Release v.0.4.29 – Red Canary help

Released: 2019-06-26

Notes:

This release includes substantial fixes and additional features. Please upgrade soon.
v0.4.15-v0.4.28 were limited, controlled releases.

Ubuntu 20.04 support
Pop!_OS support
AWS instance metadata enrichment
- Region, AMI, Account ID, Instance ID and more are displayed in the Portal
Process file hashing (MD5/SHA256) is now re-enabled

Free/Enterprise version outputs telemetry in a flattened structure that is preferred by SIEMs [ch5168]
Changed the `nice` value of telemetry consumption threads to -4 (what auditd uses) and the lowest available real-time priority which is still higher than all non-real-time processes.
Changed behavior of Safe-Mode to force the sensor to exit when the transition is Normal->Safe. This ensures we clean up any state and use minimal resources on entering Safe-Mode.

Note: Capturing of local IP/port for outbound connections is disabled as we work on a performance fix

Fixed systemd service configuration to restart the daemon when its stopped
Fixed an issue with DNS IPv6 parsing that caused us to slice out incorrect portions of the packet.
Fixed issue where `username` was not populated for non-local accounts (LDAP, AD) [ch4418]
Fixed memory leak caused by messages dropped by the kernel [ch7509]
Fixed memory leak cause by a lack of entropy reported by the operating system [ch6432]
Fixed sensor crash that would occur under heavy load [ch8153]
Fixed issue where the current working directory was reported incorrectly [ch7512]
Fixed issue where network connections were associated with the wrong process, resulting in cases like missing incoming network connections for sshd [ch5066]
Fixed erroneous logging of error 'Malformed or invalid payload file found' [ch4356]
Fixed kernel audit deadlock that resulted under high load [ch4365]
Fixed an issue with Free Mode where it was not correctly recognizing the S3 region