Skip to content

Commit

Permalink
chore: prepare for 0.9.0 release
Browse files Browse the repository at this point in the history
  • Loading branch information
banditopazzo committed Nov 15, 2024
1 parent b95fd73 commit bd43bc2
Show file tree
Hide file tree
Showing 4 changed files with 942 additions and 477 deletions.
61 changes: 61 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,53 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased]
-

## [0.9.0] - 2024-11-15

### Fixed

- `path_rename` lsm hook for kernel >= 5.19
- **BREAKING**: threat logger module rename
- docker container ID parsing with cgroupfs driver
- **BREAKING**: `Event` display format removing additional line
- rules DSL quoted strings
- filtering test

### Added

- detect image layer directory for `podman`
- ci: integration test using [architest](https://github.com/exein-io/architest)
- ci: bundle the installer in the release
- syslog priority
- add `uid` and `gid` to event header and process map
- allow threats to be logged as JSON
- new metadata fields for the rules (`category`, `severity`, `description`)
- include `riscv64gc` in `pulsar-install.sh`

### Changed

- **BREAKING**: xtask: switch to `xtask surun` command to improve running as root in development
- **BREAKING**: use `elf_check` instead of `elf_check_enabled` in `file-system-monitor`
- **BREAKING**: new modules API, modules need to simply implement a trait
- ci: run workflows on all pull requests, not only the ones to `main` branch
- improved BPF features detection
- ci: use cross-rs even for native builds
- **BREAKING**: xtask: unify `test` and `cross` subcommands
- prefer rustls over OpenSSL for static builds

### Removed

- wrong telnet rule

## [0.8.1] - 2024-03-05

### Fixed

- `bpf_strncmp` compatibility for older kernel versions

## [0.8.0] - 2024-02-15

### Added

- MITRE compatible ruleset
- rule dsl: type methods
- rule dsl: unary conditions
Expand All @@ -23,18 +62,22 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [0.7.1] - 2024-02-01

### Added

- boltdb support for `podman` container configuration

### Changed

- read cgroup name in BPF

### Fixed

- one character string value in rule engine DSL
- handle containers which were running before Pulsar

## [0.7.0] - 2023-12-20

### Added

- support for monitoring containers within the core functionality
- new `description` field in the *Threat* structure, providing a human-readable description of the threat
- new `namespaces` field for events related to *fork* and *exec* operations
Expand All @@ -45,12 +88,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- CI: create release/dev containers on tags/main-updates

### Changed

- bpf: refactored preemption in the BPF probes
- CI: rewritten workflows because of deprecated actions
- move dependecnies in workspace
- bpf: clean probes license

### Fixed

- issue introduced by changes in the kernel affecting the layout of the `struct iov_iter` in `network-monitor` probe
- doctest in the `validation` module
- check the payload before applying the ruleset in the `rule-engine` module to correctly handle cases of rules only on the header
Expand All @@ -59,6 +104,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [0.6.0] - 2023-06-05

### Added

- cross compilation task
- bpf loop detection
- extract absolute file paths on exec
Expand All @@ -67,13 +113,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- dynamic fields compare in rules

### Changed

- improved LSM autodetect
- allow more that one BPF program per module
- moved `get_path_str` to shared header
- more modular event filtering
- validatron rewrite

### Fixed

- uname parse for wsl2
- module manager start command
- memory alignments issue in bpf output event struct
Expand All @@ -82,6 +130,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [0.5.0] - 2023-02-06

### Added

- better examples
- markdown link checker
- `desktop-notifier` module
Expand All @@ -92,63 +141,75 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- `LOOP` macro to handle loops with `bpf_loop` on supported kernels

### Changed

- improve test suite
- better daemon/logger module output format
- new threat event structure to support derived, custom, empty payloads
- send eBPF events in a more memory efficient way
- move pulsar to workspace root package

### Fixed

- sporadic segmentation fault when running test-suite
- track parent process changes
- module/crate version coherency
- startup warnings in ebpf programs

### Removed

- non core payloads from payload variants

## [0.4.0] - 2022-10-26

### Added

- Basic rules
- argv in events

### Changed

- Installed download basic rules

### Fixed

- Cross containers
- FIleFlag checks and compare

## [0.3.0] - 2022-10-20

### Added

- Pulsar installer script
- Github release workflow
- Increase rlimit on daemon start
- More network events and fields
- More filesystem events and fields

### Changed

- Better quickstart on README
- Strip debug symbols from BPF probes
- Proper error context in `bpf-common`
- Improved fields in `Payload` structure

### Fixed

- Delete correct unix socket
- Error handling in `ProcessTracker`

### Secuity

- update `axum` to address a cve

## [0.2.0] - 2022-09-13

### Added

- Initial support for Android
- Add Github workflows
- Add xtask commands (test, pulsard, pulsar, probe)

### Changed

- Replace Kprobes with LSM and tracepoints where possible
- Refactor test suite as external executable
Loading

0 comments on commit bd43bc2

Please sign in to comment.