From 5db9bc46cc79013da1bbaf8c493a263eb1ca64b4 Mon Sep 17 00:00:00 2001 From: Mike Cohen Date: Tue, 23 Jan 2024 02:20:12 +1000 Subject: [PATCH] Added test to Linux.Sys.LastUserLogin (#3237) Also refactored VQL to be a bit faster --- accessors/data/data.go | 2 +- accessors/file/accessor_darwin.go | 2 +- accessors/file/accessor_freebsd.go | 2 +- accessors/file/accessor_linux.go | 2 +- accessors/file/os_windows.go | 2 +- accessors/ntfs/mft.go | 2 +- accessors/ntfs/ntfs_accessor.go | 2 +- accessors/raw_registry/raw_registry.go | 2 +- accessors/registry/registry_windows.go | 2 +- accessors/zip/gzip.go | 2 +- accessors/zip/zip.go | 2 +- actions/events.go | 2 +- actions/vql.go | 2 +- api/api.go | 2 +- api/artifacts.go | 2 +- api/assets.go | 2 +- api/auth.go | 2 +- api/authenticators/azure.go | 2 +- api/authenticators/github.go | 2 +- api/authenticators/google.go | 2 +- api/clients.go | 2 +- api/download.go | 2 +- api/handlers.go | 2 +- api/proxy.go | 2 +- api/query.go | 2 +- api/reflect.go | 2 +- api/tables/table.go | 2 +- api/vfs.go | 2 +- api/vql.go | 2 +- .../Linux/Detection/Yara/Process.yaml | 10 +- .../definitions/Linux/Sys/LastUserLogin.yaml | 93 ++++++++++++------ artifacts/testdata/files/wtmp.1 | Bin 0 -> 10240 bytes .../server/testcases/linux_last_login.in.yaml | 9 ++ .../testcases/linux_last_login.out.yaml | 15 +++ bin/artifacts.go | 2 +- bin/client.go | 2 +- bin/config.go | 2 +- bin/debug.go | 2 +- bin/frontend.go | 2 +- bin/fs.go | 2 +- bin/golden.go | 2 +- bin/installer_darwin.go | 2 +- bin/installer_windows.go | 2 +- bin/main.go | 2 +- bin/pool.go | 2 +- bin/query.go | 2 +- bin/repack.go | 2 +- bin/server_service_windows.go | 2 +- bin/users.go | 2 +- bin/utils.go | 2 +- bin/version.go | 2 +- bin/vql.go | 2 +- config/config.go | 2 +- config/doc.go | 2 +- constants/constants.go | 2 +- crypto/ca.go | 2 +- crypto/client/resolver.go | 2 +- crypto/crypto_test.go | 2 +- crypto/doc.go | 2 +- crypto/transport.go | 2 +- crypto/utils/utils.go | 2 +- datastore/datastore.go | 2 +- datastore/filebased.go | 2 +- docs.go | 2 +- executor/doc.go | 2 +- executor/executor.go | 2 +- file_store/api/file_store.go | 2 +- file_store/csv/doc.go | 2 +- file_store/csv/utils.go | 2 +- file_store/file_store.go | 2 +- flows/artifacts.go | 2 +- flows/docs.go | 2 +- flows/housekeeping.go | 2 +- glob/common.go | 2 +- glob/glob.go | 2 +- glob/glob_test.go | 2 +- grpc_client/grpc.go | 2 +- gui/assets/init.go | 2 +- http_comms/comms.go | 2 +- http_comms/comms_test.go | 2 +- http_comms/doc.go | 2 +- http_comms/sender.go | 2 +- http_comms/sender_test.go | 2 +- logging/logging.go | 2 +- magefile.go | 2 +- make.go | 2 +- responder/responder.go | 2 +- server/comms.go | 2 +- server/docs.go | 2 +- server/enroll.go | 2 +- server/limits.go | 2 +- server/limits_linux.go | 2 +- server/server.go | 2 +- services/hunt_dispatcher.go | 2 +- services/hunt_manager/hunt_manager.go | 2 +- services/launcher/flows.go | 2 +- services/repository/plugin_test.go | 2 +- services/repository/repository.go | 2 +- services/services.go | 2 +- services/users.go | 2 +- services/users/users.go | 2 +- tools/mksyscall_windows.go | 2 +- uploads/file_based.go | 2 +- utils/debug.go | 2 +- utils/file.go | 2 +- utils/file_unix.go | 2 +- utils/path.go | 2 +- utils/utils.go | 2 +- vql/common/clock.go | 2 +- vql/common/diff.go | 2 +- vql/common/env.go | 2 +- vql/common/fifo.go | 2 +- vql/common/shell.go | 2 +- vql/common/yara.go | 2 +- vql/filesystem/copy.go | 2 +- vql/filesystem/filesystem.go | 2 +- vql/filesystem/filesystems.go | 2 +- vql/filesystem/grep.go | 2 +- vql/filesystem/tempfile.go | 2 +- vql/functions/entropy.go | 2 +- vql/functions/format.go | 2 +- vql/functions/functions.go | 2 +- vql/functions/hash.go | 2 +- vql/functions/humanize.go | 2 +- vql/functions/ints.go | 8 +- vql/functions/lists.go | 2 +- vql/functions/log.go | 2 +- vql/functions/networks.go | 2 +- vql/functions/paths.go | 2 +- vql/functions/pid.go | 2 +- vql/functions/pskill.go | 2 +- vql/functions/rc4.go | 2 +- vql/functions/rot13.go | 2 +- vql/functions/strings.go | 2 +- vql/functions/url.go | 2 +- vql/functions/xor.go | 2 +- vql/info.go | 2 +- vql/linux/connections.go | 2 +- vql/networking/http_client.go | 2 +- vql/networking/mail.go | 2 +- vql/networking/netstat_windows.go | 2 +- vql/networking/network.go | 22 ++--- vql/networking/upload.go | 2 +- vql/parsers/authenticode/authenticode.go | 2 +- vql/parsers/csv/csv.go | 2 +- vql/parsers/ese/ese.go | 2 +- vql/parsers/event_logs/evtx.go | 2 +- vql/parsers/json.go | 2 +- vql/parsers/ntfs.go | 2 +- vql/parsers/ole.go | 2 +- vql/parsers/pe.go | 2 +- vql/parsers/prefetch.go | 2 +- vql/parsers/recyclebin.go | 2 +- vql/parsers/regexparser.go | 2 +- vql/parsers/splitparser.go | 2 +- vql/parsers/sqlite.go | 2 +- vql/parsers/xml.go | 2 +- vql/process.go | 2 +- vql/scope.go | 2 +- vql/server/clients/clients.go | 2 +- vql/server/compress.go | 2 +- vql/server/elastic.go | 2 +- vql/server/file_store.go | 2 +- vql/server/flows/create.go | 2 +- vql/server/flows/monitoring.go | 2 +- vql/server/flows/results.go | 2 +- vql/server/hunts/create.go | 2 +- vql/server/hunts/hunts.go | 2 +- vql/server/labels.go | 2 +- vql/server/monitoring/monitoring_logs.go | 2 +- vql/server/splunk.go | 2 +- vql/tools/delay.go | 2 +- vql/utils.go | 2 +- vql/vql.go | 2 +- vql/windows/crypto.go | 2 +- vql/windows/doc.go | 2 +- vql/windows/process/dump.go | 2 +- vql/windows/processes.go | 2 +- vql/windows/users.go | 2 +- vql/windows/win32_windows.go | 2 +- vql/windows/win32_windows_32.go | 2 +- vql/windows/wmi/events.go | 2 +- vql/windows/wmi/parse/parse.go | 2 +- vql/windows/wmi/parse/parse_test.go | 2 +- vql/windows/wmi/wmi.go | 2 +- vql_plugins/plugins.go | 2 +- vql_plugins/plugins_linux.go | 2 +- vql_plugins/plugins_windows.go | 2 +- vql_plugins/server.go | 2 +- vtesting/helpers.go | 2 +- 190 files changed, 292 insertions(+), 231 deletions(-) create mode 100644 artifacts/testdata/files/wtmp.1 create mode 100644 artifacts/testdata/server/testcases/linux_last_login.in.yaml create mode 100644 artifacts/testdata/server/testcases/linux_last_login.out.yaml diff --git a/accessors/data/data.go b/accessors/data/data.go index 19728f9c627..0983f9ed876 100644 --- a/accessors/data/data.go +++ b/accessors/data/data.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/accessors/file/accessor_darwin.go b/accessors/file/accessor_darwin.go index 947c9948b85..daac835bd67 100644 --- a/accessors/file/accessor_darwin.go +++ b/accessors/file/accessor_darwin.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/accessors/file/accessor_freebsd.go b/accessors/file/accessor_freebsd.go index ad407444a77..27d800a8c58 100644 --- a/accessors/file/accessor_freebsd.go +++ b/accessors/file/accessor_freebsd.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/accessors/file/accessor_linux.go b/accessors/file/accessor_linux.go index 7e44bb2fcfd..3fef3fd8fb3 100644 --- a/accessors/file/accessor_linux.go +++ b/accessors/file/accessor_linux.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/accessors/file/os_windows.go b/accessors/file/os_windows.go index 28563042e35..2a8c202d549 100644 --- a/accessors/file/os_windows.go +++ b/accessors/file/os_windows.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/accessors/ntfs/mft.go b/accessors/ntfs/mft.go index bf3b296b07f..a979282a2e6 100644 --- a/accessors/ntfs/mft.go +++ b/accessors/ntfs/mft.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/accessors/ntfs/ntfs_accessor.go b/accessors/ntfs/ntfs_accessor.go index 3891044ff0b..8bef0544fcb 100644 --- a/accessors/ntfs/ntfs_accessor.go +++ b/accessors/ntfs/ntfs_accessor.go @@ -3,7 +3,7 @@ package ntfs // This is an accessor which represents an NTFS filesystem /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/accessors/raw_registry/raw_registry.go b/accessors/raw_registry/raw_registry.go index 3b6408cfd52..2dfa678190e 100644 --- a/accessors/raw_registry/raw_registry.go +++ b/accessors/raw_registry/raw_registry.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/accessors/registry/registry_windows.go b/accessors/registry/registry_windows.go index 90233cca7ac..19015d63a28 100644 --- a/accessors/registry/registry_windows.go +++ b/accessors/registry/registry_windows.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/accessors/zip/gzip.go b/accessors/zip/gzip.go index e0f6446e513..7d53035acc2 100644 --- a/accessors/zip/gzip.go +++ b/accessors/zip/gzip.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/accessors/zip/zip.go b/accessors/zip/zip.go index 2202b57c219..5beb9b4ec64 100644 --- a/accessors/zip/zip.go +++ b/accessors/zip/zip.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/actions/events.go b/actions/events.go index 384ebf37c31..c80805a6c0c 100644 --- a/actions/events.go +++ b/actions/events.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/actions/vql.go b/actions/vql.go index 111cd0e610a..da82b4034a0 100644 --- a/actions/vql.go +++ b/actions/vql.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/api/api.go b/api/api.go index a8636ea7dc4..90b71d181ff 100644 --- a/api/api.go +++ b/api/api.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/api/artifacts.go b/api/artifacts.go index 6503c3cac3e..ebdaea718d5 100644 --- a/api/artifacts.go +++ b/api/artifacts.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/api/assets.go b/api/assets.go index da81a44251f..4e703bbce75 100644 --- a/api/assets.go +++ b/api/assets.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/api/auth.go b/api/auth.go index 19c43421972..bc2575ea4dd 100644 --- a/api/auth.go +++ b/api/auth.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/api/authenticators/azure.go b/api/authenticators/azure.go index 0283bc33a0a..10c1f58697c 100644 --- a/api/authenticators/azure.go +++ b/api/authenticators/azure.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/api/authenticators/github.go b/api/authenticators/github.go index ff3e513b58d..94dfb879ded 100644 --- a/api/authenticators/github.go +++ b/api/authenticators/github.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/api/authenticators/google.go b/api/authenticators/google.go index dbb6582e772..f7544fae34e 100644 --- a/api/authenticators/google.go +++ b/api/authenticators/google.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/api/clients.go b/api/clients.go index 941c24ca92c..c1ac4bd1e75 100644 --- a/api/clients.go +++ b/api/clients.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/api/download.go b/api/download.go index 90c911ba3d5..6bdac2a055c 100644 --- a/api/download.go +++ b/api/download.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/api/handlers.go b/api/handlers.go index 3fde0f32b86..1c81424c4a1 100644 --- a/api/handlers.go +++ b/api/handlers.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/api/proxy.go b/api/proxy.go index 85a1fdcddad..e9b0667da43 100644 --- a/api/proxy.go +++ b/api/proxy.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/api/query.go b/api/query.go index 83b799845ce..0ec432fd845 100644 --- a/api/query.go +++ b/api/query.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/api/reflect.go b/api/reflect.go index 655394758d7..8a597081e70 100644 --- a/api/reflect.go +++ b/api/reflect.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/api/tables/table.go b/api/tables/table.go index 5aa44ee6d87..47df84a33d1 100644 --- a/api/tables/table.go +++ b/api/tables/table.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/api/vfs.go b/api/vfs.go index 15df260649c..07f2417696e 100644 --- a/api/vfs.go +++ b/api/vfs.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/api/vql.go b/api/vql.go index 451b9ccc3cf..9c569089b30 100644 --- a/api/vql.go +++ b/api/vql.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/artifacts/definitions/Linux/Detection/Yara/Process.yaml b/artifacts/definitions/Linux/Detection/Yara/Process.yaml index 90c945db848..a1fc6931b17 100644 --- a/artifacts/definitions/Linux/Detection/Yara/Process.yaml +++ b/artifacts/definitions/Linux/Detection/Yara/Process.yaml @@ -92,16 +92,16 @@ sources: Meta, String.Name as YaraString, String.Offset as HitOffset, - upload( accessor='scope', - file='String.Data', - name=format(format="%v-%v_%v_%v", + upload( accessor='scope', + file='String.Data', + name=format(format="%v-%v_%v_%v", args=[ ProcessName, Pid, String.Offset, ContextBytes ] )) as HitContext FROM proc_yara( pid=Pid, rules=yara_rules, context=ContextBytes, - number=NumberOfHits + number=NumberOfHits ) }) @@ -122,4 +122,4 @@ sources: column_types: - name: HitContext - type: preview_upload \ No newline at end of file + type: preview_upload diff --git a/artifacts/definitions/Linux/Sys/LastUserLogin.yaml b/artifacts/definitions/Linux/Sys/LastUserLogin.yaml index 9da947bd8f2..9770c002e55 100644 --- a/artifacts/definitions/Linux/Sys/LastUserLogin.yaml +++ b/artifacts/definitions/Linux/Sys/LastUserLogin.yaml @@ -1,6 +1,8 @@ name: Linux.Sys.LastUserLogin -description: Find and parse system wtmp files. This indicate when the - user last logged in. +description: | + Find and parse system wtmp files. This indicate when the user last + logged in. + parameters: - name: wtmpGlobs default: /var/log/wtmp* @@ -8,16 +10,35 @@ parameters: - name: MaxCount default: 10000 type: int64 - + - name: LoginType type: choices - default: "USER_PROCESS|LOGIN_PROCESS" + default: Interactive Sessions choices: - - "USER_PROCESS|LOGIN_PROCESS" - - "RUN_LVL|BOOT_TIME|INIT_PROCESS|LOGIN_PROCESS|USER_PROCESS" - description: Per default, we are only interested in interactive sessions, if you want to see more, choose the second option + - Interactive Sessions + - All Sessions + description: | + Per default, we are only interested in interactive sessions, if + you want to see more, choose the second option + + + - name: recent_x_days + default: 14 + type: int + description: | + show all logs within the last X days (default 14 days) + + - name: excluded_users + type: regex + default: "ansible|LOGIN" + description: | + List of Users (regex), you are not interested in export: | + LET FilterLookup = dict( + `Interactive Sessions`="USER_PROCESS|LOGIN_PROCESS", + `All Sessions`="RUN_LVL|BOOT_TIME|INIT_PROCESS|LOGIN_PROCESS|USER_PROCESS") + LET wtmpProfile <= ''' [ ["Header", 0, [ @@ -49,7 +70,9 @@ export: | ["ut_termination_status", 332, "int"], ["ut_exit_status", 334, "int"], ["ut_session", 336, "int"], - ["ut_timestamp", 340, "int32"], + ["ut_timestamp", 340, "Timestamp", { + "type": "uint32", + }], ["ut_ip_address", 348, "int64"], ] ] @@ -59,15 +82,22 @@ export: | sources: - precondition: | SELECT OS From info() where OS = 'linux' + query: | + LET LoginType <= get(item=FilterLookup, field=LoginType) || LoginType + LET start_time <= timestamp(epoch=now() - recent_x_days * 3600 * 24) + + LET _ <= log(message="Start time %v", args=start_time) + LET parsed = SELECT OSPath, parse_binary( filename=OSPath, profile=wtmpProfile, struct="Header" ) AS Parsed FROM glob(globs=split(string=wtmpGlobs, sep=",")) - - //In Order to combine Login/Logout into one Table, we create a logout table first + + // In Order to combine Login/Logout into one Table, we create a + // logout table first LET logout_table <= SELECT * FROM foreach(row=parsed, query={ SELECT * FROM foreach(row=Parsed.records, @@ -75,36 +105,37 @@ sources: SELECT ut_type AS logout_Type, ut_pid as logout_PID, ut_terminal as logout_Terminal, - timestamp(epoch=ut_timestamp) as logout_time - FROM scope() + ut_timestamp as logout_time + FROM scope() + WHERE logout_Type = "DEAD_PROCESS" + AND logout_time > start_time }) - }) WHERE logout_Type in "DEAD_PROCESS" - - //In Order to combine Login/Logout into one Table, we create a login table - let login_table <= SELECT * FROM foreach(row=parsed, + }) + Order by logout_time DESC + + SELECT * FROM foreach(row=parsed, query={ SELECT * FROM foreach(row=Parsed.records, query={ - SELECT OSPath, ut_type AS login_Type, + SELECT OSPath, + ut_type AS login_Type, ut_id AS login_ID, ut_pid as login_PID, ut_hostname as login_Host, ut_user as login_User, ip(netaddr4_le=ut_ip_address) AS login_IpAddr, ut_terminal as login_Terminal, - timestamp(epoch=ut_timestamp) as login_time + ut_timestamp as login_time, { + SELECT logout_time + FROM logout_table + WHERE ut_pid = logout_PID + AND ut_terminal = logout_Terminal + AND ut_timestamp < logout_time + LIMIT 1 + } AS logout_time FROM scope() + WHERE login_Type =~ LoginType + AND NOT login_User =~ excluded_users + AND login_time > start_time }) - }) WHERE login_Type =~ LoginType AND login_User != "ansible" - - //Combines both tables, so that we see, when a session started and ended, part b of the chain, is for the case there was no logout and the session is still alive - SELECT * FROM foreach(row=login_table, - query={ - SELECT login_User as User, login_Host as SourceHost, login_IpAddr as SourceIP, login_Terminal as Terminal, login_PID as PID, login_time, logout_time FROM chain( - a = {SELECT logout_time FROM logout_table - WHERE login_PID=logout_PID AND logout_Terminal=login_Terminal AND login_timevrZ|?6h z4*;gW^(V$$5&ds!=KdL`QJDW3JO3FVQicA@x90v?(neJ#whe9ifR9K8L=Qv$|dZGRb{A<$_ zqM=ZKjt%C&_WY~-nSGR~Qy~vR|Kp^&f6)Ac^5+f`A-9!u{~G+i#wC%CL+5|c{DboE z@8#b?|FgKcf6)Ac^5+f`vTlVs3jNQQWJ93ypIbIy{nzFnlz&?Gw|g}T{k;R(=%|0t z{Dbo64sxy05%|@ZX>~6Jq6xF64T39sy y9Q6Ea^?wA=|MkKC|H*&N2lS6L%>B8qO<4c!`*-03MgN@-bAN8z2>w0!{{0(_o%l}x literal 0 HcmV?d00001 diff --git a/artifacts/testdata/server/testcases/linux_last_login.in.yaml b/artifacts/testdata/server/testcases/linux_last_login.in.yaml new file mode 100644 index 00000000000..f6bfb8da1f1 --- /dev/null +++ b/artifacts/testdata/server/testcases/linux_last_login.in.yaml @@ -0,0 +1,9 @@ +Queries: + # Make sure we can find the logout time for at least one login + # event. + - SELECT OSPath.Basename AS OSPath, * + FROM Artifact.Linux.Sys.LastUserLogin( + recent_x_days=10000, + wtmpGlobs=srcDir+"/artifacts/testdata/files/wtmp.1") + WHERE logout_time + LIMIT 1 diff --git a/artifacts/testdata/server/testcases/linux_last_login.out.yaml b/artifacts/testdata/server/testcases/linux_last_login.out.yaml new file mode 100644 index 00000000000..368b8e2d025 --- /dev/null +++ b/artifacts/testdata/server/testcases/linux_last_login.out.yaml @@ -0,0 +1,15 @@ +SELECT OSPath.Basename AS OSPath, * FROM Artifact.Linux.Sys.LastUserLogin( recent_x_days=10000, wtmpGlobs=srcDir+"/artifacts/testdata/files/wtmp.1") WHERE logout_time LIMIT 1[ + { + "OSPath": "wtmp.1", + "login_Type": "USER_PROCESS", + "login_ID": null, + "login_PID": 3435060, + "login_Host": "192.168.1.2", + "login_User": "mic", + "login_IpAddr": "192.168.1.2", + "login_Terminal": "pts/9", + "login_time": "2023-12-21T15:54:24Z", + "logout_time": "2023-12-21T17:34:32Z", + "_Source": "Linux.Sys.LastUserLogin" + } +] \ No newline at end of file diff --git a/bin/artifacts.go b/bin/artifacts.go index 88ab0f3bfc6..394843d9749 100644 --- a/bin/artifacts.go +++ b/bin/artifacts.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/bin/client.go b/bin/client.go index f59e084ad55..809c16d55dc 100644 --- a/bin/client.go +++ b/bin/client.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/bin/config.go b/bin/config.go index 55061b79c44..257af97e160 100644 --- a/bin/config.go +++ b/bin/config.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/bin/debug.go b/bin/debug.go index e9fddf72ca3..48b280c5796 100644 --- a/bin/debug.go +++ b/bin/debug.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/bin/frontend.go b/bin/frontend.go index bfb6397a800..57e56c77ead 100644 --- a/bin/frontend.go +++ b/bin/frontend.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/bin/fs.go b/bin/fs.go index 4e744edc9b8..fc3b00c5d37 100644 --- a/bin/fs.go +++ b/bin/fs.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/bin/golden.go b/bin/golden.go index fb3ae672db2..f153cb6c56b 100644 --- a/bin/golden.go +++ b/bin/golden.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/bin/installer_darwin.go b/bin/installer_darwin.go index 98720185173..8a96e8f21e2 100644 --- a/bin/installer_darwin.go +++ b/bin/installer_darwin.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/bin/installer_windows.go b/bin/installer_windows.go index 07b4578613e..508a8607d0e 100644 --- a/bin/installer_windows.go +++ b/bin/installer_windows.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/bin/main.go b/bin/main.go index 68594a3b4f8..c0f459b0d20 100755 --- a/bin/main.go +++ b/bin/main.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/bin/pool.go b/bin/pool.go index a1c8c7c8955..cbb316db87f 100644 --- a/bin/pool.go +++ b/bin/pool.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/bin/query.go b/bin/query.go index 1f34ec6be90..b1446f15cdc 100644 --- a/bin/query.go +++ b/bin/query.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/bin/repack.go b/bin/repack.go index 47834f838a9..d2f6d903193 100644 --- a/bin/repack.go +++ b/bin/repack.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/bin/server_service_windows.go b/bin/server_service_windows.go index 1a981fc9aa2..8bf2a724032 100644 --- a/bin/server_service_windows.go +++ b/bin/server_service_windows.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/bin/users.go b/bin/users.go index f4c661aedfb..4a192c47f5c 100644 --- a/bin/users.go +++ b/bin/users.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/bin/utils.go b/bin/utils.go index 8525d2dab22..728b1ee0c55 100644 --- a/bin/utils.go +++ b/bin/utils.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/bin/version.go b/bin/version.go index 5cef74632af..eac68332b7b 100644 --- a/bin/version.go +++ b/bin/version.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/bin/vql.go b/bin/vql.go index e9ce2a50025..6a2624bc710 100644 --- a/bin/vql.go +++ b/bin/vql.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/config/config.go b/config/config.go index 2c19c58ec7e..f5cae27066d 100644 --- a/config/config.go +++ b/config/config.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/config/doc.go b/config/doc.go index 4d3df3b1293..73c9dae2b6e 100644 --- a/config/doc.go +++ b/config/doc.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/constants/constants.go b/constants/constants.go index a2a93dba6fc..1eb42e9d2f2 100644 --- a/constants/constants.go +++ b/constants/constants.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/crypto/ca.go b/crypto/ca.go index c1b4f3fa76c..4bd5f0ca834 100644 --- a/crypto/ca.go +++ b/crypto/ca.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/crypto/client/resolver.go b/crypto/client/resolver.go index 56385042cca..ecfac93bc05 100644 --- a/crypto/client/resolver.go +++ b/crypto/client/resolver.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/crypto/crypto_test.go b/crypto/crypto_test.go index 88c6caf7349..ccc158652cd 100644 --- a/crypto/crypto_test.go +++ b/crypto/crypto_test.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/crypto/doc.go b/crypto/doc.go index 4abb406eaf4..fb6ff202bff 100644 --- a/crypto/doc.go +++ b/crypto/doc.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/crypto/transport.go b/crypto/transport.go index a08ae6efe47..36e1ef0f772 100644 --- a/crypto/transport.go +++ b/crypto/transport.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/crypto/utils/utils.go b/crypto/utils/utils.go index 989d690a36b..61fd74dcc58 100644 --- a/crypto/utils/utils.go +++ b/crypto/utils/utils.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/datastore/datastore.go b/datastore/datastore.go index e31c05d6eb3..0a37566a9f7 100644 --- a/datastore/datastore.go +++ b/datastore/datastore.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/datastore/filebased.go b/datastore/filebased.go index 91efe7317bb..bcd206ec037 100644 --- a/datastore/filebased.go +++ b/datastore/filebased.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/docs.go b/docs.go index 17cdabe4dcf..2c3581936e4 100644 --- a/docs.go +++ b/docs.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/executor/doc.go b/executor/doc.go index fae93610b6a..ea2ee565368 100644 --- a/executor/doc.go +++ b/executor/doc.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/executor/executor.go b/executor/executor.go index b324f916f2d..5965c9a6504 100644 --- a/executor/executor.go +++ b/executor/executor.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/file_store/api/file_store.go b/file_store/api/file_store.go index 4bfd869b3e3..940d034e454 100644 --- a/file_store/api/file_store.go +++ b/file_store/api/file_store.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/file_store/csv/doc.go b/file_store/csv/doc.go index 2ec2014108d..56a425b43ee 100644 --- a/file_store/csv/doc.go +++ b/file_store/csv/doc.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/file_store/csv/utils.go b/file_store/csv/utils.go index f28618162f6..aadd90b3c1f 100644 --- a/file_store/csv/utils.go +++ b/file_store/csv/utils.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/file_store/file_store.go b/file_store/file_store.go index 5d86bd7c892..629e8d49bb6 100644 --- a/file_store/file_store.go +++ b/file_store/file_store.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/flows/artifacts.go b/flows/artifacts.go index 4fce0c143d5..d63b9154724 100644 --- a/flows/artifacts.go +++ b/flows/artifacts.go @@ -4,7 +4,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/flows/docs.go b/flows/docs.go index 8bd64339784..ae11f56bd43 100644 --- a/flows/docs.go +++ b/flows/docs.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/flows/housekeeping.go b/flows/housekeeping.go index 7630496fc5f..a9a9cf32bfc 100644 --- a/flows/housekeeping.go +++ b/flows/housekeeping.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/glob/common.go b/glob/common.go index 55e25d4d3d9..80e69d1d287 100644 --- a/glob/common.go +++ b/glob/common.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/glob/glob.go b/glob/glob.go index b0f7277b53b..fa17369e6d2 100644 --- a/glob/glob.go +++ b/glob/glob.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/glob/glob_test.go b/glob/glob_test.go index 13b067e058a..6ccad297ba8 100644 --- a/glob/glob_test.go +++ b/glob/glob_test.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/grpc_client/grpc.go b/grpc_client/grpc.go index 2c2133819cf..c6f0771076c 100644 --- a/grpc_client/grpc.go +++ b/grpc_client/grpc.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/gui/assets/init.go b/gui/assets/init.go index c16e5945db4..fadc2a2b77e 100644 --- a/gui/assets/init.go +++ b/gui/assets/init.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/http_comms/comms.go b/http_comms/comms.go index 3288ee07b6f..0e63acd528b 100644 --- a/http_comms/comms.go +++ b/http_comms/comms.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper -Copyright (C) 2019-2022 Rapid7 Inc. +Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/http_comms/comms_test.go b/http_comms/comms_test.go index e04fab710b7..c5fb1d4f69a 100644 --- a/http_comms/comms_test.go +++ b/http_comms/comms_test.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/http_comms/doc.go b/http_comms/doc.go index f59f42f27c1..e65caf6ba5e 100644 --- a/http_comms/doc.go +++ b/http_comms/doc.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/http_comms/sender.go b/http_comms/sender.go index ef35b23696c..2ee4e56ecd9 100644 --- a/http_comms/sender.go +++ b/http_comms/sender.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/http_comms/sender_test.go b/http_comms/sender_test.go index 8879d3e94d4..84c69d32828 100644 --- a/http_comms/sender_test.go +++ b/http_comms/sender_test.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/logging/logging.go b/logging/logging.go index ce7156d1f15..87749e38a47 100644 --- a/logging/logging.go +++ b/logging/logging.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/magefile.go b/magefile.go index 2e1f3220df2..ad60db3de80 100644 --- a/magefile.go +++ b/magefile.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/make.go b/make.go index 28b3e9010c2..c1b4b28e460 100644 --- a/make.go +++ b/make.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/responder/responder.go b/responder/responder.go index feff6c5f1b8..1d7c38d083e 100644 --- a/responder/responder.go +++ b/responder/responder.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/server/comms.go b/server/comms.go index cdf4de798de..e928d2e49f5 100644 --- a/server/comms.go +++ b/server/comms.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/server/docs.go b/server/docs.go index 46d78a76ee7..182c3146e0b 100644 --- a/server/docs.go +++ b/server/docs.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/server/enroll.go b/server/enroll.go index d4e17001ac5..01f69d80bd0 100644 --- a/server/enroll.go +++ b/server/enroll.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/server/limits.go b/server/limits.go index 26b821b28e0..741efb13a2f 100644 --- a/server/limits.go +++ b/server/limits.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/server/limits_linux.go b/server/limits_linux.go index d009bcf8bef..b7d1e720633 100644 --- a/server/limits_linux.go +++ b/server/limits_linux.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/server/server.go b/server/server.go index 7c20c32d108..e94e255d81c 100644 --- a/server/server.go +++ b/server/server.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/services/hunt_dispatcher.go b/services/hunt_dispatcher.go index c0e57d7023f..8a6b7f8b771 100644 --- a/services/hunt_dispatcher.go +++ b/services/hunt_dispatcher.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/services/hunt_manager/hunt_manager.go b/services/hunt_manager/hunt_manager.go index 48e93111e4e..5daeb286992 100644 --- a/services/hunt_manager/hunt_manager.go +++ b/services/hunt_manager/hunt_manager.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/services/launcher/flows.go b/services/launcher/flows.go index fcfe6386c79..ce229fa9bee 100644 --- a/services/launcher/flows.go +++ b/services/launcher/flows.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/services/repository/plugin_test.go b/services/repository/plugin_test.go index 4ff4f245c91..ecf4b7ae48f 100644 --- a/services/repository/plugin_test.go +++ b/services/repository/plugin_test.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/services/repository/repository.go b/services/repository/repository.go index ee4cfce340d..6b9a4c04c54 100644 --- a/services/repository/repository.go +++ b/services/repository/repository.go @@ -2,7 +2,7 @@ package repository /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/services/services.go b/services/services.go index b5ea19a6200..07650f605b3 100644 --- a/services/services.go +++ b/services/services.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/services/users.go b/services/users.go index 727889157b0..3de75cb1211 100644 --- a/services/users.go +++ b/services/users.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/services/users/users.go b/services/users/users.go index 39bda00a9eb..f822d89723b 100644 --- a/services/users/users.go +++ b/services/users/users.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/tools/mksyscall_windows.go b/tools/mksyscall_windows.go index c6853276097..1c52fd82734 100644 --- a/tools/mksyscall_windows.go +++ b/tools/mksyscall_windows.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/uploads/file_based.go b/uploads/file_based.go index da9c52b7555..5f45b026ff6 100644 --- a/uploads/file_based.go +++ b/uploads/file_based.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/utils/debug.go b/utils/debug.go index 94ff89d7fff..a587c8b4ab9 100644 --- a/utils/debug.go +++ b/utils/debug.go @@ -1,7 +1,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/utils/file.go b/utils/file.go index 658122faf56..a4b4c1cf5dc 100644 --- a/utils/file.go +++ b/utils/file.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/utils/file_unix.go b/utils/file_unix.go index 6c8dde47915..a9f575bcd09 100644 --- a/utils/file_unix.go +++ b/utils/file_unix.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/utils/path.go b/utils/path.go index 27dbd0a884f..6e0d9203405 100644 --- a/utils/path.go +++ b/utils/path.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/utils/utils.go b/utils/utils.go index 722e2107235..58f1e0e01ea 100755 --- a/utils/utils.go +++ b/utils/utils.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/common/clock.go b/vql/common/clock.go index c61260c0e77..bebd1163466 100644 --- a/vql/common/clock.go +++ b/vql/common/clock.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/common/diff.go b/vql/common/diff.go index 78e998feffb..0dcb4d64a97 100644 --- a/vql/common/diff.go +++ b/vql/common/diff.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/common/env.go b/vql/common/env.go index fb6dcc8b084..3313665313b 100644 --- a/vql/common/env.go +++ b/vql/common/env.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/common/fifo.go b/vql/common/fifo.go index e6992ec40cd..73fe52f943c 100644 --- a/vql/common/fifo.go +++ b/vql/common/fifo.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/common/shell.go b/vql/common/shell.go index 06fba8a69ea..8e6de157b17 100644 --- a/vql/common/shell.go +++ b/vql/common/shell.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/common/yara.go b/vql/common/yara.go index 8beb5b51a24..f95f74bbc67 100644 --- a/vql/common/yara.go +++ b/vql/common/yara.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/filesystem/copy.go b/vql/filesystem/copy.go index 37fa00fe4b6..91a7e80d4f9 100644 --- a/vql/filesystem/copy.go +++ b/vql/filesystem/copy.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/filesystem/filesystem.go b/vql/filesystem/filesystem.go index c640ad868ae..7f9c205b104 100644 --- a/vql/filesystem/filesystem.go +++ b/vql/filesystem/filesystem.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/filesystem/filesystems.go b/vql/filesystem/filesystems.go index 236c7115be1..372d2e6d6d2 100644 --- a/vql/filesystem/filesystems.go +++ b/vql/filesystem/filesystems.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/filesystem/grep.go b/vql/filesystem/grep.go index 0df1b4aab84..8407a0315a0 100644 --- a/vql/filesystem/grep.go +++ b/vql/filesystem/grep.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/filesystem/tempfile.go b/vql/filesystem/tempfile.go index 05bf995d737..d6217890fe6 100644 --- a/vql/filesystem/tempfile.go +++ b/vql/filesystem/tempfile.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/functions/entropy.go b/vql/functions/entropy.go index 21b5dd6caf0..1f7af060327 100644 --- a/vql/functions/entropy.go +++ b/vql/functions/entropy.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/functions/format.go b/vql/functions/format.go index 58da0fb208c..547ae779319 100644 --- a/vql/functions/format.go +++ b/vql/functions/format.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/functions/functions.go b/vql/functions/functions.go index 89f30c5a9b8..10d2498e371 100644 --- a/vql/functions/functions.go +++ b/vql/functions/functions.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/functions/hash.go b/vql/functions/hash.go index 65ba0dfad3d..a3f4bb15981 100644 --- a/vql/functions/hash.go +++ b/vql/functions/hash.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/functions/humanize.go b/vql/functions/humanize.go index bdb45594d93..637087e1e64 100644 --- a/vql/functions/humanize.go +++ b/vql/functions/humanize.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/functions/ints.go b/vql/functions/ints.go index 56f0ae87276..216249d6250 100644 --- a/vql/functions/ints.go +++ b/vql/functions/ints.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published @@ -49,6 +49,9 @@ func (self *IntFunction) Call(ctx context.Context, result, _ := strconv.ParseInt(t, 0, 64) return result + case float32: + return int64(t) + case float64: return int64(t) @@ -64,6 +67,9 @@ func (self *IntFunction) Call(ctx context.Context, case uint32: return uint64(t) + case int32: + return int64(t) + } return 0 diff --git a/vql/functions/lists.go b/vql/functions/lists.go index 263a87987f0..df4f45087c9 100644 --- a/vql/functions/lists.go +++ b/vql/functions/lists.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/functions/log.go b/vql/functions/log.go index ea4d23ba27b..483ce02a683 100644 --- a/vql/functions/log.go +++ b/vql/functions/log.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/functions/networks.go b/vql/functions/networks.go index 7ff82743a50..3ac4c44cc0a 100644 --- a/vql/functions/networks.go +++ b/vql/functions/networks.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/functions/paths.go b/vql/functions/paths.go index 8b5cee01d35..7b28d78055b 100644 --- a/vql/functions/paths.go +++ b/vql/functions/paths.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/functions/pid.go b/vql/functions/pid.go index 38888fb9739..2554d19ea36 100644 --- a/vql/functions/pid.go +++ b/vql/functions/pid.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/functions/pskill.go b/vql/functions/pskill.go index 8534ab4d1dd..c60304eba64 100644 --- a/vql/functions/pskill.go +++ b/vql/functions/pskill.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/functions/rc4.go b/vql/functions/rc4.go index 11efbc26a78..97110f5c802 100644 --- a/vql/functions/rc4.go +++ b/vql/functions/rc4.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/functions/rot13.go b/vql/functions/rot13.go index d65b7026dfb..0064cbce104 100644 --- a/vql/functions/rot13.go +++ b/vql/functions/rot13.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/functions/strings.go b/vql/functions/strings.go index 6cd6b0087cb..b4c4aa2d359 100644 --- a/vql/functions/strings.go +++ b/vql/functions/strings.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/functions/url.go b/vql/functions/url.go index 981b03557b8..018b999f500 100644 --- a/vql/functions/url.go +++ b/vql/functions/url.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/functions/xor.go b/vql/functions/xor.go index 90297381590..fd998364a3d 100644 --- a/vql/functions/xor.go +++ b/vql/functions/xor.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/info.go b/vql/info.go index 1deab1978ec..697a4a8727d 100644 --- a/vql/info.go +++ b/vql/info.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/linux/connections.go b/vql/linux/connections.go index 982ddba5b7d..1e90aeb2a65 100755 --- a/vql/linux/connections.go +++ b/vql/linux/connections.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/networking/http_client.go b/vql/networking/http_client.go index 0f6400e4179..17b59412b2f 100644 --- a/vql/networking/http_client.go +++ b/vql/networking/http_client.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper -Copyright (C) 2019-2022 Rapid7 Inc. +Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/networking/mail.go b/vql/networking/mail.go index 168c3f0871a..5b636607da9 100644 --- a/vql/networking/mail.go +++ b/vql/networking/mail.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper -Copyright (C) 2019-2022 Rapid7 Inc. +Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/networking/netstat_windows.go b/vql/networking/netstat_windows.go index 55171a5a4c7..903c4a933aa 100644 --- a/vql/networking/netstat_windows.go +++ b/vql/networking/netstat_windows.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/networking/network.go b/vql/networking/network.go index 76e6fc4dbcf..87c7324f500 100644 --- a/vql/networking/network.go +++ b/vql/networking/network.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published @@ -33,9 +33,9 @@ type InterfacesPlugin struct { func (self InterfacesPlugin) Info(scope vfilter.Scope, type_map *vfilter.TypeMap) *vfilter.PluginInfo { return &vfilter.PluginInfo{ - Name: "interfaces", - Doc: "List all active interfaces.", - Metadata: vql.VQLMetadata().Permissions(acls.MACHINE_STATE).Build(), + Name: "interfaces", + Doc: "List all active interfaces.", + Metadata: vql.VQLMetadata().Permissions(acls.MACHINE_STATE).Build(), } } @@ -87,18 +87,18 @@ func (self InterfacesPlugin) Call( } // Add net.FlagRunning once we require go 1.20 -// if (iface.Flags & net.FlagRunning) == net.FlagRunning { -// row.Set("Running", "Y") -// } else { -// row.Set("Running", "N") -// } + // if (iface.Flags & net.FlagRunning) == net.FlagRunning { + // row.Set("Running", "Y") + // } else { + // row.Set("Running", "N") + // } row.Set("HardwareAddrString", iface.HardwareAddr.String()) addrs, err := iface.Addrs() if err != nil { scope.Log("interfaces: Failed to get addresses for interface %s: %s", - iface.Name, err) + iface.Name, err) continue } row.Set("Addrs", addrs) @@ -112,7 +112,7 @@ func (self InterfacesPlugin) Call( addrs, err = iface.MulticastAddrs() if err != nil { scope.Log("interfaces: Failed to get multicast addresses for interface %s: %s", - iface.Name, err) + iface.Name, err) } row.Set("MulticastAddrs", addrs) diff --git a/vql/networking/upload.go b/vql/networking/upload.go index e4691c71751..a45b1f61070 100644 --- a/vql/networking/upload.go +++ b/vql/networking/upload.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/parsers/authenticode/authenticode.go b/vql/parsers/authenticode/authenticode.go index a07c70301a2..ef0d5dc5a68 100644 --- a/vql/parsers/authenticode/authenticode.go +++ b/vql/parsers/authenticode/authenticode.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/parsers/csv/csv.go b/vql/parsers/csv/csv.go index 5c56ba110bc..9c66fda7b94 100644 --- a/vql/parsers/csv/csv.go +++ b/vql/parsers/csv/csv.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/parsers/ese/ese.go b/vql/parsers/ese/ese.go index bd2f794e1ae..e2e2f1f53c3 100644 --- a/vql/parsers/ese/ese.go +++ b/vql/parsers/ese/ese.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/parsers/event_logs/evtx.go b/vql/parsers/event_logs/evtx.go index 5acc526f3b1..77f1e5766a3 100644 --- a/vql/parsers/event_logs/evtx.go +++ b/vql/parsers/event_logs/evtx.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/parsers/json.go b/vql/parsers/json.go index b4f81f17b05..0e1becc257f 100644 --- a/vql/parsers/json.go +++ b/vql/parsers/json.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/parsers/ntfs.go b/vql/parsers/ntfs.go index 0e03b30ab34..7977a0759e0 100644 --- a/vql/parsers/ntfs.go +++ b/vql/parsers/ntfs.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/parsers/ole.go b/vql/parsers/ole.go index 7236ef99106..72e862b129b 100644 --- a/vql/parsers/ole.go +++ b/vql/parsers/ole.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/parsers/pe.go b/vql/parsers/pe.go index 1bafc87c8fa..2635f4d0a7e 100644 --- a/vql/parsers/pe.go +++ b/vql/parsers/pe.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/parsers/prefetch.go b/vql/parsers/prefetch.go index 76ced219909..41499c207a0 100644 --- a/vql/parsers/prefetch.go +++ b/vql/parsers/prefetch.go @@ -17,7 +17,7 @@ import ( /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/parsers/recyclebin.go b/vql/parsers/recyclebin.go index a3e449fb1a1..13ac6540e76 100644 --- a/vql/parsers/recyclebin.go +++ b/vql/parsers/recyclebin.go @@ -17,7 +17,7 @@ import ( /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or diff --git a/vql/parsers/regexparser.go b/vql/parsers/regexparser.go index 0884aeefbcf..8604131c440 100644 --- a/vql/parsers/regexparser.go +++ b/vql/parsers/regexparser.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/parsers/splitparser.go b/vql/parsers/splitparser.go index e1545d33b3e..e428753bc8a 100644 --- a/vql/parsers/splitparser.go +++ b/vql/parsers/splitparser.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/parsers/sqlite.go b/vql/parsers/sqlite.go index e9477685579..96165fb68e8 100644 --- a/vql/parsers/sqlite.go +++ b/vql/parsers/sqlite.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/parsers/xml.go b/vql/parsers/xml.go index 26c20de30aa..f811dc6c83d 100644 --- a/vql/parsers/xml.go +++ b/vql/parsers/xml.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/process.go b/vql/process.go index 60d8b87c0a5..f3da1f5c77a 100755 --- a/vql/process.go +++ b/vql/process.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/scope.go b/vql/scope.go index 82d1cf33e2e..1f962883072 100644 --- a/vql/scope.go +++ b/vql/scope.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/server/clients/clients.go b/vql/server/clients/clients.go index eac96ea759d..a7c99b0f91d 100644 --- a/vql/server/clients/clients.go +++ b/vql/server/clients/clients.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/server/compress.go b/vql/server/compress.go index f3c15ca9b19..de121181901 100644 --- a/vql/server/compress.go +++ b/vql/server/compress.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/server/elastic.go b/vql/server/elastic.go index 78510fb606f..39a572bcfbd 100644 --- a/vql/server/elastic.go +++ b/vql/server/elastic.go @@ -14,7 +14,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/server/file_store.go b/vql/server/file_store.go index 7ac55303108..19152097d1c 100644 --- a/vql/server/file_store.go +++ b/vql/server/file_store.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/server/flows/create.go b/vql/server/flows/create.go index cc589eb202c..aab89d28ed3 100644 --- a/vql/server/flows/create.go +++ b/vql/server/flows/create.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/server/flows/monitoring.go b/vql/server/flows/monitoring.go index d9e1bda85a3..9841a90e9fe 100644 --- a/vql/server/flows/monitoring.go +++ b/vql/server/flows/monitoring.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/server/flows/results.go b/vql/server/flows/results.go index eb0aacd4f39..7c14b102b63 100644 --- a/vql/server/flows/results.go +++ b/vql/server/flows/results.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/server/hunts/create.go b/vql/server/hunts/create.go index 231c6ce3a41..5b23dde82f3 100644 --- a/vql/server/hunts/create.go +++ b/vql/server/hunts/create.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/server/hunts/hunts.go b/vql/server/hunts/hunts.go index 28e5f087281..be2063fb044 100644 --- a/vql/server/hunts/hunts.go +++ b/vql/server/hunts/hunts.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/server/labels.go b/vql/server/labels.go index 2870043d391..19660dba921 100644 --- a/vql/server/labels.go +++ b/vql/server/labels.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/server/monitoring/monitoring_logs.go b/vql/server/monitoring/monitoring_logs.go index 0ab20884002..001a393fe7d 100644 --- a/vql/server/monitoring/monitoring_logs.go +++ b/vql/server/monitoring/monitoring_logs.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/server/splunk.go b/vql/server/splunk.go index a0beb1e0e67..88b359c5f51 100644 --- a/vql/server/splunk.go +++ b/vql/server/splunk.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/tools/delay.go b/vql/tools/delay.go index 26ee4250a16..b630e597573 100644 --- a/vql/tools/delay.go +++ b/vql/tools/delay.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/utils.go b/vql/utils.go index 176f8a62b41..da293ccb8b9 100644 --- a/vql/utils.go +++ b/vql/utils.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/vql.go b/vql/vql.go index 23454ed399d..563462d0935 100755 --- a/vql/vql.go +++ b/vql/vql.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/windows/crypto.go b/vql/windows/crypto.go index 135aa7ec198..ff5e50e0dcc 100644 --- a/vql/windows/crypto.go +++ b/vql/windows/crypto.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/windows/doc.go b/vql/windows/doc.go index 9e8dead3070..3643bf298d9 100644 --- a/vql/windows/doc.go +++ b/vql/windows/doc.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/windows/process/dump.go b/vql/windows/process/dump.go index 2fa370b8884..72a8c25900f 100644 --- a/vql/windows/process/dump.go +++ b/vql/windows/process/dump.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/windows/processes.go b/vql/windows/processes.go index f42a582250e..afd30faade6 100644 --- a/vql/windows/processes.go +++ b/vql/windows/processes.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/windows/users.go b/vql/windows/users.go index 19e2c7bba83..dc7a4ca7c46 100644 --- a/vql/windows/users.go +++ b/vql/windows/users.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/windows/win32_windows.go b/vql/windows/win32_windows.go index cf9c735edb9..fb8a745aaa5 100644 --- a/vql/windows/win32_windows.go +++ b/vql/windows/win32_windows.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/windows/win32_windows_32.go b/vql/windows/win32_windows_32.go index baa7d5ae98e..4a56530f785 100644 --- a/vql/windows/win32_windows_32.go +++ b/vql/windows/win32_windows_32.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/windows/wmi/events.go b/vql/windows/wmi/events.go index 84f0601d467..f79d611928a 100644 --- a/vql/windows/wmi/events.go +++ b/vql/windows/wmi/events.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/windows/wmi/parse/parse.go b/vql/windows/wmi/parse/parse.go index a3760add0f0..d8de9e37cdb 100644 --- a/vql/windows/wmi/parse/parse.go +++ b/vql/windows/wmi/parse/parse.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/windows/wmi/parse/parse_test.go b/vql/windows/wmi/parse/parse_test.go index 4b72fee1139..f89e14748eb 100644 --- a/vql/windows/wmi/parse/parse_test.go +++ b/vql/windows/wmi/parse/parse_test.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql/windows/wmi/wmi.go b/vql/windows/wmi/wmi.go index ebc53d37b6d..17030259b42 100644 --- a/vql/windows/wmi/wmi.go +++ b/vql/windows/wmi/wmi.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql_plugins/plugins.go b/vql_plugins/plugins.go index 58847937b05..e54294a683e 100644 --- a/vql_plugins/plugins.go +++ b/vql_plugins/plugins.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql_plugins/plugins_linux.go b/vql_plugins/plugins_linux.go index f4efc7d151c..02821bd99d0 100644 --- a/vql_plugins/plugins_linux.go +++ b/vql_plugins/plugins_linux.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql_plugins/plugins_windows.go b/vql_plugins/plugins_windows.go index cd24a6299b0..dd35b938232 100644 --- a/vql_plugins/plugins_windows.go +++ b/vql_plugins/plugins_windows.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vql_plugins/server.go b/vql_plugins/server.go index adde3f0a14f..89ca6237615 100644 --- a/vql_plugins/server.go +++ b/vql_plugins/server.go @@ -2,7 +2,7 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published diff --git a/vtesting/helpers.go b/vtesting/helpers.go index 41e58363ed6..537187df044 100644 --- a/vtesting/helpers.go +++ b/vtesting/helpers.go @@ -1,6 +1,6 @@ /* Velociraptor - Dig Deeper - Copyright (C) 2019-2022 Rapid7 Inc. + Copyright (C) 2019-2024 Rapid7 Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published