github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-08 10:09:40 +00:00
Code Issues Projects Releases Wiki Activity
4,161 Commits 119 Branches 173 Tags
fix/use_plugin_name
Commit Graph

1334 Commits

Author SHA1 Message Date
Lorenzo Susini
727aed0c03 update(userspace/engine): avoid solving macros AST at each cycle when getting details of all rules 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-05-19 15:56:05 +02:00
Lorenzo Susini
c1623771d8 update(userspace/engine): correctly use describe rule based on config 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-05-19 15:56:05 +02:00
Lorenzo Susini
9947962cb8 update(userspace/engine): let describe_rule function print out json details when requested 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-05-19 15:56:05 +02:00
Lorenzo Susini
a6542a6487 new(userspace/engine): introduce new class to get details about rules 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-05-19 15:56:05 +02:00
Jason Dellaluce
c603055acf fix(userspace/engine): don't count async event for evttype warning 
Co-authored-by: Grzegorz Nosek <grzegorz.nosek@sysdig.com>
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
bb04892baf fix(userspace/falco): avoid double plugin initializations 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
9df72e0f2a fix(userspace/falco/app): properly populate filtercheck lists 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
4e8d1f025c fix(userspace/falco/app): skip unnecessary app steps 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
9bfce8cfae update(userspace): make sure that async event is always matched in rules 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
733ea88ab3 fix(userspace/falco): properly init configuration 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
b2615de062 new(userspace/falco/app): print a warning if multiple plugins for same source are loaded 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
0649be619b update(userspace/falco/app): support nodriver open mode and plugins sourcing system events 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
301c4efeb7 update(userspace/falco): support new plugin API definitions 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
5175a04c6b update(userspace/engine): bump engine checksum 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
3681cacda1 new(userspace/falco): add new --nodriver option 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Andrea Terzolo
696fa43dc2 cleanup(actions): now modern bpf support -A flag 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2023-05-17 12:19:00 +02:00
Andrea Terzolo
e83dbe85f7 cleanup(config): modern bpf is no more experimental 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2023-05-12 12:27:45 +02:00
Jason Dellaluce
1f4919bfe1 update: improve control and UX of ignored events 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-04-27 11:10:14 +02:00
Jason Dellaluce
4d24a02ad6 fix(userspace/falco): preserve config's plugin loading order 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-04-26 12:59:13 +02:00
Jason Dellaluce
8926022035 update: adapt Falco to new sinsp event source management 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-04-26 12:59:13 +02:00
Jason Dellaluce
95fa953398 update(cmake): bump libs and driver to ffcd702cf22e99d4d999c278be0cc3d713c6375c 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-04-26 12:59:13 +02:00
Jason Dellaluce
3b64052832 update(userspace/falco): leverage new sc_set_to_event_names API 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-04-04 19:39:53 +02:00
Leonardo Grasso
88b9537618 chore(userspace/falco): remove Mesos support 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2023-04-04 18:31:52 +02:00
Leonardo Grasso
5c0cd6a170 update!: remove --mesos-api,-pmesos, and -pm command-line flags 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2023-04-04 18:31:52 +02:00
Melissa Kilby
0b6e243582 cleanup(app_acions): fine-tune base_syscalls.repair behavior 
Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-03-30 19:08:33 +02:00
Melissa Kilby
78daafb56c cleanup(app_actions): finalize base_syscalls.repair option 
Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-03-30 19:08:33 +02:00
Jason Dellaluce
2b93a79521 refactor: apply review suggestions 
Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-03-30 19:08:33 +02:00
Melissa Kilby
e360175c15 fix(app_actions): enforce PPM_SC_SCHED_PROCESS_EXIT for base_syscalls.custom_set 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-03-30 19:08:33 +02:00
Melissa Kilby
692abf71eb new(app_actions): add base_syscalls.repair option 
See https://github.com/falcosecurity/falco/issues/2433

Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-03-30 19:08:33 +02:00
Melissa Kilby
1d66eb4d6d cleanup(app_actions): add warnings for invalid syscalls in user base_syscalls set 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-03-30 19:08:33 +02:00
Aldo Lacuku
31335d3c3b new(falco/config): add new configuration for http_output 
Support for user provided CA certificate that can verify the remote server. Users
can provide path to the CA certiface store by providing a path to the dir or to the
CA store file. If needed users can decide to tell Falco to not verify the server.

Signed-off-by: Aldo Lacuku <aldo@lacuku.eu>
 2023-03-30 17:11:33 +02:00
Federico Di Pierro
0b7ca2823e chore(userspace): apply review suggestions. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Jason Dellaluca <jasondellaluce@gmail.com>
 2023-03-28 19:01:30 +02:00
Federico Di Pierro
b2e03b1938 chore(userspace): syscall_drop_failed -> syscall_drop_failed_exit. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-03-28 19:01:30 +02:00
Federico Di Pierro
70c6c93389 chore(userspace): improved wording. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-03-28 19:01:30 +02:00
Federico Di Pierro
bf5e340833 new(userspace/falco): added syscall_drop_failed option to drop failed syscalls exit events. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-03-28 19:01:30 +02:00
Federico Di Pierro
e6078c8d16 chore(userspace): updated fields checksum. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-03-22 11:17:07 +01:00
Federico Di Pierro
17b170b4f9 update(cmake,userspace): bumped to libs master. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-03-22 11:17:07 +01:00
rabbitstack
03285f4140 define Windows equivalent for srandom and random functions 
Signed-off-by: rabbitstack <nedim.sabic@sysdig.com>
 2023-03-17 10:23:26 +01:00
Jason Dellaluce
93ae6bb609 chore(userspace/falco): fix codespell typos 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-03-15 17:54:49 +01:00
Jason Dellaluce
e07e3abfb5 update(userspace/falco): implement debouncing logic in restart handler 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-03-15 17:54:49 +01:00
Jason Dellaluce
3f69d46f9a update(userspace/falco): minor compilation improvements 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-03-15 17:54:49 +01:00
Jason Dellaluce
647441c06c fix(userspace/falco): solve gettid compilation issues 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-03-15 17:54:49 +01:00
Jason Dellaluce
cd155ed6f5 refactor(userspace/falco): update actions to use new hot restarter utility with dry-run safetyc checks 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-03-15 17:54:49 +01:00
Jason Dellaluce
561022ebb6 new(userspace/falco): add utility for handling hot app restarts 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-03-15 17:54:49 +01:00
Jason Dellaluce
af46833ad3 update(userspace/falco): make cmdline options simpler and copyable 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-03-15 17:54:49 +01:00
Jason Dellaluce
e40369648c fix(userspace/falco): solve minor compilation flaws 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-03-15 17:54:49 +01:00
Jason Dellaluce
ee7fa1cb06 new(usersapce/falco): add an app option for dry-run 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-03-15 17:54:49 +01:00
Jason Dellaluce
e8b776a9cb update(userspace/engine): bump engine version to 17 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-03-09 09:39:12 +01:00
Jason Dellaluce
09ab9db423 chore(userspace/falco): apply review suggestion 
Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-03-09 09:39:12 +01:00
Jason Dellaluce
61a7f32982 chore(userspace/falco): apply review suggestions 
Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-03-09 09:39:12 +01:00