github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-13 05:22:34 +00:00
Code Issues Projects Releases Wiki Activity
4,161 Commits 119 Branches 173 Tags
fix/use_plugin_name
Commit Graph

1334 Commits

Author SHA1 Message Date
Andrea Terzolo
3a3d5dfdcd Update userspace/falco/app_actions/load_rules_files.cpp 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>

Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-05-24 15:55:17 +02:00
Andrea Terzolo
46159b8de9 update(userspace/engine): introduce new check_plugin_requirements API 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-05-24 15:55:17 +02:00
Andrea Terzolo
e751bf79c3 fix(userspace/engine): improve rule loader source checks for macros and lists 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-05-24 15:54:17 +02:00
Federico Di Pierro
39f55f4b5c update(userspace): split filterchecks list for each source idx. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-05-21 16:33:38 +02:00
Federico Di Pierro
5f00cea3c9 fix(userspace/falco): do not start webserver in capture mode. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-05-21 16:33:38 +02:00
Federico Di Pierro
acbbcf7481 Update userspace/falco/app_cmdline_options.h 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2022-05-12 14:26:34 +02:00
Federico Di Pierro
3ba64d8a49 new(userspace/falco): new inotify watcher is now able to properly watch rules folders, when specified. 
This means that when starting Falco passing to it a folder for its rules, it will properly manage
changes to any file inside the folders, plus any created/deleted file inside it.

Unified list of rules parsing, instead of having it done twice inside cmdline_options and configuration.
Instead, it is done only once, inside load_rules_files.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-05-12 14:26:34 +02:00
Federico Di Pierro
293a6c2b40 update(userspace/falco): moved to a config option. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-05-12 14:26:34 +02:00
Federico Di Pierro
a9fe979071 chore(userspace/falco): small cleanup. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-05-12 14:26:34 +02:00
Federico Di Pierro
e32f5a66c5 new(userspace/falco): added an option to listen to changes on the config file and rules files, and trigger a Falco reload. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-05-12 14:26:34 +02:00
Milkshak3s
8c6cfae18f Include origin host in output json 
Signed-off-by: Milkshak3s <justchris.vantine@gmail.com>
 2022-05-09 12:16:50 +02:00
Leonardo Grasso
eae193ade0 build(userspace/engine): cleanup unused include dir 
`CURL_INCLUDE_DIR` is a leftover since now the correct include path is injected via libs.

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2022-05-04 16:12:30 +02:00
Jason Dellaluce
dbbc93f69d fix(userspace/falco): listen to proper host in webserver 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>

Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2022-04-29 20:47:19 +02:00
Jason Dellaluce
63b7aabc81 chore: solve compilation issues and polish code 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2022-04-29 20:47:19 +02:00
Jason Dellaluce
67d2fe45a5 refactor: add k8saudit plugin and adapt config, tests, and rulesets 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-04-29 20:47:19 +02:00
Jason Dellaluce
b91ff34b97 refactor: drop civetweb dependency and implement healtz using cpp-httplib 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-04-29 20:47:19 +02:00
Jason Dellaluce
42fcc7291f refactor(userspace/falco): remove k8s audit references from falco 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-04-29 20:47:19 +02:00
Federico Di Pierro
08ded97596 new(userspace/falco): use new plugin caps API. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-04-29 10:16:50 +02:00
Mark Stemm
86d632d343 fix: allow empty exceptions property 
This matches prior behavior before the lua-to-c++ switch.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-28 14:42:24 +02:00
Mark Stemm
e909babe20 fix: add implied exception comp to item for single item variant 
When adding an implied "in" comparison to an exception using the
single value form, add it to item, not items.

This fixes #1984.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-28 14:42:24 +02:00
Jason Dellaluce
a16eac221e refactor(userspace/engine): apply C++ best practices to newest engine classes 
This include making a coherent use of const, remove private inheritance, and adding virtual destructors.

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-04-27 16:22:59 +02:00
Jason Dellaluce
be177795c2 refactor(userspace/engine): use supported_operators helper from libsinsp filter parser 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-04-27 16:22:59 +02:00
Mark Stemm
120027dc2e Add constructor/destructor to stats_manager 
This ensures m_total is properly initialized.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
b89b3f82ee Falco main changes for app actions 
This involves moving the code in falco_init() into individual files
below app_actions/. falco_init() simply calls app.run() now. When
app.run() returns false, print any erorr. When app.run() sets restart
to true, falco_init() is called again.

app.run() is still inside a catch block to catch any uncaught
exception.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
1639e22462 Move most code from falco_init() to individual app actions 
Each file below app_actions/ defines some of the methods declared in
falco::app::application.

Any state that needs to be shared betweeen methods, or between the run
and teardown methods, resides in falco::app::application::state(), so
the moved code stays pretty much as-is, other than replacing stack
variables with member variables in app_state.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
e3b82c00e1 Copying falco.cpp to process_events.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
6e10d3d884 Copying falco.cpp to process_events.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
0daff8f829 Copying falco.cpp to open_inspector.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
5d7bed8d74 Copying falco.cpp to open_inspector.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
64b7092f56 Copying falco.cpp to daemonize.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
a9417d60df Copying falco.cpp to daemonize.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
365b97a9db Copying falco.cpp to validate_rules_files.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
70dc7360c9 Copying falco.cpp to validate_rules_files.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
b845fccc72 Copying falco.cpp to start_webserver.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
d4def892be Copying falco.cpp to start_webserver.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
6b9714eadc Copying falco.cpp to start_grpc_server.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
54ef2a2b1e Copying falco.cpp to start_grpc_server.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
5496741aae Copying falco.cpp to print_version.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
c975df57a0 Copying falco.cpp to print_version.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
8634d8b3a2 Copying falco.cpp to print_support.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
4ca13bc0f0 Copying falco.cpp to print_support.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
de58872b2e Copying falco.cpp to print_ignored_events.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
2963bbab98 Copying falco.cpp to print_ignored_events.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
f5c18399e1 Copying falco.cpp to print_help.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
35261c4a3a Copying falco.cpp to print_help.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
78a297ac62 Copying falco.cpp to load_rules_files.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
9325658d5b Copying falco.cpp to load_rules_files.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
2d53fecf4b Copying falco.cpp to load_plugins.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
0f8386326e Copying falco.cpp to load_plugins.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
2e8d3c6486 Copying falco.cpp to load_config.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00