Skip to content

Releases: threathunters-io/laurel

Release v0.6.2

16 May 15:34
@github-actions github-actions
v0.6.2
3587968
Compare
Choose a tag to compare
Release v0.6.2 Latest
Latest

Maintenance release:

  • Change in filtering behavior: Keep first event for new processes (configurable)
  • Small bug fixes
  • SELinux policy fixes , thanks to @comawill
  • Bump MSRV to 1.70
  • Update dependency versions

Contributors

comawill
Assets 6

Release v0.6.1

15 Mar 21:43
@github-actions github-actions
v0.6.1
3c0ff97
Compare
Choose a tag to compare
Release v0.6.1

Mostly a bugfix release

  • Fix signal handling, especially SIGHUP
  • Fix serialization for node names
  • Perform user-groups enrichment independently of other userdb lookups
  • Update syscall table
Assets 4

Release v0.6.0

29 Feb 22:05
@github-actions github-actions
v0.6.0
d4328b6
Compare
Choose a tag to compare
Release v0.6.0

Notable changes:

  • Add UID_GROUPS enrichment for secondary group memberships
  • Remove deprecated PARENT_INFO sub-structure
  • Config marker that is written to Syslog
  • Slight output performance improvements
  • Internals: Refactor, simplify data structures
  • Fixes for non-standard architectures (32bit, big-endian), thanks to Debian
  • Minor fixes (parser, block device number handling)
Assets 4

Release v0.5.6

15 Jan 12:36
@github-actions github-actions
v0.5.6
e752647
Compare
Choose a tag to compare
Release v0.5.6
  • Improvements in enrichment of data from short-lived processes
  • New regular-expression-based filter for raw audit lines
  • Various minor parser bug fixes
  • Fixes in "drop-raw" behavior
  • Fixes in documentation and example config file
Assets 4

Release v0.5.5

16 Nov 19:31
@github-actions github-actions
v0.5.5
d26895d
Compare
Choose a tag to compare
Release v0.5.5

No new features, "just" a bugfix release.

  • Ensure that internal process identifiers in shadow process table are unique
  • smalll config parser improvement
Assets 6

Release v0.5.4

08 Nov 21:34
@github-actions github-actions
v0.5.4
2287324
Compare
Choose a tag to compare
Release v0.5.4

Notable features

  • more reliable process tracking
  • slight performance improvements
  • an option to drop numeric UID, GID values
  • various debugging options.
Assets 4

Release v0.5.3

17 Jul 15:00
@github-actions github-actions
v0.5.3
bd67f51
Compare
Choose a tag to compare
Release v0.5.3 
Release 0.5.3
Assets 6

Release v0.5.2

02 May 18:07
@github-actions github-actions
v0.5.2
14985ed
Compare
Choose a tag to compare
Release v0.5.2
  • Add null key filter
  • Fix process tracking for programs that fork without exec (e.g. shells)
  • Add setup option to run laurel in a container on immutable container distros such as CoreOS
  • Provide container image
Assets 6

Release v0.5.2-pre1

23 Mar 12:57
@github-actions github-actions
v0.5.2-pre1
6edb0c4
Compare
Choose a tag to compare
Release v0.5.2-pre1 Pre-release
Pre-release
  • Fix for handling some multi-messge events
  • Error message improvements
  • Adopt quasi-standard log crate
  • Fix/workaround for mishandled SCRIPT detection
  • connect socket support
Assets 4

Release v0.5.1

27 Jan 17:27
@github-actions github-actions
v0.5.1
25a904a
Compare
Choose a tag to compare
Release v0.5.1
  • Re-introduce optional/deprecated PARENT_INFO record
  • Add configuration options to remove labels from processes
  • Rewrite bulk of the documentation: provide it as proper UNIX manual pages
Assets 6