* Expand API of user service to include context (#2071)
|
||||
* When creating a new org pass the new org id to the acl function (#2068)
|
||||
* Allow collect_client() etc to accept ArtifactSpec protobuf (#2067)
|
||||
* Only create initial orgs on first run. (#2066)
|
||||
* Bugfix: Do not start multiple communicators in windows service. (#2064)
|
||||
* Added initial_orgs to the config (#2063)
|
||||
* Bugfix- Server.Utils.DeleteClient over sanitized client id (#2061)
|
||||
* Fixed backwards compatible bug (#2057)
|
||||
* [Snyk] Upgrade ace-builds from 1.9.5 to 1.9.6 (#2055)
|
||||
* Fixed CSS for column selector ui (#2053)
|
||||
* Split server sanity checks into root org and other orgs (#2052)
|
||||
* collect each query's status separately (#2049)
|
||||
* Pass org ids in href parameters (#2047)
|
||||
* Org manager maintains services lifetime (#2045)
|
||||
* Added org_delete() function to remove orgs. (#2042)
|
||||
* Updated themes for context menu (#2041)
|
||||
* Made context menus settable in the config file (#2040)
|
||||
* Added Send to CyberChef context menu on table cells. (#2039)
|
||||
* [Snyk] Upgrade ace-builds from 1.9.3 to 1.9.5 (#2037)
|
||||
* [Snyk] Upgrade ace-builds from 1.8.1 to 1.9.3 (#2033)
|
||||
* Bugfix: watch_usn() was not flushing the mft LRU properly (#2032)
|
||||
* Bugfix: Maintain field order in sysmon based tracker (#2030)
|
||||
* Added regex protocols for int, float etc. (#2028)
|
||||
* Refactor client monitoring API to use service (#2027)
|
||||
* Bugfix: Switch GUI to first available org (#2025)
|
||||
* Update Linux pslist() to use CommandLine column (#2024)
|
||||
* Add embedded stager parse usecase (#34) (#2023)
|
||||
* update to clean up null fields (#2020)
|
||||
* Refactor code to propagate the context in more cases. (#2019)
|
||||
* Bugix: Raw file accessor had different behaviour on Windows (#2018)
|
||||
* Cater for unknown parents in process tracker. (#2015)
|
||||
* Fix sense of multiple regexp in all() function (#2014)
|
||||
* Added all() and any() VQL functions (#2013)
|
||||
* Capitalize 'i' in config generation output (#2012)
|
||||
* Fixed crash in api_client command (#2010)
|
||||
* Update UserAccessLogs.yaml (#2009)
|
||||
* Fixed bug in UserAccessLog artifact (#2008)
|
||||
* api/authenticators: fix handling of missing oauthstate cookie for OAUTH2 (#2000)
|
||||
* Collect domain role info on interrogate (#1998)
|
||||
* Added new GUI column type for tree (#1997)
|
||||
* Fixed CSS to make column selector more visible (#1996)
|
||||
* Send a System.Upload.Completion event on server artifact upload (#1995)
|
||||
* Refactor of oauth code (#1993)
|
||||
* Added some helpful server artifacts (#1992)
|
||||
* Bugfix: "rpm server" command did not produce minion packages (#1991)
|
||||
* Add ability to delete monitoring events. (#1990)
|
||||
* Allow notebook GUI to set notebooks to public. (#1989)
|
||||
* Allow the user to change password in the GUI (#1988)
|
||||
* Added a delay() VQL function (#1987)
|
||||
* Fixed a crash when add_monitoring was called without parameters. (#1986)
|
||||
* Allow hunt() to limit by OS condition (#1985)
|
||||
* [Snyk] Upgrade ace-builds from 1.7.1 to 1.8.1 (#1984)
|
||||
* Fix "last_visit_time" timestamp (#1983)
|
||||
* Added Generic.System.ProcessSiblings (#1982)
|
||||
* [Snyk] Upgrade bootstrap from 4.6.1 to 4.6.2 (#1979)
|
||||
* General cleanup (#1977)
|
||||
* Update BinaryRename.yaml (#1976)
|
||||
* Support multi orgs in server-server communication (#1975)
|
||||
* Inventory service should upload tools to global public directory (#1973)
|
||||
* fixed path issue (#1972)
|
||||
* Support REG_MULTI_SZ in raw registry accessor (#1969)
|
||||
* fix: upgrade interactjs from 1.10.16 to 1.10.17 (#1968)
|
||||
* Update prefetch library to fix bug (#1965)
|
||||
* The "fs" accessor should also be org sensitive. (#1964)
|
||||
* Added user_grant() VQL function (#1963)
|
||||
* fix: upgrade interactjs from 1.10.14 to 1.10.16 (#1961)
|
||||
* fix: gui/velociraptor/package.json & gui/velociraptor/package-lock.json to reduce vulnerabilities (#1960)
|
||||
* Several security related bugfixes. (#1962)
|
||||
* Fixed bug in watch_evtx() (#1955)
|
||||
* fix: upgrade ace-builds from 1.7.0 to 1.7.1 (#1952)
|
||||
* Fixed visted_url typo (#1953)
|
||||
* Added NewOrg artifact to make creating new orgs easier. (#1951)
|
||||
* Fix broken deps due to snyke merge (#1950)
|
||||
* build(deps): bump terser from 4.8.0 to 4.8.1 in /gui/velociraptor (#1946)
|
||||
* fix: upgrade recharts from 2.1.11 to 2.1.12 (#1945)
|
||||
* fix: upgrade @fortawesome/react-fontawesome from 0.1.18 to 0.2.0 (#1948)
|
||||
* Added orgs() plugin and user management (#1949)
|
||||
* fix: upgrade ace-builds from 1.6.1 to 1.7.0 (#1944)
|
||||
* Add new embedded pe in data section parse (#1943)
|
||||
* Refactor startup code (#1942)
|
||||
* fix: upgrade qs from 6.10.4 to 6.11.0 (#1941)
|
||||
* fix: upgrade recharts from 2.1.10 to 2.1.11 (#1939)
|
||||
* fix: upgrade ace-builds from 1.6.0 to 1.6.1 (#1938)
|
||||
* Added artifact Windows.Attack.IncorrectImagePath (#1927)
|
||||
* Account for pid reuse in process tracker. (#1936)
|
||||
* add precondition for only windows (#1935)
|
||||
* Make ddclient service parameters configurable (#1933)
|
||||
* fix: gui/velociraptor/package.json & gui/velociraptor/package-lock.json to reduce vulnerabilities (#1930)
|
||||
* fix: upgrade interactjs from 1.10.13 to 1.10.14 (#1918)
|
||||
* replace YaraUrl type (#1922)
|
||||
* Add other url yara fixes (#1921)
|
||||
* Update Glob.yaml (#1920)
|
||||
* Fixed bug in startup code. (#1919)
|
||||
* Initial commit of multitenant support (#1917)
|
||||
* Adds three Linux artifacts (#1916)
|
||||
* Fixed a crash when using artifact plugin with tools (#1915)
|
||||
* Added a collector accessor (#1912)
|
||||
* fix: upgrade interactjs from 1.10.11 to 1.10.13 (#1909)
|
||||
* fix: upgrade qs from 6.10.3 to 6.10.4 (#1910)
|
||||
* Japanese translation (#1906)
|
||||
* Fix spanish translations. (#1907)
|
||||
* fix: upgrade react-overlays from 5.1.2 to 5.2.0 (#1904)
|
||||
* Add Shimcache reformat (#1892)
|
||||
* A couple of performance tweaks. (#1903)
|
||||
* Fix Amcache artifact (#1902)
|
||||
* Retry axios requests (#1901)
|
||||
* Revert "fix: upgrade ace-builds from 1.5.2 to 1.5.3 (#1899)" (#1900)
|
||||
* fix: upgrade ace-builds from 1.5.2 to 1.5.3 (#1899)
|
||||
* Use the auto accessor as first level of VFS (#1898)
|
||||
* Theme fixes (#1895)
|
||||
* Added additional logging for windows client service (#1894)
|
||||
* Theme updates (#1893)
|
||||
* Prepare for release 0.6.5 (#1890)
|
||||
* Bugfix: CPU limit was not properly enforced on endpoint. (#1889)
|
||||
* fix: upgrade react-calendar-timeline from 0.27.0 to 0.28.0 (#1887)
|
||||
* fix: upgrade ace-builds from 1.5.1 to 1.5.2 (#1888)
|
||||
* Improve the Windows.Sys.StartupItems artifact (#1886)
|
||||
* Fixed the --remap flag (#1883)
|
||||
* Fixed bug in client_delete() (#1882)
|
||||
* Added a delete_flow VQL plugin (#1880)
|
||||
* Add fix for generic bin file payload (#1879)
|
||||
* Bugfix: Notebook calculation did not update cell (#1878)
|
||||
* fix: upgrade humanize-duration from 3.27.1 to 3.27.2 (#1877)
|
||||
* Revised Portuguese translation (#1876)
|
||||
* Update usn.go (#1873)
|
||||
* Added French language (#1874)
|
||||
* Updated german translation (#1875)
|
||||
* Refactor artifact plugin to be more efficient. (#1871)
|
||||
* Update de.js (#1870)
|
||||
* fix: upgrade ace-builds from 1.5.0 to 1.5.1 (#1867)
|
||||
* Refactor server artifacts service (#1868)
|
||||
* Refactored notebook into a service (#1863)
|
||||
* fix: upgrade react-router-dom from 5.3.2 to 5.3.3 (#1861)
|
||||
* fix: upgrade recharts from 2.1.9 to 2.1.10 (#1862)
|
||||
* Bugfix: raw registry accessor supports read_file() (#1859)
|
||||
* Add LogHunter - a generic grep over log capability (#1853)
|
||||
* Added a GUI element to easily filter log messages (#1858)
|
||||
* Added an oidc-cognito authenticator (#1854)
|
||||
* build(deps): bump tar from 6.0.5 to 6.1.11 in /gui/velociraptor (#1852)
|
||||
* fix: upgrade react-router-dom from 5.3.1 to 5.3.2 (#1850)
|
||||
* Fix ACE font handling (#1849)
|
||||
* Format timestamps opportunistically. (#1848)
|
||||
* Update cidr_contains() to return true if any of the ranges match. (#1847)
|
||||
* Sync KapeFiles and SQLECmd artifacts (#1845)
|
||||
* Prepare 0.6.5-rc1 release (#1844)
|
||||
* Added a default process tracker (#1843)
|
||||
* Implement log levels in VQL (#1839)
|
||||
* Theme development checkpoint (#1838)
|
||||
* fix: upgrade ace-builds from 1.4.14 to 1.5.0 (#1836)
|
||||
* fix: upgrade react-bootstrap from 1.6.4 to 1.6.5 (#1837)
|
||||
* Added an LRU VQL function (#1835)
|
||||
* Bugfix: VFS viewer was unable to access files with \ in name (#1832)
|
||||
* use group SID instead of name to get local admins (#1833)
|
||||
* Added Portuguese and Spanish languages (#1831)
|
||||
* fix: upgrade react-overlays from 5.1.1 to 5.1.2 (#1830)
|
||||
* Make display timezone user selectable (#1827)
|
||||
* Added Musl build target (#1826)
|
||||
* Fix deadlock in hunt dispatcher (#1825)
|
||||
* Theme tweaks (#1821)
|
||||
* add groupname parameter to LocalAdmins artifact (#1823)
|
||||
* Fix/activitescache glob expression - Timeline.yaml (#1824)
|
||||
* Update TemplateInjection.yaml (#1820)
|
||||
* Prevent text wrap on sidebar (#1819)
|
||||
* Added some missing translations (#1817)
|
||||
* Added Deutsch UI Language (#1816)
|
||||
* Support UNC paths in windows accessors. (#1815)
|
||||
* Add enrichment callback for process tracker (#1814)
|
||||
* Prevent null FailureActions error (#1811)
|
||||
* Make ACL manager pluggable. (#1813)
|
||||
* Allow custom override for GUI artifacts by default (#1810)
|
||||
* Refactored hunt related functions to use the hunt_dispatcher (#1807)
|
||||
* artifactset: add ability to select named sources (#1809)
|
||||
* UI enhancements (#1805)
|
||||
* Refactor: Create user manager service (#1804)
|
||||
* New themes and refactoring of existing CSS (#1801)
|
||||
* Bugfix: Server monitoring queries were not correctly cancelled. (#1803)
|
||||
* Add gunzip function (#1802)
|
||||
* GUI: Artifact selector (#1790)
|
||||
* Refactor and improve the way clients send query related information (#1800)
|
||||
* fix: upgrade axios from 0.26.1 to 0.27.2 (#1798)
|
||||
* Add Cobalt Strike carver sleep function capability (#1795)
|
||||
* Bugfix: Create new buffer to accumulate VQL results (#1794)
|
||||
* Make velociraptor_client executable in postint script (#1788)
|
||||
* Support addition on dicts (#1785)
|
||||
* fix: upgrade moment from 2.29.2 to 2.29.3 (#1782)
|
||||
* fix: upgrade react-router-dom from 5.3.0 to 5.3.1 (#1783)
|
||||
* Reset nanny when client connection failed. (#1780)
|
||||
* Fix artifacts that use yara parameters to specify yara type (#1779)
|
||||
* SysmonInstall artifact now skips install if not needed (#1777)
|
||||
* Suppress warning message for offline collector (#1776)
|
||||
* Bug fix (#1774)
|
||||
* Avoid bash process lingering around while server is running (#1775)
|
||||
* oidc: Fix typo: Genric -> Generic (#1773)
|
||||
* Make MaxWait for event table settable. (#1772)
|
||||
* Fixed bug in Windows.Detection.Yara.Process (#1771)
|
||||
* fix: upgrade react-scripts from 5.0.0 to 5.0.1 (#1770)
|
||||
* Initial implementation of client side process tracker. (#1768)
|
||||
* Bugfix: Client did not update list of query columns (#1767)
|
||||
* Fixed bug in ETWSessions artifact (#1766)
|
||||
* build(deps): bump async from 2.6.3 to 2.6.4 in /gui/velociraptor (#1761)
|
||||
* Add update to ADSHunter for better output on complete system hunts (#28) (#1765)
|
||||
* Add fix for dupliate entries from flattern bug (#1760)
|
||||
* build(deps): bump ejs from 3.1.6 to 3.1.7 in /gui/velociraptor (#1758)
|
||||
* build(deps): bump cross-fetch from 3.1.3 to 3.1.5 in /gui/velociraptor (#1759)
|
||||
* Fix undefined types in some artifact parameters (#1757)
|
||||
* Update Glob.yaml (#1754)
|
||||
* Bugfix: Unable to set cpu limits in hunt GUI (#1751)
|
||||
* Support case insensitive notebook cell types (#1747)
|
||||
* Fixed a bug in the Userassist artifact (#1746)
|
||||
* Bugfix: Hunt stats were not properly incremented (#1744)
|
||||
* Invalidate transformed cache when the base table changes. (#1742)
|
||||
* GUI Table widgets now can apply transformations on the table. (#1740)
|
||||
* Update FilenameSearch.yaml (#1741)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Nov 11 21:12:02 UTC 2022 - jeffm@suse.com
|
||||
|
||||
|
@ -16,11 +16,11 @@
|
||||
#
|
||||
|
||||
%define projname velociraptor
|
||||
%define vendor_version 0.6.4.2~git86.b5931f7
|
||||
%define vendor_version 0.6.7.4~git41.678ed56
|
||||
%define vmlinux_h_version 5.14.21150400.22-150400-default
|
||||
|
||||
Name: velociraptor-client
|
||||
Version: 0.6.4.2~git86.b5931f7
|
||||
Version: 0.6.7.4~git41.678ed56
|
||||
Release: 0
|
||||
Summary: Endpoint visibility and collection tool (endpoint only)
|
||||
Group: System/Monitoring
|
||||
@ -33,13 +33,11 @@ Source3: %{name}.config.placeholder
|
||||
Source4: vmlinux.h-%{vmlinux_h_version}.tar.xz
|
||||
Patch1: velociraptor-golang-mage-vendoring.diff
|
||||
Patch2: velociraptor-skip-git-submodule-import-for-OBS-build.patch
|
||||
Patch3: velociraptor-makefile-add-bpf-rules-to-linux_bare.patch
|
||||
Patch4: libbpfgo-i386.patch
|
||||
BuildRequires: golang-packaging
|
||||
BuildRequires: systemd-rpm-macros
|
||||
BuildRequires: systemd-devel
|
||||
# We actually only require >= 1.17
|
||||
BuildRequires: golang(API) = 1.17
|
||||
BuildRequires: golang(API) >= 1.18
|
||||
BuildRequires: fileb0x
|
||||
BuildRequires: mage
|
||||
%ifarch x86_64
|
||||
|
@ -1,24 +0,0 @@
|
||||
From: Jeff Mahoney <jeffm@suse.com>
|
||||
Subject: Makefile: add bpf rules to linux_bare
|
||||
|
||||
The standalone client needs to have the vql implementation for bpf too
|
||||
|
||||
Acked-by: Jeff Mahoney <jeffm@suse.com>
|
||||
---
|
||||
Makefile | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
--- a/Makefile
|
||||
+++ b/Makefile
|
||||
@@ -84,8 +84,8 @@ endif
|
||||
|
||||
linux: $(BPF_MODULES)
|
||||
$(GOFLAGS) go run make.go -v linux
|
||||
-linux_bare:
|
||||
- go run make.go -v linuxBare
|
||||
+linux_bare: $(BPF_MODULES)
|
||||
+ $(GOFLAGS) go run make.go -v linuxBare
|
||||
|
||||
freebsd:
|
||||
go run make.go -v freebsd
|
||||
|
@ -1,3 +1,402 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Dec 07 02:49:56 UTC 2022 - jeffm@suse.com
|
||||
|
||||
- Update to version 0.6.7.4~git41.678ed56:
|
||||
* rpm: introduce rpm vql plugin
|
||||
* users: extend DeleteUser testcase to ensure org membership was dropped
|
||||
* users: ensure baseline user state is correct
|
||||
* github: run testcases on Linux builds in new workflow
|
||||
* gui/reporting: update bluemonday dependency to latest
|
||||
* SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()
|
||||
* SUSE: Add docker-compose environment
|
||||
* SUSE: add Docker files
|
||||
* clients/host-info.js: add MAC addresses to client dashboard
|
||||
* linux: Add ability to interrogate system and network configuration
|
||||
* Add Linux.Sys.Bash to Server.Monitor.Shell artifact
|
||||
* kafka-humio-gateway: add sample config file
|
||||
* Updating the NewFiles and ProcessStatuses Artifacts
|
||||
* cronsnoop: rework testcases to use t.TempDir
|
||||
* vql/linux/cronsnoop: Add cronsnoop() plugin
|
||||
* Extend audit artifacts to use new interface
|
||||
* audit: rearchitect plugin to scale better with multiple invocations
|
||||
* audit: use caller-allocated buffer
|
||||
* use github.com/jeffmahoney/go-libaudit/v2 for audit
|
||||
* Kafka.Events.Client: Update to use new artifactset type
|
||||
* Add artifact for chattrsnoop plugin
|
||||
* bpflib: ensure it's built only on linux and when requesting bpf
|
||||
* Add chattrsnoop plugin
|
||||
* Add artifact to monitor user group updates (#24)
|
||||
* vql/linux/dnssnoop: Add dnssnoop() plugin
|
||||
* Log Sudo/root command by auditd
|
||||
* Add custom artifacts for login and logout attempts recorded by auditd
|
||||
* Add tcpsnoop plugin
|
||||
* vql/linux/bpflib: add helper package for bpf plugins
|
||||
* libbpfgo: add submodule with forked repo for fully static builds
|
||||
* Add Kafka-Humio Gateway [Depends on PR#10] (#8)
|
||||
* Add a Kafka export plugin
|
||||
* SUSE: Add SSHLogin artifacts
|
||||
* SUSE: Do build tests on every pull request
|
||||
* Add systemd-dev as build dependency for github workflow
|
||||
* Update the Linux.Events.SSHLogin artifact to scan the systemd journal
|
||||
* Update the Linux.Syslog.SSHLogin artifact to scan the systemd journal
|
||||
* Add parser to read systemd journal on Linux
|
||||
* Linux.Detection.ImmutableFiles: Enumerate immutable files under a path
|
||||
* linux: add lsattr() function to enumerate file attributes
|
||||
* Github: Run build workflow on each pull request
|
||||
* More fixes for Windows.System.VAD (#2317) (#2318)
|
||||
* Bugfix: When org is not specified this JS code raised (#2315) (#2316)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 06 21:53:43 UTC 2022 - jeffm@suse.com
|
||||
|
||||
- Update to version 0.6.7.3~git41.fa6afa7:
|
||||
* rpm: introduce rpm vql plugin
|
||||
* users: extend DeleteUser testcase to ensure org membership was dropped
|
||||
* users: ensure baseline user state is correct
|
||||
* github: run testcases on Linux builds
|
||||
* gui/reporting: update bluemonday dependency to latest
|
||||
* SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()
|
||||
* SUSE: Add docker-compose environment
|
||||
* SUSE: add Docker files
|
||||
* clients/host-info.js: add MAC addresses to client dashboard
|
||||
* linux: Add ability to interrogate system and network configuration
|
||||
* Add Linux.Sys.Bash to Server.Monitor.Shell artifact
|
||||
* kafka-humio-gateway: add sample config file
|
||||
* Updating the NewFiles and ProcessStatuses Artifacts
|
||||
* cronsnoop: rework testcases to use t.TempDir
|
||||
* vql/linux/cronsnoop: Add cronsnoop() plugin
|
||||
* Extend audit artifacts to use new interface
|
||||
* audit: rearchitect plugin to scale better with multiple invocations
|
||||
* audit: use caller-allocated buffer
|
||||
* use github.com/jeffmahoney/go-libaudit/v2 for audit
|
||||
* Kafka.Events.Client: Update to use new artifactset type
|
||||
* Add artifact for chattrsnoop plugin
|
||||
* bpflib: ensure it's built only on linux and when requesting bpf
|
||||
* Add chattrsnoop plugin
|
||||
* Add artifact to monitor user group updates (#24)
|
||||
* vql/linux/dnssnoop: Add dnssnoop() plugin
|
||||
* Log Sudo/root command by auditd
|
||||
* Add custom artifacts for login and logout attempts recorded by auditd
|
||||
* Add tcpsnoop plugin
|
||||
* vql/linux/bpflib: add helper package for bpf plugins
|
||||
* libbpfgo: add submodule with forked repo for fully static builds
|
||||
* Add Kafka-Humio Gateway [Depends on PR#10] (#8)
|
||||
* Add a Kafka export plugin
|
||||
* SUSE: Add SSHLogin artifacts
|
||||
* SUSE: Do build tests on every pull request
|
||||
* Add systemd-dev as build dependency for github workflow
|
||||
* Update the Linux.Events.SSHLogin artifact to scan the systemd journal
|
||||
* Update the Linux.Syslog.SSHLogin artifact to scan the systemd journal
|
||||
* Add parser to read systemd journal on Linux
|
||||
* Linux.Detection.ImmutableFiles: Enumerate immutable files under a path
|
||||
* linux: add lsattr() function to enumerate file attributes
|
||||
* Github: Run build workflow on each pull request
|
||||
* Bugfix: Do not materialize the VAD array in Windows.System.VAD (#2311)
|
||||
* Sync to master's bugfixes (#2309)
|
||||
* Prepare for 0.6.7-2 release (#2300)
|
||||
* 0.6.7 sync (#2261)
|
||||
* 0.6.7 sync3 (#2256)
|
||||
* 0.6.7 sync (#2239)
|
||||
* Prepare a 0.6.7-rc3 (#2217)
|
||||
* Bugfix: sparse files were not properly detected. (#2200) (#2201)
|
||||
* Propagate progress timeout for collections. (#2193)
|
||||
* Verify client's key with or without the org id. (#2192)
|
||||
* Add Windows.System.Shares (#2191)
|
||||
* Allow artifacts to have aliases (#2190)
|
||||
* Added a regex_array column type to allow multiple regex to be set. (#2188)
|
||||
* [Snyk] Upgrade react-router-dom from 5.3.3 to 5.3.4 (#2180)
|
||||
* Add 'UsedBy' column to results (#2186)
|
||||
* Update flow and hunt download exports to use the container (#2185)
|
||||
* Disable toolbar buttons when no options are available (#2183)
|
||||
* Allow hunts to be scheduled on multiple orgs (#2182)
|
||||
* Update WIndows PSList and VAD artifacts (#38) (#2181)
|
||||
* Add in amcache (#2176)
|
||||
* Added additional sources for UserAccessLogs (aka SUM) artifact (#2179)
|
||||
* Fixed tests (#2177)
|
||||
* [Snyk] Upgrade styled-components from 5.3.5 to 5.3.6 (#2174)
|
||||
* Page Cell logs in notebook (#2172)
|
||||
* Break client connection stats by org id (#2171)
|
||||
* Added a remapping export to Windows.Registry.NTUser (#2170)
|
||||
* Added tlsh hash (#2169)
|
||||
* Check sparse files for large size before padding them out. (#2167)
|
||||
* Linux and macOS Packet Capture Artifact Updates (#2168)
|
||||
* Update deps (#2166)
|
||||
* Add some suggested groks for parsing IIS logs (#2165)
|
||||
* Refactor collection container (#2163)
|
||||
* Implement transparent decryption for collector accessor (#2162)
|
||||
* [Snyk] Upgrade ace-builds from 1.11.0 to 1.11.1 (#2161)
|
||||
* Automatically decrypt collections with collector accessor (#2159)
|
||||
* Fix css colors. (#2158)
|
||||
* [Snyk] Upgrade ace-builds from 1.10.1 to 1.11.0 (#2156)
|
||||
* Retry reads on EOF in NTFS accessor (#2157)
|
||||
* Updated zip implementation to support crypto (#2155)
|
||||
* Target 'Cmdline' instead of 'CommandLine' (#2154)
|
||||
* Bugfix: Extra interpolation when client logs messages with % (#2152)
|
||||
* Add 'Active' column to show whether or not a firewall rule is enabled. (#2150)
|
||||
* Added test for encrypted offline collector. (#2149)
|
||||
* Update parsing for Dock plist details (#2148)
|
||||
* Implement filter for large artifact forms (#2147)
|
||||
* Add Public Key Encryption Support to Offline Collections (#2133)
|
||||
* Implemented a max memory grouper (#2146)
|
||||
* Check if setgid flag is set (#2145)
|
||||
* [Snyk] Upgrade react-overlays from 5.2.0 to 5.2.1 (#2144)
|
||||
* Add context to yara.NTFS (#36) (#2143)
|
||||
* Add `auth_redirect_template` config for handling unauthorized API calls (#2140)
|
||||
* Allow the user to specify a collection as urgent (#2139)
|
||||
* Fix typo, slightly improve translations (de,fr) (#2137)
|
||||
* Add 'CronScripts' query/source and 'Length' option (#2138)
|
||||
* Check sanity of inventory service for all orgs (#2136)
|
||||
* Change 'filename' to 'file' for upload (#2135)
|
||||
* Sync with latest NTFS changes. (#2134)
|
||||
* [Snyk] Upgrade classnames from 2.3.1 to 2.3.2 (#2130)
|
||||
* Added URLRegex to FireFox history (#2129)
|
||||
* Link to collection in host shell (#2128)
|
||||
* additional references (#2126)
|
||||
* Sync to go-ntfs (#2125)
|
||||
* Provide the option to expand sparse files in export (#2124)
|
||||
* Bugfix: Process address space lockup under some conditions (#2123)
|
||||
* Added URLRegex to Firefox and Chrome history (#2122)
|
||||
* Add note about RecentApps key not being available after Windows 10, version 1803 (#2119)
|
||||
* Expose the communicator's crypto manager (#2118)
|
||||
* Further refactor of the download handler. (#2117)
|
||||
* [Snyk] Upgrade ace-builds from 1.10.0 to 1.10.1 (#2114)
|
||||
* Uploaded files are now shows with client paths (#2116)
|
||||
* [Snyk] Upgrade recharts from 2.1.13 to 2.1.14 (#2115)
|
||||
* Maintain row count per query. (#2113)
|
||||
* Update Trackaccount.yaml (#2112)
|
||||
* Clean up artifact references (#2111)
|
||||
* Prevent null error when choosing to calculate hash and when providing authenticode information (#2109)
|
||||
* Add Length option and re-arrange output (#2107)
|
||||
* Bugfix: Merge file option should work with config show (#2108)
|
||||
* Always write content to lock files (#2106)
|
||||
* [Snyk] Upgrade ace-builds from 1.9.6 to 1.10.0 (#2102)
|
||||
* Authentication configuration error reporting/validation (#2101)
|
||||
* auth: don't return a base path with two leading slashes (#2100)
|
||||
* Added org report in root org dashboard (#2098)
|
||||
* [Snyk] Upgrade react-bootstrap from 1.6.5 to 1.6.6 (#2094)
|
||||
* [Snyk] Upgrade humanize-duration from 3.27.2 to 3.27.3 (#2095)
|
||||
* authenticode is a function and not a plug (#2092)
|
||||
* Allow '+' in usernames (#2093)
|
||||
* Attempt to decompress client messages if errors occur. (#2088)
|
||||
* Pass org config to mutations in MemcacheFileDataStore (#2087)
|
||||
* Support oauth with a different base path. (#2082)
|
||||
* Allow client->server compression to be disabled (#2081)
|
||||
* Keep track of collected results using collection status (#2075)
|
||||
* Enforce a hard timeout for incoming processing (#2074)
|
||||
* Expand API of user service to include context (#2071)
|
||||
* When creating a new org pass the new org id to the acl function (#2068)
|
||||
* Allow collect_client() etc to accept ArtifactSpec protobuf (#2067)
|
||||
* Only create initial orgs on first run. (#2066)
|
||||
* Bugfix: Do not start multiple communicators in windows service. (#2064)
|
||||
* Added initial_orgs to the config (#2063)
|
||||
* Bugfix- Server.Utils.DeleteClient over sanitized client id (#2061)
|
||||
* Fixed backwards compatible bug (#2057)
|
||||
* [Snyk] Upgrade ace-builds from 1.9.5 to 1.9.6 (#2055)
|
||||
* Fixed CSS for column selector ui (#2053)
|
||||
* Split server sanity checks into root org and other orgs (#2052)
|
||||
* collect each query's status separately (#2049)
|
||||
* Pass org ids in href parameters (#2047)
|
||||
* Org manager maintains services lifetime (#2045)
|
||||
* Added org_delete() function to remove orgs. (#2042)
|
||||
* Updated themes for context menu (#2041)
|
||||
* Made context menus settable in the config file (#2040)
|
||||
* Added Send to CyberChef context menu on table cells. (#2039)
|
||||
* [Snyk] Upgrade ace-builds from 1.9.3 to 1.9.5 (#2037)
|
||||
* [Snyk] Upgrade ace-builds from 1.8.1 to 1.9.3 (#2033)
|
||||
* Bugfix: watch_usn() was not flushing the mft LRU properly (#2032)
|
||||
* Bugfix: Maintain field order in sysmon based tracker (#2030)
|
||||
* Added regex protocols for int, float etc. (#2028)
|
||||
* Refactor client monitoring API to use service (#2027)
|
||||
* Bugfix: Switch GUI to first available org (#2025)
|
||||
* Update Linux pslist() to use CommandLine column (#2024)
|
||||
* Add embedded stager parse usecase (#34) (#2023)
|
||||
* update to clean up null fields (#2020)
|
||||
* Refactor code to propagate the context in more cases. (#2019)
|
||||
* Bugix: Raw file accessor had different behaviour on Windows (#2018)
|
||||
* Cater for unknown parents in process tracker. (#2015)
|
||||
* Fix sense of multiple regexp in all() function (#2014)
|
||||
* Added all() and any() VQL functions (#2013)
|
||||
* Capitalize 'i' in config generation output (#2012)
|
||||
* Fixed crash in api_client command (#2010)
|
||||
* Update UserAccessLogs.yaml (#2009)
|
||||
* Fixed bug in UserAccessLog artifact (#2008)
|
||||
* api/authenticators: fix handling of missing oauthstate cookie for OAUTH2 (#2000)
|
||||
* Collect domain role info on interrogate (#1998)
|
||||
* Added new GUI column type for tree (#1997)
|
||||
* Fixed CSS to make column selector more visible (#1996)
|
||||
* Send a System.Upload.Completion event on server artifact upload (#1995)
|
||||
* Refactor of oauth code (#1993)
|
||||
* Added some helpful server artifacts (#1992)
|
||||
* Bugfix: "rpm server" command did not produce minion packages (#1991)
|
||||
* Add ability to delete monitoring events. (#1990)
|
||||
* Allow notebook GUI to set notebooks to public. (#1989)
|
||||
* Allow the user to change password in the GUI (#1988)
|
||||
* Added a delay() VQL function (#1987)
|
||||
* Fixed a crash when add_monitoring was called without parameters. (#1986)
|
||||
* Allow hunt() to limit by OS condition (#1985)
|
||||
* [Snyk] Upgrade ace-builds from 1.7.1 to 1.8.1 (#1984)
|
||||
* Fix "last_visit_time" timestamp (#1983)
|
||||
* Added Generic.System.ProcessSiblings (#1982)
|
||||
* [Snyk] Upgrade bootstrap from 4.6.1 to 4.6.2 (#1979)
|
||||
* General cleanup (#1977)
|
||||
* Update BinaryRename.yaml (#1976)
|
||||
* Support multi orgs in server-server communication (#1975)
|
||||
* Inventory service should upload tools to global public directory (#1973)
|
||||
* fixed path issue (#1972)
|
||||
* Support REG_MULTI_SZ in raw registry accessor (#1969)
|
||||
* fix: upgrade interactjs from 1.10.16 to 1.10.17 (#1968)
|
||||
* Update prefetch library to fix bug (#1965)
|
||||
* The "fs" accessor should also be org sensitive. (#1964)
|
||||
* Added user_grant() VQL function (#1963)
|
||||
* fix: upgrade interactjs from 1.10.14 to 1.10.16 (#1961)
|
||||
* fix: gui/velociraptor/package.json & gui/velociraptor/package-lock.json to reduce vulnerabilities (#1960)
|
||||
* Several security related bugfixes. (#1962)
|
||||
* Fixed bug in watch_evtx() (#1955)
|
||||
* fix: upgrade ace-builds from 1.7.0 to 1.7.1 (#1952)
|
||||
* Fixed visted_url typo (#1953)
|
||||
* Added NewOrg artifact to make creating new orgs easier. (#1951)
|
||||
* Fix broken deps due to snyke merge (#1950)
|
||||
* build(deps): bump terser from 4.8.0 to 4.8.1 in /gui/velociraptor (#1946)
|
||||
* fix: upgrade recharts from 2.1.11 to 2.1.12 (#1945)
|
||||
* fix: upgrade @fortawesome/react-fontawesome from 0.1.18 to 0.2.0 (#1948)
|
||||
* Added orgs() plugin and user management (#1949)
|
||||
* fix: upgrade ace-builds from 1.6.1 to 1.7.0 (#1944)
|
||||
* Add new embedded pe in data section parse (#1943)
|
||||
* Refactor startup code (#1942)
|
||||
* fix: upgrade qs from 6.10.4 to 6.11.0 (#1941)
|
||||
* fix: upgrade recharts from 2.1.10 to 2.1.11 (#1939)
|
||||
* fix: upgrade ace-builds from 1.6.0 to 1.6.1 (#1938)
|
||||
* Added artifact Windows.Attack.IncorrectImagePath (#1927)
|
||||
* Account for pid reuse in process tracker. (#1936)
|
||||
* add precondition for only windows (#1935)
|
||||
* Make ddclient service parameters configurable (#1933)
|
||||
* fix: gui/velociraptor/package.json & gui/velociraptor/package-lock.json to reduce vulnerabilities (#1930)
|
||||
* fix: upgrade interactjs from 1.10.13 to 1.10.14 (#1918)
|
||||
* replace YaraUrl type (#1922)
|
||||
* Add other url yara fixes (#1921)
|
||||
* Update Glob.yaml (#1920)
|
||||
* Fixed bug in startup code. (#1919)
|
||||
* Initial commit of multitenant support (#1917)
|
||||
* Adds three Linux artifacts (#1916)
|
||||
* Fixed a crash when using artifact plugin with tools (#1915)
|
||||
* Added a collector accessor (#1912)
|
||||
* fix: upgrade interactjs from 1.10.11 to 1.10.13 (#1909)
|
||||
* fix: upgrade qs from 6.10.3 to 6.10.4 (#1910)
|
||||
* Japanese translation (#1906)
|
||||
* Fix spanish translations. (#1907)
|
||||
* fix: upgrade react-overlays from 5.1.2 to 5.2.0 (#1904)
|
||||
* Add Shimcache reformat (#1892)
|
||||
* A couple of performance tweaks. (#1903)
|
||||
* Fix Amcache artifact (#1902)
|
||||
* Retry axios requests (#1901)
|
||||
* Revert "fix: upgrade ace-builds from 1.5.2 to 1.5.3 (#1899)" (#1900)
|
||||
* fix: upgrade ace-builds from 1.5.2 to 1.5.3 (#1899)
|
||||
* Use the auto accessor as first level of VFS (#1898)
|
||||
* Theme fixes (#1895)
|
||||
* Added additional logging for windows client service (#1894)
|
||||
* Theme updates (#1893)
|
||||
* Prepare for release 0.6.5 (#1890)
|
||||
* Bugfix: CPU limit was not properly enforced on endpoint. (#1889)
|
||||
* fix: upgrade react-calendar-timeline from 0.27.0 to 0.28.0 (#1887)
|
||||
* fix: upgrade ace-builds from 1.5.1 to 1.5.2 (#1888)
|
||||
* Improve the Windows.Sys.StartupItems artifact (#1886)
|
||||
* Fixed the --remap flag (#1883)
|
||||
* Fixed bug in client_delete() (#1882)
|
||||
* Added a delete_flow VQL plugin (#1880)
|
||||
* Add fix for generic bin file payload (#1879)
|
||||
* Bugfix: Notebook calculation did not update cell (#1878)
|
||||
* fix: upgrade humanize-duration from 3.27.1 to 3.27.2 (#1877)
|
||||
* Revised Portuguese translation (#1876)
|
||||
* Update usn.go (#1873)
|
||||
* Added French language (#1874)
|
||||
* Updated german translation (#1875)
|
||||
* Refactor artifact plugin to be more efficient. (#1871)
|
||||
* Update de.js (#1870)
|
||||
* fix: upgrade ace-builds from 1.5.0 to 1.5.1 (#1867)
|
||||
* Refactor server artifacts service (#1868)
|
||||
* Refactored notebook into a service (#1863)
|
||||
* fix: upgrade react-router-dom from 5.3.2 to 5.3.3 (#1861)
|
||||
* fix: upgrade recharts from 2.1.9 to 2.1.10 (#1862)
|
||||
* Bugfix: raw registry accessor supports read_file() (#1859)
|
||||
* Add LogHunter - a generic grep over log capability (#1853)
|
||||
* Added a GUI element to easily filter log messages (#1858)
|
||||
* Added an oidc-cognito authenticator (#1854)
|
||||
* build(deps): bump tar from 6.0.5 to 6.1.11 in /gui/velociraptor (#1852)
|
||||
* fix: upgrade react-router-dom from 5.3.1 to 5.3.2 (#1850)
|
||||
* Fix ACE font handling (#1849)
|
||||
* Format timestamps opportunistically. (#1848)
|
||||
* Update cidr_contains() to return true if any of the ranges match. (#1847)
|
||||
* Sync KapeFiles and SQLECmd artifacts (#1845)
|
||||
* Prepare 0.6.5-rc1 release (#1844)
|
||||
* Added a default process tracker (#1843)
|
||||
* Implement log levels in VQL (#1839)
|
||||
* Theme development checkpoint (#1838)
|
||||
* fix: upgrade ace-builds from 1.4.14 to 1.5.0 (#1836)
|
||||
* fix: upgrade react-bootstrap from 1.6.4 to 1.6.5 (#1837)
|
||||
* Added an LRU VQL function (#1835)
|
||||
* Bugfix: VFS viewer was unable to access files with \ in name (#1832)
|
||||
* use group SID instead of name to get local admins (#1833)
|
||||
* Added Portuguese and Spanish languages (#1831)
|
||||
* fix: upgrade react-overlays from 5.1.1 to 5.1.2 (#1830)
|
||||
* Make display timezone user selectable (#1827)
|
||||
* Added Musl build target (#1826)
|
||||
* Fix deadlock in hunt dispatcher (#1825)
|
||||
* Theme tweaks (#1821)
|
||||
* add groupname parameter to LocalAdmins artifact (#1823)
|
||||
* Fix/activitescache glob expression - Timeline.yaml (#1824)
|
||||
* Update TemplateInjection.yaml (#1820)
|
||||
* Prevent text wrap on sidebar (#1819)
|
||||
* Added some missing translations (#1817)
|
||||
* Added Deutsch UI Language (#1816)
|
||||
* Support UNC paths in windows accessors. (#1815)
|
||||
* Add enrichment callback for process tracker (#1814)
|
||||
* Prevent null FailureActions error (#1811)
|
||||
* Make ACL manager pluggable. (#1813)
|
||||
* Allow custom override for GUI artifacts by default (#1810)
|
||||
* Refactored hunt related functions to use the hunt_dispatcher (#1807)
|
||||
* artifactset: add ability to select named sources (#1809)
|
||||
* UI enhancements (#1805)
|
||||
* Refactor: Create user manager service (#1804)
|
||||
* New themes and refactoring of existing CSS (#1801)
|
||||
* Bugfix: Server monitoring queries were not correctly cancelled. (#1803)
|
||||
* Add gunzip function (#1802)
|
||||
* GUI: Artifact selector (#1790)
|
||||
* Refactor and improve the way clients send query related information (#1800)
|
||||
* fix: upgrade axios from 0.26.1 to 0.27.2 (#1798)
|
||||
* Add Cobalt Strike carver sleep function capability (#1795)
|
||||
* Bugfix: Create new buffer to accumulate VQL results (#1794)
|
||||
* Make velociraptor_client executable in postint script (#1788)
|
||||
* Support addition on dicts (#1785)
|
||||
* fix: upgrade moment from 2.29.2 to 2.29.3 (#1782)
|
||||
* fix: upgrade react-router-dom from 5.3.0 to 5.3.1 (#1783)
|
||||
* Reset nanny when client connection failed. (#1780)
|
||||
* Fix artifacts that use yara parameters to specify yara type (#1779)
|
||||
* SysmonInstall artifact now skips install if not needed (#1777)
|
||||
* Suppress warning message for offline collector (#1776)
|
||||
* Bug fix (#1774)
|
||||
* Avoid bash process lingering around while server is running (#1775)
|
||||
* oidc: Fix typo: Genric -> Generic (#1773)
|
||||
* Make MaxWait for event table settable. (#1772)
|
||||
* Fixed bug in Windows.Detection.Yara.Process (#1771)
|
||||
* fix: upgrade react-scripts from 5.0.0 to 5.0.1 (#1770)
|
||||
* Initial implementation of client side process tracker. (#1768)
|
||||
* Bugfix: Client did not update list of query columns (#1767)
|
||||
* Fixed bug in ETWSessions artifact (#1766)
|
||||
* build(deps): bump async from 2.6.3 to 2.6.4 in /gui/velociraptor (#1761)
|
||||
* Add update to ADSHunter for better output on complete system hunts (#28) (#1765)
|
||||
* Add fix for dupliate entries from flattern bug (#1760)
|
||||
* build(deps): bump ejs from 3.1.6 to 3.1.7 in /gui/velociraptor (#1758)
|
||||
* build(deps): bump cross-fetch from 3.1.3 to 3.1.5 in /gui/velociraptor (#1759)
|
||||
* Fix undefined types in some artifact parameters (#1757)
|
||||
* Update Glob.yaml (#1754)
|
||||
* Bugfix: Unable to set cpu limits in hunt GUI (#1751)
|
||||
* Support case insensitive notebook cell types (#1747)
|
||||
* Fixed a bug in the Userassist artifact (#1746)
|
||||
* Bugfix: Hunt stats were not properly incremented (#1744)
|
||||
* Invalidate transformed cache when the base table changes. (#1742)
|
||||
* GUI Table widgets now can apply transformations on the table. (#1740)
|
||||
* Update FilenameSearch.yaml (#1741)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Nov 11 21:12:02 UTC 2022 - jeffm@suse.com
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
name: velociraptor
|
||||
version: 0.6.4.2~git86.b5931f7
|
||||
mtime: 1668201110
|
||||
commit: b5931f73eb6c171a558d09d4ef8b3d4d7292d519
|
||||
version: 0.6.7.4~git41.678ed56
|
||||
mtime: 1670380876
|
||||
commit: 678ed562b0dc36217e5fc081936a57bc1e40be22
|
||||
|
@ -16,11 +16,11 @@
|
||||
#
|
||||
|
||||
%define projname velociraptor
|
||||
%define vendor_version 0.6.4.2~git86.b5931f7
|
||||
%define vendor_version 0.6.7.4~git41.678ed56
|
||||
%define vmlinux_h_version 5.14.21150400.22-150400-default
|
||||
|
||||
Name: velociraptor
|
||||
Version: 0.6.4.2~git86.b5931f7
|
||||
Version: 0.6.7.4~git41.678ed56
|
||||
Release: 0
|
||||
Summary: Endpoint visibility and collection tool
|
||||
Group: System/Monitoring
|
||||
@ -37,13 +37,11 @@ Source7: %{name}-client.config.placeholder
|
||||
Source8: vmlinux.h-%{vmlinux_h_version}.tar.xz
|
||||
Patch1: velociraptor-golang-mage-vendoring.diff
|
||||
Patch2: velociraptor-skip-git-submodule-import-for-OBS-build.patch
|
||||
Patch3: velociraptor-makefile-add-bpf-rules-to-linux_bare.patch
|
||||
Patch4: libbpfgo-i386.patch
|
||||
BuildRequires: golang-packaging
|
||||
BuildRequires: systemd-rpm-macros
|
||||
BuildRequires: systemd-devel
|
||||
# We actually only require >= 1.17
|
||||
BuildRequires: golang(API) = 1.17
|
||||
BuildRequires: golang(API) >= 1.18
|
||||
BuildRequires: fileb0x
|
||||
BuildRequires: mage
|
||||
%ifarch x86_64
|
||||
@ -71,7 +69,7 @@ For just the endpoint agent, please install the 'velociraptor-client' package.
|
||||
|
||||
%package kafka-humio-gateway
|
||||
Summary: Gateway between Kafka and Humio for Velociraptor Artifacts
|
||||
Version: 0.6.4.2~git86.b5931f7
|
||||
Version: 0.6.7.4~git41.678ed56
|
||||
|
||||
%description kafka-humio-gateway
|
||||
This tool is used to consume events generated by the Kafka Velociraptor plugin
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:5658ece191a8d0ab5c0d9e558d756ab688eb7faf8544441e5baf37d55ac9fbf1
|
||||
size 7824160
|
3
vendor-golang-0.6.7.4~git41.678ed56.tar.xz
Normal file
3
vendor-golang-0.6.7.4~git41.678ed56.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:d0e93278e02bdcba1d6f81dc318ae07131c1f8492dc5db7340ddd8f3841d31f4
|
||||
size 27825180
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:d32c165efeb3ace20edd14d308c0a4aacd441d0cfb29f8c3e74e5549781609e8
|
||||
size 454332
|
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:73c425c59d06d58c64c5f0f45e4211f9d9f51e8e1e688e070ccf53a8eb9bbc6f
|
||||
size 454256
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:6a749b2c6b6e6544ed0a47e8aaf8df463e4a38a0dbc2233f0739a91e2de41c6d
|
||||
size 37506080
|
3
vendor-nodejs-0.6.7.4~git41.678ed56.tar.xz
Normal file
3
vendor-nodejs-0.6.7.4~git41.678ed56.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:e8734e871d5df2ccfd120ab591ed195fcb2b111ee7cc41378e5c29b68c3e83cb
|
||||
size 37872364
|
Loading…
Reference in New Issue
Block a user