diff --git a/ADOPTERS.md b/ADOPTERS.md index d09456ae..4e8139c0 100644 --- a/ADOPTERS.md +++ b/ADOPTERS.md @@ -64,7 +64,7 @@ This is a list of production adopters of Falco (in alphabetical order): * [Yahoo! JAPAN](https://www.yahoo.co.jp/) Yahoo! JAPAN is a leading company of internet in Japan. We build an AI Platform in our private cloud and provide it to scientists in our company. AI Platform is a multi-tenant Kubernetes environment and more flexible, faster, more efficient Machine Learning environment. Falco is used to detect unauthorized commands and malicious access and our AI Platform is monitored and alerted by Falco. -* [Sysdig](https://www.sysdig.com/) Sysdig originally created Falco in 2016 to detect unexpected or suspicious activity using a rules engine on top of the data that comes from the sysdig kernel system call probe. Sysdig provides tooling to help with vulnerability management, compliance, detection, incident response and forensics in Cloud-native environments. Sysdig Secure has extended Falco to include: a rule library, the ability to update macros, lists & rules via the user interface and API, automated tuning of rules, and rule creation based on profiling known system behavior. On top of the basic Falco rules, Sysdig Secure implements the concept of a "Security policy" that can comprise several rules which are evaluated for a user-defined infrastructure scope like Kubernetes namespaces, OpenShift clusters, deployment workload, cloud regions etc. +* [Sysdig](https://www.sysdig.com/) Sysdig originally created Falco in 2016 to detect unexpected or suspicious activity using a rules engine on top of the data that comes from the sysdig kernel system call driver. Sysdig provides tooling to help with vulnerability management, compliance, detection, incident response and forensics in Cloud-native environments. Sysdig Secure has extended Falco to include: a rule library, the ability to update macros, lists & rules via the user interface and API, automated tuning of rules, and rule creation based on profiling known system behavior. On top of the basic Falco rules, Sysdig Secure implements the concept of a "Security policy" that can comprise several rules which are evaluated for a user-defined infrastructure scope like Kubernetes namespaces, OpenShift clusters, deployment workload, cloud regions etc. ## Projects that use Falco libs diff --git a/CMakeLists.txt b/CMakeLists.txt index a9e68fb1..9cd5cbb0 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -98,8 +98,8 @@ set(CMAKE_CXX_FLAGS_RELEASE "-O3 -fno-strict-aliasing -DNDEBUG") include(GetFalcoVersion) set(PACKAGE_NAME "falco") -set(PROBE_NAME "falco") -set(PROBE_DEVICE_NAME "falco") +set(DRIVER_NAME "falco") +set(DRIVER_DEVICE_NAME "falco") set(DRIVERS_REPO "https://download.falco.org/driver") if(CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT) set(CMAKE_INSTALL_PREFIX diff --git a/cmake/modules/falcosecurity-libs.cmake b/cmake/modules/falcosecurity-libs.cmake index 094fff55..1a204b6c 100644 --- a/cmake/modules/falcosecurity-libs.cmake +++ b/cmake/modules/falcosecurity-libs.cmake @@ -24,8 +24,8 @@ else() # default below In case you want to test against another falcosecurity/libs version just pass the variable - ie., `cmake # -DFALCOSECURITY_LIBS_VERSION=dev ..` if(NOT FALCOSECURITY_LIBS_VERSION) - set(FALCOSECURITY_LIBS_VERSION "319368f1ad778691164d33d59945e00c5752cd27") - set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=2cf44f06a282e8cee7aa1f775a08ea94c06e275faaf0636b21eb06af28cf4b3f") + set(FALCOSECURITY_LIBS_VERSION "85f898e7afdc250984bb31c5f80a86dc97ec0d10") + set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=c4175c8830d11f5d2467e1f4e61a2ea47449135c08af7acbe4d7f36a0d9b6252") endif() # cd /path/to/build && cmake /path/to/source @@ -47,8 +47,8 @@ if(MUSL_OPTIMIZED_BUILD) add_definitions(-DMUSL_OPTIMIZED) endif() -set(PROBE_VERSION "${FALCOSECURITY_LIBS_VERSION}") -set(PROBE_NAME "falco") +set(DRIVER_VERSION "${FALCOSECURITY_LIBS_VERSION}") +set(DRIVER_NAME "falco") set(DRIVER_PACKAGE_NAME "falco") set(SCAP_BPF_PROBE_ENV_VAR_NAME "FALCO_BPF_PROBE") set(SCAP_HOST_ROOT_ENV_VAR_NAME "HOST_ROOT") diff --git a/scripts/debian/postinst.in b/scripts/debian/postinst.in index e77ca742..55260388 100755 --- a/scripts/debian/postinst.in +++ b/scripts/debian/postinst.in @@ -18,7 +18,7 @@ set -e DKMS_PACKAGE_NAME="@PACKAGE_NAME@" -DKMS_VERSION="@PROBE_VERSION@" +DKMS_VERSION="@DRIVER_VERSION@" NAME="@PACKAGE_NAME@" postinst_found=0 diff --git a/scripts/debian/prerm.in b/scripts/debian/prerm.in index 1559c860..39fbd138 100755 --- a/scripts/debian/prerm.in +++ b/scripts/debian/prerm.in @@ -18,7 +18,7 @@ set -e DKMS_PACKAGE_NAME="@PACKAGE_NAME@" -DKMS_VERSION="@PROBE_VERSION@" +DKMS_VERSION="@DRIVER_VERSION@" case "$1" in remove|upgrade|deconfigure) diff --git a/scripts/falco-driver-loader b/scripts/falco-driver-loader index 132cc12c..4384e4a2 100755 --- a/scripts/falco-driver-loader +++ b/scripts/falco-driver-loader @@ -547,8 +547,8 @@ if [[ -z "$MAX_RMMOD_WAIT" ]]; then MAX_RMMOD_WAIT=60 fi -DRIVER_VERSION="@PROBE_VERSION@" -DRIVER_NAME=${DRIVER_NAME:-"@PROBE_NAME@"} +DRIVER_VERSION="@DRIVER_VERSION@" +DRIVER_NAME=${DRIVER_NAME:-"@DRIVER_NAME@"} FALCO_VERSION="@FALCO_VERSION@" DRIVER="module" diff --git a/scripts/rpm/postinstall.in b/scripts/rpm/postinstall.in index 16fefa48..b12d71ed 100755 --- a/scripts/rpm/postinstall.in +++ b/scripts/rpm/postinstall.in @@ -15,7 +15,7 @@ # limitations under the License. # -mod_version="@PROBE_VERSION@" +mod_version="@DRIVER_VERSION@" dkms add -m falco -v $mod_version --rpm_safe_upgrade if [ `uname -r | grep -c "BOOT"` -eq 0 ] && [ -e /lib/modules/`uname -r`/build/include ]; then dkms build -m falco -v $mod_version diff --git a/scripts/rpm/preuninstall.in b/scripts/rpm/preuninstall.in index fa8c6106..c9437d41 100755 --- a/scripts/rpm/preuninstall.in +++ b/scripts/rpm/preuninstall.in @@ -15,5 +15,5 @@ # limitations under the License. # -mod_version="@PROBE_VERSION@" +mod_version="@DRIVER_VERSION@" dkms remove -m falco -v $mod_version --all --rpm_safe_upgrade diff --git a/test/falco_test.py b/test/falco_test.py index e8adb238..ab65f53c 100644 --- a/test/falco_test.py +++ b/test/falco_test.py @@ -524,10 +524,10 @@ class FalcoTest(Test): ["md5sum", "/boot/config-{}".format(kernel_release)]).rstrip() config_hash = md5_output.split(" ")[0] - probe_filename = "falco-{}-{}-{}-{}.ko".format( + driver_filename = "falco-{}-{}-{}-{}.ko".format( falco_version, arch, kernel_release, config_hash) driver_path = os.path.join(self.falcodir, "driver", "falco.ko") - module_path = os.path.join(self.module_dir, probe_filename) + module_path = os.path.join(self.module_dir, driver_filename) self.log.debug("Copying {} to {}".format(driver_path, module_path)) shutil.copyfile(driver_path, module_path) diff --git a/userspace/falco/config_falco.h.in b/userspace/falco/config_falco.h.in index cd74a83a..2d58f752 100644 --- a/userspace/falco/config_falco.h.in +++ b/userspace/falco/config_falco.h.in @@ -30,5 +30,5 @@ limitations under the License. #define FALCO_INSTALL_CONF_FILE "/etc/falco/falco.yaml" #define FALCO_ENGINE_PLUGINS_DIR "${FALCO_ABSOLUTE_SHARE_DIR}/plugins/" -#define PROBE_NAME "@PROBE_NAME@" -#define DRIVER_VERSION "@PROBE_VERSION@" \ No newline at end of file +#define DRIVER_NAME "@DRIVER_NAME@" +#define DRIVER_VERSION "@DRIVER_VERSION@" \ No newline at end of file diff --git a/userspace/falco/falco.cpp b/userspace/falco/falco.cpp index 4e55c84b..c462eb19 100644 --- a/userspace/falco/falco.cpp +++ b/userspace/falco/falco.cpp @@ -1427,7 +1427,7 @@ int falco_init(int argc, char **argv) if (!disable_syscall && !userspace) { // Try to insert the Falco kernel module - if(system("modprobe " PROBE_NAME " > /dev/null 2> /dev/null")) + if(system("modprobe " DRIVER_NAME " > /dev/null 2> /dev/null")) { falco_logger::log(LOG_ERR, "Unable to load the driver.\n"); }