-------------------------------------------------------------------
Fri Feb 18 00:52:01 UTC 2022 - jeffm@suse.com
- Update to version 0.6.3~git6.d95ed32e:
* Update the Linux.Events.SSHLogin artifact to scan the systemd journal
* Update the Linux.Syslog.SSHLogin artifact to scan the systemd journal
* Add parser to read systemd journal on Linux
* Add an artifact to enumerate immutable files under a path
* Add chattr function support for linux
* Make GitHub actions more flexible on Windows
-------------------------------------------------------------------
Thu Feb 10 02:13:36 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
- Add simple default config and provide /var/lib/velociraptor-client.
-------------------------------------------------------------------
Wed Feb 2 18:24:32 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
- Resolved some rpmlint warnings and added client config placeholder.
-------------------------------------------------------------------
Wed Feb 2 04:44:49 UTC 2022 - William Brown <william.brown@suse.com>
- Add client service file
-------------------------------------------------------------------
Thu Jan 27 17:33:45 UTC 2022 - jeffm@suse.com
- Update to version 0.6.3~git0.69e0fffa:
* Prepare for 0.6.3 release (#1515)
* add limitations to description and key path to query (#1514)
* Retry remote datastore connections (#1513)
* Write minion log files and autocert in its own dir. (#1512)
* Synced KapeFiles artifacts (#1511)
* Added data retention server artifacts (#1510)
* Set an upper limit for ttl in memcache (#1508)
* Add updates to Windows.System.Services (#15) (#1509)
* Ensure collector container is properly closed when interrupted. (#1507)
* Continually rebuild the index at runtime. (#1506)
* Harder vacuum - directly move client task directories to the attic. (#1505)
* add limitation disclaimer (#1504)
* Reduce critial section to avoid deadlock in repository manager (#1503)
* Implemented a vacuum command to remove old tasks from client queues. (#1501)
* Better format profile metrics output. (#1495)
* Cap size of directories and report large directories. (#1493)
* Set ACE completers per editor to avoid global state. (#1492)
* Add HttpOnly flag to all cookies. (#1491)
* Refactor completion routine calls (#1490)
* fix: upgrade react-bootstrap from 1.3.0 to 1.6.4 (#1486)
* fix: upgrade http-proxy-middleware from 1.0.5 to 1.3.1 (#1485)
* fix: upgrade react-ace from 9.1.3 to 9.5.0 (#1487)
* fix: upgrade recharts from 2.0.9 to 2.1.8 (#1488)
* fix: upgrade react-datetime-picker from 3.0.4 to 3.4.3 (#1489)
* Limit size of cached directories. (#1483)
* Add more instrumentation to memory caches. (#1482)
* Fixed chart resizing bug (#1481)
* Removed the old queries: list from artifacts. (#1480)
* [Snyk] Fix for 9 vulnerabilities (#1479)
* Remove lock around critical section. (#1478)
* Added MacOS.Forensics.AppleDoubleZip (#1476)
* Update Windows.Persistence.PermanentWMIEvents to add blind custom namespace detection (#13) (#1475)
* Make index snapshot frequency configurable
* fix APIConfigLoader not applying command line args (#1463)
* Flush index from memory to disk (#1470)
* Prepare RC2 (#1473)
* Bugfix: Setting notebook index did not escape username (#1471)
* Fixed 2 bugs with the memcache file store (#1469)
* Update flow active time when the result set is completed (#1468)
* Tag artifacts as built ins (#1467)
* Fixed bug in the pathspec() VQL function. (#1465)
* Update PrivateKeys.yaml (#1459)
* Added recursion_callback option to the glob plugin (#1461)
* Added config wizard for multi-frontend configuration (#1460)
* Calculate the sha256 hash of the offline container. (#1458)
* Artifact inspection GUI now allows pivot. (#1457)
* Client certs can now be specified in the config file. (#1456)
* New Upload File Form element (#1455)
* Added a sparse accessor (#1453)
* Hunt wizard estimates clients affected (#1452)
* Make the interrogation process customizable. (#1451)
* Update Info.yaml (#1427)
* Improved Lnk parser to include additional fields. (#1449)
* Added a Yara GUI element editor. (#1447)
* Added patch and merge to `config show` and `config generate` (#1445)
* Remove usage of FatalIfError from main module (#1443)
* Introduced a dedicated pathspec object (#1440)
* Bump is-svg from 4.2.2 to 4.3.0 in /gui/velociraptor (#1437)
* Only pass client config in the client VQL scope. (#1436)
* rework protobuf message generator (#1435)
* Update Autoruns.yaml
* Added test for filefinder (#1431)
* fix filters in filefinder artifact (#1430)
* Add Artifact to collect KapeFile targets on Linux (#1426)
* Enabled lazy quotes on csv parser (#1424)
* Fixed bug in client comms. (#1423)
* Add document filter for better usability (#1421)
* Added resource information to the output of parse_pe() (#1420)
* Low latency client connectivity discovery (#1419)
* Add RecentDocs collection (#1416)
* Update Amcache artifact for clarity (#1415)
* Added extra parameters to parse_csv() (#1413)
* Added netcat plugin to read from socket (#1412)
* Updated SRUM with Network Usage and Upload option (#1408)
* Synced darwin and freebsd file accessor with the linux one. (#1409)
* Added Windows.Forensics.SAM artifact (#1404)
* Initial artifacts can be specified in config (#1403)
* Add conhost.exe to binary rename (#1402)
* Add update Prefetch Btime execution fix (#1398)
* Update Prefetch timeline (#1397)
* Cleanup search API (#1396)
* Update protobuf dependencies. (#1394)
* More multi-frontend optimizations (#1393)
* Client info manager now keeps track of scheduled tasks. (#1392)
* add sid and lookupsid plugin (#1388)
* Add Mutant whitelist (#1387)
* Notify currently connected clients on new hunts (#1386)
* Index rebuild command loads new index service. (#1385)
* Changes to support distributed architecture. (#1384)
* Added procdump and procdump64 (#1382)
* Fixed heavy mutex contention in the labeler. (#1375)
* Add shellcode to CobaltStrike carver (#10) (#1373)
* Added an index rebuild command. (#1369)
* GUI artifact form was ignoring the friendly name attribute (#1368)
* Added a specialized form element for regex parameters. (#1367)
* Added a gRPC based remote datastore (#1366)
* Display all subauthorities for GUID in SRUM (#1365)
* Verify all gRPC peer certificates were signed by the Velociraptor CA (#1362)
* Implemented MemcacheFileDatastore - memory caching with file backend (#1361)
* Added new plugins to manipulate event tables easier. (#1355)
* Refactored in memory datastore to be more efficient. (#1353)
* Sync vfilter (#1351)
* Add both fqdn and hostname to the client search table (#1350)
* BUGFIX: Datastore on windows is unable to represent files with . (#1348)
* Added buffer_size parameter to parse_records_with_regex() (#1347)
* Propagate column types from artifact to flow notebook. (#1346)
* Cobalt parser update (#1345)
* Allow listener to not use file buffer. (#1344)
* Fix Deployment documentation link in README (#1343)
* Preserve uint64 types across Listener (#1341)
* Fix spelling (#1339)
* Refactored queue listener to preserve order. (#1340)
* Added a magic() VQL function (#1338)
* Fixed bug in CSS (#1337)
-------------------------------------------------------------------
Thu Jan 27 17:27:42 UTC 2022 - jeffm@suse.com
- Update to version 0.6.2~git0.8dd598b2:
* Update ese parser to fix timestamp bug
* Prepare final 0.6.2 release (#1363)
* Verify all gRPC peer certificates were signed by the Velociraptor CA
* Removed search index parallelism (#1358)
* Added new plugins to manipulate event tables easier. (#1355)
* Sync vfilter (#1351)
* Add both fqdn and hostname to the client search table (#1350)
* BUGFIX: Datastore on windows is unable to represent files with . (#1348)
* Added buffer_size parameter to parse_records_with_regex() (#1347)
* Propagate column types from artifact to flow notebook. (#1346)
-------------------------------------------------------------------
Thu Jan 6 21:50:43 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
- Remove dependencies on nodejs since we don't use it in client mode.
-------------------------------------------------------------------
Thu Jan 06 20:14:39 UTC 2022 - jeffm@suse.com
- Update to version 0.6.2~git73.dc02b45e:
* Update PrivateKeys.yaml (#1459)
* Added recursion_callback option to the glob plugin (#1461)
* Added config wizard for multi-frontend configuration (#1460)
* Calculate the sha256 hash of the offline container. (#1458)
* Artifact inspection GUI now allows pivot. (#1457)
* Client certs can now be specified in the config file. (#1456)
* New Upload File Form element (#1455)
* Added a sparse accessor (#1453)
* Hunt wizard estimates clients affected (#1452)
* Make the interrogation process customizable. (#1451)
-------------------------------------------------------------------
Tue Dec 21 20:25:43 UTC 2021 - Jeff Mahoney <jeffm@suse.com>
- Disable Windows artifacts. We don't target Windows endpoints and
the queries clutter the GUI.
-------------------------------------------------------------------
Thu Dec 16 14:12:05 UTC 2021 - Jeff Mahoney <jeffm@suse.com>
- Switch to using master branch via service files.
- Added update-vendoring.sh to update the nodejs and go dependencies
after version update.
- Now building with linux_bare target that disables the GUI for
endpoint usage.
- Patch the version string to reflect the package version instead
of an indistinguishable <next-tag>-dev.
-------------------------------------------------------------------
Thu Dec 2 01:46:34 UTC 2021 - Jeff Mahoney <jeffm@suse.com>
- Initial packaging.