* Thu Jan 26 2023 jeffm@suse.com
- Update to version 0.6.7.4~git63.4a1ed09d:
* utils/time.js: fix handling of nanosecond-resolution timestamps
- Added patches:
* velociraptor-reproducible-timestamp.diff
* Tue Jan 24 2023 Jeff Mahoney <jeffm@suse.com>
- Use obsinfo mtime to produce stable build timestamp (bsc#1207369).
* Tue Jan 24 2023 jeffm@suse.com
- Update to version 0.6.7.4~git60.8abed37a:
* http_comms: create ring buffer temporary file in the same directory
* cronsnoop: plumb in real scope logging
* cronsnoop: don't treat routine errors as fatal
* cronsnoop: fix typo
* Sat Jan 21 2023 Jeff Mahoney <jeffm@suse.com>
- Fixed release detection to include Tumblweed
* Sat Jan 21 2023 Jeff Mahoney <jeffm@suse.com>
- Increase required release to enable eBPF to SLE 15 SP2 and
openSUSE Leap 15.2. Earlier versions don't have a usable eBPF
and can't easily build llvm13.
* Sat Jan 21 2023 Jeff Mahoney <jeffm@suse.com>
- Remove dependency on bpftool. We use the vmlinux.h archive
to provide vmlinux.h.
* Fri Jan 20 2023 Jeff Mahoney <jeffm@suse.com>
- Restored %defattr due to SLE12 using rpm-4.11.
- Fix builds in vendor code on SLE12
- Fix build in third_party/sdjournal due to older systemd on SLE12
- Added patches:
- vendor-build-fixes-for-SLE12.patch
- sdjournal-build-fix-for-SLE12.patch
* Thu Jan 19 2023 Jeff Mahoney <jeffm@suse.com>
- Restore requirement to build with clang13. Newer versions
cause libbpfgo to crash immediately.
* Thu Jan 19 2023 Jeff Mahoney <jeffm@suse.com>
- Added support for setting command line options via sysconfig
* Thu Jan 19 2023 Jeff Mahoney <jeffm@suse.com>
- Update to version 0.6.7.4~git53.0e85855:
* sdjournal: work around missing _SYSTEMD_UNIT fields
* Thu Jan 19 2023 Jeff Mahoney <jeffm@suse.com>
- Clean up for Factory submission:
- Make bpf-enabled builds conditional
- Removed %defattr and combined service lines.
- Change clang and llvm dependencies to use >= 13
- Newer versions of clang hit a DWARF parsing bug in go < 1.19,
so increase go version dependecy
- Define ExclusiveArch for x86_64, ppc64le, aarch64, and s390x
Neither the client or server builds on ix86.
* Mon Dec 12 2022 Jeff Mahoney <jeffm@suse.com>
- Update to version 0.6.7.4~git51.a588d6e4:
* magefile.go: use current architecture for Linux builds
* Update libbpfgo submodule to include non-AMD64 build fixes
* bpf: bpf expects s390 instead of s390x
* Wed Dec 07 2022 Jeff Mahoney <jeffm@suse.com>
- Update to version 0.6.7.4~git46.5d88d80:
* contrib/kafka-humio-gateway: add new debug option for noisy events
* contrib/kafka-humio-gateway: backoff and retry for metadata
* vql/server/kafka: connect sarama logging to velociraptor logging
* vql/server/kafka: add exponential backoff (limited to 30s) for metadata retries
* vql/server/kafka: set appropriate ClientID
* Wed Dec 07 2022 Jeff Mahoney <jeffm@suse.com>
- Update to version 0.6.7.4~git41.678ed56:
* rpm: introduce rpm vql plugin
* users: extend DeleteUser testcase to ensure org membership was dropped
* users: ensure baseline user state is correct
* github: run testcases on Linux builds in new workflow
* gui/reporting: update bluemonday dependency to latest
* SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()
* SUSE: Add docker-compose environment
* SUSE: add Docker files
* clients/host-info.js: add MAC addresses to client dashboard
* linux: Add ability to interrogate system and network configuration
* Add Linux.Sys.Bash to Server.Monitor.Shell artifact
* kafka-humio-gateway: add sample config file
* Updating the NewFiles and ProcessStatuses Artifacts
* cronsnoop: rework testcases to use t.TempDir
* vql/linux/cronsnoop: Add cronsnoop() plugin
* Extend audit artifacts to use new interface
* audit: rearchitect plugin to scale better with multiple invocations
* audit: use caller-allocated buffer
* use github.com/jeffmahoney/go-libaudit/v2 for audit
* Kafka.Events.Client: Update to use new artifactset type
* Add artifact for chattrsnoop plugin
* bpflib: ensure it's built only on linux and when requesting bpf
* Add chattrsnoop plugin
* Add artifact to monitor user group updates (#24)
* vql/linux/dnssnoop: Add dnssnoop() plugin
* Log Sudo/root command by auditd
* Add custom artifacts for login and logout attempts recorded by auditd
* Add tcpsnoop plugin
* vql/linux/bpflib: add helper package for bpf plugins
* libbpfgo: add submodule with forked repo for fully static builds
* Add Kafka-Humio Gateway [Depends on PR#10] (#8)
* Add a Kafka export plugin
* SUSE: Add SSHLogin artifacts
* SUSE: Do build tests on every pull request
* Add systemd-dev as build dependency for github workflow
* Update the Linux.Events.SSHLogin artifact to scan the systemd journal
* Update the Linux.Syslog.SSHLogin artifact to scan the systemd journal
* Add parser to read systemd journal on Linux
* Linux.Detection.ImmutableFiles: Enumerate immutable files under a path
* linux: add lsattr() function to enumerate file attributes
* Github: Run build workflow on each pull request
* More fixes for Windows.System.VAD (#2317) (#2318)
* Bugfix: When org is not specified this JS code raised (#2315) (#2316)
* Tue Dec 06 2022 Jeff Mahoney <jeffm@suse.com>
- Update to version 0.6.7.3~git41.fa6afa7:
* rpm: introduce rpm vql plugin
* users: extend DeleteUser testcase to ensure org membership was dropped
* users: ensure baseline user state is correct
* github: run testcases on Linux builds
* gui/reporting: update bluemonday dependency to latest
* SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()
* SUSE: Add docker-compose environment
* SUSE: add Docker files
* clients/host-info.js: add MAC addresses to client dashboard
* linux: Add ability to interrogate system and network configuration
* Add Linux.Sys.Bash to Server.Monitor.Shell artifact
* kafka-humio-gateway: add sample config file
* Updating the NewFiles and ProcessStatuses Artifacts
* cronsnoop: rework testcases to use t.TempDir
* vql/linux/cronsnoop: Add cronsnoop() plugin
* Extend audit artifacts to use new interface
* audit: rearchitect plugin to scale better with multiple invocations
* audit: use caller-allocated buffer
* use github.com/jeffmahoney/go-libaudit/v2 for audit
* Kafka.Events.Client: Update to use new artifactset type
* Add artifact for chattrsnoop plugin
* bpflib: ensure it's built only on linux and when requesting bpf
* Add chattrsnoop plugin
* Add artifact to monitor user group updates (#24)
* vql/linux/dnssnoop: Add dnssnoop() plugin
* Log Sudo/root command by auditd
* Add custom artifacts for login and logout attempts recorded by auditd
* Add tcpsnoop plugin
* vql/linux/bpflib: add helper package for bpf plugins
* libbpfgo: add submodule with forked repo for fully static builds
* Add Kafka-Humio Gateway [Depends on PR#10] (#8)
* Add a Kafka export plugin
* SUSE: Add SSHLogin artifacts
* SUSE: Do build tests on every pull request
* Add systemd-dev as build dependency for github workflow
* Update the Linux.Events.SSHLogin artifact to scan the systemd journal
* Update the Linux.Syslog.SSHLogin artifact to scan the systemd journal
* Add parser to read systemd journal on Linux
* Linux.Detection.ImmutableFiles: Enumerate immutable files under a path
* linux: add lsattr() function to enumerate file attributes
* Github: Run build workflow on each pull request
* Bugfix: Do not materialize the VAD array in Windows.System.VAD (#2311)
* Sync to master's bugfixes (#2309)
* Prepare for 0.6.7-2 release (#2300)
* 0.6.7 sync (#2261)
* 0.6.7 sync3 (#2256)
* 0.6.7 sync (#2239)
* Prepare a 0.6.7-rc3 (#2217)
* Bugfix: sparse files were not properly detected. (#2200) (#2201)
* Propagate progress timeout for collections. (#2193)
* Verify client's key with or without the org id. (#2192)
* Add Windows.System.Shares (#2191)
* Allow artifacts to have aliases (#2190)
* Added a regex_array column type to allow multiple regex to be set. (#2188)
* [Snyk] Upgrade react-router-dom from 5.3.3 to 5.3.4 (#2180)
* Add 'UsedBy' column to results (#2186)
* Update flow and hunt download exports to use the container (#2185)
* Disable toolbar buttons when no options are available (#2183)
* Allow hunts to be scheduled on multiple orgs (#2182)
* Update WIndows PSList and VAD artifacts (#38) (#2181)
* Add in amcache (#2176)
* Added additional sources for UserAccessLogs (aka SUM) artifact (#2179)
* Fixed tests (#2177)
* [Snyk] Upgrade styled-components from 5.3.5 to 5.3.6 (#2174)
* Page Cell logs in notebook (#2172)
* Break client connection stats by org id (#2171)
* Added a remapping export to Windows.Registry.NTUser (#2170)
* Added tlsh hash (#2169)
* Check sparse files for large size before padding them out. (#2167)
* Linux and macOS Packet Capture Artifact Updates (#2168)
* Update deps (#2166)
* Add some suggested groks for parsing IIS logs (#2165)
* Refactor collection container (#2163)
* Implement transparent decryption for collector accessor (#2162)
* [Snyk] Upgrade ace-builds from 1.11.0 to 1.11.1 (#2161)
* Automatically decrypt collections with collector accessor (#2159)
* Fix css colors. (#2158)
* [Snyk] Upgrade ace-builds from 1.10.1 to 1.11.0 (#2156)
* Retry reads on EOF in NTFS accessor (#2157)
* Updated zip implementation to support crypto (#2155)
* Target 'Cmdline' instead of 'CommandLine' (#2154)
* Bugfix: Extra interpolation when client logs messages with % (#2152)
* Add 'Active' column to show whether or not a firewall rule is enabled. (#2150)
* Added test for encrypted offline collector. (#2149)
* Update parsing for Dock plist details (#2148)
* Implement filter for large artifact forms (#2147)
* Add Public Key Encryption Support to Offline Collections (#2133)
* Implemented a max memory grouper (#2146)
* Check if setgid flag is set (#2145)
* [Snyk] Upgrade react-overlays from 5.2.0 to 5.2.1 (#2144)
* Add context to yara.NTFS (#36) (#2143)
* Add `auth_redirect_template` config for handling unauthorized API calls (#2140)
* Allow the user to specify a collection as urgent (#2139)
* Fix typo, slightly improve translations (de,fr) (#2137)
* Add 'CronScripts' query/source and 'Length' option (#2138)
* Check sanity of inventory service for all orgs (#2136)
* Change 'filename' to 'file' for upload (#2135)
* Sync with latest NTFS changes. (#2134)
* [Snyk] Upgrade classnames from 2.3.1 to 2.3.2 (#2130)
* Added URLRegex to FireFox history (#2129)
* Link to collection in host shell (#2128)
* additional references (#2126)
* Sync to go-ntfs (#2125)
* Provide the option to expand sparse files in export (#2124)
* Bugfix: Process address space lockup under some conditions (#2123)
* Added URLRegex to Firefox and Chrome history (#2122)
* Add note about RecentApps key not being available after Windows 10, version 1803 (#2119)
* Expose the communicator's crypto manager (#2118)
* Further refactor of the download handler. (#2117)
* [Snyk] Upgrade ace-builds from 1.10.0 to 1.10.1 (#2114)
* Uploaded files are now shows with client paths (#2116)
* [Snyk] Upgrade recharts from 2.1.13 to 2.1.14 (#2115)
* Maintain row count per query. (#2113)
* Update Trackaccount.yaml (#2112)
* Clean up artifact references (#2111)
* Prevent null error when choosing to calculate hash and when providing authenticode information (#2109)
* Add Length option and re-arrange output (#2107)
* Bugfix: Merge file option should work with config show (#2108)
* Always write content to lock files (#2106)
* [Snyk] Upgrade ace-builds from 1.9.6 to 1.10.0 (#2102)
* Authentication configuration error reporting/validation (#2101)
* auth: don't return a base path with two leading slashes (#2100)
* Added org report in root org dashboard (#2098)
* [Snyk] Upgrade react-bootstrap from 1.6.5 to 1.6.6 (#2094)
* [Snyk] Upgrade humanize-duration from 3.27.2 to 3.27.3 (#2095)
* authenticode is a function and not a plug (#2092)
* Allow '+' in usernames (#2093)
* Attempt to decompress client messages if errors occur. (#2088)
* Pass org config to mutations in MemcacheFileDataStore (#2087)
* Support oauth with a different base path. (#2082)
* Allow client->server compression to be disabled (#2081)
* Keep track of collected results using collection status (#2075)
* Enforce a hard timeout for incoming processing (#2074)
* Expand API of user service to include context (#2071)
* When creating a new org pass the new org id to the acl function (#2068)
* Allow collect_client() etc to accept ArtifactSpec protobuf (#2067)
* Only create initial orgs on first run. (#2066)
* Bugfix: Do not start multiple communicators in windows service. (#2064)
* Added initial_orgs to the config (#2063)
* Bugfix- Server.Utils.DeleteClient over sanitized client id (#2061)
* Fixed backwards compatible bug (#2057)
* [Snyk] Upgrade ace-builds from 1.9.5 to 1.9.6 (#2055)
* Fixed CSS for column selector ui (#2053)
* Split server sanity checks into root org and other orgs (#2052)
* collect each query's status separately (#2049)
* Pass org ids in href parameters (#2047)
* Org manager maintains services lifetime (#2045)
* Added org_delete() function to remove orgs. (#2042)
* Updated themes for context menu (#2041)
* Made context menus settable in the config file (#2040)
* Added Send to CyberChef context menu on table cells. (#2039)
* [Snyk] Upgrade ace-builds from 1.9.3 to 1.9.5 (#2037)
* [Snyk] Upgrade ace-builds from 1.8.1 to 1.9.3 (#2033)
* Bugfix: watch_usn() was not flushing the mft LRU properly (#2032)
* Bugfix: Maintain field order in sysmon based tracker (#2030)
* Added regex protocols for int, float etc. (#2028)
* Refactor client monitoring API to use service (#2027)
* Bugfix: Switch GUI to first available org (#2025)
* Update Linux pslist() to use CommandLine column (#2024)
* Add embedded stager parse usecase (#34) (#2023)
* update to clean up null fields (#2020)
* Refactor code to propagate the context in more cases. (#2019)
* Bugix: Raw file accessor had different behaviour on Windows (#2018)
* Cater for unknown parents in process tracker. (#2015)
* Fix sense of multiple regexp in all() function (#2014)
* Added all() and any() VQL functions (#2013)
* Capitalize 'i' in config generation output (#2012)
* Fixed crash in api_client command (#2010)
* Update UserAccessLogs.yaml (#2009)
* Fixed bug in UserAccessLog artifact (#2008)
* api/authenticators: fix handling of missing oauthstate cookie for OAUTH2 (#2000)
* Collect domain role info on interrogate (#1998)
* Added new GUI column type for tree (#1997)
* Fixed CSS to make column selector more visible (#1996)
* Send a System.Upload.Completion event on server artifact upload (#1995)
* Refactor of oauth code (#1993)
* Added some helpful server artifacts (#1992)
* Bugfix: "rpm server" command did not produce minion packages (#1991)
* Add ability to delete monitoring events. (#1990)
* Allow notebook GUI to set notebooks to public. (#1989)
* Allow the user to change password in the GUI (#1988)
* Added a delay() VQL function (#1987)
* Fixed a crash when add_monitoring was called without parameters. (#1986)
* Allow hunt() to limit by OS condition (#1985)
* [Snyk] Upgrade ace-builds from 1.7.1 to 1.8.1 (#1984)
* Fix "last_visit_time" timestamp (#1983)
* Added Generic.System.ProcessSiblings (#1982)
* [Snyk] Upgrade bootstrap from 4.6.1 to 4.6.2 (#1979)
* General cleanup (#1977)
* Update BinaryRename.yaml (#1976)
* Support multi orgs in server-server communication (#1975)
* Inventory service should upload tools to global public directory (#1973)
* fixed path issue (#1972)
* Support REG_MULTI_SZ in raw registry accessor (#1969)
* fix: upgrade interactjs from 1.10.16 to 1.10.17 (#1968)
* Update prefetch library to fix bug (#1965)
* The "fs" accessor should also be org sensitive. (#1964)
* Added user_grant() VQL function (#1963)
* fix: upgrade interactjs from 1.10.14 to 1.10.16 (#1961)
* fix: gui/velociraptor/package.json & gui/velociraptor/package-lock.json to reduce vulnerabilities (#1960)
* Several security related bugfixes. (#1962)
* Fixed bug in watch_evtx() (#1955)
* fix: upgrade ace-builds from 1.7.0 to 1.7.1 (#1952)
* Fixed visted_url typo (#1953)
* Added NewOrg artifact to make creating new orgs easier. (#1951)
* Fix broken deps due to snyke merge (#1950)
* build(deps): bump terser from 4.8.0 to 4.8.1 in /gui/velociraptor (#1946)
* fix: upgrade recharts from 2.1.11 to 2.1.12 (#1945)
* fix: upgrade @fortawesome/react-fontawesome from 0.1.18 to 0.2.0 (#1948)
* Added orgs() plugin and user management (#1949)
* fix: upgrade ace-builds from 1.6.1 to 1.7.0 (#1944)
* Add new embedded pe in data section parse (#1943)
* Refactor startup code (#1942)
* fix: upgrade qs from 6.10.4 to 6.11.0 (#1941)
* fix: upgrade recharts from 2.1.10 to 2.1.11 (#1939)
* fix: upgrade ace-builds from 1.6.0 to 1.6.1 (#1938)
* Added artifact Windows.Attack.IncorrectImagePath (#1927)
* Account for pid reuse in process tracker. (#1936)
* add precondition for only windows (#1935)
* Make ddclient service parameters configurable (#1933)
* fix: gui/velociraptor/package.json & gui/velociraptor/package-lock.json to reduce vulnerabilities (#1930)
* fix: upgrade interactjs from 1.10.13 to 1.10.14 (#1918)
* replace YaraUrl type (#1922)
* Add other url yara fixes (#1921)
* Update Glob.yaml (#1920)
* Fixed bug in startup code. (#1919)
* Initial commit of multitenant support (#1917)
* Adds three Linux artifacts (#1916)
* Fixed a crash when using artifact plugin with tools (#1915)
* Added a collector accessor (#1912)
* fix: upgrade interactjs from 1.10.11 to 1.10.13 (#1909)
* fix: upgrade qs from 6.10.3 to 6.10.4 (#1910)
* Japanese translation (#1906)
* Fix spanish translations. (#1907)
* fix: upgrade react-overlays from 5.1.2 to 5.2.0 (#1904)
* Add Shimcache reformat (#1892)
* A couple of performance tweaks. (#1903)
* Fix Amcache artifact (#1902)
* Retry axios requests (#1901)
* Revert "fix: upgrade ace-builds from 1.5.2 to 1.5.3 (#1899)" (#1900)
* fix: upgrade ace-builds from 1.5.2 to 1.5.3 (#1899)
* Use the auto accessor as first level of VFS (#1898)
* Theme fixes (#1895)
* Added additional logging for windows client service (#1894)
* Theme updates (#1893)
* Prepare for release 0.6.5 (#1890)
* Bugfix: CPU limit was not properly enforced on endpoint. (#1889)
* fix: upgrade react-calendar-timeline from 0.27.0 to 0.28.0 (#1887)
* fix: upgrade ace-builds from 1.5.1 to 1.5.2 (#1888)
* Improve the Windows.Sys.StartupItems artifact (#1886)
* Fixed the --remap flag (#1883)
* Fixed bug in client_delete() (#1882)
* Added a delete_flow VQL plugin (#1880)
* Add fix for generic bin file payload (#1879)
* Bugfix: Notebook calculation did not update cell (#1878)
* fix: upgrade humanize-duration from 3.27.1 to 3.27.2 (#1877)
* Revised Portuguese translation (#1876)
* Update usn.go (#1873)
* Added French language (#1874)
* Updated german translation (#1875)
* Refactor artifact plugin to be more efficient. (#1871)
* Update de.js (#1870)
* fix: upgrade ace-builds from 1.5.0 to 1.5.1 (#1867)
* Refactor server artifacts service (#1868)
* Refactored notebook into a service (#1863)
* fix: upgrade react-router-dom from 5.3.2 to 5.3.3 (#1861)
* fix: upgrade recharts from 2.1.9 to 2.1.10 (#1862)
* Bugfix: raw registry accessor supports read_file() (#1859)
* Add LogHunter - a generic grep over log capability (#1853)
* Added a GUI element to easily filter log messages (#1858)
* Added an oidc-cognito authenticator (#1854)
* build(deps): bump tar from 6.0.5 to 6.1.11 in /gui/velociraptor (#1852)
* fix: upgrade react-router-dom from 5.3.1 to 5.3.2 (#1850)
* Fix ACE font handling (#1849)
* Format timestamps opportunistically. (#1848)
* Update cidr_contains() to return true if any of the ranges match. (#1847)
* Sync KapeFiles and SQLECmd artifacts (#1845)
* Prepare 0.6.5-rc1 release (#1844)
* Added a default process tracker (#1843)
* Implement log levels in VQL (#1839)
* Theme development checkpoint (#1838)
* fix: upgrade ace-builds from 1.4.14 to 1.5.0 (#1836)
* fix: upgrade react-bootstrap from 1.6.4 to 1.6.5 (#1837)
* Added an LRU VQL function (#1835)
* Bugfix: VFS viewer was unable to access files with \ in name (#1832)
* use group SID instead of name to get local admins (#1833)
* Added Portuguese and Spanish languages (#1831)
* fix: upgrade react-overlays from 5.1.1 to 5.1.2 (#1830)
* Make display timezone user selectable (#1827)
* Added Musl build target (#1826)
* Fix deadlock in hunt dispatcher (#1825)
* Theme tweaks (#1821)
* add groupname parameter to LocalAdmins artifact (#1823)
* Fix/activitescache glob expression - Timeline.yaml (#1824)
* Update TemplateInjection.yaml (#1820)
* Prevent text wrap on sidebar (#1819)
* Added some missing translations (#1817)
* Added Deutsch UI Language (#1816)
* Support UNC paths in windows accessors. (#1815)
* Add enrichment callback for process tracker (#1814)
* Prevent null FailureActions error (#1811)
* Make ACL manager pluggable. (#1813)
* Allow custom override for GUI artifacts by default (#1810)
* Refactored hunt related functions to use the hunt_dispatcher (#1807)
* artifactset: add ability to select named sources (#1809)
* UI enhancements (#1805)
* Refactor: Create user manager service (#1804)
* New themes and refactoring of existing CSS (#1801)
* Bugfix: Server monitoring queries were not correctly cancelled. (#1803)
* Add gunzip function (#1802)
* GUI: Artifact selector (#1790)
* Refactor and improve the way clients send query related information (#1800)
* fix: upgrade axios from 0.26.1 to 0.27.2 (#1798)
* Add Cobalt Strike carver sleep function capability (#1795)
* Bugfix: Create new buffer to accumulate VQL results (#1794)
* Make velociraptor_client executable in postint script (#1788)
* Support addition on dicts (#1785)
* fix: upgrade moment from 2.29.2 to 2.29.3 (#1782)
* fix: upgrade react-router-dom from 5.3.0 to 5.3.1 (#1783)
* Reset nanny when client connection failed. (#1780)
* Fix artifacts that use yara parameters to specify yara type (#1779)
* SysmonInstall artifact now skips install if not needed (#1777)
* Suppress warning message for offline collector (#1776)
* Bug fix (#1774)
* Avoid bash process lingering around while server is running (#1775)
* oidc: Fix typo: Genric -> Generic (#1773)
* Make MaxWait for event table settable. (#1772)
* Fixed bug in Windows.Detection.Yara.Process (#1771)
* fix: upgrade react-scripts from 5.0.0 to 5.0.1 (#1770)
* Initial implementation of client side process tracker. (#1768)
* Bugfix: Client did not update list of query columns (#1767)
* Fixed bug in ETWSessions artifact (#1766)
* build(deps): bump async from 2.6.3 to 2.6.4 in /gui/velociraptor (#1761)
* Add update to ADSHunter for better output on complete system hunts (#28) (#1765)
* Add fix for dupliate entries from flattern bug (#1760)
* build(deps): bump ejs from 3.1.6 to 3.1.7 in /gui/velociraptor (#1758)
* build(deps): bump cross-fetch from 3.1.3 to 3.1.5 in /gui/velociraptor (#1759)
* Fix undefined types in some artifact parameters (#1757)
* Update Glob.yaml (#1754)
* Bugfix: Unable to set cpu limits in hunt GUI (#1751)
* Support case insensitive notebook cell types (#1747)
* Fixed a bug in the Userassist artifact (#1746)
* Bugfix: Hunt stats were not properly incremented (#1744)
* Invalidate transformed cache when the base table changes. (#1742)
* GUI Table widgets now can apply transformations on the table. (#1740)
* Update FilenameSearch.yaml (#1741)
* Fri Nov 11 2022 Jeff Mahoney <jeffm@suse.com>
- Update to version 0.6.4.2~git86.b5931f7:
* cleanup: go mod tidy
- Fix vendoring of replaced modules.
- Only require libtsan0 on x86_64
- Only attempt to copy vmlinux.h if /sys/kernel/btf/vmlinux doesn't exist
* Fri Nov 11 2022 Jeff Mahoney <jeffm@suse.com>
- Update to version 0.6.4.2~git84.1b38fda:
* Clean up libbpfgo mess
* libbpfgo: use forked repo for fully static builds
* libbpfgo: sync to v0.4.4-libbpf-1.0.1
* contrib/kafka-humio-gateway: add new debug option for noisy events
* contrib/kafka-humio-gateway: backoff and retry for metadata
* vql/server/kafka: connect sarama logging to velociraptor logging
* vql/server/kafka: add exponential backoff (limited to 30s) for metadata retries
* vql/server/kafka: set appropriate ClientID
* libbpfgo: add selftest to build so testcases work
* cronsnoop: rework testcases to use t.TempDir
* cronsnoop: move external dependencies to end of import list
* SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()
* Fri Nov 11 2022 Jeff Mahoney <jeffm@suse.com>
- Update to version 0.6.4.2~git67.85b608e:
* clients/host-info.js: add MAC addresses to client dashboard
* linux: Add ability to interrogate system and network configuration
* SUSE: Add docker-compose environment
* SUSE: add Docker files
* Add Linux.Sys.Bash to Server.Monitor.Shell artifact
* api/authenticators: fix handling of missing oauthstate cookie for OAUTH2
* kafka-humio-gateway: add sample config file
* Updating the NewFiles and ProcessStatuses Artifacts
* cronsnoop: Add plugin which is able to snoop removal/addition of cron… (#37)
* third_party/go-libaudit: don't directly use unix.*
* Add Linux.Remediation.Quarantine artifact
* Extend audit artifacts to use new interface
* audit: rearchitect plugin to scale better with multiple invocations
* third_party/go-libaudit: move handling of receive buffer to caller
* third_party/go-libaudit: move buffer handling from netlink to audit
* third_party/go-libaudit: allow audit fd to be pollable
* third_party/go-libaudit: Add support for removing individual rules
* third_party/go-libaudit: rule.Rule.Build: Don't assume that no syscalls means all syscalls
* third_party/go-libaudit: Report missing rules during deletion
* import go-libaudit as a third-party module
* quarantine: actually call the OS-specific artifact
* artifactset: add ability to select named sources
* GUI: Artifact selector (#1790)
* host-info: make quarantine UI more robust with non-Windows client hosts
* shell-viewer: default to Bash on non-Windows clients
* Thu Nov 10 2022 Jeff Mahoney <jeffm@suse.com>
- Update to version 0.6.4.2~git70.b7df8172:
* file_store: handle watching artifacts with named sources
* Thu Sep 29 2022 Jeff Mahoney <jeffm@suse.com>
- Update to version 0.6.4.2~git68.5226b23b:
* api/authenticators/basic: fix logoff endpoint
* clients/host-info.js: add MAC addresses to client dashboard
* linux: Add ability to interrogate system and network configuration
* SUSE: Add docker-compose environment
* SUSE: add Docker files
* Add Linux.Sys.Bash to Server.Monitor.Shell artifact