falco

mirror of https://github.com/falcosecurity/falco.git synced 2025-09-12 03:59:40 +00:00

Author	SHA1	Message	Date
Jason Dellaluce	2645f6640c	chore(userspace/falco): rename source file using its action name Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-03-09 09:39:12 +01:00
Jason Dellaluce	fb37d8f365	refactor(userspace/falco): adapt event set selection to only use ppm_sc and new engine features Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com> Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-03-09 09:39:12 +01:00
Jason Dellaluce	19ffadc763	update(userspace/engine): support searching ppm_sc events in rulesets Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-03-09 09:39:12 +01:00
Melissa Kilby	0de9af9ed0	fix(app_actions): base_syscalls check for empty string Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-02-24 11:43:43 +01:00
Melissa Kilby	58dc60e58d	cleanup(app_actions): address reviewers comments * Plus minor adjustments to ensure correct state_event_set for all configurations * Ensure valid check_for_rules_unsupported_events for all configurations * Remove user input validation warning -> re-introduce in follow up PR Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-02-24 11:43:43 +01:00
Melissa Kilby	b6f6195725	cleanup(app_actions): include activated syscalls in LOG_DEBUG logs Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-02-24 11:43:43 +01:00
Melissa Kilby	76a3c8d7ee	new(app_actions): introduce base_syscalls See https://github.com/falcosecurity/falco/issues/2373 Co-authored-by: Federico Di Pierro <nierro92@gmail.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-02-24 11:43:43 +01:00
Jason Dellaluce	7d67fbbfe7	chore(userspace/falco): apply review suggestions Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com> Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 14:31:28 +01:00
Jason Dellaluce	5ed5c63202	refactor: adapt event set configuration changes to new libs definition Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com> Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 14:31:28 +01:00
Jason Dellaluce	4706cd8b4e	cleanup: solve std namespace issues and remove unused imports Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 14:31:28 +01:00
Jason Dellaluce	010f6c6a9e	update(userspace/engine): bump fields checksum Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 14:31:28 +01:00
Jason Dellaluce	1485dc5d68	refactor(userspace/falco): adapt app actions to new event definitions Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 14:31:28 +01:00
Jason Dellaluce	e7d76ca722	refactor(userspace/falco): use new event definitions in app state Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 14:31:28 +01:00
Jason Dellaluce	6c38ecaf0e	update(userspace/engine): adapt engine classes to new libsinsp event definitions Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 14:31:28 +01:00
Jason Dellaluce	34ea7a8245	cleanup(userspace/engine): drop filtr_evttype_resolver Its logic was ported into libsinsp in: `3d8550e70e` Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 14:31:28 +01:00
Melissa Kilby	d89f4b4904	cleanup(app_actions): adjust ignored events Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-02-21 14:31:28 +01:00
Melissa Kilby	16aa36291a	fix rebase Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-02-21 14:31:28 +01:00
Melissa Kilby	72439b2eed	cleanup(app_actions): adjust configure_interesting_sets * address reviewers feedback * improve clarity around new -A and -i behavior * additional cleanup (e.g. use generic set operations only) * extend unit tests Note: sinsp ppm sc API is undergoing a refactor, therefore current lookups are interim and will subsequently be refactored as well. Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-02-21 14:31:28 +01:00
Melissa Kilby	30fe065446	cleanup(app_actions): configure -A w/ new default behavior Define new -A behavior in configure_interesting_sets * default: all syscalls in rules included, sinsp state enforcement without high volume I/O syscalls * -A flag set: all syscalls in rules included, sinsp state enforcement and allowing high volume I/O syscalls Co-authored-by: Federico Di Pierro <nierro92@gmail.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-02-21 14:31:28 +01:00
Melissa Kilby	91c185a178	cleanup(app_actions): include evttypes from rules in configure_interesting_sets Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-02-21 14:31:28 +01:00
Jason Dellaluce	34ed5a5fc9	chore: fix typos Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 11:09:29 +01:00
Jason Dellaluce	70c22c7d2e	refactor(userspace/falco): adapt actions to new signal handler constructs Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 11:09:29 +01:00
Jason Dellaluce	eb3bf7260d	refactor(userspace/falco): add an ad-hoc concurrent object for signal handlers Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 11:09:29 +01:00
Jason Dellaluce	5470a88b61	fix(userspace/falco): add missing constructors/methods on falco semaphore Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 11:09:29 +01:00
Jason Dellaluce	bf5b8f5c83	new(userspace/falco): add intermediate cmake target for falco app Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-15 10:51:35 +01:00
Jason Dellaluce	c45bf3eb17	chore(userspace/falco): rename falco_init into falco_run Co-authored-by: Federico Di Pierro <nierro92@gmail.com> Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-14 17:33:31 +01:00
Jason Dellaluce	149544d7ab	chore(userspace/falco): fix spacing and license Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-14 17:33:31 +01:00
Jason Dellaluce	1eb915bf2f	fix(userspace/falco): solve issues with minimal build Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-14 17:33:31 +01:00
Jason Dellaluce	5d35dff2a7	refactor(userspace/falco/app): standalone sources for action helpers Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-14 17:33:31 +01:00
Jason Dellaluce	799557f7f7	refactor(userspace/falco/app): make run and teardown actions consistent Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-14 17:33:31 +01:00
Jason Dellaluce	fe859bda2d	refactor(userspace/engine): turn app methods into simple functions Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-14 17:33:31 +01:00
Jason Dellaluce	374136be18	refactor(userspace/engine): add standalone sources for app signals and options Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-14 17:33:31 +01:00
Jason Dellaluce	623d27ef77	refactor(userspace/engine): create standalone sources for app state and run result Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-14 17:33:31 +01:00
Jason Dellaluce	0f402d01d0	fix(userspace/falco): add missing pragma once Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-14 17:33:31 +01:00
Jason Dellaluce	ff68311629	fix(userspace/engine): add missing include Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-14 17:33:31 +01:00
Lorenzo Susini	88ac30650c	fix(userspace/engine): correctly bump engine version after introduction of new fields Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-02-14 13:03:06 +01:00
Jason Dellaluce	79b3f81a02	chore: fix typos Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-14 12:47:07 +01:00
Jason Dellaluce	2495827e0c	fix(userspace/engine): correctly handle evttype indexing corner cases Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-14 12:47:07 +01:00
Federico Di Pierro	75dc8c050c	new(userspace,tests): add proper support for generic events indexing. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2023-02-13 14:54:03 +01:00
Andrea Terzolo	dca76ba93c	chore: fix building with njson Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2023-02-10 11:41:24 +01:00
Federico Di Pierro	7343bcf050	cleanup(uerspace/falco): do not enter dropping mode. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2023-02-09 14:16:31 +01:00
Jason Dellaluce	eaeec7c079	fix(userspace): avoid using std namespace in sources Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-08 15:30:29 +01:00
Jason Dellaluce	54f117141b	update(userspace/engine): avoid relying on leaked std namespace Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-08 15:30:29 +01:00
Andrea Terzolo	1b11a041b5	update: change `cpus_for_each_syscall_buffer` default value Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2023-02-03 12:50:20 +01:00
Andrea Terzolo	8eb6fbf32d	fix(userspace): use the right path for the `cpus_for_each_syscall_buffer` Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2023-01-26 11:44:44 +01:00
Andrea Terzolo	77686cb8b9	update: don't expose available CPU feature Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2023-01-24 12:41:34 +01:00
Andrea Terzolo	42670a50c7	new: support multiple buffer modes and online CPUs Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2023-01-24 12:41:34 +01:00
Federico Di Pierro	e64c14a947	fix(userspace/falco): fixed grpc server shutdown. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2023-01-24 11:59:34 +01:00
Federico Di Pierro	306f9ba468	fix(userspace/falco): fixed build. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2023-01-17 16:00:23 +01:00
Jason Dellaluce	55a6436ee8	new(userspace/falco): add webserver endpoint for retrieving internal versions Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-01-16 17:24:54 +01:00

... 4 5 6 7 8 ...

1334 Commits