github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-13 13:32:50 +00:00
Code Issues Projects Releases Wiki Activity

chore(scripts): integrate back master changes FALCO_DRIVER_CHOICE and FALCOCTL_ENABLED .

Browse Source 
Also, env variables always have precedence over dialog (ie: if they are set, we always skip dialog).

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
This commit is contained in:
Federico Di Pierro
2023-12-06 10:29:12 +01:00
committed by poiana
parent ade27c2546
commit 96f50ddac5
2 changed files with 99 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

101
scripts/debian/postinst.in
View File

@@ -19,6 +19,7 @@
chosen_driver= chosen_driver=
chosen_unit= chosen_unit=
CHOICE=
# Every time we call this script we want to stat from a clean state. # Every time we call this script we want to stat from a clean state.
echo "[POST-INSTALL] Disable all possible 'falco' services:" echo "[POST-INSTALL] Disable all possible 'falco' services:"
@@ -37,63 +38,63 @@ systemctl --system disable 'falcoctl-artifact-follow.service' || true
systemctl --system unmask falcoctl-artifact-follow.service || true systemctl --system unmask falcoctl-artifact-follow.service || true
if [ "$1" = "configure" ]; then if [ "$1" = "configure" ]; then
if [ -x /usr/bin/dialog ] && [ "${FALCO_FRONTEND}" != "noninteractive" ]; then case $FALCO_DRIVER_CHOICE in
# If dialog is installed, create a dialog to let users choose the correct driver for them kmod)
CHOICE=$(dialog --clear --title "Falco drivers" --menu "Choose your preferred driver:" 12 55 4 \ CHOICE=2
1 "Manual configuration (no unit is started)" \ ;;
2 "Kmod" \ ebpf)
3 "eBPF" \ CHOICE=3
4 "Modern eBPF" \ ;;
2>&1 >/dev/tty) modern_ebpf)
case $CHOICE in CHOICE=4
2) ;;
chosen_driver="kmod" esac
chosen_unit="kmod" if [ -z $CHOICE ] && [ -x /usr/bin/dialog ] && [ "${FALCO_FRONTEND}" != "noninteractive" ]; then
;; # If dialog is installed, create a dialog to let users choose the correct driver for them
3) CHOICE=$(dialog --clear --title "Falco drivers" --menu "Choose your preferred driver:" 12 55 4 \
chosen_driver="ebpf" 1 "Manual configuration (no unit is started)" \
chosen_unit="bpf" 2 "Kmod" \
;; 3 "eBPF" \
4) 4 "Modern eBPF" \
chosen_driver="modern_ebpf" 2>&1 >/dev/tty)
chosen_unit="modern-bpf" fi
;; case $CHOICE in
esac 2)
if [ -n "$chosen_driver" ]; then chosen_driver="kmod"
chosen_unit="kmod"
;;
3)
chosen_driver="ebpf"
chosen_unit="bpf"
;;
4)
chosen_driver="modern_ebpf"
chosen_unit="modern-bpf"
;;
esac
if [ -n "$CHOICE" ]; then
echo "[POST-INSTALL] Configure falcoctl driver type:" echo "[POST-INSTALL] Configure falcoctl driver type:"
falcoctl driver config --type $chosen_driver falcoctl driver config --type $chosen_driver
CHOICE=$(dialog --clear --title "Falcoctl" --menu "Do you want to follow automatic ruleset updates?" 10 40 2 \ CHOICE=
1 "Yes" \ case $FALCOCTL_ENABLED in
2 "No" \ no)
2>&1 >/dev/tty) CHOICE=2
;;
esac
if [ -z $CHOICE ] && [ -x /usr/bin/dialog ] && [ "${FALCO_FRONTEND}" != "noninteractive" ]; then
CHOICE=$(dialog --clear --title "Falcoctl" --menu "Do you want to follow automatic ruleset updates?" 10 40 2 \
1 "Yes" \
2 "No" \
2>&1 >/dev/tty)
fi
case $CHOICE in case $CHOICE in
2) 2)
# we don't want falcoctl enabled, we mask it # we don't want falcoctl enabled, we mask it
systemctl --system mask falcoctl-artifact-follow.service || true systemctl --system mask falcoctl-artifact-follow.service || true
;; ;;
esac esac
fi
clear
else
case $FALCO_DRIVER_CHOICE in
module | kmod )
chosen_driver="kmod"
;;
bpf | ebpf | eBPF )
chosen_driver="bpf"
;;
modern-bpf | modern-ebpf | modern-eBPF )
chosen_driver="modern-bpf"
;;
esac
case $FALCOCTL_ENABLED in
yes )
;;
no )
systemctl --system mask falcoctl-artifact-follow.service || true
;;
esac
fi fi
clear
fi fi
set -e set -e

91
scripts/rpm/postinstall.in
View File

@@ -18,6 +18,7 @@
chosen_driver= chosen_driver=
chosen_unit= chosen_unit=
CHOICE=
# Every time we call this script we want to stat from a clean state. # Every time we call this script we want to stat from a clean state.
echo "[POST-INSTALL] Disable all possible enabled 'falco' service:" echo "[POST-INSTALL] Disable all possible enabled 'falco' service:"
@@ -36,7 +37,18 @@ systemctl --system disable 'falcoctl-artifact-follow.service' || true
systemctl --system unmask falcoctl-artifact-follow.service || true systemctl --system unmask falcoctl-artifact-follow.service || true
if [ $1 -ge 1 ]; then if [ $1 -ge 1 ]; then
if [ -x /usr/bin/dialog ] && [ "${FALCO_FRONTEND}" != "noninteractive" ]; then case $FALCO_DRIVER_CHOICE in
kmod)
CHOICE=2
;;
ebpf)
CHOICE=3
;;
modern_ebpf)
CHOICE=4
;;
esac
if [ -z $CHOICE ] && [ -x /usr/bin/dialog ] && [ "${FALCO_FRONTEND}" != "noninteractive" ]; then
# If dialog is installed, create a dialog to let users choose the correct driver for them # If dialog is installed, create a dialog to let users choose the correct driver for them
CHOICE=$(dialog --clear --title "Falco drivers" --menu "Choose your preferred driver:" 12 55 4 \ CHOICE=$(dialog --clear --title "Falco drivers" --menu "Choose your preferred driver:" 12 55 4 \
1 "Manual configuration (no unit is started)" \ 1 "Manual configuration (no unit is started)" \
@@ -44,55 +56,44 @@ if [ $1 -ge 1 ]; then
3 "eBPF" \ 3 "eBPF" \
4 "Modern eBPF" \ 4 "Modern eBPF" \
2>&1 >/dev/tty) 2>&1 >/dev/tty)
fi
case $CHOICE in
2)
chosen_driver="kmod"
chosen_unit="kmod"
;;
3)
chosen_driver="ebpf"
chosen_unit="bpf"
;;
4)
chosen_driver="modern_ebpf"
chosen_unit="modern-bpf"
;;
esac
if [ -n "$CHOICE" ]; then
echo "[POST-INSTALL] Configure falcoctl driver type:"
falcoctl driver config --type $chosen_driver
CHOICE=
case $FALCOCTL_ENABLED in
no)
CHOICE=2
;;
esac
if [ -z $CHOICE ] && [ -x /usr/bin/dialog ] && [ "${FALCO_FRONTEND}" != "noninteractive" ]; then
CHOICE=$(dialog --clear --title "Falcoctl" --menu "Do you want to follow automatic ruleset updates?" 10 40 2 \
1 "Yes" \
2 "No" \
2>&1 >/dev/tty)
fi
case $CHOICE in case $CHOICE in
2) 2)
chosen_driver="kmod" # we don't want falcoctl enabled, we mask it
chosen_unit="kmod"
;;
3)
chosen_driver="ebpf"
chosen_unit="bpf"
;;
4)
chosen_driver="modern_ebpf"
chosen_unit="modern-bpf"
;;
esac
if [ -n "$chosen_driver" ]; then
echo "[POST-INSTALL] Configure falcoctl driver type:"
falcoctl driver config --type $chosen_driver
CHOICE=$(dialog --clear --title "Falcoctl" --menu "Do you want to follow automatic ruleset updates?" 10 40 2 \
1 "Yes" \
2 "No" \
2>&1 >/dev/tty)
case $CHOICE in
2)
# we don't want falcoctl enabled, we mask it
systemctl --system mask falcoctl-artifact-follow.service || true
;;
esac
fi
clear
else
case $FALCO_DRIVER_CHOICE in
module | kmod )
chosen_driver="kmod"
;;
bpf | ebpf | eBPF )
chosen_driver="bpf"
;;
modern-bpf | modern-ebpf | modern-eBPF )
chosen_driver="modern-bpf"
;;
esac
case $FALCOCTL_ENABLED in
yes )
;;
no )
systemctl --system mask falcoctl-artifact-follow.service || true systemctl --system mask falcoctl-artifact-follow.service || true
;; ;;
esac esac
fi fi
clear
fi fi
set -e set -e