github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-29 19:23:16 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #286 from draios/no-config-when-validate-rules

Browse Source 
Add ability to validate rules file
This commit is contained in:
Mark Stemm 2017-10-09 12:50:56 -07:00 committed by GitHub
commit 26d5ea0123
1 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
userspace/falco/falco.cpp
View File

@ -111,6 +111,7 @@ static void usage()
" single line emitted by falco to be flushed, which generates higher CPU\n" " single line emitted by falco to be flushed, which generates higher CPU\n"
" usage but is useful when piping those outputs into another process\n" " usage but is useful when piping those outputs into another process\n"
" or into a script.\n" " or into a script.\n"
" -V,--validate <rules_file> Read the contents of the specified rules file and exit\n"
" -v Verbose output.\n" " -v Verbose output.\n"
" --version Print version number.\n" " --version Print version number.\n"
"\n" "\n"
@ -244,6 +245,7 @@ int falco_init(int argc, char **argv)
string pidfilename = "/var/run/falco.pid"; string pidfilename = "/var/run/falco.pid";
bool describe_all_rules = false; bool describe_all_rules = false;
string describe_rule = ""; string describe_rule = "";
string validate_rules_file = "";
string stats_filename = ""; string stats_filename = "";
bool verbose = false; bool verbose = false;
bool all_events = false; bool all_events = false;
@ -280,6 +282,7 @@ int falco_init(int argc, char **argv)
{"pidfile", required_argument, 0, 'P' }, {"pidfile", required_argument, 0, 'P' },
{"unbuffered", no_argument, 0, 'U' }, {"unbuffered", no_argument, 0, 'U' },
{"version", no_argument, 0, 0 }, {"version", no_argument, 0, 0 },
{"validate", required_argument, 0, 0 },
{"writefile", required_argument, 0, 'w' }, {"writefile", required_argument, 0, 'w' },
{0, 0, 0, 0} {0, 0, 0, 0}
@ -297,7 +300,7 @@ int falco_init(int argc, char **argv)
// Parse the args // Parse the args
// //
while((op = getopt_long(argc, argv, while((op = getopt_long(argc, argv,
"hc:AdD:e:k:K:Ll:m:M:o:P:p:r:s:T:t:Uvw:", "hc:AdD:e:k:K:Ll:m:M:o:P:p:r:s:T:t:UvV:w:",
long_options, &long_index)) != -1) long_options, &long_index)) != -1)
{ {
switch(op) switch(op)
@ -392,6 +395,9 @@ int falco_init(int argc, char **argv)
case 'v': case 'v':
verbose = true; verbose = true;
break; break;
case 'V':
validate_rules_file = optarg;
break;
case 'w': case 'w':
outfile = optarg; outfile = optarg;
break; break;
@ -454,6 +460,14 @@ int falco_init(int argc, char **argv)
} }
} }
if(validate_rules_file != "")
{
falco_logger::log(LOG_INFO, "Validating rules file: " + validate_rules_file + "...\n");
engine->load_rules_file(validate_rules_file, verbose, all_events);
falco_logger::log(LOG_INFO, "Ok\n");
goto exit;
}
falco_configuration config; falco_configuration config;
if (conf_filename.size()) if (conf_filename.size())
{ {
@ -479,6 +493,11 @@ int falco_init(int argc, char **argv)
config.m_buffered_outputs = buffered_outputs; config.m_buffered_outputs = buffered_outputs;
} }
if(config.m_rules_filenames.size() == 0)
{
throw std::invalid_argument("You must specify at least one rules file via -r or a rules_file entry in falco.yaml");
}
for (auto filename : config.m_rules_filenames) for (auto filename : config.m_rules_filenames)
{ {
engine->load_rules_file(filename, verbose, all_events); engine->load_rules_file(filename, verbose, all_events);