SHA256
1
0
forked from pool/velociraptor
Commit Graph

42 Commits

Author SHA256 Message Date
0c4d6def1a Accepting request 1134354 from home:jeff_mahoney:branches:security:sensor
- Added workaround for missing Maintainers tag in Debian-based packages.
  obs-service-format_spec_file strips the Packager tag from the spec file
  before committing.  The build service replaces it with its own.  debbuild
  expects the Packager field to be present to generate the Maintainers tag
  in the output but it only receives the "cleaned" spec file.

- Added Recommends: auditd
  - Technically not *required* but Velociraptor's audit client enables
    audit and then listens on the multicast socket.  Without a listener
    on the unicast socket, the kernel will spam the system log with events.

- Fixed debian packaging:
  * /etc/sysconfig -> /etc/default
  * %postun for systemd service cleanup
  * Note: obs-service-format_spec_file strips the Packager tag that
    debbuild uses to generate the Maintainer tag

OBS-URL: https://build.opensuse.org/request/show/1134354
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=59
2023-12-21 00:29:28 +00:00
befaca9186 - Fix %SOURCE references.
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=58
2023-12-19 14:25:07 +00:00
8c712ed88b revert: - go.mod asks for go 1.18, so we don't need to require go 1.19
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=57
2023-12-18 20:31:47 +00:00
de4fd9d928 - go.mod asks for go 1.18, so we don't need to require go 1.19
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=56
2023-12-18 20:13:13 +00:00
ac85413735 Accepting request 1133905 from home:jeff_mahoney:branches:security:sensor
- Temporarily use the NODE_MODULES BEGIN/END form of the node_modules
  service due to a bug in debbuild preventing Debian builds from succeeding.
- Update to version 0.7.0.4.git4.c1b68a5b:
  * hash: fix nil pointer dereference panic
  * velociraptor: add dummy main function for mage
- Removed patch:
  * velociraptor-golang-mage-vendoring.diff
- Switched to using go_modules and node_modules source services
  - Eliminated bespoke vendoring scripts.
- Pulled sysuser definition into the velociraptor package.

- Remove PrivateTmp and PrivateDevices settings in velociraptor-client.service (SENS-70)

- Update to version 0.7.0.4.git0.e09a0df8:
  * Add additional sanitization to HTML templates on JS side. (#2) (#3077) (CVE-2023-5950)
  * vql/linux/sdjournal: Fix open/close lifetimes
  * vql/linux/audit: fix shutdown races
  * vql/linux/audit: fix goroutine lifetimes
  * vql/linux/audit: limit messageQueue to within runService
  * vql/linux/audit: add auditService.Log()
  * vql/linux/audit: pull parts of shutdown into shutdown watcher
  * vql/linux/audit: remove unnecessary error handling for reassembler
  * vql/linux/audit: remove unused waitgroup from main event loop
  * vql/linux/audit: handle top-level cancelation properly
  * vql/linux/audit: make explicit that goroutines in the main errgroup don't return errors
  * vql/linux/audit: make stats reporting separate from debug prints
  * vql/linux/audit: simplify polling in listener
  * vql/linux/audit: tests, check various rule scenarios
  * vql/linux/audit: Add more client failure test cases
  * vql/linux/audit: Fix audit client lifecycle

OBS-URL: https://build.opensuse.org/request/show/1133905
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=55
2023-12-18 18:44:23 +00:00
6ab20944e0 Accepting request 1099705 from home:msmeissn:branches:security:sensor
- require the group / user only in the server build

OBS-URL: https://build.opensuse.org/request/show/1099705
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=53
2023-07-20 09:59:08 +00:00
154074cae5 - Update to version 0.6.7.5~git81.01be570:
* libbpfgo: pull fix for double-free
  * logscale: add documentation for plugin

OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=51
2023-05-10 00:51:00 +00:00
7bb1958b78 Accepting request 1085748 from home:darix:apps
- bump minimum nodejs to 18:
  building against 16 causes errors

OBS-URL: https://build.opensuse.org/request/show/1085748
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=50
2023-05-09 23:43:33 +00:00
c313187484 Accepting request 1085596 from home:jeff_mahoney:branches:security:sensor:updates
- Provide sysuser template for velociraptor user and group.

OBS-URL: https://build.opensuse.org/request/show/1085596
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=48
2023-05-09 02:00:49 +00:00
f537d3a99b OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=47 2023-05-09 00:52:45 +00:00
3a5ec10ba3 Accepting request 1085591 from home:jeff_mahoney:branches:security:sensor:updates
- Update to version 0.6.7.5~git78.2bef6fc:
  * bpf: fix path to vmlinux.h

- Update to version 0.6.7.5~git77.997aa73:
  * file_store/test_utils/server_config.go: update test certificate
  * Update bluemonday dependency.
  * vql/functions/hash: cache results on Linux
  * libbpfgo: update to velociraptor-branch-v0.4.8-libbpf-1.2.0
  * logscale/backport: don't use networking.GetHttpTransport
  * vql/tools/logscale: add plugin to post events to LogScale ingestion endpoint
  * file_store/directory: add ability to report pending size
- Change clang dependency to clang16
- Fix velociraptor-golang-mage-vendoring.diff to account for newer
  'go mod vendor' honoring build flags.
- Fix update-vendoring.sh script to actually run the %setup part of
  the spec.
- Merge client package into server spec and use _multibuild to create
  client package from same spec file.
- Adjust changelog to retain changes for client package.
- Fix building in static mode on earlier releases.
  - Added patch: velociraptor-libbpfgo-only-build-libbpf.patch

- Tightening the security of the services a bit:
  - tmp files are now moved to /var/lib/velociraptor{,-client}/tmp
    from /tmp
  - run velociraptor server as user velociraptor instead of root
    we do not really need root permissions here
  - introduce /var/lib/velociraptor/filestore to make it easier to
    split out large file upload
  - change permissions for the data directory and subdirectories to

OBS-URL: https://build.opensuse.org/request/show/1085591
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=46
2023-05-09 00:49:51 +00:00
50651d3408 Fixed changelog
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=43
2023-02-06 14:35:01 +00:00
8fbd6d6882 Accepting request 1062529 from home:jeff_mahoney:branches:security:sensor
- Update to version 0.6.7.4~git63.4a1ed09d:
  * utils/time.js: fix handling of nanosecond-resolution timestamps

- Update to version 0.6.7.4~git63.4a1ed09d:
  * utils/time.js: fix handling of nanosecond-resolution timestamps

OBS-URL: https://build.opensuse.org/request/show/1062529
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=42
2023-02-01 18:28:25 +00:00
d5a3e31f79 Accepting request 1060929 from home:jeff_mahoney:branches:security:sensor
- Use obsinfo mtime to produce stable build timestamp (bsc#1207369).

- Update to version 0.6.7.4~git60.8abed37a:
  * http_comms: create ring buffer temporary file in the same directory
  * cronsnoop: plumb in real scope logging
  * cronsnoop: don't treat routine errors as fatal
  * cronsnoop: fix typo

- Use obsinfo mtime to produce stable build timestamp (bsc#1207369).

- Update to version 0.6.7.4~git60.8abed37a:
  * http_comms: create ring buffer temporary file in the same directory
  * cronsnoop: plumb in real scope logging
  * cronsnoop: don't treat routine errors as fatal
  * cronsnoop: fix typo

OBS-URL: https://build.opensuse.org/request/show/1060929
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=41
2023-01-25 13:29:03 +00:00
a66ed310ea Accepting request 1060079 from home:jeff_mahoney:branches:security:sensor
- Fixed release detection to include Tumblweed

OBS-URL: https://build.opensuse.org/request/show/1060079
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=39
2023-01-21 04:12:03 +00:00
4dddd873d1 Accepting request 1060074 from home:jeff_mahoney:branches:security:sensor
Fixed commit message after patch rename
  - vendor-build-fixes-for-SLE12.patch
  - vendor-build-fixes-for-SLE12.patch

OBS-URL: https://build.opensuse.org/request/show/1060074
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=37
2023-01-21 03:03:44 +00:00
868045c06c Accepting request 1060071 from home:jeff_mahoney:branches:security:sensor
- Increase required release to enable eBPF to SLE 15 SP2 and
  openSUSE Leap 15.2.  Earlier versions don't have a usable eBPF
  and can't easily build llvm13.

- Increase required release to enable eBPF to SLE 15 SP2 and
  openSUSE Leap 15.2.  Earlier versions don't have a usable eBPF
  and can't easily build llvm13.

OBS-URL: https://build.opensuse.org/request/show/1060071
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=36
2023-01-21 02:50:51 +00:00
d5702730fe Accepting request 1060070 from home:jeff_mahoney:branches:security:sensor
- Remove dependency on bpftool.  We use the vmlinux.h archive
  to provide vmlinux.h.

- Restored %defattr due to SLE12 using rpm-4.11.
- Fix builds in vendor code on SLE12
- Fix build in third_party/sdjournal due to older systemd on SLE12
- Added patches:
  - vendor-go-magic-build-fix-for-SLE12.patch
  - sdjournal-build-fix-for-SLE12.patch
- Remove dependency on bpftool.  We use the vmlinux.h archive
  to provide vmlinux.h.

- Restored %defattr due to SLE12 using rpm-4.11.
- Fix builds in vendor code on SLE12
- Fix build in third_party/sdjournal due to older systemd on SLE12
- Added patches:
  - vendor-go-magic-build-fix-for-SLE12.patch
  - sdjournal-build-fix-for-SLE12.patch

OBS-URL: https://build.opensuse.org/request/show/1060070
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=35
2023-01-21 02:03:49 +00:00
6fbff8f638 Accepting request 1059625 from home:jeff_mahoney:branches:security:sensor
---------------------------------------------------------------------
- Restore requirement to build with clang13.  Newer versions
  cause libbpfgo to crash immediately.
-----------------------------------------------------------------
- Added support for setting command line options via sysconfig
- Restore requirement to build with clang13.  Newer versions
  cause libbpfgo to crash immediately.

- Added support for setting command line options via sysconfig

OBS-URL: https://build.opensuse.org/request/show/1059625
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=32
2023-01-19 15:27:12 +00:00
b77f05d020 - Update to version 0.6.7.4~git53.0e85855:
* sdjournal: work around missing _SYSTEMD_UNIT fields

- Update to version 0.6.7.4~git53.0e85855:
  * sdjournal: work around missing _SYSTEMD_UNIT fields

OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=31
2023-01-19 05:02:41 +00:00
3f054c52ce Accepting request 1059461 from home:jeff_mahoney:branches:security:sensor
- Clean up for Factory submission:
  - Make bpf-enabled builds conditional
  - Removed %defattr and combined service lines.
  - Change clang and llvm dependencies to use >= 13
  - Newer versions of clang hit a DWARF parsing bug in go < 1.19,
    so increase go version dependecy
  - Define ExclusiveArch for x86_64, ppc64le, aarch64, and s390x
    Neither the client or server builds on ix86.
- Added Restart=on-failure to restart the client automatically.

- Update to version 0.6.7.4~git51.a588d6e4:
  * magefile.go: use current architecture for Linux builds
  * Update libbpfgo submodule to include non-AMD64 build fixes
  * bpf: bpf expects s390 instead of s390x

- Clean up for Factory submission:
  - Make bpf-enabled builds conditional
  - Removed %defattr and combined service lines.
  - Change clang and llvm dependencies to use >= 13
  - Newer versions of clang hit a DWARF parsing bug in go < 1.19,
    so increase go version dependecy
  - Define ExclusiveArch for x86_64, ppc64le, aarch64, and s390x
    Neither the client or server builds on ix86.
- Update to version 0.6.7.4~git51.a588d6e4:
  * magefile.go: use current architecture for Linux builds
  * Update libbpfgo submodule to include non-AMD64 build fixes
  * bpf: bpf expects s390 instead of s390x

OBS-URL: https://build.opensuse.org/request/show/1059461
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=30
2023-01-19 01:05:43 +00:00
74851609fb - Define ExclusiveArch for x86_64, ppc64le, aarch64, and s390x
Neither the client or server builds on ix86.

- Define ExclusiveArch for x86_64, ppc64le, aarch64, and s390x                     
  Neither the client or server builds on ix86.

OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=29
2023-01-18 15:50:58 +00:00
01f83bd1f6 - Update to version 0.6.7.4~git46.5d88d80:
* contrib/kafka-humio-gateway: add new debug option for noisy events
  * contrib/kafka-humio-gateway: backoff and retry for metadata
  * vql/server/kafka: connect sarama logging to velociraptor logging
  * vql/server/kafka: add exponential backoff (limited to 30s) for metadata retries
  * vql/server/kafka: set appropriate ClientID

- Update to version 0.6.7.4~git46.5d88d80:
  * contrib/kafka-humio-gateway: add new debug option for noisy events
  * contrib/kafka-humio-gateway: backoff and retry for metadata
  * vql/server/kafka: connect sarama logging to velociraptor logging
  * vql/server/kafka: add exponential backoff (limited to 30s) for metadata retries
  * vql/server/kafka: set appropriate ClientID

OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=26
2022-12-07 04:22:37 +00:00
62de5286f7 Accepting request 1040837 from home:jeff_mahoney:branches:security:sensor
- Update to version 0.6.7.4~git41.678ed56:
  * rpm: introduce rpm vql plugin
  * users: extend DeleteUser testcase to ensure org membership was dropped
  * users: ensure baseline user state is correct
  * github: run testcases on Linux builds in new workflow
  * gui/reporting: update bluemonday dependency to latest
  * SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()
  * SUSE: Add docker-compose environment
  * SUSE: add Docker files
  * clients/host-info.js: add MAC addresses to client dashboard
  * linux: Add ability to interrogate system and network configuration
  * Add Linux.Sys.Bash to Server.Monitor.Shell artifact
  * kafka-humio-gateway: add sample config file
  * Updating the NewFiles and ProcessStatuses Artifacts
  * cronsnoop: rework testcases to use t.TempDir
  * vql/linux/cronsnoop: Add cronsnoop() plugin
  * Extend audit artifacts to use new interface
  * audit: rearchitect plugin to scale better with multiple invocations
  * audit: use caller-allocated buffer
  * use github.com/jeffmahoney/go-libaudit/v2 for audit
  * Kafka.Events.Client: Update to use new artifactset type
  * Add artifact for chattrsnoop plugin
  * bpflib: ensure it's built only on linux and when requesting bpf
  * Add chattrsnoop plugin
  * Add artifact to monitor user group updates (#24)
  * vql/linux/dnssnoop: Add dnssnoop() plugin
  * Log Sudo/root command by auditd
  * Add custom artifacts for login and logout attempts recorded by auditd
  * Add tcpsnoop plugin
  * vql/linux/bpflib: add helper package for bpf plugins

OBS-URL: https://build.opensuse.org/request/show/1040837
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=25
2022-12-07 03:37:22 +00:00
99d22d300a Accepting request 1035328 from home:jeff_mahoney:security:sensor
ok

OBS-URL: https://build.opensuse.org/request/show/1035328
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=23
2022-11-12 01:53:03 +00:00
4f3a31cc82 Accepting request 1035327 from home:jeff_mahoney:security:sensor
- Update to version 0.6.4.2~git86.b5931f7:
  * cleanup: go mod tidy
- Fix vendoring of replaced modules.
- Only require libtsan0 on x86_64
- Only attempt to copy vmlinux.h if /sys/kernel/btf/vmlinux doesn't exist
- Fix building of libbpfgo on i586

- Update to version 0.6.4.2~git84.1b38fda:
  * Clean up libbpfgo mess
  * libbpfgo: use forked repo for fully static builds
  * libbpfgo: sync to v0.4.4-libbpf-1.0.1
  * contrib/kafka-humio-gateway: add new debug option for noisy events
  * contrib/kafka-humio-gateway: backoff and retry for metadata
  * vql/server/kafka: connect sarama logging to velociraptor logging
  * vql/server/kafka: add exponential backoff (limited to 30s) for metadata retries
  * vql/server/kafka: set appropriate ClientID
  * libbpfgo: add selftest to build so testcases work
  * cronsnoop: rework testcases to use t.TempDir
  * cronsnoop: move external dependencies to end of import list
  * SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()

- Update to version 0.6.4.2~git67.85b608e:
  * clients/host-info.js: add MAC addresses to client dashboard
  * linux: Add ability to interrogate system and network configuration
  * SUSE: Add docker-compose environment
  * SUSE: add Docker files
  * Add Linux.Sys.Bash to Server.Monitor.Shell artifact
  * api/authenticators: fix handling of missing oauthstate cookie for OAUTH2
  * kafka-humio-gateway: add sample config file
  * Updating the NewFiles and ProcessStatuses Artifacts

OBS-URL: https://build.opensuse.org/request/show/1035327
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=22
2022-11-12 01:51:37 +00:00
2c83e467e2 - Update to version 0.6.4.2~git70.b7df8172:
* file_store: handle watching artifacts with named sources

- Update to version 0.6.4.2~git70.b7df8172:
  * file_store: handle watching artifacts with named sources

OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=21
2022-11-10 15:49:07 +00:00
08bbeb37f8 - Update to version 0.6.4.2~git68.5226b23b:
* api/authenticators/basic: fix logoff endpoint
  * clients/host-info.js: add MAC addresses to client dashboard
  * linux: Add ability to interrogate system and network configuration
  * SUSE: Add docker-compose environment
  * SUSE: add Docker files
  * Add Linux.Sys.Bash to Server.Monitor.Shell artifact

- Update to version 0.6.4.2~git68.5226b23b:
  * api/authenticators/basic: fix logoff endpoint
  * clients/host-info.js: add MAC addresses to client dashboard
  * linux: Add ability to interrogate system and network configuration
  * SUSE: Add docker-compose environment
  * SUSE: add Docker files
  * Add Linux.Sys.Bash to Server.Monitor.Shell artifact

OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=20
2022-09-29 14:24:37 +00:00
ae188ff398 Accepting request 998259 from home:jeff_mahoney:branches:security:sensor
- Updated vendoring.
- Fixed update-vendoring script to use an independent go module cache.

- Updated vendoring.
- Fixed update-vendoring script to use an independent go module cache.

OBS-URL: https://build.opensuse.org/request/show/998259
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=19
2022-08-19 21:19:45 +00:00
5ae9450724 Accepting request 998240 from home:jeff_mahoney:branches:security:sensor
- Update to version 0.6.4.2~git59.5ebb49db:
  * api/authenticators: fix handling of missing oauthstate cookie for OAUTH2

- Update to version 0.6.4.2~git57.fcb11adf:
  * kafka-humio-gateway: add sample config file

- Updated BuildRequires to use go 1.17 after updating vendoring

- Add vmlinux.h from 5.18.9-2-default to provide type information (x86_64 only)

- Update to version 0.6.4.2~git56.47b4adb4:
  * Updating the NewFiles and ProcessStatuses Artifacts
  * cronsnoop: Add plugin which is able to snoop removal/addition of cron… (#37)
  * third_party/go-libaudit: don't directly use unix.*
  * Add Linux.Remediation.Quarantine artifact
  * Extend audit artifacts to use new interface
  * audit: rearchitect plugin to scale better with multiple invocations
  * third_party/go-libaudit: move handling of receive buffer to caller
  * third_party/go-libaudit: move buffer handling from netlink to audit
  * third_party/go-libaudit: allow audit fd to be pollable
  * third_party/go-libaudit: Add support for removing individual rules
  * third_party/go-libaudit: rule.Rule.Build: Don't assume that no syscalls means all syscalls
  * third_party/go-libaudit: Report missing rules during deletion
  * import go-libaudit as a third-party module
  * quarantine: actually call the OS-specific artifact
  * artifactset: add ability to select named sources
  * GUI: Artifact selector (#1790)
  * host-info: make quarantine UI more robust with non-Windows client hosts
  * shell-viewer: default to Bash on non-Windows clients

OBS-URL: https://build.opensuse.org/request/show/998240
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=18
2022-08-19 18:30:12 +00:00
9b25021947 Accepting request 976934 from home:jeff_mahoney:branches:security:sensor
- Update to upstream 0.6.4-2:
  * Reset nanny when client connection failed. (#1780)
  * Fix artifacts that use yara parameters to specify yara type (#1779)
  * Update release for bugfixes 0.6.4-2
  * Add update to ADSHunter for better output on complete system hunts (#28) (#1765)
  * SysmonInstall artifact now skips install if not needed (#1777)
  * Initial implementation of client side process tracker. (#1768)
  * Invalidate transformed cache when the base table changes. (#1742)
  * GUI Table widgets now can apply transformations on the table. (#1740)
  * Suppress warning message for offline collector (#1776)
  * Bug fix (#1774)
  * Avoid bash process lingering around while server is running (#1775)
  * oidc: Fix typo: Genric -> Generic (#1773)
  * Make MaxWait for event table settable. (#1772)
  * Fixed bug in Windows.Detection.Yara.Process (#1771)
  * fix: upgrade react-scripts from 5.0.0 to 5.0.1 (#1770)
  * Bugfix: Client did not update list of query columns (#1767)
  * Merge bugfixes from master branch. (#1769)
- Revendored dependencies.

- Update to version 0.6.4~git31.4298eab0:
  * Add artifact for chattrsnoop plugin
  * bpflib: ensure it's built only on linux and when requesting bpf
  * Add chattrsnoop plugin
  * tcpsnoop: Properly close module in case of attach error
  * Elastic.Events.Client: Update to use new artifactset type
  * Kafka.Events.Client: Update to use new artifactset type
  * artifacts: add artifactset parameter type
  * api: add type and description fields to v1/GetArtifacts endpoint
  * Add artifacts for dns/tcp snoop plugins

OBS-URL: https://build.opensuse.org/request/show/976934
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=17
2022-05-12 20:23:00 +00:00
3918cd153e Accepting request 976928 from home:jeff_mahoney:branches:security:sensor
- Update to version 0.6.4~git31.4298eab0:
  * Elastic.Events.Client: Update to use new artifactset type
  * Kafka.Events.Client: Update to use new artifactset type
  * artifacts: add artifactset parameter type
  * api: add type and description fields to v1/GetArtifacts endpoint

- Update to version 0.6.4~git31.4298eab0:
  * Elastic.Events.Client: Update to use new artifactset type
  * Kafka.Events.Client: Update to use new artifactset type
  * artifacts: add artifactset parameter type
  * api: add type and description fields to v1/GetArtifacts endpoint

OBS-URL: https://build.opensuse.org/request/show/976928
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=16
2022-05-12 18:34:03 +00:00
6b715abe43 Accepting request 976815 from home:jeff_mahoney:branches:security:sensor
- Update to version 0.6.4~git26.4407b9b7:
  * Add artifact for chattrsnoop plugin
  * bpflib: ensure it's built only on linux and when requesting bpf
  * Add chattrsnoop plugin
  * tcpsnoop: Properly close module in case of attach error
  * Add artifacts for dns/tcp snoop plugins
  * tcpsnoop: Add timestamp to generated events
  * dnssnoop: Add timestamp to generated events

- Update to version 0.6.4~git26.4407b9b7:
  * Add artifact for chattrsnoop plugin
  * bpflib: ensure it's built only on linux and when requesting bpf
  * Add chattrsnoop plugin
  * tcpsnoop: Properly close module in case of attach error
  * Add artifacts for dns/tcp snoop plugins
  * tcpsnoop: Add timestamp to generated events
  * dnssnoop: Add timestamp to generated events

OBS-URL: https://build.opensuse.org/request/show/976815
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=15
2022-05-12 17:50:00 +00:00
2d6a29d947 Accepting request 975255 from home:jeff_mahoney:security:sensor:devel
- Fix error handling in tcpsnoop and dnssnoop.
  * If BTF information is unavailable, there is no indication that the
    query has failed.

- Rebase on 0.6.4:
  * Updated dependencies
  * Bugfix: startup bugs (#1680)
  * bugfix: Server event notebook not correctly created (#1737)
  * Bugfix: Start a dummy indexing service (#1736)
  * Add bugfix which would return no rows if the user removed whitelist (#1735)
  * Fixed bug in read_reg_key (#1734)
  * BUGFIX: Do not include config flag when darwin installer is repacked (#1733)
  * Refactored index into its own service. (#1730)
  * Bugfix: Write one index item per JSONL record. (#1727)
  * Bugfix: Estimating client impact should consider last active status (#1726)
  * Add complete ntfs metadata option to MFT output (#1725)
  * Various bugfixes. (#1724)
  * Update Usn.yaml (#1723)
  * Fixed a bug in hunt download preparation. (#1722)
  * Add Windows.Forensics.Usn filter and presentation updates (#1720)
  * Optimize writing event monitoring records (#1721)
  * Add Generic.Detection.Yara.Zip (#1718)
  * Fixed crash on master-pong response. (#1719)
  * Remove _type option from elastic. (#1715)
  * Opportunistically update directly connected client's ping times (#1713)
  * Fixed a bug in hunt download preparation. (#1722)
  * Add Windows.Forensics.Usn filter and presentation updates (#1720)
  * Optimize writing event monitoring records (#1721)
  * Add Generic.Detection.Yara.Zip (#1718)
  * Fixed crash on master-pong response. (#1719)

OBS-URL: https://build.opensuse.org/request/show/975255
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=14
2022-05-05 18:38:36 +00:00
ae02f616a5 - Update to version 0.6.3~git19.640f7a1c:
* Add tcpsnoop plugin

- Update to version 0.6.3~git19.640f7a1c:
  * Add tcpsnoop plugin

OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=13
2022-03-18 16:16:16 +00:00
ce24aee9be - Update to version 0.6.3~git17.741ebb59:
* kafka-humio-gateway: update README.md
  * kafka-humio-gateway: Fix missing variable rename
  * Add Kafka-Humio Gateway [Depends on PR#10] (#8)

- Update to version 0.6.3~git17.741ebb59:
  * kafka-humio-gateway: update README.md
  * kafka-humio-gateway: Fix missing variable rename
  * Add Kafka-Humio Gateway [Depends on PR#10] (#8)

OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=11
2022-03-15 14:14:34 +00:00
abc6b0bb16 - Update to version 0.6.3~git13.af7fdb00:
* SUSE: Add SSHLogin artifacts
  * Add a Kafka export plugin
  * SUSE: Do build tests on every pull request
  * Add systemd-dev as build dependency for github workflow

- Update to version 0.6.3~git13.af7fdb00:
  * SUSE: Add SSHLogin artifacts
  * Add a Kafka export plugin
  * SUSE: Do build tests on every pull request
  * Add systemd-dev as build dependency for github workflow

OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=10
2022-03-15 02:18:53 +00:00
52390d084f Accepting request 955746 from home:jeff_mahoney:branches:security:sensor
Update to follow sensor-base-0.6.3 branch.

OBS-URL: https://build.opensuse.org/request/show/955746
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=9
2022-02-18 01:36:48 +00:00
089c8e865e Accepting request 952778 from home:jeff_mahoney:branches:security:sensor
- Added client systemd unit files to velociraptor package (LSS#5).
  Since the velociraptor binary in the 'server' package can
  also function as the client, we'll need the client config as well.

- Temporarily re-enable Windows artifacts (LSS#4).

OBS-URL: https://build.opensuse.org/request/show/952778
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=5
2022-02-08 17:50:07 +00:00
677448fe31 Accepting request 952144 from home:jeff_mahoney:branches:security:sensor
- Temporarily re-enable Windows artifacts.

OBS-URL: https://build.opensuse.org/request/show/952144
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=4
2022-02-07 18:30:48 +00:00
0365dcf377 Accepting request 950798 from home:jeff_mahoney:branches:security:sensor
- Resolved some rpmlint warnings and added client config placeholder.

- Update to version 0.6.3~git0.69e0fffa:
  * Prepare for 0.6.3 release (#1515)
  * add limitations to description and key path to query (#1514)
  * Retry remote datastore connections (#1513)
  * Write minion log files and autocert in its own dir.  (#1512)
  * Synced KapeFiles artifacts (#1511)
  * Added data retention server artifacts (#1510)
  * Set an upper limit for ttl in memcache (#1508)
  * Add updates to Windows.System.Services (#15) (#1509)
  * Ensure collector container is properly closed when interrupted. (#1507)
  * Continually rebuild the index at runtime. (#1506)
  * Harder vacuum - directly move client task directories to the attic. (#1505)
  * add limitation disclaimer (#1504)
  * Reduce critial section to avoid deadlock in repository manager (#1503)
  * Implemented a vacuum command to remove old tasks from client queues. (#1501)
  * Better format profile metrics output. (#1495)
  * Cap size of directories and report large directories. (#1493)
  * Set ACE completers per editor to avoid global state. (#1492)
  * Add HttpOnly flag to all cookies. (#1491)
  * Refactor completion routine calls (#1490)
  * fix: upgrade react-bootstrap from 1.3.0 to 1.6.4 (#1486)
  * fix: upgrade http-proxy-middleware from 1.0.5 to 1.3.1 (#1485)
  * fix: upgrade react-ace from 9.1.3 to 9.5.0 (#1487)
  * fix: upgrade recharts from 2.0.9 to 2.1.8 (#1488)
  * fix: upgrade react-datetime-picker from 3.0.4 to 3.4.3 (#1489)
  * Limit size of cached directories. (#1483)
  * Add more instrumentation to memory caches. (#1482)
  * Fixed chart resizing bug (#1481)

OBS-URL: https://build.opensuse.org/request/show/950798
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=3
2022-02-02 18:59:59 +00:00
13a001b73e osc copypac from project:home:jeff_mahoney:security:sensor package:velociraptor revision:2
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=1
2022-01-21 17:45:44 +00:00