24 Commits

Author SHA1 Message Date
Andrea Terzolo
34a896f3a5 new(.gitignore): ignore local CMakeUserPresets.json
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
2023-12-13 16:59:46 +01:00
rohith-raju
05f483d751 update(cleanup): clean gitignore file
Signed-off-by: rohith-raju <rohithraju488@gmail.com>
2023-08-24 10:30:40 +02:00
rohith-raju
105f2f6ee3 update(unit_tests): use typecast as wasm can't handle 64 bit int
Signed-off-by: rohith-raju <rohithraju488@gmail.com>
2023-08-24 10:30:40 +02:00
Jason Dellaluce
b1ae5d3dd9 cleanup(test): remove python regression tests
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
2023-08-04 10:32:21 +02:00
Jason Dellaluce
b74dcbd851 cleanup(userspace/engine): remove lua files and lua-related code sections
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
2022-04-11 12:22:18 +02:00
Federico Di Pierro
1befb053d0 update(gitignore): drop 2 useless lines from gitignore that are now installed in the build folder.
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
2022-01-17 17:20:33 +01:00
Mark Stemm
cd8234d8b3 Remove falco_tests.yaml from gitignore
It was renamed from falco_tests.yaml.in in
5bafa198c6.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
2021-01-19 10:37:55 +01:00
Leonardo Grasso
2f3669b962 chore: clean up lua from dot files
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
2020-10-13 05:12:00 -04:00
Leonardo Grasso
9915b9077c update(docker/event-generator): remove the event-generator from the Falco repo
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
2020-04-24 15:40:50 +02:00
Kris Nova
4f53c85f97 Removing Sysdig inc
Signed-off-by: Kris Nova <kris@nivenly.com>
2019-11-05 16:40:56 +01:00
Leonardo Di Donato
330d7ef2d7 fix: ignore build files generated by the regression tests
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
2019-08-13 15:48:06 +02:00
Leonardo Di Donato
231f881c5a update: ignore luacheck cache
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
2019-07-10 18:49:02 +02:00
Leonardo Di Donato
03310800ed update: ignore lyaml
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
2019-06-24 11:28:25 +02:00
Michael Ducy
4fcd44e73a Allow SSL for k8s audit endpoint (#471)
* Allow SSL for k8s audit endpoint

Allow enabling SSL for the Kubernetes audit log web server. This
required adding two new configuration options: webserver.ssl_enabled and
webserver.ssl_certificate. To enable SSL add the below to the webserver
section of the falco.yaml config:

webserver:
  enabled: true
  listen_port: 8765s
  k8s_audit_endpoint: /k8s_audit
  ssl_enabled: true
  ssl_certificate: /etc/falco/falco.pem

Note that the port number has an s appended to indicate SSL
for the port which is how civetweb expects SSL ports be denoted. We
could change this to dynamically add the s if ssl_enabled: true.

The ssl_certificate is a combination SSL Certificate and corresponding
key contained in a single file. You can generate a key/cert as follows:

$ openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
$ cat certificate.pem key.pem > falco.pem
$ sudo cp falco.pem /etc/falco/falco.pem

fix ssl option handling

* Add notes on how to create ssl certificate

Add notes on how to create the ssl certificate to the config comments.
2019-01-23 20:21:37 -08:00
Brett
6bfff60fc3 Add *.pyc to .gitignore 2017-06-14 13:04:14 -07:00
Mark Stemm
1e205db8aa Use right name for event-generator. 2017-02-03 18:10:34 -08:00
Mark Stemm
f64148999a Program/docker image that performs bad activities.
C++ program that performs bad activities related to the current falco
ruleset. There are configurable actions for almost all of the current
ruleset, via the --action argument.

By default runs in a loop forever. Can be overridden via --once.

Also add a Dockerfile that compiles event_generator.cpp within an alpine
linux image and copies it to /usr/local/bin. This image has been pushed
to docker hub as "sysdig/falco-event-generator:latest".

Add a Makefile that runs the right docker build command.
2016-10-24 15:56:45 -07:00
Mark Stemm
318286f8c4 Add ignores for test-related files.
Ignore results.json and similar names. Also ignore the file created when
running phoronix tests.
2016-10-24 15:56:45 -07:00
Mark Stemm
fc6d775e5b Add additional rules/tests for pipe installers.
Add additional rules related to using pipe installers within a fbash
session:

 - Modify write_etc to only trigger if *not* in a fbash session. There's
   a new rule write_etc_installer which has the same conditions when in
   a fbash session, logging at INFO severity.

 - A new rule write_rpm_database warns if any non package management
   program tries to write below /var/lib/rpm.

 - Add a new warning if any program below a fbash session tries to open
   an outbound network connection on ports other than http(s) and dns.

 - Add INFO level messages when programs in a fbash session try to run
   package management binaries (rpm,yum,etc) or service
   management (systemctl,chkconfig,etc) binaries.

In order to test these new INFO level rules, make up a third class of
trace files traces-info.zip containing trace files that should result in
info-level messages.

To differentiate warning and info level detection, add an attribute to
the multiplex file "detect_level", which is "Warning" for the files in
traces-positive and "Info" for the files in traces-info. Modify
falco_test.py to look specifically for a non-zero count for the given
detect_level.

Doing this exposed a bug in the way the level-specific counts were being
recorded--they were keeping counts by level name, not number. Fix that.
2016-06-06 10:29:41 -07:00
Mark Stemm
0f4b378775 Add .gitignore for test directory.
Exclude trace directories.
2016-05-25 17:51:50 -07:00
Mark Stemm
ba80367116 Remove remaining digwatch references (really).
Try harder looking for remaining digwatch references, replacing with
falco.
2016-05-04 15:44:11 -07:00
Henri DF
a14087dc94 .gitignore 2016-03-06 15:16:13 -08:00
Henri DF
cc4837312e Pull lpeg and build it 2016-03-04 17:52:01 -08:00
Henri DF
7593aac4c9 .gitignore 2016-03-03 16:11:57 -08:00