github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-27 15:17:50 +00:00
Code Issues Projects Releases Wiki Activity

update!: moving out plugins ruleset files

Browse Source 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
This commit is contained in:
Leonardo Grasso 2022-05-09 16:31:54 +02:00 committed by poiana
parent 65de03aa29
commit d4f76f1f93
2 changed files with 2 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
falco.yaml
View File

@ -30,10 +30,8 @@
rules_file: rules_file:
- /etc/falco/falco_rules.yaml - /etc/falco/falco_rules.yaml
- /etc/falco/falco_rules.local.yaml - /etc/falco/falco_rules.local.yaml
- /etc/falco/k8s_audit_rules.yaml
- /etc/falco/rules.d - /etc/falco/rules.d
# #
# Plugins that are available for use. These plugins are not loaded by # Plugins that are available for use. These plugins are not loaded by
# default, as they require explicit configuration to point to # default, as they require explicit configuration to point to
@ -46,7 +44,8 @@ rules_file:
plugins: plugins:
- name: k8saudit - name: k8saudit
library_path: libk8saudit.so library_path: libk8saudit.so
init_config: "" init_config:
""
# maxEventBytes: 1048576 # maxEventBytes: 1048576
# sslCertificate: /etc/falco/falco.pem # sslCertificate: /etc/falco/falco.pem
open_params: "http://:9765/k8s-audit" open_params: "http://:9765/k8s-audit"

14
rules/CMakeLists.txt
View File

@ -22,8 +22,6 @@ if(NOT DEFINED FALCO_RULES_DEST_FILENAME)
set(FALCO_RULES_DEST_FILENAME "falco_rules.yaml") set(FALCO_RULES_DEST_FILENAME "falco_rules.yaml")
set(FALCO_LOCAL_RULES_DEST_FILENAME "falco_rules.local.yaml") set(FALCO_LOCAL_RULES_DEST_FILENAME "falco_rules.local.yaml")
set(FALCO_APP_RULES_DEST_FILENAME "application_rules.yaml") set(FALCO_APP_RULES_DEST_FILENAME "application_rules.yaml")
set(FALCO_K8S_AUDIT_RULES_DEST_FILENAME "k8s_audit_rules.yaml")
set(FALCO_AWS_CLOUDTRAIL_RULES_DEST_FILENAME "aws_cloudtrail_rules.yaml")
endif() endif()
@ -52,23 +50,11 @@ else() # Default Falco installation
RENAME "${FALCO_LOCAL_RULES_DEST_FILENAME}" RENAME "${FALCO_LOCAL_RULES_DEST_FILENAME}"
COMPONENT "${FALCO_COMPONENT_NAME}") COMPONENT "${FALCO_COMPONENT_NAME}")
install(
FILES k8s_audit_rules.yaml
DESTINATION "${FALCO_ETC_DIR}"
RENAME "${FALCO_K8S_AUDIT_RULES_DEST_FILENAME}"
COMPONENT "${FALCO_COMPONENT_NAME}")
install( install(
FILES application_rules.yaml FILES application_rules.yaml
DESTINATION "${FALCO_ETC_DIR}/rules.available" DESTINATION "${FALCO_ETC_DIR}/rules.available"
RENAME "${FALCO_APP_RULES_DEST_FILENAME}" RENAME "${FALCO_APP_RULES_DEST_FILENAME}"
COMPONENT "${FALCO_COMPONENT_NAME}") COMPONENT "${FALCO_COMPONENT_NAME}")
install(
FILES aws_cloudtrail_rules.yaml
DESTINATION "${FALCO_ETC_DIR}"
RENAME "${FALCO_AWS_CLOUDTRAIL_RULES_DEST_FILENAME}"
COMPONENT "${FALCO_COMPONENT_NAME}")
install(DIRECTORY DESTINATION "${FALCO_ETC_DIR}/rules.d" COMPONENT "${FALCO_COMPONENT_NAME}") install(DIRECTORY DESTINATION "${FALCO_ETC_DIR}/rules.d" COMPONENT "${FALCO_COMPONENT_NAME}")
endif() endif()