falco

mirror of https://github.com/falcosecurity/falco.git synced 2025-09-07 17:54:07 +00:00

Author	SHA1	Message	Date
Samuel Gaist	d074728994	feat(userspace/falco): add configuration support for IPV6 webserver listen address The IPV6 capabilities is provided through cpp-httplib. Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>	2023-11-03 09:09:08 +01:00
Samuel Gaist	91a9717779	feat(userspace/falco): implement configuration of webserver listening address Currently the webserver is listening on the hard coded 0.0.0.0. This patch keeps this default but allows the administrator to change it. Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>	2023-11-03 09:09:08 +01:00
Jason Dellaluce	f5985720f1	fix(userspace/engine): cache latest rules compilation output Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-11-02 20:32:07 +01:00
Jason Dellaluce	2e7cacb4e0	fix(userspace/engine): solve description of macro-only rules Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-11-02 16:16:06 +01:00
Luca Guerra	3ff2bb5c2b	cleanup(engine): strncpy -> strlcpy Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-10-19 17:41:22 +02:00
Luca Guerra	1e38967b18	update(engine): remove banned.h Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-10-19 17:41:22 +02:00
Roberto Scolaro	b7cef5bab2	fix(userspace/engine): fix memory leak Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>	2023-10-17 21:20:15 +02:00
Melissa Kilby	dd807b19c8	feat(userspace): remove experimental outputs queue recovery strategies Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-10-12 13:03:46 +02:00
Melissa Kilby	32b7ccd8dc	cleanup(userspace/falco): reset s_timerid_exists at stats_writer teardown Co-authored-by: Andrea Terzolo <andreaterzolo3@gmail.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-10-06 15:32:05 +02:00
Melissa Kilby	d28f43cd98	chore: apply codespell fixes Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-10-06 15:32:05 +02:00
Melissa Kilby	943446ba97	cleanup(userspace/falco): add more comments around timer_delete workaround Co-authored-by: Federico Di Pierro <nierro92@gmail.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-10-06 15:32:05 +02:00
Melissa Kilby	d4a4de9055	fix(userspace/falco): timer_delete() workaround due to bug in older GLIBC Workaround for older GLIBC versions (< 2.35), where calling timer_delete() with an invalid timer ID not returned by timer_create() causes a segfault because of a bug in GLIBC (https://sourceware.org/bugzilla/show_bug.cgi?id=28257). Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-10-06 15:32:05 +02:00
Andrea Terzolo	29d2406414	cleanup(falco)!: remove `outputs.rate` and `outputs.max_burst` Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2023-09-29 01:47:21 +02:00
Lorenzo Susini	09b1f92267	update(userspace/engine): update falco engine checksum Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-09-28 20:05:21 +02:00
Lorenzo Susini	1326ca356e	update(userspace/engine): address jasondellaluce comments for maintainability Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-09-28 20:05:21 +02:00
Lorenzo Susini	9bbf9716b6	update(userspace/falco): engine version semver in protobuf and versions_info Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-09-28 20:05:21 +02:00
Lorenzo Susini	f8cbeaaa9b	update(userspace/engine): let the rule loader reader and collector be able to load rules with both numeric and semver string required_engine_version Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-09-28 20:05:21 +02:00
Lorenzo Susini	cd6cb14c08	update(userspace/engine): convert engine version to semver string Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-09-28 20:05:21 +02:00
Jason Dellaluce	d3e1a1f746	chore(userspace/engine): apply codespell suggestions Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-09-28 12:39:20 +02:00
Jason Dellaluce	aae114c331	refactor(userspace/engine)!: rename some description details outputs Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-09-28 12:39:20 +02:00
Jason Dellaluce	b67ad907a7	fix(userspace/engine): solve issues with filter details resolver Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-09-28 12:39:20 +02:00
Jason Dellaluce	dc264a0577	fix(userspace/engine): solve issues in describing rules/macros/lists Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-09-28 12:39:20 +02:00
Jason Dellaluce	8f411f3d3b	refactor(userspace/engine): modularize rules files compilation Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-09-28 12:39:20 +02:00
Jason Dellaluce	cba80a404f	fix(userspace/engine): print rules fields with arguments Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-09-28 12:39:20 +02:00
Jason Dellaluce	26bdefae8e	update(userspace/engine): support printing plugins used by rules Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-09-28 12:39:20 +02:00
Jason Dellaluce	dce5cac820	update(userspace/engine): find evt names in filter resolver Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-09-28 12:39:20 +02:00
Jason Dellaluce	ab77a5d687	update(userspace/engine): refactor rule describe methods to accept plugins Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-09-28 12:39:20 +02:00
Andrea Terzolo	4de74f3963	cleanup(falco)!: remove `--userspace` support Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2023-09-26 16:14:07 +02:00
Leonardo Grasso	fe50ac22ee	update: add SPDX license identifier See https://github.com/falcosecurity/evolution/issues/318 Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2023-09-21 13:21:47 +02:00
Andrea Terzolo	6bd40f3ea2	cleanup: thrown exceptions and avoid multiple logs Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2023-09-13 11:28:40 +02:00
Jason Dellaluce	5595212ff9	fix(userspace/falco): clearing full output queue Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-09-12 13:19:35 +02:00
Leonardo Grasso	35cb960917	update(userspace/engine): align `%container.info` defaults with new rule styles Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2023-09-08 19:00:04 +02:00
Andrea Terzolo	e55bedac0b	fix(stats): always initialize m_output Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2023-09-07 19:13:00 +02:00
Melissa Kilby	73f15e6c5b	cleanup(userspace/falco): adjust outputs_queue_num_drops counter for recovery 'empty' Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-09-07 13:15:59 +02:00
Melissa Kilby	dad2762ed6	fix(userspace/falco): change outputs_queue_num_drops to atomic Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-09-07 13:15:59 +02:00
Melissa Kilby	88a5e1bf45	cleanup(config): rename default outputs queue macro Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-09-07 13:15:59 +02:00
Melissa Kilby	0eff98aa8e	cleanup: apply more reviewers suggestions Co-authored-by: Andrea Terzolo <andreaterzolo3@gmail.com> Co-authored-by: Leonardo Grasso <me@leonardograsso.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-09-07 13:15:59 +02:00
Melissa Kilby	016fdae93b	cleanup: apply reviewers suggestions Co-authored-by: Andrea Terzolo <andreaterzolo3@gmail.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-09-07 13:15:59 +02:00
Melissa Kilby	a61f24066f	cleanup(userspace/falco): always set queue capacity and use largest long as default for unbounded Co-authored-by: Andrea Terzolo <andreaterzolo3@gmail.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-09-07 13:15:59 +02:00
Melissa Kilby	1e94598eca	new(metrics): add falco.outputs_queue_num_drops metrics + plus fix rebase leftovers Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-09-07 13:15:59 +02:00
Melissa Kilby	85883b7200	cleanup(outputs): adopt different style for outputs_queue params encodings Co-authored-by: Leonardo Grasso <me@leonardograsso.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-09-07 13:15:59 +02:00
Melissa Kilby	03a557725b	cleanup(outputs): ensure old defaults in queue_capacity_outputs in new config Co-authored-by: Leonardo Grasso <me@leonardograsso.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-09-07 13:15:59 +02:00
Melissa Kilby	b55b209edf	fix(outputs): expose queue_capacity_outputs config for memory control Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-09-07 13:15:59 +02:00
Luca Guerra	a22dac6866	update(falco)!: --list-syscall-events is now called --list-events Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-09-07 12:47:59 +02:00
Luca Guerra	bfb22527a2	chore(falco): update engine version and checksum Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-09-07 12:47:59 +02:00
Luca Guerra	b21bfd6e8d	new(falco): print all events (not just syscall) Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-09-07 12:47:59 +02:00
Daniel Wright	513f122aff	feat: support parsing of system environment variables in yaml In order to allow the user to supply environment variables in standard ways performed in other applications the get_scalar function has been extended to support defining an environment variable in the format `${FOO}`. Environment variables can be escaped via defining as `$${FOO}`. As this handles some additional complexity, a unit test has been added to cover this new functionality Signed-off-by: Daniel Wright <danielwright@bitgo.com>	2023-09-06 11:45:00 +02:00
Leonardo Grasso	b2374b3c19	fix(userspace/falco): apply suggestions for CLI help messages Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com> Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2023-09-04 18:50:52 +02:00
Leonardo Grasso	93e8be1e32	update(userspace/falco): revised CLI help messages Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2023-09-04 18:50:52 +02:00
Luca Guerra	b246bcb052	fix(engine): fix werror reorder Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-09-04 17:26:52 +02:00

1 2 3 4 5 ...

1334 Commits