github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-07 17:54:07 +00:00
Code Issues Projects Releases Wiki Activity
4,161 Commits 119 Branches 173 Tags
fix/use_plugin_name
Commit Graph

82 Commits

Author SHA1 Message Date
Leonardo Grasso
8a1de131f4 update(scripts/falco-driver-loader): load the latest version first 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2022-01-24 17:49:34 +01:00
Jason Dellaluce
697d4427a7 chore(scripts): refine removal output messages 
Signed-off-by: Jason Dellaluce jasondellaluce@gmail.com
Co-authored-by: Leonardo Grasso me@leonardograsso.com
 2021-12-06 19:09:14 +01:00
Jason Dellaluce
bf04fed71c fix(scripts): correctly remove loaded drivers 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2021-12-06 19:09:14 +01:00
David Windsor
8448d02980 falco-driver-loader: don't fail if chcon is missing in load_kernel_module() 
Signed-off-by: David Windsor <dwindsor@secureworks.com>
 2021-11-02 16:49:55 +01:00
David Windsor
74661a7d8f Apply suggestions from code review 
Don't fail if chcon is not present

Co-authored-by: Leo Di Donato <leodidonato@gmail.com>
Signed-off-by: David Windsor <dwindsor@secureworks.com>
 2021-11-02 16:49:55 +01:00
David Windsor
e7b320b00c Fix falco-driver-loader SELinux insmod denials 
Signed-off-by: David Windsor <dwindsor@secureworks.com>
 2021-11-02 16:49:55 +01:00
spartan
7c9ec9fc17 fix bugs 
Signed-off-by: Spartan-65 <liuyanchong@outlook.com>
 2021-09-21 18:54:09 +02:00
Leonardo Di Donato
04110b0f4c chore(scripts): restore mount of debugfs (notes below) 
This is needed in systems where raw tracepoints are not available.

Anyways, since this is needed when the inspector open (and actually
loads) the eBPF probe, ideally the mount should not be done by this
script but rather from Falco, or from Falco libs.

Otherwise, users building the eBPF probe theirseleves and not using this script (and having a kernel without raw
tracepoints) may need to mount this fs theirselves.

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-04-08 20:40:39 +02:00
Leonardo Di Donato
17ee409ac6 chore(scripts): better default values in the help message of falco-driver-loader 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-04-08 20:40:39 +02:00
Leonardo Di Donato
71b2b5adde chore(scripts): remove banner about BPF JIT kernel config option 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-04-08 20:40:39 +02:00
Leonardo Di Donato
75261d4518 update(scripts): look for a prebuilt Falco eBPF probe before trying to compile one 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-04-08 20:40:39 +02:00
Leonardo Di Donato
2a7b32e279 update(scripts): look for a prebuilt Falco module before trying to compile it on-the-fly 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-04-08 20:40:39 +02:00
Leonardo Grasso
ef75c63e63 chore(scripts): print versions at the beginning 
Co-authored-by: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-03-26 14:54:53 +01:00
Leonardo Grasso
fb126cb730 feat(scripts): --clean option for falco-driver-loader 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-03-26 14:54:53 +01:00
Leonardo Di Donato
645f51b296 new(scripts): falco-driver-loader know the Falco version it has been 
built for

Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-26 14:54:53 +01:00
Leonardo Di Donato
d912cf0d94 docs(scripts): falco-driver-loader outputs the Falco version it has been built for, also the driver version in use 
Both in the help/usage message and at running time.

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-26 14:54:53 +01:00
Leonardo Di Donato
3f75f27410 docs(scripts): improve help of falco-driver-loader script 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-26 14:54:53 +01:00
Leonardo Di Donato
1504e77f4e update(scripts): falco-driver-loader can now start with a custom driver name 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-26 14:54:53 +01:00
Dominic Evans
4d6636a030 fix(scripts/falco-driver-loader): lsmod usage 
Attempting to start falco on a host that had a similarly named module
(e.g., "falcon") would cause the falco-driver-loader to loop attempting
to rmmod falco when falco was not loaded.

falco-driver-loader will now inspect only the first column of lsmod
output and require the whole search string to match

Fixes #1468

Signed-off-by: Dominic Evans <dominic.evans@uk.ibm.com>
 2020-11-10 04:11:07 -05:00
Lorenzo Fontana
1efa4d3af0 update(scripts): driver loader cycle available gcc versions 
The falco-driver-loader script calls dkms to compile the kernel
module using the default gcc.
In some systems, and in the falcosecurity/falco container image,
the defult gcc is not the right one to compile it.

The script will try to compile the module by cycling trough all the available GCCs
starting from the default one until the module is compiled the first
time.

The default gcc is the highest priority while trying.
Newer GCCs have the priority over older GCCs.

Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
 2020-09-16 18:09:09 +02:00
Antoine Deschênes
0a600253ac falco-driver-loader: fix conflicting $1 argument usage 
Signed-off-by: Antoine Deschênes <antoine@antoinedeschenes.com>
 2020-07-28 09:58:39 +02:00
Leonardo Grasso
88dbc78a44 fix(scripts/falco-driver-loader): exit when bpf download fails 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-05-18 15:16:59 +02:00
Leonardo Grasso
59c2e6b421 update(scripts/falco-driver-loader): break apart logic 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-05-18 15:16:59 +02:00
Leonardo Grasso
33c93e6c29 chore(scripts/falco-driver-loader): improve messages 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-05-18 15:16:59 +02:00
Reshad Patuck
efd0bf1967 fix(falco-driver-loader): target for ubuntu is ubuntu-generic 
The upstream files for the generic Ubuntu kernel are all called ubuntu-generic
see: https://dl.bintray.com/falcosecurity/driver/96bd9bc560f67742738eb7255aeb4d03046b8045/

Signed-off-by: Reshad Patuck <reshad@patuck.net>
 2020-05-15 19:20:29 +02:00
Leonardo Grasso
622a6c1e44 fix(test/driver-loader): source script to get env vars populated 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-05-15 11:19:31 +02:00
Stuxend
e51ee60646 fixing curl command error 0 bytes for CDN download. 
Signed-off-by: Stuxend <friquet@gmail.com>
 2020-04-29 19:11:48 +02:00
Leonardo Di Donato
8a1cae6989 fix(scripts): correct "drivers build gruid" URLs 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-04-24 15:42:29 +02:00
Leonardo Di Donato
26621ca381 fix(scripts): falco-driver-loader must infer the OS ID from the host 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-04-24 11:28:05 +02:00
Leonardo Di Donato
207f74b17c update(scripts): changes to falco-driver-loader to support the Falco 
eBPF probes coming from the drivers build grid

Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-04-24 11:28:05 +02:00
Leonardo Di Donato
9baa3707dc fix(scripts): falco-driver-loader takes into account the new kernel modules URLs 
The new Falco kernel modules URLs are:
`<base_url>/kernel-module/<driver_version>/falco_<target_id>_<kernel_release>_<kernel_version>`

Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-04-24 11:28:05 +02:00
Leonardo Di Donato
b39f322994 fix(scripts): falco-probe-loader becomes falco-driver-loader and distinghuishes driver version from falco version 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-03-23 18:50:06 +01:00