v1.0.13-windows-fim

Pre-Release v1.0.13 ----- File Integrity Monitoring ----- @xfhg

• Observe mode now available on windows/amd64 builds
• Activate the full featured intercept FIM module into windows/amd64 build
  • (was already available on all other platforms)
• Cache rewriting and windows build aware

Full Changelog: v1.0.12...v1.0.13

v1.0.12

Release v1.0.12

• final tweaks before v1.1.0

v1.0.11

Release v1.0.11

• github actions integration + compliant output (examples provided)
• performance optimizations / core binaries updated
• hooks signatures and auth options
• remote policy execution endpoint :

Remote Policy Execution Endpoint

1. Add your user public keys to the policy file :

Config: 
  Flags:
    remote_auth:
      - "UserA:ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICtFRLdSvayFQwQdIOk6NKuEpEK7KvYBQz8LUVerSo8T"
      - "UserB:ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyubt40tutUSi3FQqcEzbDUu14RdLstEbURvX/M2bM/"

2. Run your observe command with --remote (can use the example test_remote.yaml on the playground)
3. SSH into your intercept instance with one of your IDs (in remote_auth) on port 23234
4. ???
5. Profit

What's Changed

• Integration/GitHub by @xfhg in #174
• Updated Docs by @xfhg in #172
• Core/remote by @xfhg in #175

---

Full Changelog: v1.0.10...v1.0.11

v1.0.9

Release v1.0.9

What's new

• compliance output log files ( --output-type log )
• compliance output log detail levels ( --log-type minimal,results,policy,report,one )
• new event-types for webhooks ( "bulk" for Elastic Search bulk post with --index to define the ES index )
• logrollers and SARIF output size auto management, compression, rotation and cleaning.
• observe path monitoring reaction modes ( --mode last || first || all )

Platform mapping

Intercept Platform	Corresponding Binary	Notes
darwin/amd64	intercept-darwin-amd64	For Intel-based Macs
darwin/arm64	intercept-darwin-arm64	For Apple Silicon Macs (M1, M2, MX)
windows/amd64	intercept-windows-amd64.exe	64-bit Windows (MSVC build)
linux/amd64	intercept-linux-amd64	Statically linked with musl for maximum compatibility
linux/arm64	intercept-linux-arm64	64-bit ARM Linux systems
linux/arm/v7	intercept-linux-arm-v7	For ARMv7 (32-bit ARM with hard float) Linux systems (e.g., Raspberry Pi 2 and above)

v1.0.8

Release v1.0.8

v1.0.7

Release v1.0.7

What's Changed

• Improved Config.Flags.ignore behavior
• Hotfix for no target audits

Full Changelog: v1.0.6...v1.0.7

v1.0.6

Release v1.0.6

Full Changelog: v1.0.5...v1.0.6

What's Changed

• Cleaned the YAML un-marshelling of the config to avoid missing data edge cases (by @xfhg)
• Added all finding sub-matches as SARIF detailed results (by @xfhg)
• Added insecure nginx scan example to playground (by @xfhg)

v1.0.5

What's Changed

• Feature/loadremote by @xfhg in #151
• Feature/targetid by @xfhg in #152