github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-12 19:36:42 +00:00
Code Issues Projects Releases Wiki Activity
4,280 Commits 117 Branches 173 Tags 105 MiB
fix_CI_5
Commit Graph

1385 Commits

Author SHA1 Message Date
Melissa Kilby
bb4a643385 update(config): soft deprecation of old stats 
add CHANGE NOTICE wrt syscall_event_drops

Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-01-25 10:33:15 +01:00
Melissa Kilby
3675587aad cleanup(configs): adjust old stats deprecation notice 
Co-authored-by: Andrea Terzolo <andreaterzolo3@gmail.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-01-25 10:33:15 +01:00
Melissa Kilby
8a697502b9 update!(config): add deprecation notice for syscall_event_drops 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-01-25 10:33:15 +01:00
Melissa Kilby
2dc8d452ae fix(userspace/metric): minor fixes in new libsinsp state metrics handling 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-01-24 11:04:13 +01:00
Federico Aponte
8143a194d2 fix: nlohmann_json lib include path 
Signed-off-by: Federico Aponte <federico.aponte@sysdig.com>
 2024-01-24 09:38:13 +01:00
Jason Dellaluce
ccf62a3745 fix(userspace/engine): avoid storing escaped strings in engine defs 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2024-01-23 11:58:09 +01:00
Andrea Terzolo
ae9ffe414f cleanup: rename none into nodriver 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2024-01-17 09:41:55 +01:00
Andrea Terzolo
a6a1a9769f cleanup: restore the name of a variable 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
Co-authored-by: Luca Guerra <luca.guerra@sysdig.com>
 2024-01-11 15:37:38 +01:00
Andrea Terzolo
c308f5c7e2 cleanup: rename some error messages 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-01-11 15:37:38 +01:00
Andrea Terzolo
ee78c862ad tests: add some new tests on override replace 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-01-11 15:37:38 +01:00
Andrea Terzolo
8ebdbe3e6f cleanup: use macros for default error messages 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-01-11 15:37:38 +01:00
Andrea Terzolo
5192921732 doc: typo in the exception 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-01-11 15:37:38 +01:00
Andrea Terzolo
56de6e6786 update(rule_loader): remove the warning on the required_engine_version 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-01-11 15:37:38 +01:00
Andrea Terzolo
f5dea33b5e update(falco): always enable rules warnings 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-01-11 15:37:38 +01:00
Andrea Terzolo
b318c165da cleanup(falco_engine): remove unused methods 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-01-11 15:37:38 +01:00
Andrea Terzolo
5ac005bd4d update(rule_loader): deprecate all non-SemVer compatible values 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-01-11 15:37:38 +01:00
Andrea Terzolo
95e4c58e7f update(rule_loader): deprecate enabled usage 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-01-11 15:37:38 +01:00
Andrea Terzolo
4aebee684a update(rule_loader): deprecate append key and add a warning 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-01-11 15:37:38 +01:00
Andrea Terzolo
63736563a2 cleanup(rule_loader): remove useless include 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-01-11 15:37:38 +01:00
Andrea Terzolo
7cac2833b2 cleanup(rule_loader): add a common log message 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-01-11 15:37:38 +01:00
Mark Stemm
14d1ca3c97 Add methods to look up the factories provided in add_source() 
Add methods that allow looking up the factories provided to
add_source(). This allows not having to keep track of the factories
outside of the engine.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2024-01-08 12:00:27 +01:00
Mark Stemm
07d7b9a57a Inline find_source() as it can be called in the event path 
Inline find_source as it can be called in the event processing path.

Also take the cached variant that assigns/uses m_syscall_source_idx
and put it in find_source() instead of process_event().

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2024-01-08 12:00:27 +01:00
Luca Guerra
728c8d7d0e fix(engine): clarify error message for invalid append 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-12-22 21:49:21 +01:00
Luca Guerra
4c023b0d93 update(engine): temporary replace for error messages 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-12-22 21:49:21 +01:00
Luca Guerra
8a7ef687b1 update(engine): throw an error if an unexpected top level key is found in an override 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-12-22 21:49:21 +01:00
Luca Guerra
21c629dc4d chore(engine): bump engine version 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-12-22 21:49:21 +01:00
Luca Guerra
2db29af0e8 update(engine): clarify override error messages 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-12-22 21:49:21 +01:00
Luca Guerra
bc072502cc new(engine): add selective overrides 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-12-22 21:49:21 +01:00
Melissa Kilby
9131261ff3 chore: fix some characters in deprecation notices 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-12-22 09:55:19 +01:00
Luca Guerra
e5034323fd cleanup(engine): clarify deprecation notice for engines 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-12-21 17:40:15 +01:00
Andrea Terzolo
8ff1ef752d chore: bump falco engine version 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-12-18 19:01:01 +01:00
Samuel Gaist
d99c137b09 feat(outputs_http): implement keep alive 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2023-12-18 17:41:02 +01:00
Samuel Gaist
691bc8b04d feat(outputs_http): implement support for compressed upload 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2023-12-18 17:41:02 +01:00
Mark Stemm
334302e525 Allow enabling rules by ruleset id in addition to name 
Add alternate enable_* methods that allow enabling rulesets by ruleset
id in addition to name. This might be used by some filter_rulesets to
enable/disable rules on the fly via the falco engine.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2023-12-18 15:58:04 +01:00
Federico Di Pierro
cbbcb61153 new(unit_tests,userspace): properly support env var expansions in all scalar values of yaml file. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-12-13 17:03:46 +01:00
Federico Di Pierro
7805bf5ad5 fix(userspace,unit_tests): fixed bool parsing. 
Moreover, added some more tests around env vars.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-12-13 17:03:46 +01:00
Federico Di Pierro
0c0fb63008 chore(unit_test,userspace): allow env var to get expanded in yaml even when part of a string. 
Moreover, support env variable embedding another env variable.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-12-13 17:03:46 +01:00
Andrea Terzolo
ed346e90cd update(falco): bump engine version and checksum 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-12-13 16:59:46 +01:00
Nitro Cao
4bfc42eb7d feat(falco): monitor events with more types for rules directory 
Signed-off-by: Nitro Cao <jaycecao520@gmail.com>
 2023-12-12 18:49:44 +01:00
Federico Aponte
e427c800f3 chore(build): fix error using find_package with ExternalProject_Add 
Signed-off-by: Federico Aponte <federico.aponte@sysdig.com>
 2023-12-11 16:52:39 +01:00
Federico Aponte
5e17ba6c23 chore(build): allow usage of non-bundled nlohmann-json 
Signed-off-by: Federico Aponte <federico.aponte@sysdig.com>
 2023-12-11 16:52:39 +01:00
Federico Aponte
44b7352180 cleanup: fix several warnings from a Clang build 
Signed-off-by: Federico Aponte <federico.aponte@sysdig.com>
 2023-12-06 16:40:26 +01:00
Jason Dellaluce
390a13bd40 update(userspace): optimizations in validation and description steps 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-12-02 09:38:15 +01:00
Jason Dellaluce
67542ec88e new(userspace/falco): support -L when validating for parity 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-12-02 09:38:15 +01:00
Jason Dellaluce
e3943ccac3 refactor(userspace/engine): uniform json lib in rules description and not print from engine 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-12-02 09:38:15 +01:00
Luca Guerra
6411eed4a7 cleanup(falco): remove decode_uri as it is no longer used 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-11-29 17:42:06 +01:00
Andrea Terzolo
c5364be191 new: print system info when Falco starts 
Print kernel info when Falco starts with a kernel driver

Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-28 22:14:05 +01:00
Melissa Kilby
3b068919d0 update(cmake): bump libs and driver to c2fd308 plus bump falco engine version 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-11-28 12:57:04 +01:00
Melissa Kilby
3e4566e5af cleanup(userspace/falco): minor adjustments to stats writer and rebase correction 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-11-28 12:57:04 +01:00
Melissa Kilby
9cb4c09500 cleanup(userspace/falco): enable sinsp_stats_v2 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-11-28 12:57:04 +01:00