update!: moving out plugins ruleset files

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>

falco.yaml

@@ -30,10 +30,8 @@
 rules_file:
   - /etc/falco/falco_rules.yaml
   - /etc/falco/falco_rules.local.yaml
-  - /etc/falco/k8s_audit_rules.yaml
   - /etc/falco/rules.d
 
-
 #
 # Plugins that are available for use. These plugins are not loaded by
 # default, as they require explicit configuration to point to
@@ -46,7 +44,8 @@ rules_file:
 plugins:
   - name: k8saudit
     library_path: libk8saudit.so
-    init_config: ""
+    init_config:
+      ""
       # maxEventBytes: 1048576
       # sslCertificate: /etc/falco/falco.pem
     open_params: "http://:9765/k8s-audit"

rules/CMakeLists.txt

@@ -22,8 +22,6 @@ if(NOT DEFINED FALCO_RULES_DEST_FILENAME)
   set(FALCO_RULES_DEST_FILENAME "falco_rules.yaml")
   set(FALCO_LOCAL_RULES_DEST_FILENAME "falco_rules.local.yaml")
   set(FALCO_APP_RULES_DEST_FILENAME "application_rules.yaml")
-  set(FALCO_K8S_AUDIT_RULES_DEST_FILENAME "k8s_audit_rules.yaml")
-  set(FALCO_AWS_CLOUDTRAIL_RULES_DEST_FILENAME "aws_cloudtrail_rules.yaml")
 endif()
 
 
@@ -52,23 +50,11 @@ else() # Default Falco installation
     RENAME "${FALCO_LOCAL_RULES_DEST_FILENAME}"
     COMPONENT "${FALCO_COMPONENT_NAME}")
 
-  install(
-    FILES k8s_audit_rules.yaml
-    DESTINATION "${FALCO_ETC_DIR}"
-    RENAME "${FALCO_K8S_AUDIT_RULES_DEST_FILENAME}"
-    COMPONENT "${FALCO_COMPONENT_NAME}")
-
   install(
     FILES application_rules.yaml
     DESTINATION "${FALCO_ETC_DIR}/rules.available"
     RENAME "${FALCO_APP_RULES_DEST_FILENAME}"
     COMPONENT "${FALCO_COMPONENT_NAME}")
 
-  install(
-    FILES aws_cloudtrail_rules.yaml
-    DESTINATION "${FALCO_ETC_DIR}"
-    RENAME "${FALCO_AWS_CLOUDTRAIL_RULES_DEST_FILENAME}"
-    COMPONENT "${FALCO_COMPONENT_NAME}")
-
   install(DIRECTORY DESTINATION "${FALCO_ETC_DIR}/rules.d" COMPONENT "${FALCO_COMPONENT_NAME}")
 endif()