falco

mirror of https://github.com/falcosecurity/falco.git synced 2026-03-18 18:58:41 +00:00

Author	SHA1	Message	Date
Leonardo Grasso	c4f601e236	update(userspace/falco): better help message for `--pidfile` Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2023-08-21 11:12:28 +02:00
Lorenzo Susini	4e6149e5da	update(userspace/engine): make rule_matching strategy stateless in falco engine Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-08-11 10:11:46 +02:00
Lorenzo Susini	6e50d2ad83	update: directly return match_found variable Co-authored-by: Andrea Terzolo <andrea.terzolo@polito.it> Signed-off-by: Lorenzo Susini <49318629+loresuso@users.noreply.github.com>	2023-08-09 13:36:39 +02:00
Lorenzo Susini	2660582198	update(userspace/engine): bump engine version to 22 Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-08-09 13:36:39 +02:00
Lorenzo Susini	6acd924c50	perf: avoid stack allocation and make use of switch to select behavior on rule matching strategy Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-08-09 13:36:39 +02:00
Lorenzo Susini	1705c0dab3	update(userspace/engine): allow the engine to match and handle multiple rules while processing events Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-08-09 13:36:39 +02:00
Lorenzo Susini	46e8f2c14b	update(userspace/falco): handle the new rule matching configuration key Added a set method for the rule matching strategy on the engine. This allows to modify the stategy at runtime withotu the need to rebuild an engine from scratch. Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-08-09 13:36:39 +02:00
Lorenzo Susini	c6abf6a133	update(falco.yaml): introduce rule_matching config key Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-08-09 13:36:39 +02:00
Andrea Terzolo	528a76a7fe	update(userspace/engine): bump engine version to 21 Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2023-08-08 14:10:36 +02:00
Jason Dellaluce	bc0fef15ca	update(userspace/engine): bump engine version to 20 Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-08-07 17:29:32 +02:00
Jason Dellaluce	23a0005b25	fix(ci): solve malformed worflow issues Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-08-04 16:03:22 +02:00
Jason Dellaluce	5790f0ff64	update: refine engine checksum docs and scoping Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-08-04 16:03:22 +02:00
Jason Dellaluce	803d131843	fix(userspce/engine): skip deprecated fields in --list -N option Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-08-04 16:03:22 +02:00
Jason Dellaluce	fafb7c4a72	cleanup(userspace/falco): remove lagacy fields checksum check Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-08-04 16:03:22 +02:00
Leonardo Grasso	784284c692	update(userspace/falco): improve cli flag description related to drivers Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2023-07-28 14:59:46 +02:00
Luca Guerra	02202620ff	update(falco): update libs to 0790cff Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-07-19 10:20:36 +02:00
Luca Guerra	88fb693595	update(falco): update libs to dc02e50 Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-07-11 16:23:02 +02:00
Jason Dellaluce	ba8e9af22d	chore(userspace/falco): fix misleading content Co-authored-by: Federico Di Pierro <nierro92@gmail.com> Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-06-22 17:14:55 +02:00
Jason Dellaluce	8f4b7324ad	chore: apply codespell suggestions Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-06-22 17:14:55 +02:00
Jason Dellaluce	8c5c672c9e	fix(userspace/falco/app): evt sources safety check issues in live mode Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-06-22 17:14:55 +02:00
Jason Dellaluce	9d29a3afb2	update(userspace/falco/app): check illegal source setup in live inspectors Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-06-22 17:14:55 +02:00
Jason Dellaluce	893a3c90da	update(userspace/falco/app): print loaded event sources Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-06-22 17:14:55 +02:00
Federico Di Pierro	f7e15ca282	chore(userspace): cleanup old code. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2023-06-22 10:08:55 +02:00
Federico Di Pierro	c0ea9b3618	fix(userspace): switch to `timer_settime` API in stats writer. It seems like `setitimer` is not correctly working when built from CI; perhaps a gcc/glibc bug? Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2023-06-22 10:08:55 +02:00
Jason Dellaluce	7c387069af	chore(userspace/falco): make source matching error more expressive Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-06-21 15:41:52 +02:00
Lorenzo Susini	0034d01a50	update(userspace): change description of snaplen option Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-06-12 14:45:09 +02:00
Daniel Wright	9097d2c359	fix: unquote quoted URL's to avoid libcurl errors This commit will unquote URL's allowing them to be supported by libcurl and eliminate any errors when a valid (quoted) URL is supplied by a user. Closes #2579 Signed-off-by: Daniel Wright danielwright@bitgo.com	2023-06-05 11:09:32 +02:00
Lorenzo Susini	9fda7dfb93	fix(userspace/engine): store alternatives as array in -L json output Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-31 16:16:31 +02:00
Melissa Kilby	aa8c13b4e4	cleanup(userspace): adjust stats n_drops_perc Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-05-31 15:48:32 +02:00
Melissa Kilby	efd0c7421e	cleanup(userspace,config): apply reviewers suggestions Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-05-31 15:48:32 +02:00
Melissa Kilby	e775fc6f5b	cleanup(userspace): improve metrics UX add send_numeric_zero_values config to allow users to save space when using metrics option, while still also allowing to send all keys (especially because we don't document the schema) Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-05-31 15:48:32 +02:00
Lorenzo Susini	79b9d0ff21	fix(userspace/engine): store required engine version as string in -L json output Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-30 12:09:30 +02:00
Lorenzo Susini	6e12b95dd2	update(userspace/engine): address jasondellaluce comments Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-30 10:45:30 +02:00
Lorenzo Susini	0bd609d5a4	update(userspace/falco): update description of -l and -L flags Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-30 10:45:30 +02:00
Lorenzo Susini	cfb96d0562	update(userspace/engine): adding required_engine_version, required_plugin_versions and exception names to -L output Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-30 10:45:30 +02:00
Lorenzo Susini	75f556e3b7	update(userspace/engine): add required_engine_version to rule collector Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-30 10:45:30 +02:00
Jason Dellaluce	1263c67ac6	chore: apply codespell suggestions Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-05-29 12:26:24 +02:00
Jason Dellaluce	a9ea18b99a	fix(userspace/falco): report plugin deps rules issues in any case Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-05-29 12:26:24 +02:00
Jason Dellaluce	b58a373835	chore(userspace/falco): always print invalid syscalls from custom set Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-05-25 14:14:11 +02:00
Roberto Scolaro	2dadb05af6	fix(userspace/falco/app/actions): hotreload on wrong metrics Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com> Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-05-25 14:09:10 +02:00
Andrea Terzolo	1098b6f7ca	cleanup: rename a file Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2023-05-25 10:23:10 +02:00
Andrea Terzolo	1a359f5806	fix: add a check on online CPUs Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2023-05-25 10:23:10 +02:00
Jason Dellaluce	0943456ffe	fix(userspace/falco): don't hang on terminating error when multi sourcing Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-05-24 19:12:06 +02:00
Jason Dellaluce	b40a6bc703	fix(userspace/falco): right boundary checks for strncat Co-authored-by: Federico Di Pierro <nierro92@gmail.com> Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-05-23 16:53:35 +02:00
Jason Dellaluce	75720534d7	fix(userspace/falco): solve escape issues in grpc output Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-05-23 16:53:35 +02:00
Jason Dellaluce	00acd17ba1	fix(userspace/faclco): output drop perc metric only if drops are present Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-05-23 16:53:35 +02:00
Jason Dellaluce	d550552fc1	fix(userspace/falco): properly format numeric values in metrics Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-05-23 16:53:35 +02:00
Melissa Kilby	eaa4354ddf	cleanup(userspace/falco): new consistent metrics output fields classes falco. and scap. * Ensure each metric field name more consistently adheres to the grammar used in Falco rules: * `falco.`: new field class representing userspace counters, statistics, resource utilization, or necessary information fields * `scap.`: new field class represents counters and statistics mostly obtained from Falco's kernel instrumentation before events are sent to userspace, but can include scap userspace stats as well * minor cleanup Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-05-23 09:58:34 +02:00
Melissa Kilby	8e0c89d3b4	cleanup(userspace/engine): prometheus compliant regex parsing for metrics interval Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-05-23 09:58:34 +02:00
Melissa Kilby	fcecde845d	cleanup(userspace): move parse_prometheus_interval to falco_utils Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-05-23 09:58:34 +02:00

1 2 3 4 5 ...

1199 Commits