threathunters-io/laurel issues and pull requests

#228 - systemd service / unit enrichment

Issue - State: open - Opened by hillu about 1 month ago

#227 - Use split-off linux-audit-parser

Pull Request - State: closed - Opened by hillu about 2 months ago

#226 - Bump actions/download-artifact from 2.1.1 to 4.1.7 in /.github/workflows

Pull Request - State: open - Opened by dependabot[bot] 3 months ago
Labels: dependencies, github_actions

#225 - If 'file' is set to stdout, optionally specify a script to directly send to stdin.

Pull Request - State: closed - Opened by bobbintb 3 months ago - 3 comments

#224 - License compliance with MPL2.0

Issue - State: closed - Opened by jorgehermo9 3 months ago - 6 comments

#223 - [question] How to forward to or call another script/process.

Issue - State: closed - Opened by bobbintb 3 months ago - 4 comments

#222 - SHA256 enrichment

Issue - State: open - Opened by Ushakovaaa 4 months ago - 1 comment

#221 - Don't fail setting log file ACLs with broken NSS backends

Pull Request - State: closed - Opened by hillu 4 months ago

#220 - selinux: Allow laurel to connect to sytemd-machined

Pull Request - State: closed - Opened by hillu 4 months ago

#219 - Updated INSTALL.md to include the re-labeling for the auditd plugin.

Pull Request - State: closed - Opened by sn0b4ll 6 months ago - 1 comment

#218 - Use current stable Rust to build non-release version

Pull Request - State: closed - Opened by hillu 6 months ago

#217 - Make filtering first event per process optional

Pull Request - State: closed - Opened by hillu 6 months ago

#216 - selinux: Allow read-access to systemd's userdbd

Pull Request - State: closed - Opened by comawill 7 months ago

#215 - Small test improvements

Pull Request - State: closed - Opened by hillu 8 months ago

#214 - Add Laurel-generated JSON output corresponding to test records

Pull Request - State: open - Opened by hillu 8 months ago

#213 - Update dependencies

Pull Request - State: closed - Opened by hillu 8 months ago

#212 - Fix enrich.uid_groups

Pull Request - State: closed - Opened by hillu 8 months ago

#211 - Fix node name encoding

Pull Request - State: closed - Opened by hillu 8 months ago

#210 - hostname translated to numbers in v0.6.0

Issue - State: closed - Opened by RomainPisters 8 months ago - 1 comment

#209 - Improve error handling/reporting in laurel main binary

Pull Request - State: closed - Opened by hillu 9 months ago

#208 - Parsing errors in the configuration file are not properly reported to the user.

Issue - State: closed - Opened by PrymalInstynct 9 months ago - 2 comments

#207 - Cross-build for aarch64/glibc

Pull Request - State: closed - Opened by hillu 9 months ago - 4 comments

#206 - test failure on big endian.

Issue - State: closed - Opened by plugwash 9 months ago

#205 - time calculation overflow on 32-bit.

Issue - State: closed - Opened by plugwash 9 months ago

#204 - Implement uid-groups enrichment

Pull Request - State: closed - Opened by hillu 9 months ago

#203 - Change parser function to work on &[u8] instead of consuming Vec<u8>

Pull Request - State: closed - Opened by hillu 9 months ago

#202 - Decouple serialization and JSON log format more clearly

Pull Request - State: closed - Opened by hillu 9 months ago

#201 - stdout clarification

Issue - State: closed - Opened by bootlesshacker 9 months ago - 2 comments

#200 - Eliminate extra types; keep Record + Key + Value

Pull Request - State: closed - Opened by hillu 9 months ago

#199 - Fix SELinux policy for Debian and derivatives

Pull Request - State: closed - Opened by hillu 9 months ago

#198 - SELinux Policy failing to install on Debian

Issue - State: closed - Opened by bootlesshacker 9 months ago - 4 comments

#197 - Replace bencher with divan

Pull Request - State: closed - Opened by hillu 9 months ago

#196 - Add more field types to Key::Common; change to binary search (parser)

Pull Request - State: closed - Opened by hillu 10 months ago

#195 - Bump shlex from 1.2.0 to 1.3.0

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago - 1 comment
Labels: dependencies

#194 - Update Cargo.lock

Pull Request - State: closed - Opened by hillu 10 months ago

#193 - Implement filtering on individual raw audit records

Pull Request - State: closed - Opened by hillu 11 months ago

#192 - Inherit container id from parent if cgroup info can't be read

Pull Request - State: closed - Opened by hillu 11 months ago

#191 - Missing CONTAINER_INFO in a child process

Issue - State: closed - Opened by n9 11 months ago - 10 comments
Labels: bug

#190 - Advanced filtering (by regexes?)

Issue - State: closed - Opened by n9 11 months ago - 4 comments
Labels: enhancement

#189 - Various PID enrichment changes

Pull Request - State: closed - Opened by hillu 11 months ago

#188 - PPID is not always generated

Issue - State: closed - Opened by n9 11 months ago - 3 comments
Labels: bug

#187 - Various parser fixes

Pull Request - State: closed - Opened by hillu 11 months ago

#186 - Add LoongArch support

Pull Request - State: closed - Opened by 212dandan 11 months ago - 1 comment

#185 - "Typo" un/label_script in config.toml?

Issue - State: closed - Opened by n9 11 months ago - 2 comments

#184 - Fix typos in config.toml

Pull Request - State: closed - Opened by n9 11 months ago - 1 comment

#183 - coalesce::Settings: Don't borrow LabelMatcher instances

Pull Request - State: closed - Opened by hillu 11 months ago

#182 - Hex-encode/decode the sha256 container ID

Pull Request - State: closed - Opened by hillu 11 months ago

#181 - Fix typos in laurel-about.7.md

Pull Request - State: closed - Opened by n9 11 months ago - 1 comment

#180 - aarch64 builds missing since v0.5.4

Issue - State: closed - Opened by MaZderMind 11 months ago - 7 comments

#179 - Improve error handling, using thiserror, anyhow crates

Pull Request - State: closed - Opened by hillu 12 months ago

#178 - Laurel does not aggregate all EXECVE events

Issue - State: open - Opened by SolitudePy 12 months ago - 20 comments

#177 - Enable build on other (non-Linux) Unix systems

Pull Request - State: closed - Opened by hillu 12 months ago

#176 - Fix some Clippy warnings

Pull Request - State: closed - Opened by hillu 12 months ago

#175 - Drop SYSCALL.{syscall,arch} if drop-raw is set.

Pull Request - State: closed - Opened by hillu about 1 year ago

#174 - SELinux policy for RHEL8 fails

Issue - State: closed - Opened by 0xFustang about 1 year ago - 12 comments

#173 - update dependencies

Pull Request - State: closed - Opened by hillu about 1 year ago

#172 - Add option to drop translated UID/GID values if theyy are translated

Pull Request - State: closed - Opened by hillu about 1 year ago

#171 - Support logging dropped records into separate log

Pull Request - State: closed - Opened by hillu about 1 year ago

#170 - Coalesce::emit_fn: Make filtering the user's responsibility

Pull Request - State: closed - Opened by hillu about 1 year ago

#169 - Implement a key-based process table

Pull Request - State: closed - Opened by hillu about 1 year ago

#168 - Add test demonstrating process tracking confusion

Pull Request - State: closed - Opened by hillu about 1 year ago

#167 - Test process tracking across fork/clone even if these syscalls are fi…

Pull Request - State: closed - Opened by hillu about 1 year ago

#166 - Move procfs-specific code into optional module

Pull Request - State: closed - Opened by hillu about 1 year ago

#165 - Add Hostname to JSON log

Issue - State: closed - Opened by chrisanag1985 about 1 year ago - 4 comments
Labels: question

#164 - Simplify some aspects of the parser

Pull Request - State: closed - Opened by hillu about 1 year ago

#163 - Eliminate PARENT_INFO

Pull Request - State: closed - Opened by hillu about 1 year ago

#162 - Get rid of RUSTC wrapper for static musl builds

Pull Request - State: closed - Opened by hillu over 1 year ago

#161 - Update bindgen version

Pull Request - State: closed - Opened by hillu over 1 year ago

#160 - Please bump bindgen

Issue - State: closed - Opened by stintel over 1 year ago

#159 - Service auditd "rotate"

Issue - State: closed - Opened by grumo35 over 1 year ago - 10 comments

#158 - Restart laurel on SIGHUP

Pull Request - State: closed - Opened by hillu over 1 year ago

#157 - For translated values, there should be an option to drop the numeric/binary original values.

Issue - State: closed - Opened by SolitudePy over 1 year ago - 11 comments

#156 - Laurel - output send via syslog

Issue - State: closed - Opened by JensJThuering over 1 year ago - 5 comments

#155 - install laurel offline

Issue - State: closed - Opened by kathyl21 over 1 year ago - 1 comment
Labels: question

#154 - Update dependencies

Pull Request - State: closed - Opened by hillu over 1 year ago

#153 - Add a basic container image

Pull Request - State: closed - Opened by hillu over 1 year ago

#152 - Track processes across fork without execve

Pull Request - State: closed - Opened by hillu over 1 year ago

#151 - Add support for consuming process events

Issue - State: closed - Opened by hillu over 1 year ago - 1 comment

#150 - Build SELinux policy on Amazon Linux 2023

Pull Request - State: closed - Opened by hillu over 1 year ago

#149 - Add a basic container image

Pull Request - State: closed - Opened by Ardtas over 1 year ago - 1 comment

#148 - Update SELinux policy

Pull Request - State: closed - Opened by hillu over 1 year ago

#147 - enrich.script feature needs more SELinux policy

Issue - State: closed - Opened by hillu over 1 year ago - 1 comment

#146 - Deal better with proceess ID recycling

Issue - State: closed - Opened by hillu over 1 year ago - 2 comments

#145 - Support connecting to local socket to consume audit messages

Pull Request - State: closed - Opened by hillu over 1 year ago

#144 - Added null key filter #137

Pull Request - State: closed - Opened by Hu6li over 1 year ago - 4 comments

#143 - Update dependencies, add Cargo.lock

Pull Request - State: closed - Opened by hillu over 1 year ago

#142 - Replace custom syslog code with log crate

Pull Request - State: closed - Opened by hillu over 1 year ago

#141 - Support connecting to socket to read events

Issue - State: closed - Opened by hillu over 1 year ago

#140 - Use saner dependency declarations

Pull Request - State: closed - Opened by hillu over 1 year ago

#139 - Fix/simplify MessageType::is_multipart

Pull Request - State: closed - Opened by hillu over 1 year ago

#138 - log translate / enrichment seems not to work

Issue - State: closed - Opened by grumo35 over 1 year ago - 2 comments

#137 - Handling of `(null)` keys in filters

Issue - State: closed - Opened by hillu over 1 year ago - 2 comments

#136 - Improve error messages

Pull Request - State: closed - Opened by hillu over 1 year ago

#135 - Error messages need improvement

Issue - State: closed - Opened by hillu almost 2 years ago

#134 - Build different SELinux policy variants for differnt distros

Pull Request - State: closed - Opened by hillu almost 2 years ago

#133 - Make laurel reload its configuration or re-exec via signal

Issue - State: open - Opened by hillu almost 2 years ago

#132 - Rename manual pages directory

Pull Request - State: closed - Opened by hillu almost 2 years ago

#131 - Add configuration option to remove labels from processes

Pull Request - State: closed - Opened by hillu almost 2 years ago

#130 - Add laurel.8 manpage

Pull Request - State: closed - Opened by hillu almost 2 years ago

#129 - Analyse exec events for script execution

Pull Request - State: closed - Opened by hillu almost 2 years ago

GitHub / threathunters-io/laurel issues and pull requests