Skip to content

Releases: hubblestack/hubble

Version 2.3.4

18 May 02:33
@basepi basepi
v2.3.4
This tag was signed with the committer’s verified signature.
basepi Colton Myers
GPG key ID: 6EC5C787D71F663F
Learn about vigilant mode.
3cf1ddf
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 2.3.4
  • Upgrade osquery to SHA a338c86170947344ddd23e80e4e3f636ff8eb5ab (Just after osquery 3.2.5)
  • Windows packaging fixes
  • Misc fixes to misc.py
  • Better win_firewall dependency detection
Assets 16
Loading

Version 2.3.3

02 May 20:23
@basepi basepi
v2.3.3
This tag was signed with the committer’s verified signature.
basepi Colton Myers
GPG key ID: 6EC5C787D71F663F
Learn about vigilant mode.
6e362a3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 2.3.3

Fixes since 2.3.3

  • Fix for fallback_fileserver_backend
  • Fix for pulsar TOP_STALENESS
  • Windows packaging fixes
  • Error handling around raising inotify max user watches
  • Fix post-upgrade script for cent7 packages

2.3.x release notes:

Major fixes:

  • FIM security improvements around hardlinks (should be enabled only on the most critical directories, as it requires a separate inotify watch for each file -- default behavior only watches the directories, but that allows for missed changes via hardlinks)
  • Fix for multiple hubble processes issues (kills previous process if found when hubble -d is started)
  • Fix for wrong systemd run-level, causing hubble to sometimes come up before the network and stop reporting.
  • Automatically remove stale gitfs lockfiles in case of an ill-timed kill -9 or restart
  • Better retry for fileserver updates, especially on startup
  • Automatically increase max watches in for inotify to keep FIM running smoothly
  • Add a couple of new grains (local_ip and fixes to local_fqdn to try to be more consistent in our fqdn and ip reporting, especially when round robin DNS is in play)
  • Fixes for underlying salt v2018.3.0

Major features:

  • Azure blob storage support
  • S3 bucket support
  • Moving user config to separate files (/etc/hubble/hubble.d/*.conf) to aid in config verification and updates
  • New pulsar module for windows based on NTFS journaling which improves performance
  • Ability to fallback on local fileserver sources in case of no default gateway to reach public storage (such as S3)
  • Ability to collect the contents of changed files in FIM. (very narrow scope to prevent accidentally harvesting secrets)
  • Timing information for osquery queries so we can catch performance issues earlier
  • New splunk log level so we can log more information to splunk, as well as all error and warning logs, for easier debugging
  • Periodic grains refresh so hubble will pick up on hostname changes automatically. Logs the new grains to splunk if splunklogging is configured.
  • New version of osquery with bugfixes and more features
  • Added git into the package builds, so that our packages have no requirements
Assets 16
Loading

Version 2.3.2

25 Apr 16:43
@basepi basepi
v2.3.2
This tag was signed with the committer’s verified signature.
basepi Colton Myers
GPG key ID: 6EC5C787D71F663F
Learn about vigilant mode.
7736d43
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 2.3.2

Major fixes:

  • FIM security improvements around hardlinks (should be enabled only on the most critical directories, as it requires a separate inotify watch for each file -- default behavior only watches the directories, but that allows for missed changes via hardlinks)
  • Fix for multiple hubble processes issues (kills previous process if found when hubble -d is started)
  • Fix for wrong systemd run-level, causing hubble to sometimes come up before the network and stop reporting.
  • Automatically remove stale gitfs lockfiles in case of an ill-timed kill -9 or restart
  • Better retry for fileserver updates, especially on startup
  • Automatically increase max watches in for inotify to keep FIM running smoothly
  • Add a couple of new grains (local_ip and fixes to local_fqdn to try to be more consistent in our fqdn and ip reporting, especially when round robin DNS is in play)
  • Fixes for underlying salt v2018.3.0

Major features:

  • Azure blob storage support
  • S3 bucket support
  • Moving user config to separate files (/etc/hubble/hubble.d/*.conf) to aid in config verification and updates
  • New pulsar module for windows based on NTFS journaling which improves performance
  • Ability to fallback on local fileserver sources in case of no default gateway to reach public storage (such as S3)
  • Ability to collect the contents of changed files in FIM. (very narrow scope to prevent accidentally harvesting secrets)
  • Timing information for osquery queries so we can catch performance issues earlier
  • New splunk log level so we can log more information to splunk, as well as all error and warning logs, for easier debugging
  • Periodic grains refresh so hubble will pick up on hostname changes automatically. Logs the new grains to splunk if splunklogging is configured.
  • New version of osquery with bugfixes and more features
  • Added git into the package builds, so that our packages have no requirements
Assets 16
Loading

Version 2.3.0

12 Apr 21:54
@basepi basepi
v2.3.0
520115e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 2.3.0 Pre-release
Pre-release

Preliminary release notes (will be updated when this becomes an official release)

Major fixes:

  • FIM security improvements around hardlinks (should be enabled only on the most critical directories, as it requires a separate inotify watch for each file -- default behavior only watches the directories, but that allows for missed changes via hardlinks)
  • Fix for multiple hubble processes issues (kills previous process if found when hubble -d is started)
  • Fix for wrong systemd run-level, causing hubble to sometimes come up before the network and stop reporting.
  • Automatically remove stale gitfs lockfiles in case of an ill-timed kill -9 or restart
  • Better retry for fileserver updates, especially on startup
  • Automatically increase max watches in for inotify to keep FIM running smoothly

Major features:

  • Azure blob storage support
  • S3 bucket support
  • Moving user config to separate files (/etc/hubble/hubble.d/*.conf) to aid in config verification and updates
  • New pulsar module for windows based on NTFS journaling which improves performance
  • Ability to fallback on local fileserver sources in case of no default gateway to reach public storage (such as S3)
  • Ability to collect the contents of changed files in FIM. (very narrow scope to prevent accidentally harvesting secrets)
  • Timing information for osquery queries so we can catch performance issues earlier
  • New splunk log level so we can log more information to splunk, as well as all error and warning logs, for easier debugging
  • Periodic grains refresh so hubble will pick up on hostname changes automatically. Logs the new grains to splunk if splunklogging is configured.
  • New version of osquery with bugfixes and more features
Assets 4
Loading

Version 2.2.11.2

26 Feb 17:37
@basepi basepi
v2.2.11.2
97f3183
This commit was signed with the committer’s verified signature.
basepi Colton Myers
GPG key ID: 6EC5C787D71F663F
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 2.2.11.2 Pre-release
Pre-release

2.2.11.1 + win_pulsar_winaudit fixes

Assets 2
Loading

Version 2.2.11.1

26 Feb 17:37
@basepi basepi
v2.2.11.1
82a1462
This commit was signed with the committer’s verified signature.
basepi Colton Myers
GPG key ID: 6EC5C787D71F663F
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 2.2.11.1 Pre-release
Pre-release

Identical to the 2.2.11 release, but with azure SDK and splunklogging fixes.

Assets 2
Loading

Version 2.2.8.1

14 Feb 18:23
@basepi basepi
v2.2.8.1
6a8c24d
This commit was signed with the committer’s verified signature.
basepi Colton Myers
GPG key ID: 6EC5C787D71F663F
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 2.2.8.1 Pre-release
Pre-release

This release is identical to 2.2.8 but with the addition of this patch: #273

Assets 2
Loading

Version 2.2.11

01 Dec 21:03
@basepi basepi
v2.2.11
3442c33
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 2.2.11 Pre-release
Pre-release

This is an unofficial release.

Please use 2.2.8 until 2.3.0 is out.

Thanks!

Assets 2
Loading

Version 2.2.10

01 Nov 22:24
@basepi basepi
v2.2.10
b238a1c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 2.2.10 Pre-release
Pre-release

This is an unofficial release.

Please use 2.2.8 until 2.3.0 is out.

Thanks!

Assets 2
Loading

Version 2.2.9

23 Oct 17:56
@basepi basepi
v2.2.9
f038964
Compare
Choose a tag to compare
Version 2.2.9 Pre-release
Pre-release

This is an unofficial release.

Please use 2.2.8 until 2.3.0 is out.

Thanks!

Assets 2
Loading