From ba8036711616ee45ae05d5472ca1f7c53261bc09 Mon Sep 17 00:00:00 2001 From: Mark Stemm Date: Wed, 4 May 2016 15:44:11 -0700 Subject: [PATCH] Remove remaining digwatch references (really). Try harder looking for remaining digwatch references, replacing with falco. --- .gitignore | 4 ++-- falco.yaml | 2 +- userspace/falco/configuration.cpp | 8 +++---- userspace/falco/configuration.h | 2 +- userspace/falco/falco.cpp | 34 ++++++++++++++--------------- userspace/falco/fields.cpp | 22 +++++++++---------- userspace/falco/fields.h | 4 ++-- userspace/falco/formats.cpp | 20 ++++++++--------- userspace/falco/formats.h | 6 ++--- userspace/falco/logger.cpp | 22 +++++++++---------- userspace/falco/logger.h | 4 ++-- userspace/falco/lua/compiler.lua | 2 +- userspace/falco/lua/output.lua | 14 ++++++------ userspace/falco/lua/rule_loader.lua | 4 ++-- userspace/falco/rules.cpp | 10 ++++----- userspace/falco/rules.h | 6 ++--- 16 files changed, 82 insertions(+), 82 deletions(-) diff --git a/.gitignore b/.gitignore index fe623cd8..f392843b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ /build* -userspace/digwatch/lua/re.lua -userspace/digwatch/lua/lpeg.so +userspace/falco/lua/re.lua +userspace/falco/lua/lpeg.so diff --git a/falco.yaml b/falco.yaml index 402358d5..d82ed41e 100644 --- a/falco.yaml +++ b/falco.yaml @@ -1,4 +1,4 @@ -rules_file: /etc/digwatch_rules.conf +rules_file: /etc/falco_rules.conf json_output: false log_stderr: true diff --git a/userspace/falco/configuration.cpp b/userspace/falco/configuration.cpp index 14d70045..b1c5a6cb 100644 --- a/userspace/falco/configuration.cpp +++ b/userspace/falco/configuration.cpp @@ -7,14 +7,14 @@ using namespace std; // If we don't have a configuration file, we just use stdout output and all other defaults -void digwatch_configuration::init() +void falco_configuration::init() { output_config stdout_output; stdout_output.name = "stdout"; m_outputs.push_back(stdout_output); } -void digwatch_configuration::init(string conf_filename) +void falco_configuration::init(string conf_filename) { string m_config_file = conf_filename; m_config = new yaml_configuration(m_config_file); @@ -55,6 +55,6 @@ void digwatch_configuration::init(string conf_filename) throw sinsp_exception("Error reading config file (" + m_config_file + "): No outputs configured. Please configure at least one output file output enabled but no filename in configuration block"); } - digwatch_logger::log_stderr = m_config->get_scalar("log_stderr", false); - digwatch_logger::log_syslog = m_config->get_scalar("log_syslog", true); + falco_logger::log_stderr = m_config->get_scalar("log_stderr", false); + falco_logger::log_syslog = m_config->get_scalar("log_syslog", true); } diff --git a/userspace/falco/configuration.h b/userspace/falco/configuration.h index a4bf48f7..48d93c7e 100644 --- a/userspace/falco/configuration.h +++ b/userspace/falco/configuration.h @@ -89,7 +89,7 @@ private: }; -class digwatch_configuration +class falco_configuration { public: void init(std::string conf_filename); diff --git a/userspace/falco/falco.cpp b/userspace/falco/falco.cpp index 86fabeb3..ec56060e 100644 --- a/userspace/falco/falco.cpp +++ b/userspace/falco/falco.cpp @@ -54,7 +54,7 @@ string lua_add_output = "add_output"; // Event processing loop // void do_inspect(sinsp* inspector, - digwatch_rules* rules, + falco_rules* rules, lua_State* ls) { int32_t res; @@ -182,11 +182,11 @@ void add_output(lua_State *ls, output_config oc) // // ARGUMENT PARSING AND PROGRAM SETUP // -int digwatch_init(int argc, char **argv) +int falco_init(int argc, char **argv) { int result = EXIT_SUCCESS; sinsp* inspector = NULL; - digwatch_rules* rules = NULL; + falco_rules* rules = NULL; int op; sinsp_evt::param_fmt event_buffer_format; int long_index = 0; @@ -254,7 +254,7 @@ int digwatch_init(int argc, char **argv) conf_stream = new ifstream(conf_filename); if (!conf_stream->good()) { - digwatch_logger::log(LOG_ERR, "Could not find configuration file at " + conf_filename + ". Exiting \n"); + falco_logger::log(LOG_ERR, "Could not find configuration file at " + conf_filename + ". Exiting \n"); result = EXIT_FAILURE; goto exit; } @@ -280,17 +280,17 @@ int digwatch_init(int argc, char **argv) } } - digwatch_configuration config; + falco_configuration config; if (conf_filename.size()) { config.init(conf_filename); // log after config init because config determines where logs go - digwatch_logger::log(LOG_INFO, "Falco initialized with configuration file " + conf_filename + "\n"); + falco_logger::log(LOG_INFO, "Falco initialized with configuration file " + conf_filename + "\n"); } else { config.init(); - digwatch_logger::log(LOG_INFO, "Falco initialized. No configuration file found, proceeding with defaults\n"); + falco_logger::log(LOG_INFO, "Falco initialized. No configuration file found, proceeding with defaults\n"); } if (rules_filename.size()) @@ -305,7 +305,7 @@ int digwatch_init(int argc, char **argv) lua_main_filename = lua_dir + FALCO_LUA_MAIN; if (!std::ifstream(lua_main_filename)) { - digwatch_logger::log(LOG_ERR, "Could not find Falco Lua libraries (tried " + + falco_logger::log(LOG_ERR, "Could not find Falco Lua libraries (tried " + string(FALCO_LUA_DIR FALCO_LUA_MAIN) + ", " + lua_main_filename + "). Exiting \n"); result = EXIT_FAILURE; @@ -319,18 +319,18 @@ int digwatch_init(int argc, char **argv) luaopen_lpeg(ls); add_lua_path(ls, lua_dir); - rules = new digwatch_rules(inspector, ls, lua_main_filename); + rules = new falco_rules(inspector, ls, lua_main_filename); - digwatch_formats::init(inspector, ls); - digwatch_fields::init(inspector, ls); + falco_formats::init(inspector, ls); + falco_fields::init(inspector, ls); - digwatch_logger::init(ls); + falco_logger::init(ls); inspector->set_drop_event_flags(EF_DROP_FALCO); rules->load_rules(config.m_rules_filename); inspector->set_filter(rules->get_filter()); - digwatch_logger::log(LOG_INFO, "Parsed rules from file " + config.m_rules_filename + "\n"); + falco_logger::log(LOG_INFO, "Parsed rules from file " + config.m_rules_filename + "\n"); inspector->set_hostname_and_port_resolution_mode(false); @@ -363,7 +363,7 @@ int digwatch_init(int argc, char **argv) { if(system("modprobe " PROBE_NAME " > /dev/null 2> /dev/null")) { - digwatch_logger::log(LOG_ERR, "Unable to load the driver. Exiting\n"); + falco_logger::log(LOG_ERR, "Unable to load the driver. Exiting\n"); } inspector->open(); } @@ -376,13 +376,13 @@ int digwatch_init(int argc, char **argv) } catch(sinsp_exception& e) { - digwatch_logger::log(LOG_ERR, "Runtime error: " + string(e.what()) + ". Exiting\n"); + falco_logger::log(LOG_ERR, "Runtime error: " + string(e.what()) + ". Exiting\n"); result = EXIT_FAILURE; } catch(...) { - digwatch_logger::log(LOG_ERR, "Unexpected error, Exiting\n"); + falco_logger::log(LOG_ERR, "Unexpected error, Exiting\n"); result = EXIT_FAILURE; } @@ -406,5 +406,5 @@ exit: // int main(int argc, char **argv) { - return digwatch_init(argc, argv); + return falco_init(argc, argv); } diff --git a/userspace/falco/fields.cpp b/userspace/falco/fields.cpp index cd3d31ae..9349fa0c 100644 --- a/userspace/falco/fields.cpp +++ b/userspace/falco/fields.cpp @@ -5,34 +5,34 @@ extern sinsp_filter_check_list g_filterlist; -const static struct luaL_reg ll_digwatch [] = +const static struct luaL_reg ll_falco [] = { - {"field", &digwatch_fields::field}, + {"field", &falco_fields::field}, {NULL,NULL} }; -sinsp* digwatch_fields::s_inspector = NULL; +sinsp* falco_fields::s_inspector = NULL; -std::map digwatch_fields::s_fieldname_map; +std::map falco_fields::s_fieldname_map; -void digwatch_fields::init(sinsp* inspector, lua_State *ls) +void falco_fields::init(sinsp* inspector, lua_State *ls) { s_inspector = inspector; - luaL_openlib(ls, "digwatch", ll_digwatch, 0); + luaL_openlib(ls, "falco", ll_falco, 0); } -int digwatch_fields::field(lua_State *ls) +int falco_fields::field(lua_State *ls) { sinsp_filter_check* chk=NULL; if (!lua_islightuserdata(ls, 1)) { - string err = "invalid argument passed to digwatch.field()"; + string err = "invalid argument passed to falco.field()"; fprintf(stderr, "%s\n", err.c_str()); - throw sinsp_exception("digwatch.field() error"); + throw sinsp_exception("falco.field() error"); } sinsp_evt* evt = (sinsp_evt*)lua_topointer(ls, 1); @@ -47,9 +47,9 @@ int digwatch_fields::field(lua_State *ls) if(chk == NULL) { - string err = "nonexistent fieldname passed to digwatch.field(): " + string(fieldname); + string err = "nonexistent fieldname passed to falco.field(): " + string(fieldname); fprintf(stderr, "%s\n", err.c_str()); - throw sinsp_exception("digwatch.field() error"); + throw sinsp_exception("falco.field() error"); } chk->parse_field_name(fieldname.c_str(), true); diff --git a/userspace/falco/fields.h b/userspace/falco/fields.h index a266bb56..ff69c52d 100644 --- a/userspace/falco/fields.h +++ b/userspace/falco/fields.h @@ -8,12 +8,12 @@ extern "C" { #include "lauxlib.h" } -class digwatch_fields +class falco_fields { public: static void init(sinsp* inspector, lua_State *ls); - // value = digwatch.field(evt, fieldname) + // value = falco.field(evt, fieldname) static int field(lua_State *ls); static sinsp* s_inspector; diff --git a/userspace/falco/formats.cpp b/userspace/falco/formats.cpp index a2bfb961..0ff87068 100644 --- a/userspace/falco/formats.cpp +++ b/userspace/falco/formats.cpp @@ -2,23 +2,23 @@ #include "logger.h" -sinsp* digwatch_formats::s_inspector = NULL; +sinsp* falco_formats::s_inspector = NULL; -const static struct luaL_reg ll_digwatch [] = +const static struct luaL_reg ll_falco [] = { - {"formatter", &digwatch_formats::formatter}, - {"format_event", &digwatch_formats::format_event}, + {"formatter", &falco_formats::formatter}, + {"format_event", &falco_formats::format_event}, {NULL,NULL} }; -void digwatch_formats::init(sinsp* inspector, lua_State *ls) +void falco_formats::init(sinsp* inspector, lua_State *ls) { s_inspector = inspector; - luaL_openlib(ls, "digwatch", ll_digwatch, 0); + luaL_openlib(ls, "falco", ll_falco, 0); } -int digwatch_formats::formatter(lua_State *ls) +int falco_formats::formatter(lua_State *ls) { string format = luaL_checkstring(ls, 1); sinsp_evt_formatter* formatter; @@ -28,7 +28,7 @@ int digwatch_formats::formatter(lua_State *ls) } catch(sinsp_exception& e) { - digwatch_logger::log(LOG_ERR, "Invalid output format '" + format + "'.\n"); + falco_logger::log(LOG_ERR, "Invalid output format '" + format + "'.\n"); throw sinsp_exception("set_formatter error"); } @@ -38,12 +38,12 @@ int digwatch_formats::formatter(lua_State *ls) return 1; } -int digwatch_formats::format_event (lua_State *ls) +int falco_formats::format_event (lua_State *ls) { string line; if (!lua_islightuserdata(ls, -1) || !lua_islightuserdata(ls, -2)) { - digwatch_logger::log(LOG_ERR, "Invalid arguments passed to format_event()\n"); + falco_logger::log(LOG_ERR, "Invalid arguments passed to format_event()\n"); throw sinsp_exception("format_event error"); } sinsp_evt* evt = (sinsp_evt*)lua_topointer(ls, 1); diff --git a/userspace/falco/formats.h b/userspace/falco/formats.h index 3f9fc7cc..73f69b0d 100644 --- a/userspace/falco/formats.h +++ b/userspace/falco/formats.h @@ -10,15 +10,15 @@ extern "C" { class sinsp_evt_formatter; -class digwatch_formats +class falco_formats { public: static void init(sinsp* inspector, lua_State *ls); - // formatter = digwatch.formatter(format_string) + // formatter = falco.formatter(format_string) static int formatter(lua_State *ls); - // formatted_string = digwatch.format_event(evt, formatter) + // formatted_string = falco.format_event(evt, formatter) static int format_event(lua_State *ls); static sinsp* s_inspector; diff --git a/userspace/falco/logger.cpp b/userspace/falco/logger.cpp index f09af8c6..9f104265 100644 --- a/userspace/falco/logger.cpp +++ b/userspace/falco/logger.cpp @@ -5,23 +5,23 @@ -const static struct luaL_reg ll_digwatch [] = +const static struct luaL_reg ll_falco [] = { - {"syslog", &digwatch_logger::syslog}, + {"syslog", &falco_logger::syslog}, {NULL,NULL} }; -void digwatch_logger::init(lua_State *ls) +void falco_logger::init(lua_State *ls) { - luaL_openlib(ls, "digwatch", ll_digwatch, 0); + luaL_openlib(ls, "falco", ll_falco, 0); } -int digwatch_logger::syslog(lua_State *ls) { +int falco_logger::syslog(lua_State *ls) { int priority = luaL_checknumber(ls, 1); if (priority > LOG_DEBUG) { - return luaL_argerror(ls, 1, "digwatch.syslog: priority must be a number between 0 and 7"); + return luaL_argerror(ls, 1, "falco.syslog: priority must be a number between 0 and 7"); } const char *msg = luaL_checkstring(ls, 2); @@ -30,15 +30,15 @@ int digwatch_logger::syslog(lua_State *ls) { return 0; } -bool digwatch_logger::log_stderr; -bool digwatch_logger::log_syslog; +bool falco_logger::log_stderr; +bool falco_logger::log_syslog; -void digwatch_logger::log(int priority, const string msg) { - if (digwatch_logger::log_syslog) { +void falco_logger::log(int priority, const string msg) { + if (falco_logger::log_syslog) { ::syslog(priority, "%s", msg.c_str()); } - if (digwatch_logger::log_stderr) { + if (falco_logger::log_stderr) { std::time_t result = std::time(nullptr); string tstr = std::asctime(std::localtime(&result)); tstr = tstr.substr(0, 24);// remove trailling newline diff --git a/userspace/falco/logger.h b/userspace/falco/logger.h index 5043aedf..971a134d 100644 --- a/userspace/falco/logger.h +++ b/userspace/falco/logger.h @@ -9,12 +9,12 @@ extern "C" { #include "lauxlib.h" } -class digwatch_logger +class falco_logger { public: static void init(lua_State *ls); - // value = digwatch.syslog(level, message) + // value = falco.syslog(level, message) static int syslog(lua_State *ls); static void log(int priority, const string msg); diff --git a/userspace/falco/lua/compiler.lua b/userspace/falco/lua/compiler.lua index b868699b..3ce04ab5 100644 --- a/userspace/falco/lua/compiler.lua +++ b/userspace/falco/lua/compiler.lua @@ -510,7 +510,7 @@ end --[[ - Compiles a single line from a digwatch ruleset and updates the passed-in macros table. Returns the AST of the line. + Compiles a single line from a falco ruleset and updates the passed-in macros table. Returns the AST of the line. --]] function compiler.compile_line(line, macro_defs) local ast, error_msg = compiler.parser.parse_line(line) diff --git a/userspace/falco/lua/output.lua b/userspace/falco/lua/output.lua index 5863b297..33e8f063 100644 --- a/userspace/falco/lua/output.lua +++ b/userspace/falco/lua/output.lua @@ -4,8 +4,8 @@ levels = {"Emergency", "Alert", "Critical", "Error", "Warning", "Notice", "Infor function mod.stdout(evt, level, format) format = "%evt.time: "..levels[level+1].." "..format - formatter = digwatch.formatter(format) - msg = digwatch.format_event(evt, formatter) + formatter = falco.formatter(format) + msg = falco.format_event(evt, formatter) print (msg) end @@ -24,8 +24,8 @@ end function mod.file(evt, level, format, options) format = "%evt.time: "..levels[level+1].." "..format - formatter = digwatch.formatter(format) - msg = digwatch.format_event(evt, formatter) + formatter = falco.formatter(format) + msg = falco.format_event(evt, formatter) file = io.open(options.filename, "a+") file:write(msg, "\n") @@ -34,9 +34,9 @@ end function mod.syslog(evt, level, format) - formatter = digwatch.formatter(format) - msg = digwatch.format_event(evt, formatter) - digwatch.syslog(level, msg) + formatter = falco.formatter(format) + msg = falco.format_event(evt, formatter) + falco.syslog(level, msg) end return mod diff --git a/userspace/falco/lua/rule_loader.lua b/userspace/falco/lua/rule_loader.lua index b39069c5..ae589b97 100644 --- a/userspace/falco/lua/rule_loader.lua +++ b/userspace/falco/lua/rule_loader.lua @@ -1,7 +1,7 @@ --[[ - Compile and install digwatch rules. + Compile and install falco rules. - This module exports functions that are called from digwatch c++-side to compile and install a set of rules. + This module exports functions that are called from falco c++-side to compile and install a set of rules. --]] diff --git a/userspace/falco/rules.cpp b/userspace/falco/rules.cpp index 39ca0edc..921c1e6c 100644 --- a/userspace/falco/rules.cpp +++ b/userspace/falco/rules.cpp @@ -7,7 +7,7 @@ extern "C" { } -digwatch_rules::digwatch_rules(sinsp* inspector, lua_State *ls, string lua_main_filename) +falco_rules::falco_rules(sinsp* inspector, lua_State *ls, string lua_main_filename) { m_ls = ls; @@ -17,7 +17,7 @@ digwatch_rules::digwatch_rules(sinsp* inspector, lua_State *ls, string lua_main_ } -void digwatch_rules::load_compiler(string lua_main_filename) +void falco_rules::load_compiler(string lua_main_filename) { ifstream is; is.open(lua_main_filename); @@ -39,7 +39,7 @@ void digwatch_rules::load_compiler(string lua_main_filename) } } -void digwatch_rules::load_rules(string rules_filename) +void falco_rules::load_rules(string rules_filename) { ifstream is; is.open(rules_filename); @@ -85,12 +85,12 @@ void digwatch_rules::load_rules(string rules_filename) } -sinsp_filter* digwatch_rules::get_filter() +sinsp_filter* falco_rules::get_filter() { return m_lua_parser->get_filter(); } -digwatch_rules::~digwatch_rules() +falco_rules::~falco_rules() { delete m_lua_parser; } diff --git a/userspace/falco/rules.h b/userspace/falco/rules.h index 366a9c1e..64f19916 100644 --- a/userspace/falco/rules.h +++ b/userspace/falco/rules.h @@ -3,11 +3,11 @@ #include "sinsp.h" #include "lua_parser.h" -class digwatch_rules +class falco_rules { public: - digwatch_rules(sinsp* inspector, lua_State *ls, string lua_main_filename); - ~digwatch_rules(); + falco_rules(sinsp* inspector, lua_State *ls, string lua_main_filename); + ~falco_rules(); void load_rules(string rules_filename); sinsp_filter* get_filter();