Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bugfix: Sync NTFS #2206

Merged
merged 1 commit into from
Nov 1, 2022
Merged

Bugfix: Sync NTFS #2206

merged 1 commit into from
Nov 1, 2022

Conversation

scudette
Copy link
Contributor

@scudette scudette commented Nov 1, 2022

  • USN path checks sequence number
  • Windows.Forensics.MFT has a new option to report all short filenames in links.

@scudette
Bugfix: Sync NTFS
f161d18 
* USN path checks sequence number
* Windows.Forensics.MFT has a new option to report all short filenames
  in links.
@scudette scudette merged commit 666e65e into master Nov 1, 2022
@scudette scudette deleted the ntfs branch November 1, 2022 09:17
scudette added a commit that referenced this pull request Nov 4, 2022
@scudette
Bugfix: Sync NTFS (#2206)
b387204 
* USN path checks sequence number
* Windows.Forensics.MFT has a new option to report all short filenames
  in links.
mgreen27 pushed a commit that referenced this pull request Nov 4, 2022
@scudette @jeffmahoney
@guangyee @clayscode @weslambert
Prepare a 0.6.7-rc3 (#2217)
0d8dbd8 
* file_store: handle watching artifacts with named sources (#2204)

When watch_monitoring() is called to monitor an artifact with a named
source, it returns immediately with zero results and nothing in the log.

It turns out that file_store/directory/queue QueuePool.NewListener was
failing silently due to the path containing a slash in it.  This commit
replaces the slash with three dots and reports an error when it
happens in NewListener.

* Bugfix: Flush server artifact logs into storage frequently (#2207)

The UI needs to track progress.

Also reuse log table component for cell logs for filtering on levels.

* Linux quarantine (#2211)

* quarantine: actually call the OS-specific artifact

Commit 5231b0f (host-info: make quarantine UI more robust with non-Windows client hosts) was incomplete and would only check to see if the platform-specific quarantine artifact existed. It would still attempt to invoke the Windows quarantine artifact. This PR fixes it.

* Add Linux.Remediation.Quarantine artifact

Add Linux.Remediation.Quarantine artifact to enable quarantining
Linux systems via nftables.

Co-authored-by: guangyee <gyee@suse.com>

* Update protobuf generation script (#2213)

Remove version strings from generated files as these create un
necessary churn in repo.

* tests: fix binary copying in CollectorSetupTest (#2210)

The binary copying section of CollectorSetupTest uses permissions 0644,
which don't allow the binary to be executed:

Found binary .../output/velociraptor-v0.6.6-linux-amd64
    deaddisk_test.go:35:
                Error Trace:    .../bin/deaddisk_test.go:35
                Error:          Received unexpected error:
                                fork/exec /tmp/tmp2961160367/velociraptor-v0.6.6-linux-amd64: permission denied
                Test:           TestDeaddisk

This commit fixes it to use 0755.

Do not use hard links for CopyFile

Co-authored-by: Mike Cohen <mike@velocidex.com>

* Fix HTTP Params/Add HTTP Method Validation (#2203)

When sending a GET with http_client params need to be encoded into the query string.

* Add timestamp_field, hostname_field, and hostname param to splunk_upload (#2187)

* Add Provider and ProviderRegex (#2198)

* Add Provider and ProviderRegex

* Add Provider to output

* Enforce an allow list on plugins, functions and accessors (#2214)

This allows users to harden servers so it is impossible to run
undesirable VQL on the server's notebooks.

* Bugfix: Sync NTFS (#2206)

* USN path checks sequence number
* Windows.Forensics.MFT has a new option to report all short filenames
  in links.

* Prepare a 0.6.7-rc3

Co-authored-by: Jeff Mahoney <jeffm@suse.com>
Co-authored-by: guangyee <gyee@suse.com>
Co-authored-by: clayscode <clay@clayscode.com>
Co-authored-by: weslambert <wlambertts@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@scudette