Docker tag: 1.5.0-19853
Fixed
Avoid potential hanging when trying to find cgroups of ancestor processes. In practice we only encountered this problem with older, unsupported distros (e.g., Centos 6 which is past its EOL).
The sensor no longer crashes when offloading events that contain non UTF-8 paths. Paths in Linux are not guaranteed to be UTF-8
Fixed the offloader disconnecting not triggering a sensor restart
eBPF Telemetry: fixed the issue where eBPF sensor would not load due to verifier check on kernel v4.14
Added
Release of filemod to GA. Both eBPF and Audit telemetry are supported, however filemod is only supported on kernels 3.10+ for Audit
The docker builds for aarch64 systems will now be available during release
Changed
No longer attempt to enable audit socket if eBPF is marked as required
Do not fail to start the sensor when the audit socket is unavailable if eBPF is marked as preferred
Note: This does not change the systemd configurations. By default the sensor will still be restarted by systemd if auditd is started unless the service file is manually modified to no longer conflict the sensor with auditd
Root only access to /opt/redcanary
Ignore zombie processes when querying procfs for mountinfo during boot-up
Hashes
MD5
e1b354dd8114c8a63005856b0f0f4656 x86_64/cfsvcd
67c3209df816c1c5806806c80bc05096 x86_64/cwp-launch
f2cb8c7b3dbe208197f0109589f5a038 aarch64/cfsvcd
ad7602317141478b7c6baf9d9d3e0493 aarch64/cwp-launch
SHA256
b8ca2fb65029b331bd7b87c95cc0fbbf104bcdc4f8f2182997e5ae1c858cc0ec x86_64/cfsvcd
cad9d43d09e6c271aa66277cf7e82afcb2fa3b049e81050506af47779046e7ee x86_64/cwp-launch
c1485868b12b0d748b6c95c9d2c682eb56aefd80a52b780a5bcfb1ae05136e64 aarch64/cfsvcd
24c41e786e565f20eee8d89488844641c9259a42e0f8ca217a679af127ed215f aarch64/cwp-launch