mirror of
https://github.com/falcosecurity/falco.git
synced 2025-07-12 05:58:26 +00:00
fix(scripts): falco-driver-loader takes into account the new kernel modules URLs
The new Falco kernel modules URLs are: `<base_url>/kernel-module/<driver_version>/falco_<target_id>_<kernel_release>_<kernel_version>` Co-authored-by: Lorenzo Fontana <lo@linux.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
This commit is contained in:
parent
357da40fc4
commit
9baa3707dc
@ -66,7 +66,6 @@ cos_version_greater()
|
|||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
get_kernel_config() {
|
get_kernel_config() {
|
||||||
if [ -f /proc/config.gz ]; then
|
if [ -f /proc/config.gz ]; then
|
||||||
echo "Found kernel config at /proc/config.gz"
|
echo "Found kernel config at /proc/config.gz"
|
||||||
@ -102,19 +101,58 @@ get_kernel_config() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
get_target_id() {
|
||||||
|
if [ -f /etc/os-release ]; then
|
||||||
|
# freedesktop.org and systemd
|
||||||
|
# shellcheck source=/dev/null
|
||||||
|
source "/etc/os-release"
|
||||||
|
OS_ID=$ID
|
||||||
|
elif [ -f /etc/debian_version ]; then
|
||||||
|
# Older Debian
|
||||||
|
# fixme > can this happen on older Ubuntu?
|
||||||
|
OS_ID=debian
|
||||||
|
elif [ -f /etc/centos-release ]; then
|
||||||
|
# Older CentOS
|
||||||
|
OS_ID=centos
|
||||||
|
else
|
||||||
|
>&2 echo "Detected an unsupported target system, please get in touch with the Falco community"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
case "${OS_ID}" in
|
||||||
|
("amzn")
|
||||||
|
if [[ $VERSION_ID == "2" ]]; then
|
||||||
|
TARGET_ID="amazonlinux2"
|
||||||
|
else
|
||||||
|
TARGET_ID="amazonlinux"
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
("ubuntu")
|
||||||
|
if [[ $KERNEL_RELEASE == *"aws"* ]]; then
|
||||||
|
TARGET_ID="ubuntu-aws"
|
||||||
|
else
|
||||||
|
TARGET_ID="ubuntu"
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
(*)
|
||||||
|
TARGET_ID=$(echo "${OS_ID}" | tr '[:upper:]' '[:lower:]')
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
load_kernel_module() {
|
load_kernel_module() {
|
||||||
if ! hash lsmod > /dev/null 2>&1; then
|
if ! hash lsmod > /dev/null 2>&1; then
|
||||||
echo "This program requires lsmod"
|
>&2 echo "This program requires lsmod"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! hash modprobe > /dev/null 2>&1; then
|
if ! hash modprobe > /dev/null 2>&1; then
|
||||||
echo "This program requires modprobe"
|
>&2 echo "This program requires modprobe"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! hash rmmod > /dev/null 2>&1; then
|
if ! hash rmmod > /dev/null 2>&1; then
|
||||||
echo "This program requires rmmod"
|
>&2 echo "This program requires rmmod"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -139,12 +177,11 @@ load_kernel_module() {
|
|||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# skip dkms on UEK hosts because it will always fail
|
# skip dkms on UEK hosts because it will always fail`
|
||||||
if [[ $(uname -r) == *uek* ]]; then
|
if [[ $(uname -r) == *uek* ]]; then
|
||||||
echo "* Skipping dkms install for UEK host"
|
echo "* Skipping dkms install for UEK host"
|
||||||
else
|
else
|
||||||
echo "* Running dkms install for ${PACKAGE_NAME}"
|
if hash dkms &>/dev/null && dkms install -m "${PACKAGE_NAME}" -v "${DRIVER_VERSION}" -k "${KERNEL_RELEASE}" 2>/dev/null; then
|
||||||
if dkms install -m "${PACKAGE_NAME}" -v "${DRIVER_VERSION}" -k "${KERNEL_RELEASE}"; then
|
|
||||||
echo "* Trying to load a dkms ${PROBE_NAME}, if present"
|
echo "* Trying to load a dkms ${PROBE_NAME}, if present"
|
||||||
|
|
||||||
if insmod "/var/lib/dkms/${PACKAGE_NAME}/${DRIVER_VERSION}/${KERNEL_RELEASE}/${ARCH}/module/${PROBE_NAME}.ko" > /dev/null 2>&1; then
|
if insmod "/var/lib/dkms/${PACKAGE_NAME}/${DRIVER_VERSION}/${KERNEL_RELEASE}/${ARCH}/module/${PROBE_NAME}.ko" > /dev/null 2>&1; then
|
||||||
@ -176,26 +213,26 @@ load_kernel_module() {
|
|||||||
|
|
||||||
echo "* Trying to find precompiled ${PROBE_NAME} for ${KERNEL_RELEASE}"
|
echo "* Trying to find precompiled ${PROBE_NAME} for ${KERNEL_RELEASE}"
|
||||||
|
|
||||||
get_kernel_config
|
get_target_id
|
||||||
|
|
||||||
local FALCO_PROBE_FILENAME="${PROBE_NAME}-${DRIVER_VERSION}-${ARCH}-${KERNEL_RELEASE}-${HASH}.ko"
|
local FALCO_KERNEL_MODULE_FILENAME="${PROBE_NAME}_${TARGET_ID}_${KERNEL_RELEASE}_${KERNEL_VERSION}.ko"
|
||||||
|
|
||||||
if [ -f "${HOME}/.falco/${FALCO_PROBE_FILENAME}" ]; then
|
if [ -f "${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}" ]; then
|
||||||
echo "Found precompiled module at ~/.falco/${FALCO_PROBE_FILENAME}, loading module"
|
echo "Found precompiled module at ~/.falco/${FALCO_KERNEL_MODULE_FILENAME}, loading module"
|
||||||
insmod "${HOME}/.falco/${FALCO_PROBE_FILENAME}"
|
insmod "${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}"
|
||||||
exit $?
|
exit $?
|
||||||
fi
|
fi
|
||||||
|
|
||||||
local URL
|
local URL
|
||||||
URL=$(echo "${PROBE_URL}/${PACKAGES_REPOSITORY}/sysdig-probe-binaries/${FALCO_PROBE_FILENAME}" | sed s/+/%2B/g)
|
URL=$(echo "${PROBE_URL}/kernel-module/${DRIVER_VERSION}/${FALCO_KERNEL_MODULE_FILENAME}" | sed s/+/%2B/g)
|
||||||
|
|
||||||
echo "* Trying to download precompiled module from ${URL}"
|
echo "* Trying to download precompiled module from ${URL}"
|
||||||
if curl --create-dirs "${FALCO_PROBE_CURL_OPTIONS}" -o "${HOME}/.falco/${FALCO_PROBE_FILENAME}" "${URL}"; then
|
if curl --create-dirs "${FALCO_PROBE_CURL_OPTIONS}" -o "${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}" "${URL}"; then
|
||||||
echo "Download succeeded, loading module"
|
echo "Download succeeded, loading module"
|
||||||
insmod "${HOME}/.falco/${FALCO_PROBE_FILENAME}"
|
insmod "${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}"
|
||||||
exit $?
|
exit $?
|
||||||
else
|
else
|
||||||
echo "Download failed, consider compiling your own ${PROBE_NAME} and loading it or getting in touch with the Falco community"
|
>&2 echo "Download failed, consider compiling your own ${PROBE_NAME} and loading it or getting in touch with the Falco community"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
@ -211,7 +248,7 @@ load_bpf_probe() {
|
|||||||
|
|
||||||
if [ -n "${HOST_ROOT}" ] && [ -f "${HOST_ROOT}/etc/os-release" ]; then
|
if [ -n "${HOST_ROOT}" ] && [ -f "${HOST_ROOT}/etc/os-release" ]; then
|
||||||
# shellcheck source=/dev/null
|
# shellcheck source=/dev/null
|
||||||
. "${HOST_ROOT}/etc/os-release"
|
source "${HOST_ROOT}/etc/os-release"
|
||||||
|
|
||||||
if [ "${ID}" == "cos" ]; then
|
if [ "${ID}" == "cos" ]; then
|
||||||
COS=1
|
COS=1
|
||||||
@ -337,7 +374,7 @@ load_bpf_probe() {
|
|||||||
|
|
||||||
if [ ! -f "${HOME}/.falco/${BPF_PROBE_FILENAME}" ]; then
|
if [ ! -f "${HOME}/.falco/${BPF_PROBE_FILENAME}" ]; then
|
||||||
local URL
|
local URL
|
||||||
URL=$(echo "${PROBE_URL}/${PACKAGES_REPOSITORY}/sysdig-probe-binaries/${BPF_PROBE_FILENAME}" | sed s/+/%2B/g)
|
URL=$(echo "${PROBE_URL}/ebpf-probe/${DRIVER_VERSION}/${BPF_PROBE_FILENAME}" | sed s/+/%2B/g)
|
||||||
|
|
||||||
echo "* Trying to download precompiled BPF probe from ${URL}"
|
echo "* Trying to download precompiled BPF probe from ${URL}"
|
||||||
|
|
||||||
@ -366,6 +403,7 @@ load_bpf_probe() {
|
|||||||
|
|
||||||
ARCH=$(uname -m)
|
ARCH=$(uname -m)
|
||||||
KERNEL_RELEASE=$(uname -r)
|
KERNEL_RELEASE=$(uname -r)
|
||||||
|
KERNEL_VERSION=$(uname -v | sed 's/#\([[:digit:]]\+\).*/\1/')
|
||||||
SCRIPT_NAME=$(basename "${0}")
|
SCRIPT_NAME=$(basename "${0}")
|
||||||
PROBE_URL=${PROBE_URL:-"@DRIVER_LOOKUP_URL@"}
|
PROBE_URL=${PROBE_URL:-"@DRIVER_LOOKUP_URL@"}
|
||||||
if [ -n "$PROBE_INSECURE_DOWNLOAD" ]
|
if [ -n "$PROBE_INSECURE_DOWNLOAD" ]
|
||||||
@ -380,10 +418,6 @@ if [[ $# -ge 1 ]]; then
|
|||||||
MAX_RMMOD_WAIT=$1
|
MAX_RMMOD_WAIT=$1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "${PACKAGES_REPOSITORY}" ]; then
|
|
||||||
PACKAGES_REPOSITORY="stable"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "${SCRIPT_NAME}" = "falco-driver-loader" ]; then
|
if [ "${SCRIPT_NAME}" = "falco-driver-loader" ]; then
|
||||||
DRIVER_VERSION="@PROBE_VERSION@"
|
DRIVER_VERSION="@PROBE_VERSION@"
|
||||||
PROBE_NAME="@PROBE_NAME@"
|
PROBE_NAME="@PROBE_NAME@"
|
||||||
@ -409,3 +443,13 @@ if [ -v FALCO_BPF_PROBE ] || [ "${1}" = "bpf" ]; then
|
|||||||
else
|
else
|
||||||
load_kernel_module
|
load_kernel_module
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# sudo falco-driver-loader
|
||||||
|
#
|
||||||
|
# env variables:
|
||||||
|
# PROBE_URL="..."
|
||||||
|
# PROBE_INSECURE_DOWNLOAD=true
|
||||||
|
|
||||||
|
# RENAMES
|
||||||
|
# PROBE_URL
|
||||||
|
# FALCO_PROBE_CURL_OPTIONS
|
Loading…
Reference in New Issue
Block a user