github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2026-03-18 18:58:41 +00:00
Code Issues Projects Releases Wiki Activity
3,978 Commits 122 Branches 184 Tags
add-load-files-method
Commit Graph

3978 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mark Stemm
dd004fea27 Use new load_rules() methods to load all rules at once 
This speeds up rules loading a bit because rules are only compiled
once instead of for each rules file.

This doesn't change rules validation yet. Validation needs some
additional work to handle splitting the (single) load result back into
individual results for the json/text based output.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2023-09-06 17:31:02 -07:00
Mark Stemm
5db61a1623 Add a load_files method to load multiple files at once 
Add alternate load_files variants that allow loading multiple files at
once. This is a bit faster than calling load_rules()/load_rules_file()
repeatedly as rules are only compiled once, after reading all rules
files, instead of being compiled after reading each rules file.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2023-09-06 17:30:02 -07:00
Federico Di Pierro
4d590fa6ee update(cmake): bumped libs to 0.13.0-rc1 and driver to 6.0.0+driver. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-09-06 17:20:00 +02:00
Daniel Wright
513f122aff feat: support parsing of system environment variables in yaml 
In order to allow the user to supply environment variables in standard
ways performed in other applications the get_scalar function has been
extended to support defining an environment variable in the format
`${FOO}`. Environment variables can be escaped via defining as `$${FOO}`.
As this handles some additional complexity, a unit test has been  added
to cover this new functionality

Signed-off-by: Daniel Wright <danielwright@bitgo.com>
 2023-09-06 11:45:00 +02:00
dependabot[bot]
5ffffeeada build(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `b42893a` to `6ed73fe`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](b42893a6eb...6ed73fee78)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-06 09:59:59 +02:00
Vicente J. Jiménez Miras
3dae1cbf91 docs(README.md): correct URL 
Signed-off-by: Vicente J. Jiménez Miras <vjjmiras@gmail.com>
 2023-09-05 17:07:57 +02:00
Andrea Terzolo
12735bdfb1 chore: bump Falco to latest libs 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-09-05 16:41:57 +02:00
Andrea Terzolo
f7c628f623 ci: disable falco-driver-loader tests on ARM64 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-09-05 11:15:55 +02:00
Leonardo Grasso
b2374b3c19 fix(userspace/falco): apply suggestions for CLI help messages 
Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2023-09-04 18:50:52 +02:00
Leonardo Grasso
93e8be1e32 update(userspace/falco): revised CLI help messages 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2023-09-04 18:50:52 +02:00
Luca Guerra
b246bcb052 fix(engine): fix werror reorder 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-09-04 17:26:52 +02:00
Andrea Terzolo
6251af0ab6 new: introduce new stats updated to the latest libs version 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-09-04 17:24:52 +02:00
Andrea Terzolo
ce79e01ae8 ci: support tests on amazon-linux 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-09-04 15:12:51 +02:00
Leonardo Grasso
9db4c9b2cb build(cmake/modules): upgrade falcoctl to version 0.6.0 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2023-09-04 14:18:51 +02:00
Andrea Terzolo
dba685eeda tests: enable e2e falco-driver-loader tests 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-09-04 12:19:46 +02:00
Andrea Terzolo
4f8d11acdd chore: bump engine version and checksum 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-09-04 12:19:46 +02:00
Andrea Terzolo
3c47915c56 chore: bump Falco to latest libs master 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-09-04 12:19:46 +02:00
Federico Di Pierro
0ec492086e fix(userspace/falco): properly delete metrics timer upon leaving. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-09-04 11:22:46 +02:00
Andrea Terzolo
442d1accbe cleanup: deprecate rate limiter mechanism 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-09-04 10:11:45 +02:00
Melissa Kilby
79577237a1 cleanup(config): add info about performance impact wrt rule_matching 
Co-authored-by: Andrea Terzolo <andreaterzolo3@gmail.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-09-04 10:10:46 +02:00
Melissa Kilby
08237b946f cleanup(config): add more info 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-09-04 10:10:46 +02:00
Andrea Terzolo
62e762a467 cleanup: deprecate no more supported userspace mode 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-09-04 10:09:46 +02:00
Andrea Terzolo
e6fe0a516d fix: fix falco MINIMAL_BUILD 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-09-04 10:09:46 +02:00
dependabot[bot]
a6b12a5c97 build(deps): Bump submodules/falcosecurity-testing 
Bumps [submodules/falcosecurity-testing](https://github.com/falcosecurity/testing) from `b39c807` to `9110022`.
- [Commits](b39c807a19...91100227b0)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-testing
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-04 10:08:46 +02:00
dependabot[bot]
b15a51a825 build(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `3f52480` to `b42893a`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](3f52480618...b42893a6eb)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-01 06:50:31 +02:00
Jason Dellaluce
c8122ff474 fix(userspace/engine): support appending to unknown sources 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-09-01 06:46:31 +02:00
Jason Dellaluce
88dcdaac8a update(submodules): bump falcosecurity-testing to b39c807 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-08-31 18:33:30 +02:00
Jason Dellaluce
eabf49892d update(userspace/falco): bump engine version to 24 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-08-31 18:33:30 +02:00
Jason Dellaluce
901fca2257 update(userspace/engine): upgrade skip-if-unknown-filter YAML field 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-08-31 18:33:30 +02:00
Andrea Terzolo
cc8d6705f6 fix: fix "ebpf_enabled" output stat 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-08-31 17:37:29 +02:00
Federico Di Pierro
26f626c1d5 chore(userspace/falco): properly check that parent init() did not fail for reasons. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2023-08-31 16:11:29 +02:00
Federico Di Pierro
acaaa0b4ca cleanup(userspace/falco): improvements to the http output perf. 
Moreover, add option to disable stdout echoing.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-08-31 16:11:29 +02:00
hjenkins
63ba15962b fix(scripts): falco-driver-loader add print env 
Fixes #2352

Needed to refactor the target_id code paths to allow this to be used in
env printing and sourcing.

Signed-off-by: hjenkins <henry@henryjenkins.name>
 2023-08-31 12:10:28 +02:00
dependabot[bot]
f163780d62 build(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `3ceea88` to `40a9817`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](3ceea88eeb...40a9817330)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-31 09:22:29 +02:00
Jason Dellaluce
01093d2dfc fix(userspace/engine): support both old and new gcc + std::move 
Old gcc versions (e.g. 4.8.3) won't allow move elision
but newer versions (e.g. 10.2.1) would complain about
the redundant move.

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-08-30 20:57:27 +02:00
Jason Dellaluce
a6c2bf7123 update(cmake): support building libs and driver from forks 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-08-30 19:13:26 +02:00
Andrea Terzolo
988703b601 clenaup: remove b64 from falco dependencies 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-08-30 19:12:26 +02:00
jabdr
66841d8009 Support reload in falco-modern-bpf.service 
Signed-off-by: jabdr <jd@q321.de>
 2023-08-30 15:28:26 +02:00
jabdr
43ae8b0cac Support reload in falco-custom.service 
Signed-off-by: jabdr <jd@q321.de>
 2023-08-30 15:28:26 +02:00
jabdr
9a5f625d5f Support reload in falco-bpf.service 
Signed-off-by: jabdr <jd@q321.de>
 2023-08-30 15:28:26 +02:00
jabdr
799c09e638 Support reload in falco-kmod.service 
Signed-off-by: jabdr <jd@q321.de>
 2023-08-30 15:28:26 +02:00
Richard Tweed
2f267a044e Merge in master 
Signed-off-by: Richard Tweed <RichardoC@users.noreply.github.com>
 2023-08-29 17:57:21 +02:00
Richard Tweed
7b6d45c394 Update README. based on FedeDP's suggestion 
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Richard Tweed <RichardoC@users.noreply.github.com>
 2023-08-29 17:57:21 +02:00
Richard Tweed
368796df61 Issue 2391 Document why Falco is written in C++ rather than anything else 
Signed-off-by: Richard Tweed <RichardoC@users.noreply.github.com>
 2023-08-29 17:57:21 +02:00
Andrea Terzolo
8d6c6900d3 cleanup: turn a warning into an error 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-08-29 13:46:21 +02:00
Andrea Terzolo
34d796439f cleanup: fail if the time unit is not specified 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-08-29 13:46:21 +02:00
Anna Simon
c8d1637130 feat(userspace/outputs_http): Add option for mTLS 
Signed-off-by: Anna Simon <asimon@mercari.com>
 2023-08-29 10:28:21 +02:00
Jason Dellaluce
600318aaae update(ci): minimize retention days for build-only CI artifacts 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-08-29 09:33:21 +02:00
Andrea Terzolo
ba1528e3c2 cleanup: remove unused --pidfile option 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-08-28 17:06:19 +02:00
Melissa Kilby
37ea9b25c4 feat(userspace): deprecate -d daemonize option 
Deprecate `-d` option (currently broken).

Symptoms included the message queue filling up without popping any messages
even though events were handled normally.

Maintainers decided to deprecate not needed `-d` option while keeping
the useful `pidfile` command args option.

Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-08-25 18:14:45 +02:00