github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-07 17:54:07 +00:00
Code Issues Projects Releases Wiki Activity

new(scripts): add a falco.target that consists of falco-X.service units.

Browse Source 
falcoctl will then run and bind to falco.target.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
This commit is contained in:
Federico Di Pierro
2023-01-19 16:02:02 +01:00
committed by poiana
parent 394d495040
commit 2591ed4d68
10 changed files with 23 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
scripts/systemd/falco-bpf.service
View File

@@ -1,6 +1,7 @@
[Unit]
Description=Falco: Container Native Runtime Security with ebpf
Documentation=https://falco.org/docs/
PartOf=falco.target
Conflicts=falco-kmod.service
Conflicts=falco-modern-bpf.service
Conflicts=falco-plugin.service
@@ -21,7 +22,4 @@ ProtectSystem=full
ProtectKernelTunables=true
RestrictRealtime=true
RestrictAddressFamilies=~AF_PACKET
StandardOutput=null
[Install]
WantedBy=multi-user.target
StandardOutput=null

6
scripts/systemd/falco-kmod.service
View File

@@ -3,6 +3,7 @@ Description=Falco: Container Native Runtime Security with kmod
Documentation=https://falco.org/docs/
After=falco-kmod-inject.service
Requires=falco-kmod-inject.service
PartOf=falco.target
Conflicts=falco-bpf.service
Conflicts=falco-modern-bpf.service
Conflicts=falco-plugin.service
@@ -23,7 +24,4 @@ ProtectKernelTunables=true
ReadWritePaths=/sys/module/falco
RestrictRealtime=true
RestrictAddressFamilies=~AF_PACKET
StandardOutput=null
[Install]
WantedBy=multi-user.target
StandardOutput=null

6
scripts/systemd/falco-modern-bpf.service
View File

@@ -1,6 +1,7 @@
[Unit]
Description=Falco: Container Native Runtime Security with modern ebpf
Documentation=https://falco.org/docs/
PartOf=falco.target
Conflicts=falco-kmod.service
Conflicts=falco-bpf.service
Conflicts=falco-plugin.service
@@ -20,7 +21,4 @@ ProtectSystem=full
ProtectKernelTunables=true
RestrictRealtime=true
RestrictAddressFamilies=~AF_PACKET
StandardOutput=null
[Install]
WantedBy=multi-user.target
StandardOutput=null

4
scripts/systemd/falco-plugin.service
View File

@@ -1,6 +1,7 @@
[Unit]
Description=Falco: Container Native Runtime Security with plugin
Documentation=https://falco.org/docs/
PartOf=falco.target
Conflicts=falco-kmod.service
Conflicts=falco-bpf.service
Conflicts=falco-modern-bpf.service
@@ -21,6 +22,3 @@ ProtectKernelTunables=true
RestrictRealtime=true
RestrictAddressFamilies=~AF_PACKET
StandardOutput=null
[Install]
WantedBy=multi-user.target

7
scripts/systemd/falco.target Normal file
View File

@@ -0,0 +1,7 @@
[Unit]
Description=Main Falco target
Requires=multi-user.target
After=multi-user.target
[Install]
WantedBy=multi-user.target

5
scripts/systemd/falcoctl.service
View File

@@ -1,6 +1,8 @@
[Unit]
Description=Falco: Automatic rules update service
Documentation=https://falco.org/docs/
After=falco.target
BindsTo=falco.target
[Service]
Type=simple
@@ -15,8 +17,7 @@ NoNewPrivileges=yes
ProtectSystem=true
ProtectKernelTunables=true
RestrictRealtime=true
#RestrictAddressFamilies=~AF_PACKET
#StandardOutput=null
StandardOutput=null
[Install]
WantedBy=multi-user.target