github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-21 18:01:58 +00:00
Code Issues Projects Releases Wiki Activity

new(test): stdout output strict

Browse Source 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
This commit is contained in:
Leonardo Grasso 2020-10-09 13:00:35 +02:00 committed by poiana
parent b0942f8774
commit c512784503
3 changed files with 60 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
test/confs/file_stdout.yaml Normal file
View File

@ -0,0 +1,42 @@
#
# Copyright (C) 2019 The Falco Authors.
#
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# File containing Falco rules, loaded at startup.
rules_file: /etc/falco_rules.yaml
# Whether to output events in json or text
json_output: false
# Send information logs to stderr and/or syslog Note these are *not* security
# notification logs! These are just Falco lifecycle (and possibly error) logs.
log_stderr: false
log_syslog: false
# Where security notifications should go.
# Multiple outputs can be enabled.
syslog_output:
enabled: false
file_output:
enabled: false
stdout_output:
enabled: true
program_output:
enabled: false

10
test/falco_tests.yaml
View File

@ -688,6 +688,16 @@ trace_files: !mux
results: results:
- "Warning An open was seen" - "Warning An open was seen"
stdout_output_strict:
detect: True
detect_level: WARNING
rules_file:
- rules/single_rule.yaml
conf_file: confs/file_stdout.yaml
trace_file: trace_files/cat_write.scap
output_strictly_contains:
- stdout: output_files/single_rule_with_cat_write.txt
detect_counts: detect_counts:
detect: True detect: True
detect_level: WARNING detect_level: WARNING

8
test/output_files/single_rule_with_cat_write.txt Normal file
View File

@ -0,0 +1,8 @@
18:17:57.881781397: Warning An open was seen (command=cat /dev/null)
18:17:57.881785348: Warning An open was seen (command=cat /dev/null)
18:17:57.881796705: Warning An open was seen (command=cat /dev/null)
18:17:57.881799840: Warning An open was seen (command=cat /dev/null)
18:17:57.882003104: Warning An open was seen (command=cat /dev/null)
18:17:57.882008208: Warning An open was seen (command=cat /dev/null)
18:17:57.882045694: Warning An open was seen (command=cat /dev/null)
18:17:57.882054739: Warning An open was seen (command=cat /dev/null)