github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-08 01:34:03 +00:00
Code Issues Projects Releases Wiki Activity

update(scripts): added a falcoctl systemd service.

Browse Source 
Add a new dialog to choose whether to enable falcoctl feed.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
This commit is contained in:
Federico Di Pierro 2023-01-10 14:23:10 +01:00 committed by poiana
parent 2a886f7a3d
commit ffce069c96
9 changed files with 96 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cmake/cpack/CMakeCPackOptions.cmake
View File

@ -5,6 +5,7 @@ if(CPACK_GENERATOR MATCHES "DEB" OR CPACK_GENERATOR MATCHES "RPM")
list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-bpf.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-bpf.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system")
list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-modern-bpf.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-modern-bpf.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system")
list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-plugin.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-plugin.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system")
list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falcoctl.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system")
endif() endif()
if(CPACK_GENERATOR MATCHES "TGZ") if(CPACK_GENERATOR MATCHES "TGZ")

2
scripts/CMakeLists.txt
View File

@ -26,6 +26,8 @@ file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-modern-bpf.service"
DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd") DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd")
file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-plugin.service" file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-plugin.service"
DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd") DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd")
file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falcoctl.service"
DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd")
# Debian # Debian
configure_file(debian/postinst.in debian/postinst) configure_file(debian/postinst.in debian/postinst)

36
scripts/debian/postinst.in
View File

@ -17,19 +17,19 @@
# #
chosen_driver= chosen_driver=
enable_falcoctl=0
if [ "$1" = "configure" ]; then if [ "$1" = "configure" ]; then
if [ -x /usr/bin/dialog ]; then if [ -x /usr/bin/dialog ]; then
# If dialog is installed, create a dialog to let users choose the correct driver for them # If dialog is installed, create a dialog to let users choose the correct driver for them
CHOICE=$(dialog --clear --backtitle "Choose your preferred driver" --title "Falco drivers" --menu "Choose one of the following options:" 15 40 5 \ CHOICE=$(dialog --clear --title "Falco drivers" --menu "Choose your preferred driver:" 12 40 5 \
1 "Don't start" \ 1 "Don't start" \
2 "Kmod" \ 2 "Kmod" \
3 "eBPF" \ 3 "eBPF" \
4 "Modern eBPF" \ 4 "Modern eBPF" \
5 "Plugin" \ 5 "Plugin" \
2>&1 >/dev/tty) 2>&1 >/dev/tty)
if [ $? -eq 0 ]; then case $CHOICE in
case $CHOICE in
2) 2)
chosen_driver="kmod" chosen_driver="kmod"
;; ;;
@ -42,9 +42,20 @@ if [ "$1" = "configure" ]; then
5) 5)
chosen_driver="plugin" chosen_driver="plugin"
;; ;;
esac esac
fi
clear if [ -n "$chosen_driver" ]; then
CHOICE=$(dialog --clear --title "Falcoctl" --menu "Do you want to subscribe to automatic ruleset feed?" 10 40 2 \
1 "No" \
2 "Yes" \
2>&1 >/dev/tty)
case $CHOICE in
2)
enable_falcoctl=1
;;
esac
fi
clear
fi fi
fi fi
@ -68,6 +79,13 @@ if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-decon
systemctl --system enable "falco-$chosen_driver.service" || true systemctl --system enable "falco-$chosen_driver.service" || true
echo "[POST-INSTALL] Start 'falco-$chosen_driver.service':" echo "[POST-INSTALL] Start 'falco-$chosen_driver.service':"
systemctl --system start "falco-$chosen_driver.service" || true systemctl --system start "falco-$chosen_driver.service" || true
if [ $enable_falcoctl -eq 1 ]; then
echo "[POST-INSTALL] Enable 'falcoctl.service':"
systemctl --system enable "falcoctl.service" || true
echo "[POST-INSTALL] Start 'falcoctl.service':"
systemctl --system start "falcoctl.service" || true
fi
fi fi
fi fi
@ -79,6 +97,12 @@ if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-decon
echo "[POST-INSTALL] Trigger 'falco-$chosen_driver.service' condrestart:" echo "[POST-INSTALL] Trigger 'falco-$chosen_driver.service' condrestart:"
# restart falco on upgrade if service is already running # restart falco on upgrade if service is already running
systemctl --system condrestart "falco-$chosen_driver.service" || true systemctl --system condrestart "falco-$chosen_driver.service" || true
if [ $enable_falcoctl -eq 1 ]; then
echo "[POST-INSTALL] Trigger 'falcoctl.service' condrestart:"
# restart falcoctl on upgrade if service is already running
systemctl --system condrestart "falcoctl.service" || true
fi
fi fi
fi fi
fi fi

1
scripts/debian/postrm.in
View File

@ -27,6 +27,7 @@ if [ -d /run/systemd/system ] && [ "$1" = remove ]; then
systemctl --system disable 'falco-bpf.service' || true systemctl --system disable 'falco-bpf.service' || true
systemctl --system disable 'falco-modern-bpf.service' || true systemctl --system disable 'falco-modern-bpf.service' || true
systemctl --system disable 'falco-plugin.service' || true systemctl --system disable 'falco-plugin.service' || true
systemctl --system disable 'falcoctl.service' || true
echo "[POST-REMOVE] Trigger deamon-reload:" echo "[POST-REMOVE] Trigger deamon-reload:"
systemctl --system daemon-reload || true systemctl --system daemon-reload || true

1
scripts/debian/prerm.in
View File

@ -28,6 +28,7 @@ case "$1" in
systemctl --system stop 'falco-bpf.service' || true systemctl --system stop 'falco-bpf.service' || true
systemctl --system stop 'falco-modern-bpf.service' || true systemctl --system stop 'falco-modern-bpf.service' || true
systemctl --system stop 'falco-plugin.service' || true systemctl --system stop 'falco-plugin.service' || true
systemctl --system stop 'falcoctl.service' || true
echo "[PRE-REMOVE] Call 'falco-driver-loader --clean:'" echo "[PRE-REMOVE] Call 'falco-driver-loader --clean:'"
falco-driver-loader --clean falco-driver-loader --clean

51
scripts/rpm/postinstall.in
View File

@ -16,32 +16,41 @@
# #
chosen_driver= chosen_driver=
enable_falcoctl=0
if [ $1 -eq 1 ]; then if [ $1 -eq 1 ]; then
if [ -x /usr/bin/dialog ]; then if [ -x /usr/bin/dialog ]; then
# If dialog is installed, create a dialog to let users choose the correct driver for them # If dialog is installed, create a dialog to let users choose the correct driver for them
CHOICE=$(dialog --clear --backtitle "Choose your preferred driver" --title "Falco drivers" --menu "Choose one of the following options:" 15 40 5 \ CHOICE=$(dialog --clear --title "Falco drivers" --menu "Choose your preferred driver:" 12 40 5 \
1 "Don't start" \ 1 "Don't start" \
2 "Kmod" \ 2 "Kmod" \
3 "eBPF" \ 3 "eBPF" \
4 "Modern eBPF" \ 4 "Modern eBPF" \
5 "Plugin" \ 5 "Plugin" \
2>&1 >/dev/tty) 2>&1 >/dev/tty)
# When user presses cancel, go on as default (don't start) case $CHOICE in
if [ $? -eq 0 ]; then 2)
chosen_driver="kmod"
;;
3)
chosen_driver="bpf"
;;
4)
chosen_driver="modern-bpf"
;;
5)
chosen_driver="plugin"
;;
esac
if [ -n "$chosen_driver" ]; then
CHOICE=$(dialog --clear --title "Falcoctl" --menu "Do you want to subscribe to automatic ruleset feed?" 10 40 2 \
1 "No" \
2 "Yes" \
2>&1 >/dev/tty)
case $CHOICE in case $CHOICE in
2) 2)
chosen_driver="kmod" enable_falcoctl=1
;; ;;
3)
chosen_driver="bpf"
;;
4)
chosen_driver="modern-bpf"
;;
5)
chosen_driver="plugin"
;;
esac esac
fi fi
clear clear
@ -78,6 +87,13 @@ if [ $1 -eq 1 ]; then
systemctl --system enable "falco-$chosen_driver.service" || true systemctl --system enable "falco-$chosen_driver.service" || true
echo "[POST-INSTALL] Start 'falco-$chosen_driver.service':" echo "[POST-INSTALL] Start 'falco-$chosen_driver.service':"
systemctl --system start "falco-$chosen_driver.service" || true systemctl --system start "falco-$chosen_driver.service" || true
if [ $enable_falcoctl -eq 1 ]; then
echo "[POST-INSTALL] Enable 'falcoctl.service':"
systemctl --system enable "falcoctl.service" || true
echo "[POST-INSTALL] Start 'falcoctl.service':"
systemctl --system start "falcoctl.service" || true
fi
fi fi
fi fi
@ -90,6 +106,11 @@ if [ $1 -gt 1 ]; then
echo "[POST-INSTALL] Trigger 'falco-$chosen_driver.service' condrestart:" echo "[POST-INSTALL] Trigger 'falco-$chosen_driver.service' condrestart:"
# restart falco on upgrade if service is already running # restart falco on upgrade if service is already running
systemctl --system condrestart "falco-$chosen_driver.service" || true systemctl --system condrestart "falco-$chosen_driver.service" || true
if [ $enable_falcoctl -eq 1 ]; then
echo "[POST-INSTALL] Trigger 'falcoctl.service' condrestart:"
# restart falcoctl on upgrade if service is already running
systemctl --system condrestart "falcoctl.service" || true
fi
fi fi
fi fi
fi fi

1
scripts/rpm/postuninstall.in
View File

@ -23,6 +23,7 @@ if [ -d /run/systemd/system ] && [ $1 -eq 0 ]; then
systemctl --system disable 'falco-bpf.service' || true systemctl --system disable 'falco-bpf.service' || true
systemctl --system disable 'falco-modern-bpf.service' || true systemctl --system disable 'falco-modern-bpf.service' || true
systemctl --system disable 'falco-plugin.service' || true systemctl --system disable 'falco-plugin.service' || true
systemctl --system disable 'falcoctl.service' || true
echo "[POST-REMOVE] Trigger deamon-reload:" echo "[POST-REMOVE] Trigger deamon-reload:"
systemctl --system daemon-reload || true systemctl --system daemon-reload || true

2
scripts/rpm/preuninstall.in
View File

@ -22,6 +22,7 @@ systemctl --system stop 'falco-kmod.service' || true
systemctl --system stop 'falco-bpf.service' || true systemctl --system stop 'falco-bpf.service' || true
systemctl --system stop 'falco-modern-bpf.service' || true systemctl --system stop 'falco-modern-bpf.service' || true
systemctl --system stop 'falco-plugin.service' || true systemctl --system stop 'falco-plugin.service' || true
systemctl --system stop 'falcoctl.service' || true
echo "[PRE-REMOVE] Call 'falco-driver-loader --clean:'" echo "[PRE-REMOVE] Call 'falco-driver-loader --clean:'"
falco-driver-loader --clean falco-driver-loader --clean
@ -37,3 +38,4 @@ falco-driver-loader --clean
%systemd_preun 'falco-bpf.service' %systemd_preun 'falco-bpf.service'
%systemd_preun 'falco-modern-bpf.service' %systemd_preun 'falco-modern-bpf.service'
%systemd_preun 'falco-plugin.service' %systemd_preun 'falco-plugin.service'
%systemd_preun 'falcoctl.service'

22
scripts/systemd/falcoctl.service Normal file
View File

@ -0,0 +1,22 @@
[Unit]
Description=Falcoctl: Administrative tooling for Falco
Documentation=https://github.com/falcosecurity/falcoctl
[Service]
Type=simple
ExecStart=/usr/bin/falcoctl --follow
UMask=0077
TimeoutSec=30
RestartSec=15s
Restart=on-failure
PrivateTmp=true
NoNewPrivileges=yes
ProtectHome=read-only
ProtectSystem=full
ProtectKernelTunables=true
RestrictRealtime=true
RestrictAddressFamilies=~AF_PACKET
StandardOutput=null
[Install]
WantedBy=multi-user.target