Release v1.5.0

Docker tag: 1.5.0-19853

Fixed

• Avoid potential hanging when trying to find cgroups of ancestor processes. In practice we only encountered this problem with older, unsupported distros (e.g., Centos 6 which is past its EOL).

• The sensor no longer crashes when offloading events that contain non UTF-8 paths. Paths in Linux are not guaranteed to be UTF-8

• Fixed the offloader disconnecting not triggering a sensor restart

• eBPF Telemetry: fixed the issue where eBPF sensor would not load due to verifier check on kernel v4.14

Added

• Release of filemod to GA. Both eBPF and Audit telemetry are supported, however filemod is only supported on kernels 3.10+ for Audit 

• The docker builds for aarch64 systems will now be available during release

Changed

• No longer attempt to enable audit socket if eBPF is marked as required

• Do not fail to start the sensor when the audit socket is unavailable if eBPF is marked as preferred

  
  

Note: This does not change the systemd configurations. By default the sensor will still be restarted by systemd if auditd is started unless the service file is manually modified to no longer conflict the sensor with auditd

• Root only access to /opt/redcanary

• Ignore zombie processes when querying procfs for mountinfo during boot-up

Hashes

MD5

e1b354dd8114c8a63005856b0f0f4656  x86_64/cfsvcd

67c3209df816c1c5806806c80bc05096  x86_64/cwp-launch

f2cb8c7b3dbe208197f0109589f5a038  aarch64/cfsvcd

ad7602317141478b7c6baf9d9d3e0493  aarch64/cwp-launch

SHA256

b8ca2fb65029b331bd7b87c95cc0fbbf104bcdc4f8f2182997e5ae1c858cc0ec  x86_64/cfsvcd

cad9d43d09e6c271aa66277cf7e82afcb2fa3b049e81050506af47779046e7ee  x86_64/cwp-launch

c1485868b12b0d748b6c95c9d2c682eb56aefd80a52b780a5bcfb1ae05136e64  aarch64/cfsvcd

24c41e786e565f20eee8d89488844641c9259a42e0f8ca217a679af127ed215f  aarch64/cwp-launch