mirror of
https://github.com/falcosecurity/falco.git
synced 2025-08-30 12:30:56 +00:00
Merge pull request #27 from draios/package-tweaks
Packaging and configuration
This commit is contained in:
commit
f2e9504bb1
@ -152,7 +152,8 @@ ExternalProject_Add(lpeg
|
||||
CONFIGURE_COMMAND ""
|
||||
INSTALL_COMMAND "")
|
||||
|
||||
|
||||
install(FILES digwatch.yaml
|
||||
DESTINATION "${DIR_ETC}")
|
||||
|
||||
add_subdirectory(${SYSDIG_DIR}/userspace/libscap ${PROJECT_BINARY_DIR}/userspace/libscap)
|
||||
add_subdirectory(${SYSDIG_DIR}/userspace/libsinsp ${PROJECT_BINARY_DIR}/userspace/libsinsp)
|
||||
|
@ -1,7 +1,8 @@
|
||||
rules_file: /etc/digwatch.conf
|
||||
rules_file: /etc/digwatch_rules.conf
|
||||
|
||||
# Priority level
|
||||
# Any rule with priority lower than this level will be discarded
|
||||
# WARNING currently has no effect!
|
||||
priority_level: warning
|
||||
|
||||
syslog_output:
|
||||
|
@ -1,3 +1,3 @@
|
||||
install(FILES digwatch.conf
|
||||
install(FILES digwatch_rules.conf
|
||||
DESTINATION "${DIR_ETC}")
|
||||
|
||||
|
@ -18,7 +18,7 @@ void digwatch_configuration::init(string conf_filename)
|
||||
string m_config_file = conf_filename;
|
||||
m_config = new yaml_configuration(m_config_file);
|
||||
|
||||
m_rules_file = m_config->get_scalar<string>("rules_file", "/etc/digwatch.conf");
|
||||
m_rules_filename = m_config->get_scalar<string>("rules_file", "/etc/digwatch_rules.conf");
|
||||
m_priority_level = m_config->get_scalar<string>("priority_level", "warning");
|
||||
|
||||
output_config file_output;
|
||||
|
@ -94,7 +94,7 @@ class digwatch_configuration
|
||||
public:
|
||||
void init(std::string conf_filename);
|
||||
void init();
|
||||
std::string m_rules_file;
|
||||
std::string m_rules_filename;
|
||||
std::string m_priority_level;
|
||||
std::vector<output_config> m_outputs;
|
||||
private:
|
||||
|
@ -46,9 +46,10 @@ static void usage()
|
||||
"Usage: digwatch [options] rules_filename\n\n"
|
||||
"Options:\n"
|
||||
" -h, --help Print this page\n"
|
||||
" -c Configuration file (default " DIGWATCH_SOURCE_CONF_FILE ", " DIGWATCH_INSTALL_CONF_FILE ")\n"
|
||||
" -o Output type (options are 'stdout', 'syslog', default is 'stdout')\n"
|
||||
" -r <readfile>, --read=<readfile>\n"
|
||||
" Read the events from <readfile>.\n"
|
||||
" -e <events_file> Read the events from <events_file> (in .scap format) instead of tapping into live.\n"
|
||||
" -r <rules_file> Rules configuration file (defaults to value set in configuration file, or /etc/digwatch_rules.conf).\n"
|
||||
"\n"
|
||||
);
|
||||
}
|
||||
@ -203,15 +204,15 @@ int digwatch_init(int argc, char **argv)
|
||||
int long_index = 0;
|
||||
string lua_main_filename;
|
||||
string output_name = "stdout";
|
||||
string infile;
|
||||
string scap_filename;
|
||||
string conf_filename;
|
||||
string rules_filename;
|
||||
string lua_dir = DIGWATCH_LUA_DIR;
|
||||
lua_State* ls = NULL;
|
||||
|
||||
static struct option long_options[] =
|
||||
{
|
||||
{"help", no_argument, 0, 'h' },
|
||||
{"readfile", required_argument, 0, 'r' },
|
||||
{0, 0, 0, 0}
|
||||
};
|
||||
|
||||
@ -224,7 +225,7 @@ int digwatch_init(int argc, char **argv)
|
||||
// Parse the args
|
||||
//
|
||||
while((op = getopt_long(argc, argv,
|
||||
"c:ho:R:",
|
||||
"c:ho:e:r:",
|
||||
long_options, &long_index)) != -1)
|
||||
{
|
||||
switch(op)
|
||||
@ -243,8 +244,11 @@ int digwatch_init(int argc, char **argv)
|
||||
}
|
||||
output_name = optarg;
|
||||
break;
|
||||
case 'e':
|
||||
scap_filename = optarg;
|
||||
break;
|
||||
case 'r':
|
||||
infile = optarg;
|
||||
rules_filename = optarg;
|
||||
break;
|
||||
case '?':
|
||||
result = EXIT_FAILURE;
|
||||
@ -257,33 +261,6 @@ int digwatch_init(int argc, char **argv)
|
||||
|
||||
inspector->set_buffer_format(event_buffer_format);
|
||||
|
||||
string rules_file;
|
||||
|
||||
if(optind < argc)
|
||||
{
|
||||
#ifdef HAS_FILTERING
|
||||
for(int32_t j = optind ; j < argc; j++)
|
||||
{
|
||||
rules_file += argv[j];
|
||||
if(j < argc - 1)
|
||||
{
|
||||
rules_file += " ";
|
||||
}
|
||||
}
|
||||
|
||||
#else
|
||||
fprintf(stderr, "filtering not compiled.\n");
|
||||
result = EXIT_FAILURE;
|
||||
goto exit;
|
||||
#endif
|
||||
}
|
||||
|
||||
if(rules_file.size() == 0) {
|
||||
usage();
|
||||
result = EXIT_FAILURE;
|
||||
goto exit;
|
||||
|
||||
}
|
||||
|
||||
ifstream* conf_stream;
|
||||
if (conf_filename.size())
|
||||
@ -329,6 +306,12 @@ int digwatch_init(int argc, char **argv)
|
||||
config.init();
|
||||
}
|
||||
|
||||
if (rules_filename.size())
|
||||
{
|
||||
config.m_rules_filename = rules_filename;
|
||||
}
|
||||
cout << "Using rules file " + config.m_rules_filename + "\n";
|
||||
|
||||
if(signal(SIGINT, signal_callback) == SIG_ERR)
|
||||
{
|
||||
fprintf(stderr, "An error occurred while setting SIGINT signal handler.\n");
|
||||
@ -371,7 +354,7 @@ int digwatch_init(int argc, char **argv)
|
||||
|
||||
digwatch_syslog::init(ls);
|
||||
|
||||
rules->load_rules(rules_file);
|
||||
rules->load_rules(config.m_rules_filename);
|
||||
inspector->set_filter(rules->get_filter());
|
||||
|
||||
inspector->set_hostname_and_port_resolution_mode(false);
|
||||
@ -381,9 +364,9 @@ int digwatch_init(int argc, char **argv)
|
||||
add_output(ls, *it);
|
||||
}
|
||||
|
||||
if (infile.size())
|
||||
if (scap_filename.size())
|
||||
{
|
||||
inspector->open(infile);
|
||||
inspector->open(scap_filename);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -45,7 +45,7 @@ void digwatch_rules::load_rules(string rules_filename)
|
||||
is.open(rules_filename);
|
||||
if(!is.is_open())
|
||||
{
|
||||
throw sinsp_exception("can't open file " + rules_filename);
|
||||
throw sinsp_exception("Can't open file " + rules_filename + ". Try setting file location in config file or use '-r' flag.");
|
||||
}
|
||||
|
||||
lua_getglobal(m_ls, m_lua_load_rule.c_str());
|
||||
|
Loading…
Reference in New Issue
Block a user