Fixed

• The sensor id no longer recreates itself if it is restarted too early in boot up.
• The parent process id used to report the grandparent, even when the 'CLONE_PARENT' fork flag was not set.
• Audit telemetry: In some older debian systems (excluding Ubuntu), and old Centos 6 machines, the sensor failed to report the correct scripts and executable path. 
• Audit telemetry: When the flag feature is off, filemod events will not be offloaded. When the flag is off, the sensor does not add file watching rules for audit, however if users added the rules externally the sensor offloaded this telemetry, which was confusing.
• Cleaned up error reporting for /opt/redcanary/SELinux path not existing during sensor installation
• Audit telemetry (filemod feature flag): Filemod events no longer fail to parse on RHEL 7.
• Audit telemetry (filemod feature flag): Script load data now has content if there is filemod activity.

Added

• Audit telemetry (filemod feature flag): Users can track file events inside containers by dynamically adding or removing rules as containers are started/stopped.

Changed

• We have properly cleaned up and resized our DNS caching tables to free up memory.
• Audit telemetry (filemod feature flag): The sensor no longer restarts when the filemod rules change.
• The sensor will now ignore xattr related syscalls

Docker Tag: 1.4.19-18993

Hashes:

➜  md5sum cfsvcd-x86_64   
eac58fea97f835a9a9d15136431493e9  cfsvcd-x86_64

➜  sha256sum cfsvcd-x86_64 
7fa5637286e3edc3fccc9c3d6daa517c02055c5b70c4b3ac202a510d0b827cd8  cfsvcd-x86_64

➜  md5sum cfsvcd-aarch64 
bfce8ca2efa2c6b9dd31a0faa0ef805c  cfsvcd-aarch64

➜  sha256sum cfsvcd-aarch64
1c497ca758cf284b06d9fba7463ec162326032e39c9c3d041c4af9b894f0a3ee  cfsvcd-aarch64