SHA256
1
0
forked from pool/velociraptor
Commit Graph

13 Commits

Author SHA256 Message Date
5ae9450724 Accepting request 998240 from home:jeff_mahoney:branches:security:sensor
- Update to version 0.6.4.2~git59.5ebb49db:
  * api/authenticators: fix handling of missing oauthstate cookie for OAUTH2

- Update to version 0.6.4.2~git57.fcb11adf:
  * kafka-humio-gateway: add sample config file

- Updated BuildRequires to use go 1.17 after updating vendoring

- Add vmlinux.h from 5.18.9-2-default to provide type information (x86_64 only)

- Update to version 0.6.4.2~git56.47b4adb4:
  * Updating the NewFiles and ProcessStatuses Artifacts
  * cronsnoop: Add plugin which is able to snoop removal/addition of cron… (#37)
  * third_party/go-libaudit: don't directly use unix.*
  * Add Linux.Remediation.Quarantine artifact
  * Extend audit artifacts to use new interface
  * audit: rearchitect plugin to scale better with multiple invocations
  * third_party/go-libaudit: move handling of receive buffer to caller
  * third_party/go-libaudit: move buffer handling from netlink to audit
  * third_party/go-libaudit: allow audit fd to be pollable
  * third_party/go-libaudit: Add support for removing individual rules
  * third_party/go-libaudit: rule.Rule.Build: Don't assume that no syscalls means all syscalls
  * third_party/go-libaudit: Report missing rules during deletion
  * import go-libaudit as a third-party module
  * quarantine: actually call the OS-specific artifact
  * artifactset: add ability to select named sources
  * GUI: Artifact selector (#1790)
  * host-info: make quarantine UI more robust with non-Windows client hosts
  * shell-viewer: default to Bash on non-Windows clients

OBS-URL: https://build.opensuse.org/request/show/998240
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=18
2022-08-19 18:30:12 +00:00
9b25021947 Accepting request 976934 from home:jeff_mahoney:branches:security:sensor
- Update to upstream 0.6.4-2:
  * Reset nanny when client connection failed. (#1780)
  * Fix artifacts that use yara parameters to specify yara type (#1779)
  * Update release for bugfixes 0.6.4-2
  * Add update to ADSHunter for better output on complete system hunts (#28) (#1765)
  * SysmonInstall artifact now skips install if not needed (#1777)
  * Initial implementation of client side process tracker. (#1768)
  * Invalidate transformed cache when the base table changes. (#1742)
  * GUI Table widgets now can apply transformations on the table. (#1740)
  * Suppress warning message for offline collector (#1776)
  * Bug fix (#1774)
  * Avoid bash process lingering around while server is running (#1775)
  * oidc: Fix typo: Genric -> Generic (#1773)
  * Make MaxWait for event table settable. (#1772)
  * Fixed bug in Windows.Detection.Yara.Process (#1771)
  * fix: upgrade react-scripts from 5.0.0 to 5.0.1 (#1770)
  * Bugfix: Client did not update list of query columns (#1767)
  * Merge bugfixes from master branch. (#1769)
- Revendored dependencies.

- Update to version 0.6.4~git31.4298eab0:
  * Add artifact for chattrsnoop plugin
  * bpflib: ensure it's built only on linux and when requesting bpf
  * Add chattrsnoop plugin
  * tcpsnoop: Properly close module in case of attach error
  * Elastic.Events.Client: Update to use new artifactset type
  * Kafka.Events.Client: Update to use new artifactset type
  * artifacts: add artifactset parameter type
  * api: add type and description fields to v1/GetArtifacts endpoint
  * Add artifacts for dns/tcp snoop plugins

OBS-URL: https://build.opensuse.org/request/show/976934
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=17
2022-05-12 20:23:00 +00:00
3918cd153e Accepting request 976928 from home:jeff_mahoney:branches:security:sensor
- Update to version 0.6.4~git31.4298eab0:
  * Elastic.Events.Client: Update to use new artifactset type
  * Kafka.Events.Client: Update to use new artifactset type
  * artifacts: add artifactset parameter type
  * api: add type and description fields to v1/GetArtifacts endpoint

- Update to version 0.6.4~git31.4298eab0:
  * Elastic.Events.Client: Update to use new artifactset type
  * Kafka.Events.Client: Update to use new artifactset type
  * artifacts: add artifactset parameter type
  * api: add type and description fields to v1/GetArtifacts endpoint

OBS-URL: https://build.opensuse.org/request/show/976928
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=16
2022-05-12 18:34:03 +00:00
6b715abe43 Accepting request 976815 from home:jeff_mahoney:branches:security:sensor
- Update to version 0.6.4~git26.4407b9b7:
  * Add artifact for chattrsnoop plugin
  * bpflib: ensure it's built only on linux and when requesting bpf
  * Add chattrsnoop plugin
  * tcpsnoop: Properly close module in case of attach error
  * Add artifacts for dns/tcp snoop plugins
  * tcpsnoop: Add timestamp to generated events
  * dnssnoop: Add timestamp to generated events

- Update to version 0.6.4~git26.4407b9b7:
  * Add artifact for chattrsnoop plugin
  * bpflib: ensure it's built only on linux and when requesting bpf
  * Add chattrsnoop plugin
  * tcpsnoop: Properly close module in case of attach error
  * Add artifacts for dns/tcp snoop plugins
  * tcpsnoop: Add timestamp to generated events
  * dnssnoop: Add timestamp to generated events

OBS-URL: https://build.opensuse.org/request/show/976815
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=15
2022-05-12 17:50:00 +00:00
2d6a29d947 Accepting request 975255 from home:jeff_mahoney:security:sensor:devel
- Fix error handling in tcpsnoop and dnssnoop.
  * If BTF information is unavailable, there is no indication that the
    query has failed.

- Rebase on 0.6.4:
  * Updated dependencies
  * Bugfix: startup bugs (#1680)
  * bugfix: Server event notebook not correctly created (#1737)
  * Bugfix: Start a dummy indexing service (#1736)
  * Add bugfix which would return no rows if the user removed whitelist (#1735)
  * Fixed bug in read_reg_key (#1734)
  * BUGFIX: Do not include config flag when darwin installer is repacked (#1733)
  * Refactored index into its own service. (#1730)
  * Bugfix: Write one index item per JSONL record. (#1727)
  * Bugfix: Estimating client impact should consider last active status (#1726)
  * Add complete ntfs metadata option to MFT output (#1725)
  * Various bugfixes. (#1724)
  * Update Usn.yaml (#1723)
  * Fixed a bug in hunt download preparation. (#1722)
  * Add Windows.Forensics.Usn filter and presentation updates (#1720)
  * Optimize writing event monitoring records (#1721)
  * Add Generic.Detection.Yara.Zip (#1718)
  * Fixed crash on master-pong response. (#1719)
  * Remove _type option from elastic. (#1715)
  * Opportunistically update directly connected client's ping times (#1713)
  * Fixed a bug in hunt download preparation. (#1722)
  * Add Windows.Forensics.Usn filter and presentation updates (#1720)
  * Optimize writing event monitoring records (#1721)
  * Add Generic.Detection.Yara.Zip (#1718)
  * Fixed crash on master-pong response. (#1719)

OBS-URL: https://build.opensuse.org/request/show/975255
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=14
2022-05-05 18:38:36 +00:00
ae02f616a5 - Update to version 0.6.3~git19.640f7a1c:
* Add tcpsnoop plugin

- Update to version 0.6.3~git19.640f7a1c:
  * Add tcpsnoop plugin

OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=13
2022-03-18 16:16:16 +00:00
ce24aee9be - Update to version 0.6.3~git17.741ebb59:
* kafka-humio-gateway: update README.md
  * kafka-humio-gateway: Fix missing variable rename
  * Add Kafka-Humio Gateway [Depends on PR#10] (#8)

- Update to version 0.6.3~git17.741ebb59:
  * kafka-humio-gateway: update README.md
  * kafka-humio-gateway: Fix missing variable rename
  * Add Kafka-Humio Gateway [Depends on PR#10] (#8)

OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=11
2022-03-15 14:14:34 +00:00
abc6b0bb16 - Update to version 0.6.3~git13.af7fdb00:
* SUSE: Add SSHLogin artifacts
  * Add a Kafka export plugin
  * SUSE: Do build tests on every pull request
  * Add systemd-dev as build dependency for github workflow

- Update to version 0.6.3~git13.af7fdb00:
  * SUSE: Add SSHLogin artifacts
  * Add a Kafka export plugin
  * SUSE: Do build tests on every pull request
  * Add systemd-dev as build dependency for github workflow

OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=10
2022-03-15 02:18:53 +00:00
52390d084f Accepting request 955746 from home:jeff_mahoney:branches:security:sensor
Update to follow sensor-base-0.6.3 branch.

OBS-URL: https://build.opensuse.org/request/show/955746
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=9
2022-02-18 01:36:48 +00:00
089c8e865e Accepting request 952778 from home:jeff_mahoney:branches:security:sensor
- Added client systemd unit files to velociraptor package (LSS#5).
  Since the velociraptor binary in the 'server' package can
  also function as the client, we'll need the client config as well.

- Temporarily re-enable Windows artifacts (LSS#4).

OBS-URL: https://build.opensuse.org/request/show/952778
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=5
2022-02-08 17:50:07 +00:00
677448fe31 Accepting request 952144 from home:jeff_mahoney:branches:security:sensor
- Temporarily re-enable Windows artifacts.

OBS-URL: https://build.opensuse.org/request/show/952144
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=4
2022-02-07 18:30:48 +00:00
0365dcf377 Accepting request 950798 from home:jeff_mahoney:branches:security:sensor
- Resolved some rpmlint warnings and added client config placeholder.

- Update to version 0.6.3~git0.69e0fffa:
  * Prepare for 0.6.3 release (#1515)
  * add limitations to description and key path to query (#1514)
  * Retry remote datastore connections (#1513)
  * Write minion log files and autocert in its own dir.  (#1512)
  * Synced KapeFiles artifacts (#1511)
  * Added data retention server artifacts (#1510)
  * Set an upper limit for ttl in memcache (#1508)
  * Add updates to Windows.System.Services (#15) (#1509)
  * Ensure collector container is properly closed when interrupted. (#1507)
  * Continually rebuild the index at runtime. (#1506)
  * Harder vacuum - directly move client task directories to the attic. (#1505)
  * add limitation disclaimer (#1504)
  * Reduce critial section to avoid deadlock in repository manager (#1503)
  * Implemented a vacuum command to remove old tasks from client queues. (#1501)
  * Better format profile metrics output. (#1495)
  * Cap size of directories and report large directories. (#1493)
  * Set ACE completers per editor to avoid global state. (#1492)
  * Add HttpOnly flag to all cookies. (#1491)
  * Refactor completion routine calls (#1490)
  * fix: upgrade react-bootstrap from 1.3.0 to 1.6.4 (#1486)
  * fix: upgrade http-proxy-middleware from 1.0.5 to 1.3.1 (#1485)
  * fix: upgrade react-ace from 9.1.3 to 9.5.0 (#1487)
  * fix: upgrade recharts from 2.0.9 to 2.1.8 (#1488)
  * fix: upgrade react-datetime-picker from 3.0.4 to 3.4.3 (#1489)
  * Limit size of cached directories. (#1483)
  * Add more instrumentation to memory caches. (#1482)
  * Fixed chart resizing bug (#1481)

OBS-URL: https://build.opensuse.org/request/show/950798
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=3
2022-02-02 18:59:59 +00:00
13a001b73e osc copypac from project:home:jeff_mahoney:security:sensor package:velociraptor revision:2
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=1
2022-01-21 17:45:44 +00:00