Releases: threathunters-io/laurel
Releases · threathunters-io/laurel
Release v0.6.4
New features and fixes:
- Log to an external program or script
- Add/remove process labels based on command line (execve() argv argument)
- Fixed a bug in tracking of processes across double-forks (shell scripts, sudo, etc.)
- Fixed permission problem when tracking log files using tail
- The parser for Linux Audit logs has been split off into a separate library
Release v0.6.3
Bugfix/maintenance release
- Fix log file ACLs causing fatal errors with broken NSS backends
- SELinux policy updates
- Small documentation updates
- Update dependency versions
Release v0.6.2
Maintenance release:
- Change in filtering behavior: Keep first event for new processes (configurable)
- Small bug fixes
- SELinux policy fixes , thanks to @comawill
- Bump MSRV to 1.70
- Update dependency versions
Contributors
comawill
Assets 6
Release v0.6.1
Mostly a bugfix release
- Fix signal handling, especially SIGHUP
- Fix serialization for node names
- Perform user-groups enrichment independently of other userdb lookups
- Update syscall table
Release v0.6.0
Notable changes:
- Add UID_GROUPS enrichment for secondary group memberships
- Remove deprecated PARENT_INFO sub-structure
- Config marker that is written to Syslog
- Slight output performance improvements
- Internals: Refactor, simplify data structures
- Fixes for non-standard architectures (32bit, big-endian), thanks to Debian
- Minor fixes (parser, block device number handling)
Release v0.5.6
- Improvements in enrichment of data from short-lived processes
- New regular-expression-based filter for raw audit lines
- Various minor parser bug fixes
- Fixes in "drop-raw" behavior
- Fixes in documentation and example config file
Release v0.5.5
No new features, "just" a bugfix release.
- Ensure that internal process identifiers in shadow process table are unique
- smalll config parser improvement
Release v0.5.4
Notable features
- more reliable process tracking
- slight performance improvements
- an option to drop numeric UID, GID values
- various debugging options.
Release v0.5.3
Release 0.5.3
Release v0.5.2
- Add null key filter
- Fix process tracking for programs that fork without exec (e.g. shells)
- Add setup option to run laurel in a container on immutable container distros such as CoreOS
- Provide container image