github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2026-03-19 03:06:22 +00:00
Code Issues Projects Releases Wiki Activity
3,978 Commits 122 Branches 184 Tags
add-load-files-method
Commit Graph

1240 Commits

Author SHA1 Message Date
Mark Stemm
dd004fea27 Use new load_rules() methods to load all rules at once 
This speeds up rules loading a bit because rules are only compiled
once instead of for each rules file.

This doesn't change rules validation yet. Validation needs some
additional work to handle splitting the (single) load result back into
individual results for the json/text based output.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2023-09-06 17:31:02 -07:00
Mark Stemm
5db61a1623 Add a load_files method to load multiple files at once 
Add alternate load_files variants that allow loading multiple files at
once. This is a bit faster than calling load_rules()/load_rules_file()
repeatedly as rules are only compiled once, after reading all rules
files, instead of being compiled after reading each rules file.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2023-09-06 17:30:02 -07:00
Daniel Wright
513f122aff feat: support parsing of system environment variables in yaml 
In order to allow the user to supply environment variables in standard
ways performed in other applications the get_scalar function has been
extended to support defining an environment variable in the format
`${FOO}`. Environment variables can be escaped via defining as `$${FOO}`.
As this handles some additional complexity, a unit test has been  added
to cover this new functionality

Signed-off-by: Daniel Wright <danielwright@bitgo.com>
 2023-09-06 11:45:00 +02:00
Leonardo Grasso
b2374b3c19 fix(userspace/falco): apply suggestions for CLI help messages 
Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2023-09-04 18:50:52 +02:00
Leonardo Grasso
93e8be1e32 update(userspace/falco): revised CLI help messages 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2023-09-04 18:50:52 +02:00
Luca Guerra
b246bcb052 fix(engine): fix werror reorder 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-09-04 17:26:52 +02:00
Andrea Terzolo
6251af0ab6 new: introduce new stats updated to the latest libs version 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-09-04 17:24:52 +02:00
Andrea Terzolo
4f8d11acdd chore: bump engine version and checksum 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-09-04 12:19:46 +02:00
Federico Di Pierro
0ec492086e fix(userspace/falco): properly delete metrics timer upon leaving. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-09-04 11:22:46 +02:00
Andrea Terzolo
442d1accbe cleanup: deprecate rate limiter mechanism 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-09-04 10:11:45 +02:00
Andrea Terzolo
62e762a467 cleanup: deprecate no more supported userspace mode 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-09-04 10:09:46 +02:00
Andrea Terzolo
e6fe0a516d fix: fix falco MINIMAL_BUILD 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-09-04 10:09:46 +02:00
Jason Dellaluce
c8122ff474 fix(userspace/engine): support appending to unknown sources 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-09-01 06:46:31 +02:00
Jason Dellaluce
eabf49892d update(userspace/falco): bump engine version to 24 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-08-31 18:33:30 +02:00
Jason Dellaluce
901fca2257 update(userspace/engine): upgrade skip-if-unknown-filter YAML field 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-08-31 18:33:30 +02:00
Andrea Terzolo
cc8d6705f6 fix: fix "ebpf_enabled" output stat 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-08-31 17:37:29 +02:00
Federico Di Pierro
26f626c1d5 chore(userspace/falco): properly check that parent init() did not fail for reasons. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2023-08-31 16:11:29 +02:00
Federico Di Pierro
acaaa0b4ca cleanup(userspace/falco): improvements to the http output perf. 
Moreover, add option to disable stdout echoing.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-08-31 16:11:29 +02:00
Jason Dellaluce
01093d2dfc fix(userspace/engine): support both old and new gcc + std::move 
Old gcc versions (e.g. 4.8.3) won't allow move elision
but newer versions (e.g. 10.2.1) would complain about
the redundant move.

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-08-30 20:57:27 +02:00
Andrea Terzolo
988703b601 clenaup: remove b64 from falco dependencies 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-08-30 19:12:26 +02:00
Andrea Terzolo
8d6c6900d3 cleanup: turn a warning into an error 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-08-29 13:46:21 +02:00
Andrea Terzolo
34d796439f cleanup: fail if the time unit is not specified 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-08-29 13:46:21 +02:00
Anna Simon
c8d1637130 feat(userspace/outputs_http): Add option for mTLS 
Signed-off-by: Anna Simon <asimon@mercari.com>
 2023-08-29 10:28:21 +02:00
Melissa Kilby
37ea9b25c4 feat(userspace): deprecate -d daemonize option 
Deprecate `-d` option (currently broken).

Symptoms included the message queue filling up without popping any messages
even though events were handled normally.

Maintainers decided to deprecate not needed `-d` option while keeping
the useful `pidfile` command args option.

Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-08-25 18:14:45 +02:00
Melissa Kilby
b66bf2c6e4 cleanup: remove some unused variables 
Co-authored-by: Andrea Terzolo <andreaterzolo3@gmail.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-08-25 15:20:45 +02:00
Melissa Kilby
6cdb740786 cleanup(userspace): update parse_prometheus_interval 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-08-25 15:20:45 +02:00
Melissa Kilby
9a12a93342 feat(userspace): deprecate stats command args option in favor of metrics configs in falco.yaml 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-08-25 15:20:45 +02:00
Leonardo Grasso
84fe33a029 fix(userspace/falco): correct typo in -p help message 
Co-authored-by: Andrea Terzolo <andrea.terzolo@polito.it>
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2023-08-25 15:18:45 +02:00
Leonardo Grasso
8fbf49bbba update(userspace/falco): new defaults for -p presets 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2023-08-25 15:18:45 +02:00
Leonardo Grasso
f10d0499d2 update(userspace/falco): improve help message for -p option 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2023-08-25 15:18:45 +02:00
Jason Dellaluce
4f3181cb1c update(userspace/engine): bump engine version to 23 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-08-24 10:30:40 +02:00
Jason Dellaluce
527c42c030 chore: polish conditional compilation flags for emscripten 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-08-24 10:30:40 +02:00
Jason Dellaluce
78e2ddc63e fix: solve cmake issues 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-08-24 10:30:40 +02:00
Jason Dellaluce
828fa7d14d update(cmake): fix wasm package content 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
Co-authored-by: Rohith Raju <rohithraju488@gmail.com>
 2023-08-24 10:30:40 +02:00
Jason Dellaluce
590b034a55 fix: solve plugin loading error 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
Co-authored-by: Rohith Raju <rohithraju488@gmail.com>
 2023-08-24 10:30:40 +02:00
Jason Dellaluce
54ab1eed9e update(cmake): update add emmc link_options 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
Co-authored-by: Rohith Raju <rohithraju488@gmail.com>
 2023-08-24 10:30:40 +02:00
rohith-raju
c73e43c973 cleanup: fix workflow and build errors 
Signed-off-by: rohith-raju <rohithraju488@gmail.com>
 2023-08-24 10:30:40 +02:00
rohith-raju
e8ee850dee update(ci,cmake): add support for emscripten build 
Signed-off-by: rohith-raju <rohithraju488@gmail.com>
 2023-08-24 10:30:40 +02:00
Jason Dellaluce
ce6368a89e fix: solve runtime issues with emscripten build 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
Co-authored-by: Rohith Raju <rohithraju488@gmail.com>
 2023-08-24 10:30:40 +02:00
Jason Dellaluce
0faa45669b update(build): setup cpack for emscripten build 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
Co-authored-by: Rohith Raju <rohithraju488@gmail.com>
 2023-08-24 10:30:40 +02:00
Jason Dellaluce
aa6061681d update: adapt code to multi-platform builds 
Co-authored-by: Rohith Raju <rohithraju488@gmail.com>
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-08-24 10:30:40 +02:00
Jason Dellaluce
86e76924a1 update: adapt cmake setup for non-linux and emscripten builds 
Co-authored-by: Rohith Raju <rohithraju488@gmail.com>
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-08-24 10:30:40 +02:00
Lorenzo Susini
4e6149e5da update(userspace/engine): make rule_matching strategy stateless in falco engine 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-08-11 10:11:46 +02:00
Lorenzo Susini
6e50d2ad83 update: directly return match_found variable 
Co-authored-by: Andrea Terzolo <andrea.terzolo@polito.it>
Signed-off-by: Lorenzo Susini <49318629+loresuso@users.noreply.github.com>
 2023-08-09 13:36:39 +02:00
Lorenzo Susini
2660582198 update(userspace/engine): bump engine version to 22 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-08-09 13:36:39 +02:00
Lorenzo Susini
6acd924c50 perf: avoid stack allocation and make use of switch to select behavior on rule matching strategy 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-08-09 13:36:39 +02:00
Lorenzo Susini
1705c0dab3 update(userspace/engine): allow the engine to match and handle multiple rules while processing events 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-08-09 13:36:39 +02:00
Lorenzo Susini
46e8f2c14b update(userspace/falco): handle the new rule matching configuration key 
Added a set method for the rule matching strategy on the engine.
This allows to modify the stategy at runtime withotu the need to
rebuild an engine from scratch.

Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-08-09 13:36:39 +02:00
Lorenzo Susini
c6abf6a133 update(falco.yaml): introduce rule_matching config key 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-08-09 13:36:39 +02:00
Andrea Terzolo
528a76a7fe update(userspace/engine): bump engine version to 21 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-08-08 14:10:36 +02:00