github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2026-03-19 11:12:36 +00:00
Code Issues Projects Releases Wiki Activity
3,303 Commits 122 Branches 184 Tags
test_modern_probe
Commit Graph

3303 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrea Terzolo
a87d05b239 temp 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-11-11 11:49:45 +00:00
Federico Di Pierro
2ab76405bb fix(scripts): fixed PartOf in bpf and modern-bpf systemd units. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-11-10 14:29:58 +00:00
Federico Di Pierro
7598a1f939 chore(scripts,cmake): rename modern_bpf to modern-bpf in deb and rpm scripts. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-11-10 14:45:16 +01:00
Federico Di Pierro
5555584230 wip 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-11-10 14:38:49 +01:00
Federico Di Pierro
3553087f0d chore(scripts): try to install kmod system wide. 
Then, we can always use `modprobe` to load it instead of `insmod`.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-11-10 11:29:46 +01:00
Federico Di Pierro
4bca6f7761 fix(scripts): fixed some debian issues by directly using systemctl tool. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-11-10 11:20:48 +01:00
Federico Di Pierro
bba5086078 new(scripts, cmake): added support for modern bpf probe. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-11-09 14:43:25 +01:00
Federico Di Pierro
db0dee51cf cleanup(scripts, cmake): fix switch in deb and rpm postinst scripts. 
Cleanup cmake cpackgenerator options.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-11-07 10:11:37 +01:00
Federico Di Pierro
9e8fa5b356 chore(scripts, cmake): add falco-plugin.service to install files. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-11-07 10:11:37 +01:00
Federico Di Pierro
3b9eff9a42 fix(scripts): by default, do not enable any driver. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-11-07 10:11:37 +01:00
Federico Di Pierro
f09d861d52 chore: make dontstart default dialog selection. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-11-07 10:11:37 +01:00
Federico Di Pierro
2311010dd7 fix(scripts): improve gcc skip logic. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-11-07 10:11:37 +01:00
Federico Di Pierro
a1defd3476 chore(scripts): add back a dontstart option. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-11-07 10:11:37 +01:00
Federico Di Pierro
173f4129c9 chore(scripts): added support for falco@plugin.target. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-11-07 10:11:37 +01:00
Federico Di Pierro
6829fe8f5f chore(scripts): renamed Don't Start to Plugin. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-11-07 10:11:37 +01:00
Federico Di Pierro
b47c2a270b chore(scripts): when running in non-interactive mode, do not enable neither start any driver. 
Eg: when building Falco docker image, and installing Falco package, we don't want it to build any driver.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-11-07 10:11:37 +01:00
Federico Di Pierro
46355038bb chore(scripts,cmake): dialog is an optional dep, do not list it among deps. 
Cleaned up unused vars in postinst scripts.
Finally, only show dialog window in interactive shells.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-11-07 10:11:37 +01:00
Federico Di Pierro
45914636f5 chore(cmake): dkms is actually needed by falco driver loader. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-11-07 10:11:37 +01:00
Federico Di Pierro
ea04955e2c cleanup(scripts): allow falco-driver-loader script to manage more gcc versions. 
AmazonLinux uses `gcc-$Vers`, like gcc-10, but our regex prevented that to work.
Instead, rely on the fact that **real** gcc has some `--version` fixed output.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-11-07 10:11:37 +01:00
Federico Di Pierro
56ef24b4af new(scripts): allow rpm/deb users to decide at configure time which driver to use (kmod or ebpf). 
Manage it via a bash dialog interface.
Moreover, use falco-driver-loader instead of dkms to build bpf/kmod after package install.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-11-07 10:11:37 +01:00
Federico Di Pierro
48b39d39a1 new(scrips): improve systemd units for rpm and debian. 
Unify them; plus, rework systemd units to support eBPF too.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-11-07 10:11:37 +01:00
Federico Di Pierro
136eacc17f chore(scripts): when ENABLE_COMPILE is disabled, exit immediately if target distro could not be fetched. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2022-11-02 12:06:29 +01:00
Federico Di Pierro
c0c0246927 fix(scripts): force falco-driver-loader script to try to compile the driver anyway even on unsupported platforms. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-11-02 12:06:29 +01:00
Mark Stemm
acf5c4ce5f fix(engine): save syscall source only when processing events 
The optimization in https://github.com/falcosecurity/falco/pull/2210
had a bug when the engine uses multiple sources at the same
time--m_syscall_source is a pointer to an entry in the indexed vector
m_sources, but if add_source is called multiple times, the vector is
resized, which copies the structs but invalidates any pointer to the
vector entries.

So instead of caching m_syscall_source in add_source(), cache it in
process_events(). m_sources won't change once processing events starts.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-10-27 18:23:25 +02:00
Yarden Shoham
4a4fa2592b fix(plugins): trim whitespace in open_params 
`open_params` is read from the falco YAML configuration file and parsed using Go's URL.

For example:
c349be6e84/plugins/k8saudit/pkg/k8saudit/source.go (L41-L42)

Go's URL parser does not handle whitespace, so if a user defines the `open_params` in the falco configuration file as follows

```yaml
open_params: >
/file/path
```

the parser returns an error. To avoid this, we now trim this parameter so no whitespace will be left for Go's URL parser to error out on.

For reference see #2262.

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
 2022-10-21 19:12:58 +02:00
Federico Di Pierro
d0467de0a7 fix(ci): fixed version bucket for release jobs. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-10-21 11:19:19 +02:00
Jason Dellaluce
c1be1496d3 update(CHANGELOG.md): change release date 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-10-19 10:52:57 +02:00
Jason Dellaluce
fa1a5d58e6 update(changelog.md): add entry for Falco 0.33.0 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-10-19 10:52:57 +02:00
Andrea Terzolo
62abefddf6 chore: bump libs version 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-10-14 15:30:52 +02:00
Andrea Terzolo
784fa8b374 chore: bump plugin version 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-10-14 14:32:22 +02:00
Jason Dellaluce
10fe9fd84b fix(userspace/falco): avoid using CPU when main thread waits for parallel event sources 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-10-14 13:12:22 +02:00
Jason Dellaluce
3d7677ce5b update(userspace/falco): create struct for sync parallel event sources parallelization 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-10-14 13:12:22 +02:00
Jason Dellaluce
0fd765f7c3 new(userspace/falco): add simple semaphre implementation 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-10-14 13:12:22 +02:00
Jason Dellaluce
cca90b2f80 update(userspace/falco): move on from deprecated libs API for printing event list 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-10-13 17:00:18 +02:00
Jason Dellaluce
6c873418ce chore(userspace/falco): improve the CLI options helper 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-10-13 15:39:18 +02:00
Jason Dellaluce
f12531a153 chore(userspace/falco): log cli options with debug level 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-10-13 15:39:18 +02:00
Andrea Terzolo
d5e3085b54 chore: bump to latest libs commit 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-10-12 18:47:15 +02:00
Andrea Terzolo
90d6d9080a fix: inject kmod script 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-10-12 16:40:21 +02:00
Jason Dellaluce
7d28637f44 fix(test): fix regresstion test 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-10-12 14:03:20 +02:00
Jason Dellaluce
9d8f130f47 fix(userspace/falco): make sure validation summary is populated even when json output is requested 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-10-12 14:03:20 +02:00
Jason Dellaluce
9ee0298c4d fix(userspace/engine): avoid macro/list used checks if we encounter an error 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-10-12 14:03:20 +02:00
Jason Dellaluce
7da30ca661 chore(userspace/falco): make logging optional when terminating, restarting, and reopening outputs 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-10-12 13:14:20 +02:00
Andrea Terzolo
12d709b8b1 chore: bump libs version 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-10-12 12:36:21 +02:00
Jason Dellaluce
57b26530b6 update(userspace) fix cppcheck warnings 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-10-12 12:07:20 +02:00
Jason Dellaluce
3629c4dc4a update(userspace): solve cppcheck performance suggestions 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-10-12 12:07:20 +02:00
Jason Dellaluce
5e531870a9 fix(userspace/engine): fix unit test segfault 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-10-12 11:17:20 +02:00
Jason Dellaluce
c2dc0a7259 test(engine): fix unit tests 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-10-12 11:17:20 +02:00
Jason Dellaluce
f684e144be chore(userspace/falco): polish ignored event warning message 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-10-12 11:17:20 +02:00
Jason Dellaluce
a4218a4b4f fix(userspace/falco): print right list in ignored events warning 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-10-12 11:17:20 +02:00
Jason Dellaluce
48fbe0801d fix(userspace/falco): print right list of ignored events when in simple cons mode 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-10-12 11:17:20 +02:00