1.1.0 Release Prep (#98)

CMakeLists.txt

@@ -104,6 +104,21 @@ set(SYSMON_COMMON_SOURCE_DIR "${CMAKE_SOURCE_DIR}/sysmonCommon/")
 set(SYSMON_TESTS_SOURCE_DIR "${CMAKE_SOURCE_DIR}/sysmonCommon/UnitTests/")
 endif()
 
+#
+# Compress man page
+#
+set(SYSMON_COMPRESS_MAN "sysmon.8.gz")
+
+add_custom_target(SYSMON_MAN_COMPRESS ALL
+                  DEPENDS ${PROJECT_BINARY_DIR}/${SYSMON_COMPRESS_MAN}
+                  )
+
+add_custom_command(OUTPUT ${PROJECT_BINARY_DIR}/${SYSMON_COMPRESS_MAN}
+                   COMMAND gzip -f -c "${CMAKE_SOURCE_DIR}/package/usr/share/man/man8/sysmon.8" > ${PROJECT_BINARY_DIR}/${SYSMON_COMPRESS_MAN}
+                   COMMENT "Compressing Sysmon man page"
+                   DEPENDS "${CMAKE_SOURCE_DIR}/package/usr/share/man/man8/sysmon.8"
+                  )
+
 #
 # make sysmon
 #

INSTALL.md

@@ -1,6 +1,6 @@
 # Install Sysmon
 
-## Ubuntu 18.04, 20.04 & 21.04
+## Ubuntu 18.04, 20.04 & 22.04
 #### 1. Register Microsoft key and feed
 ```sh
 wget -q https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
@@ -51,23 +51,11 @@ sudo apt-get update
 sudo apt-get install sysmonforlinux
 ```
 
-## Fedora 33
+## Fedora 36
 #### 1. Register Microsoft key and feed
 ```sh
 sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc
-sudo wget -q -O /etc/yum.repos.d/microsoft-prod.repo https://packages.microsoft.com/config/fedora/33/prod.repo
-```
-
-#### 2. Install SysmonForLinux
-```sh
-sudo dnf install sysmonforlinux
-```
-
-## Fedora 34
-#### 1. Register Microsoft key and feed
-```sh
-sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc
-sudo wget -q -O /etc/yum.repos.d/microsoft-prod.repo https://packages.microsoft.com/config/fedora/34/prod.repo
+sudo wget -q -O /etc/yum.repos.d/microsoft-prod.repo https://packages.microsoft.com/config/fedora/36/prod.repo
 ```
 
 #### 2. Install SysmonForLinux
@@ -87,17 +75,19 @@ sudo wget -q -O /etc/yum.repos.d/microsoft-prod.repo https://packages.microsoft.
 sudo dnf install sysmonforlinux
 ```
 
-## CentOS 8
+## RHEL 9
 #### 1. Register Microsoft key and feed
 ```sh
-sudo rpm -Uvh https://packages.microsoft.com/config/centos/8/packages-microsoft-prod.rpm
+sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc
+sudo wget -q -O /etc/yum.repos.d/microsoft-prod.repo https://packages.microsoft.com/config/rhel/9/prod.repo
 ```
 
 #### 2. Install SysmonForLinux
 ```sh
 sudo dnf install sysmonforlinux
 ```
 
+
 ## openSUSE 15
 #### 1. Register Microsoft key and feed
 ```sh

makePackages.sh

@@ -57,7 +57,8 @@ fi
 mkdir -p "${PROJECT_BINARY_DIR}/deb/${DEB_PACKAGE_NAME}"
 cp -a "${CMAKE_SOURCE_DIR}/package/DEBIAN" "${PROJECT_BINARY_DIR}/deb/${DEB_PACKAGE_NAME}/"
 cp "${PROJECT_BINARY_DIR}/DEBIANcontrol" "${PROJECT_BINARY_DIR}/deb/${DEB_PACKAGE_NAME}/DEBIAN/control"
-cp -a "${CMAKE_SOURCE_DIR}/package/usr" "${PROJECT_BINARY_DIR}/deb/${DEB_PACKAGE_NAME}/"
+mkdir -p "${PROJECT_BINARY_DIR}/deb/${DEB_PACKAGE_NAME}/usr/share/man/man8"
+cp -a "${PROJECT_BINARY_DIR}/sysmon.8.gz" "${PROJECT_BINARY_DIR}/deb/${DEB_PACKAGE_NAME}/usr/share/man/man8"
 mkdir -p "${PROJECT_BINARY_DIR}/deb/${DEB_PACKAGE_NAME}/usr/bin"
 cp "${PROJECT_BINARY_DIR}/sysmon" "${PROJECT_BINARY_DIR}/deb/${DEB_PACKAGE_NAME}/usr/bin/"
 
@@ -73,7 +74,7 @@ fi
 mkdir -p "${PROJECT_BINARY_DIR}/rpm/${RPM_PACKAGE_NAME}/SPECS"
 cp -a "${PROJECT_BINARY_DIR}/SPECS.spec" "${PROJECT_BINARY_DIR}/rpm/${RPM_PACKAGE_NAME}/SPECS/${RPM_PACKAGE_NAME}.spec"
 mkdir "${PROJECT_BINARY_DIR}/rpm/${RPM_PACKAGE_NAME}/BUILD/"
-cp "${CMAKE_SOURCE_DIR}/package/usr/share/man/man8/sysmon.8.gz" "${PROJECT_BINARY_DIR}/sysmon" "${PROJECT_BINARY_DIR}/rpm/${RPM_PACKAGE_NAME}/BUILD/"
+cp "${PROJECT_BINARY_DIR}/sysmon.8.gz" "${PROJECT_BINARY_DIR}/sysmon" "${PROJECT_BINARY_DIR}/rpm/${RPM_PACKAGE_NAME}/BUILD/"
 
 # make the rpm
 if [ "$RPMBUILD" != "" ]; then

package/usr/share/man/man8/sysmon.8

@@ -0,0 +1,93 @@
+.\" Manpage for Sysinternals Sysmon For Linux.
+.\" Contact via http://github/Sysinternals to correct errors or typos.
+.TH SYSMON 8 "23 Feb 2023" "1.1.0" "System Manager's Manual"
+
+.SH NAME
+sysmon \- System Monitor from Sysinternals
+
+.SH SYNOPSIS
+sysmon [options]
+
+.SH DESCRIPTION
+System Monitor (Sysmon) is a system service and set of eBPF programs that,
+once installed on a system, remains resident across system reboots to monitor
+and log system activity to the Syslog. It provides detailed information about
+process creations, network connections, and file creations and deletions. By
+collecting the events it generates using SIEM agents and subsequently analyzing
+them, you can identify malicious or anomalous activity and understand how
+intruders and malware operate on your network.
+
+Note that Sysmon does not provide analysis of the events it generates, nor does
+it attempt to protect or hide itself from attackers.
+
+Sysmon includes the following capabilities:
+
+.IP \[bu] 2
+Logs process creation with full command line for both current and parent
+processes.
+.IP \[bu]
+Includes a process GUID in process create events to allow for correlation of
+events even when Linux reuses process IDs.
+.IP \[bu]
+Includes a session GUID in each event to allow correlation of events on same
+logon session.
+.IP \[bu]
+Logs file creations and deletions.
+.IP \[bu]
+Logs opens for raw read access of disks and volumes.
+.IP \[bu]
+Optionally logs network connections, including each connection’s source
+process, IP addresses and port numbers.
+.IP \[bu]
+Logs ptrace (process access) activity.
+.IP \[bu]
+Rule filtering to include or exclude certain events dynamically.
+
+.PP
+Events are stored in the Syslog, often found at /var/log/syslog.
+
+Use the '\-? config' command for configuration file documentation. More
+examples are available on the Sysinternals website.
+
+Specify '\-accepteula' to automatically accept the EULA on installation.
+
+Neither install nor uninstall requires a reboot.
+
+.SH OPTIONS
+  \-c [config]   Update configuration of an installed Sysmon driver or dump the
+                current configuration if no other argument is provided. Optionally
+                take a configuration file.
+  \-i [config]   Install service and driver. Optionally take a configuration file.
+  \-s            Print configuration schema definition of the specified version.
+                Specify 'all' to dump all schema versions (default is latest)).
+  \-u            Uninstall service and driver. Adding force causes uninstall to proceed
+                even when some components are not installed.
+  \-btf <path>   Uses the specified offline BTF file.
+  \-?            Help.
+  \-? config     Configuration help.
+  \-accepteula   Accept the EULA.
+
+.SH SEE ALSO
+ps(1), perf(1), top(1), procmon(1), procdump(1)
+
+.SH BUGS
+No known bugs.
+
+.SH NOTES
+File paths are typically constructed in eBPF by traversing the file system.
+It is possible that system limits will in some cases prevent the full path
+from being recovered. In this situations, the first character of the path will
+be a '+' to indicate that more directories may have preceded it.
+
+.SH AUTHOR
+Sysinternals - www.sysinternals.com
+
+Mark Russinovich, Thomas Garnier and Kevin Sheldrake
+
+Copyright (C) 2014-2023 Microsoft Corporation
+
+.SH COPYRIGHT
+The userland part of Sysmon is licensed under MIT; the eBPF parts are licensed
+under GPL2.
+
+