github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2026-03-18 18:58:41 +00:00
Code Issues Projects Releases Wiki Activity

update: rules provider configuration

Browse Source 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
This commit is contained in:
Lorenzo Fontana
2020-12-20 12:35:47 +01:00
parent 90c890bc2a
commit c1805281ac
5 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
falco.yaml
View File

@@ -221,3 +221,8 @@ grpc_output:
# if they don't need to change the default Falco behavior
#extensions:
# - myextension.so
# Rules provider
# Specify a non-default provider.
# Default value is "internal"
rules_provider: internal

1
userspace/engine/falco_engine.cpp
View File

@@ -75,7 +75,6 @@ falco_engine::falco_engine(const falco_engine &orig_engine)
m_sampling_ratio(1), m_sampling_multiplier(0),
m_replace_container_info(false)
{
std::cout << "copy ctor" << std::endl;
luaopen_lpeg(m_ls);
luaopen_yaml(m_ls);

3
userspace/falco/configuration.cpp
View File

@@ -137,8 +137,11 @@ void falco_configuration::init(string conf_filename, list<string> &cmdline_optio
m_outputs.push_back(http_output);
}
// extension related configuration
m_config->get_sequence<list<string>>(m_extensions_filenames , string("extensions"));
m_rules_provider = m_config->get_scalar<string>("rules_provider", "internal");
// gRPC related configuration
m_grpc_enabled = m_config->get_scalar<bool>("grpc", "enabled", false);
m_grpc_bind_address = m_config->get_scalar<string>("grpc", "bind_address", "0.0.0.0:5060");
m_grpc_threadiness = m_config->get_scalar<uint32_t>("grpc", "threadiness", 0);

1
userspace/falco/configuration.h
View File

@@ -223,6 +223,7 @@ public:
double m_syscall_evt_drop_max_burst;
std::list<std::string> m_extensions_filenames;
std::string m_rules_provider;
// Only used for testing
bool m_syscall_evt_simulate_drops;

2
userspace/falco/falco.cpp
View File

@@ -977,7 +977,7 @@ int falco_init(int argc, char **argv)
watchrules_thread = std::thread([&] {
libhawk::lifecycle::watch_rules(
(hawk_watch_rules_cb)rules_cb,
"hawk_example_go");
config.m_rules_provider);
});
falco_logger::log(LOG_INFO, "DOPO\n");