djoreilly
commented
9 months ago I think the SUSE: Add docker-compose environment commit should be removed now that we are not using the kafka-humio-gateway anymore.
Closed jeffmahoney closed 9 months ago
djoreilly
commented
9 months ago I think the SUSE: Add docker-compose environment commit should be removed now that we are not using the kafka-humio-gateway anymore.
djoreilly
commented
9 months ago We are missing a few cronsnoop fixes that were in 0.6.7.
jeffmahoney
commented
9 months ago I think the
SUSE: Add docker-compose environmentcommit should be removed now that we are not using the kafka-humio-gateway anymore.
No, because docker-compose is still the right way to deploy this in small environments. It's simplified because we don't need the kafka-humio-gateway, but we still need the proxy. The commit also documents how to deploy.
jeffmahoney
commented
9 months ago also staticcheck found
$ ~/go/bin/staticcheck vql/linux/audit/*go vql/linux/audit/audit_listener.go:19:2: field timeout is unused (U1000) vql/linux/audit/audit_mock_client_test.go:81:2: field client is unused (U1000) vql/linux/audit/audit_mock_client_test.go:82:2: field scope is unused (U1000) vql/linux/audit/audit_service.go:141:22: should use make([]byte, bufSize) instead (S1019) vql/linux/audit/audit_service.go:162:6: type auditBufs is unused (U1000) vql/linux/audit/audit_service.go:543:4: ineffective break statement. Did you mean to break out of the outer loop? (SA4011) vql/linux/audit/audit_service.go:794:4: ineffective break statement. Did you mean to break out of the outer loop? (SA4011)
This PR updates the base version of Velociraptor to 0.7.0 and re-applies the Linux Security Sensor extensions.