Revisions of velociraptor
Jeff Mahoney (jeff_mahoney)
accepted
request 1060074
from
Jeff Mahoney (jeff_mahoney)
(revision 37)
Fixed commit message after patch rename - vendor-build-fixes-for-SLE12.patch - vendor-build-fixes-for-SLE12.patch
Jeff Mahoney (jeff_mahoney)
accepted
request 1060071
from
Jeff Mahoney (jeff_mahoney)
(revision 36)
- Increase required release to enable eBPF to SLE 15 SP2 and openSUSE Leap 15.2. Earlier versions don't have a usable eBPF and can't easily build llvm13. - Increase required release to enable eBPF to SLE 15 SP2 and openSUSE Leap 15.2. Earlier versions don't have a usable eBPF and can't easily build llvm13.
Jeff Mahoney (jeff_mahoney)
accepted
request 1060070
from
Jeff Mahoney (jeff_mahoney)
(revision 35)
- Remove dependency on bpftool. We use the vmlinux.h archive to provide vmlinux.h. - Restored %defattr due to SLE12 using rpm-4.11. - Fix builds in vendor code on SLE12 - Fix build in third_party/sdjournal due to older systemd on SLE12 - Added patches: - vendor-go-magic-build-fix-for-SLE12.patch - sdjournal-build-fix-for-SLE12.patch - Remove dependency on bpftool. We use the vmlinux.h archive to provide vmlinux.h. - Restored %defattr due to SLE12 using rpm-4.11. - Fix builds in vendor code on SLE12 - Fix build in third_party/sdjournal due to older systemd on SLE12 - Added patches: - vendor-go-magic-build-fix-for-SLE12.patch - sdjournal-build-fix-for-SLE12.patch
Jeff Mahoney (jeff_mahoney)
accepted
request 1060003
from
Dirk Mueller (dirkmueller)
(revision 34)
- add memory limit to systemd unit
Dominique Leuenberger (dimstar_suse)
accepted
request 1059630
from
Jeff Mahoney (jeff_mahoney)
(revision 33)
initialized devel package after accepting 1059630
Jeff Mahoney (jeff_mahoney)
accepted
request 1059625
from
Jeff Mahoney (jeff_mahoney)
(revision 32)
--------------------------------------------------------------------- - Restore requirement to build with clang13. Newer versions cause libbpfgo to crash immediately. ----------------------------------------------------------------- - Added support for setting command line options via sysconfig - Restore requirement to build with clang13. Newer versions cause libbpfgo to crash immediately. - Added support for setting command line options via sysconfig
Jeff Mahoney (jeff_mahoney)
committed
(revision 31)
- Update to version 0.6.7.4~git53.0e85855: * sdjournal: work around missing _SYSTEMD_UNIT fields - Update to version 0.6.7.4~git53.0e85855: * sdjournal: work around missing _SYSTEMD_UNIT fields
Jeff Mahoney (jeff_mahoney)
accepted
request 1059461
from
Jeff Mahoney (jeff_mahoney)
(revision 30)
- Clean up for Factory submission: - Make bpf-enabled builds conditional - Removed %defattr and combined service lines. - Change clang and llvm dependencies to use >= 13 - Newer versions of clang hit a DWARF parsing bug in go < 1.19, so increase go version dependecy - Define ExclusiveArch for x86_64, ppc64le, aarch64, and s390x Neither the client or server builds on ix86. - Added Restart=on-failure to restart the client automatically. - Update to version 0.6.7.4~git51.a588d6e4: * magefile.go: use current architecture for Linux builds * Update libbpfgo submodule to include non-AMD64 build fixes * bpf: bpf expects s390 instead of s390x - Clean up for Factory submission: - Make bpf-enabled builds conditional - Removed %defattr and combined service lines. - Change clang and llvm dependencies to use >= 13 - Newer versions of clang hit a DWARF parsing bug in go < 1.19, so increase go version dependecy - Define ExclusiveArch for x86_64, ppc64le, aarch64, and s390x Neither the client or server builds on ix86. - Update to version 0.6.7.4~git51.a588d6e4: * magefile.go: use current architecture for Linux builds * Update libbpfgo submodule to include non-AMD64 build fixes * bpf: bpf expects s390 instead of s390x
Jeff Mahoney (jeff_mahoney)
committed
(revision 29)
- Define ExclusiveArch for x86_64, ppc64le, aarch64, and s390x Neither the client or server builds on ix86. - Define ExclusiveArch for x86_64, ppc64le, aarch64, and s390x Neither the client or server builds on ix86.
Jeff Mahoney (jeff_mahoney)
committed
(revision 28)
Added update-vendoring.sh to source list
Jeff Mahoney (jeff_mahoney)
committed
(revision 27)
Removed obsolete Dockerfile
Jeff Mahoney (jeff_mahoney)
committed
(revision 26)
- Update to version 0.6.7.4~git46.5d88d80: * contrib/kafka-humio-gateway: add new debug option for noisy events * contrib/kafka-humio-gateway: backoff and retry for metadata * vql/server/kafka: connect sarama logging to velociraptor logging * vql/server/kafka: add exponential backoff (limited to 30s) for metadata retries * vql/server/kafka: set appropriate ClientID - Update to version 0.6.7.4~git46.5d88d80: * contrib/kafka-humio-gateway: add new debug option for noisy events * contrib/kafka-humio-gateway: backoff and retry for metadata * vql/server/kafka: connect sarama logging to velociraptor logging * vql/server/kafka: add exponential backoff (limited to 30s) for metadata retries * vql/server/kafka: set appropriate ClientID
Jeff Mahoney (jeff_mahoney)
accepted
request 1040837
from
Jeff Mahoney (jeff_mahoney)
(revision 25)
- Update to version 0.6.7.4~git41.678ed56: * rpm: introduce rpm vql plugin * users: extend DeleteUser testcase to ensure org membership was dropped * users: ensure baseline user state is correct * github: run testcases on Linux builds in new workflow * gui/reporting: update bluemonday dependency to latest * SSHLogin: require _TRANSPORT != 'kernel' from watch_journal() * SUSE: Add docker-compose environment * SUSE: add Docker files * clients/host-info.js: add MAC addresses to client dashboard * linux: Add ability to interrogate system and network configuration * Add Linux.Sys.Bash to Server.Monitor.Shell artifact * kafka-humio-gateway: add sample config file * Updating the NewFiles and ProcessStatuses Artifacts * cronsnoop: rework testcases to use t.TempDir * vql/linux/cronsnoop: Add cronsnoop() plugin * Extend audit artifacts to use new interface * audit: rearchitect plugin to scale better with multiple invocations * audit: use caller-allocated buffer * use github.com/jeffmahoney/go-libaudit/v2 for audit * Kafka.Events.Client: Update to use new artifactset type * Add artifact for chattrsnoop plugin * bpflib: ensure it's built only on linux and when requesting bpf * Add chattrsnoop plugin * Add artifact to monitor user group updates (#24) * vql/linux/dnssnoop: Add dnssnoop() plugin * Log Sudo/root command by auditd * Add custom artifacts for login and logout attempts recorded by auditd * Add tcpsnoop plugin * vql/linux/bpflib: add helper package for bpf plugins
Jeff Mahoney (jeff_mahoney)
accepted
request 1035679
from
Jeff Mahoney (jeff_mahoney)
(revision 24)
re-add vmlinux handling
Jeff Mahoney (jeff_mahoney)
accepted
request 1035328
from
Jeff Mahoney (jeff_mahoney)
(revision 23)
ok
Jeff Mahoney (jeff_mahoney)
accepted
request 1035327
from
Jeff Mahoney (jeff_mahoney)
(revision 22)
- Update to version 0.6.4.2~git86.b5931f7: * cleanup: go mod tidy - Fix vendoring of replaced modules. - Only require libtsan0 on x86_64 - Only attempt to copy vmlinux.h if /sys/kernel/btf/vmlinux doesn't exist - Fix building of libbpfgo on i586 - Update to version 0.6.4.2~git84.1b38fda: * Clean up libbpfgo mess * libbpfgo: use forked repo for fully static builds * libbpfgo: sync to v0.4.4-libbpf-1.0.1 * contrib/kafka-humio-gateway: add new debug option for noisy events * contrib/kafka-humio-gateway: backoff and retry for metadata * vql/server/kafka: connect sarama logging to velociraptor logging * vql/server/kafka: add exponential backoff (limited to 30s) for metadata retries * vql/server/kafka: set appropriate ClientID * libbpfgo: add selftest to build so testcases work * cronsnoop: rework testcases to use t.TempDir * cronsnoop: move external dependencies to end of import list * SSHLogin: require _TRANSPORT != 'kernel' from watch_journal() - Update to version 0.6.4.2~git67.85b608e: * clients/host-info.js: add MAC addresses to client dashboard * linux: Add ability to interrogate system and network configuration * SUSE: Add docker-compose environment * SUSE: add Docker files * Add Linux.Sys.Bash to Server.Monitor.Shell artifact * api/authenticators: fix handling of missing oauthstate cookie for OAUTH2 * kafka-humio-gateway: add sample config file * Updating the NewFiles and ProcessStatuses Artifacts
Jeff Mahoney (jeff_mahoney)
committed
(revision 21)
- Update to version 0.6.4.2~git70.b7df8172: * file_store: handle watching artifacts with named sources - Update to version 0.6.4.2~git70.b7df8172: * file_store: handle watching artifacts with named sources
Jeff Mahoney (jeff_mahoney)
committed
(revision 20)
- Update to version 0.6.4.2~git68.5226b23b: * api/authenticators/basic: fix logoff endpoint * clients/host-info.js: add MAC addresses to client dashboard * linux: Add ability to interrogate system and network configuration * SUSE: Add docker-compose environment * SUSE: add Docker files * Add Linux.Sys.Bash to Server.Monitor.Shell artifact - Update to version 0.6.4.2~git68.5226b23b: * api/authenticators/basic: fix logoff endpoint * clients/host-info.js: add MAC addresses to client dashboard * linux: Add ability to interrogate system and network configuration * SUSE: Add docker-compose environment * SUSE: add Docker files * Add Linux.Sys.Bash to Server.Monitor.Shell artifact
Jeff Mahoney (jeff_mahoney)
accepted
request 998259
from
Jeff Mahoney (jeff_mahoney)
(revision 19)
- Updated vendoring. - Fixed update-vendoring script to use an independent go module cache. - Updated vendoring. - Fixed update-vendoring script to use an independent go module cache.
Jeff Mahoney (jeff_mahoney)
accepted
request 998240
from
Jeff Mahoney (jeff_mahoney)
(revision 18)
- Update to version 0.6.4.2~git59.5ebb49db: * api/authenticators: fix handling of missing oauthstate cookie for OAUTH2 - Update to version 0.6.4.2~git57.fcb11adf: * kafka-humio-gateway: add sample config file - Updated BuildRequires to use go 1.17 after updating vendoring - Add vmlinux.h from 5.18.9-2-default to provide type information (x86_64 only) - Update to version 0.6.4.2~git56.47b4adb4: * Updating the NewFiles and ProcessStatuses Artifacts * cronsnoop: Add plugin which is able to snoop removal/addition of cron… (#37) * third_party/go-libaudit: don't directly use unix.* * Add Linux.Remediation.Quarantine artifact * Extend audit artifacts to use new interface * audit: rearchitect plugin to scale better with multiple invocations * third_party/go-libaudit: move handling of receive buffer to caller * third_party/go-libaudit: move buffer handling from netlink to audit * third_party/go-libaudit: allow audit fd to be pollable * third_party/go-libaudit: Add support for removing individual rules * third_party/go-libaudit: rule.Rule.Build: Don't assume that no syscalls means all syscalls * third_party/go-libaudit: Report missing rules during deletion * import go-libaudit as a third-party module * quarantine: actually call the OS-specific artifact * artifactset: add ability to select named sources * GUI: Artifact selector (#1790) * host-info: make quarantine UI more robust with non-Windows client hosts * shell-viewer: default to Bash on non-Windows clients
Displaying revisions 41 - 60 of 77