github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-08 18:19:30 +00:00
Code Issues Projects Releases Wiki Activity
4,161 Commits 119 Branches 173 Tags
fix/use_plugin_name
Commit Graph

1334 Commits

Author SHA1 Message Date
Luca Guerra
02202620ff update(falco): update libs to 0790cff 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-07-19 10:20:36 +02:00
Luca Guerra
88fb693595 update(falco): update libs to dc02e50 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-07-11 16:23:02 +02:00
Jason Dellaluce
ba8e9af22d chore(userspace/falco): fix misleading content 
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-06-22 17:14:55 +02:00
Jason Dellaluce
8f4b7324ad chore: apply codespell suggestions 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-06-22 17:14:55 +02:00
Jason Dellaluce
8c5c672c9e fix(userspace/falco/app): evt sources safety check issues in live mode 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-06-22 17:14:55 +02:00
Jason Dellaluce
9d29a3afb2 update(userspace/falco/app): check illegal source setup in live inspectors 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-06-22 17:14:55 +02:00
Jason Dellaluce
893a3c90da update(userspace/falco/app): print loaded event sources 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-06-22 17:14:55 +02:00
Federico Di Pierro
f7e15ca282 chore(userspace): cleanup old code. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-06-22 10:08:55 +02:00
Federico Di Pierro
c0ea9b3618 fix(userspace): switch to timer_settime API in stats writer. 
It seems like `setitimer` is not correctly working when built from CI; perhaps a gcc/glibc bug?

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-06-22 10:08:55 +02:00
Jason Dellaluce
7c387069af chore(userspace/falco): make source matching error more expressive 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-06-21 15:41:52 +02:00
Lorenzo Susini
0034d01a50 update(userspace): change description of snaplen option 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-06-12 14:45:09 +02:00
Daniel Wright
9097d2c359 fix: unquote quoted URL's to avoid libcurl errors 
This commit will unquote URL's allowing them to be supported by
libcurl and eliminate any errors when a valid (quoted) URL is supplied
by a user.

Closes #2579

Signed-off-by: Daniel Wright danielwright@bitgo.com
 2023-06-05 11:09:32 +02:00
Lorenzo Susini
9fda7dfb93 fix(userspace/engine): store alternatives as array in -L json output 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-05-31 16:16:31 +02:00
Melissa Kilby
aa8c13b4e4 cleanup(userspace): adjust stats n_drops_perc 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-05-31 15:48:32 +02:00
Melissa Kilby
efd0c7421e cleanup(userspace,config): apply reviewers suggestions 
Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-05-31 15:48:32 +02:00
Melissa Kilby
e775fc6f5b cleanup(userspace): improve metrics UX 
add send_numeric_zero_values config to allow users to save space
when using metrics option, while still also allowing
to send all keys (especially because we don't document the schema)

Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-05-31 15:48:32 +02:00
Lorenzo Susini
79b9d0ff21 fix(userspace/engine): store required engine version as string in -L json output 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-05-30 12:09:30 +02:00
Lorenzo Susini
6e12b95dd2 update(userspace/engine): address jasondellaluce comments 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-05-30 10:45:30 +02:00
Lorenzo Susini
0bd609d5a4 update(userspace/falco): update description of -l and -L flags 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-05-30 10:45:30 +02:00
Lorenzo Susini
cfb96d0562 update(userspace/engine): adding required_engine_version, required_plugin_versions and exception names to -L output 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-05-30 10:45:30 +02:00
Lorenzo Susini
75f556e3b7 update(userspace/engine): add required_engine_version to rule collector 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-05-30 10:45:30 +02:00
Jason Dellaluce
1263c67ac6 chore: apply codespell suggestions 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-29 12:26:24 +02:00
Jason Dellaluce
a9ea18b99a fix(userspace/falco): report plugin deps rules issues in any case 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-29 12:26:24 +02:00
Jason Dellaluce
b58a373835 chore(userspace/falco): always print invalid syscalls from custom set 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-25 14:14:11 +02:00
Roberto Scolaro
2dadb05af6 fix(userspace/falco/app/actions): hotreload on wrong metrics 
Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>
Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-25 14:09:10 +02:00
Andrea Terzolo
1098b6f7ca cleanup: rename a file 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2023-05-25 10:23:10 +02:00
Andrea Terzolo
1a359f5806 fix: add a check on online CPUs 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2023-05-25 10:23:10 +02:00
Jason Dellaluce
0943456ffe fix(userspace/falco): don't hang on terminating error when multi sourcing 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-24 19:12:06 +02:00
Jason Dellaluce
b40a6bc703 fix(userspace/falco): right boundary checks for strncat 
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-23 16:53:35 +02:00
Jason Dellaluce
75720534d7 fix(userspace/falco): solve escape issues in grpc output 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-23 16:53:35 +02:00
Jason Dellaluce
00acd17ba1 fix(userspace/faclco): output drop perc metric only if drops are present 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-23 16:53:35 +02:00
Jason Dellaluce
d550552fc1 fix(userspace/falco): properly format numeric values in metrics 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-23 16:53:35 +02:00
Melissa Kilby
eaa4354ddf cleanup(userspace/falco): new consistent metrics output fields classes falco. and scap. 
* Ensure each metric field name more consistently adheres to the grammar used in Falco rules:
  * `falco.`: new field class representing userspace counters, statistics, resource utilization, or necessary information fields
  * `scap.`: new field class represents counters and statistics mostly obtained from Falco's kernel instrumentation before events are sent to userspace, but can include scap userspace stats as well
* minor cleanup

Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-05-23 09:58:34 +02:00
Melissa Kilby
8e0c89d3b4 cleanup(userspace/engine): prometheus compliant regex parsing for metrics interval 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-05-23 09:58:34 +02:00
Melissa Kilby
fcecde845d cleanup(userspace): move parse_prometheus_interval to falco_utils 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-05-23 09:58:34 +02:00
Melissa Kilby
f2318a9ac5 cleanup(userspace/falco): address reviewers comments + cleanup 
* prefix counters and stats belonging to kernel space w/ `k.` else `u.` for userspace
* add n_drops_perc from old stats writer schema
* revert one change: file output shall reflect exact same "output_fields" key as rule output, note that src is already part of the "output_fields" schema.

Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-05-23 09:58:34 +02:00
Jason Dellaluce
5d35cda8dc update(userspace): minor polishing 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-23 09:58:34 +02:00
Jason Dellaluce
f117d5273c update(userspace): refactor metrics data flow and fix bugs 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-23 09:58:34 +02:00
Melissa Kilby
f0ac327f98 cleanup(userspace/falco): add more fields to metrics 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-05-23 09:58:34 +02:00
Melissa Kilby
e37027a1d0 cleanup(userspace/falco): address reviewers comments 
* renaming to `metrics` for technical clarity
* adopt Prometheus like metrics interval settings

Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-05-23 09:58:34 +02:00
Melissa Kilby
134d2630e9 new(userspace/falco): stats v2 config option to convert memory metrics to MB 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-05-23 09:58:34 +02:00
Melissa Kilby
78dbfab48f feat(userspace/falco)!: use new resource_utilization metrics / stats v2 schema for stats file ouput logs 
These changes break the old stats file output schema and consolidates
them with the new schema.

Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-05-23 09:58:34 +02:00
Melissa Kilby
4d24bcdd2f new(userspace/falco)!: introduce native support for resource_utilization metrics / stats v2 
Intended to phase out previous stats writer settings and log schema.

Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-05-23 09:58:34 +02:00
Melissa Kilby
44d9f99c72 new(userspace/falco)!: new stats v2 configs 
Intended to phase out previous stats writer settings and log schema.

Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-05-23 09:58:34 +02:00
Jason Dellaluce
7248284b12 chore(userspace/falco/app): print all supported plugin caps 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-22 15:23:32 +02:00
Lorenzo Susini
e47ece4de9 update(userspace/engine): address jasondellaluce comments 
- avoiding inspector to be allocated for each rule
- use two boolean values for expecting macros and lists
- move items of lists alongside name, under info
- use snake case for json output, like we do for e.g alerts
- correctly retrieve evt names
- consider two levels of lists for exception operators

Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-05-19 15:56:05 +02:00
Lorenzo Susini
1195b1e7f0 update(userspace/engine): better modularize the code for getting json details 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-05-19 15:56:05 +02:00
Lorenzo Susini
e11b4c4430 update(userspace/engine): add event codes to json output 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-05-19 15:56:05 +02:00
Lorenzo Susini
46cbc3c589 update(userspace/engine): add info about all macros and lists in -L option 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-05-19 15:56:05 +02:00
Lorenzo Susini
e30729555b update(userspace/engine): add enabled information to json output 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-05-19 15:56:05 +02:00