github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-30 08:32:12 +00:00
Code Issues Projects Releases Wiki Activity
201 Commits 121 Branches 172 Tags 104 MiB
1703d048c3
Commit Graph

201 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Henri DF
1703d048c3 Add libyaml (c lib) and lyaml (lua bindings) to build 2016-05-06 03:36:59 +00:00
Henri DF
a9f9454d26 Remove unneeded include dir 2016-05-06 03:36:59 +00:00
Henri DF
e3adaf2a5a Convert rules file to yaml format 2016-05-06 03:36:59 +00:00
Mark Stemm
0914651d1d Merge pull request #37 from draios/remaining-digwatch-falco-renames 
Remove remaining digwatch references (really).
 2016-05-04 18:34:10 -07:00
Mark Stemm
ba80367116 Remove remaining digwatch references (really). 
Try harder looking for remaining digwatch references, replacing with
falco.
 2016-05-04 15:44:11 -07:00
Mark Stemm
bd7b9880ee Merge pull request #36 from draios/readme-build-additions 
Changes related to use of kernel module.
 2016-05-04 13:07:32 -07:00
Mark Stemm
dfa6da47a3 Update README to always use local kernel module. 
Instead of suggesting using a kernel module from an installed version of
sysdig, always recommend unloading any existing module and using the
locally built one.
 2016-05-03 15:45:28 -07:00
Mark Stemm
345452836b Changes related to use of kernel module. 
While building falco from source, I found a couple of problems related
to use of kernel modules:

1. The falco build needs driver_config.h from the sysdig repo, but it
isn't created by default.

[ 50%] Building C object userspace/libscap/CMakeFiles/scap.dir/scap.c.o
/mnt/sf_stemm/work/src/sysdig/userspace/libscap/scap.c:34:40: fatal error: ../../driver/driver_config.h: No such file or directory
compilation terminated.c

Fixed by adding ${SYSDIG_DIR}/driver to CMakeLists.txt. I did notice
that after doing this the object files were in the sysdig/driver
directory, but I don't think this is related to the Makefiles/CMakeFiles
in the sysdig/driver directory?

2. Falco needs the sysdig kernel module, but it may not be loaded if no
other sysdig is installed.

Added notes to the README that discuss loading the kernel module by hand
if no binary sysdig is installed.
 2016-05-02 22:46:22 -07:00
Mark Stemm
7040d018c4 Merge pull request #35 from draios/remove-digiwatch-refs 
Remove remaining Digwatch references.
 2016-05-02 12:09:31 -07:00
Mark Stemm
738f555bae Remove remaining Digwatch references. 
Remove remaining Digwatch references I noticed while getting up to
speed.
 2016-05-02 11:32:33 -07:00
Henri DF
9729058b9b Update README.md 2016-05-02 10:59:31 -07:00
Henri DF
14c1e30c24 Simple script to list ignored syscalls 2016-05-01 23:35:30 +00:00
Henri DF
c7648e01ee Merge pull request #34 from draios/falco-digwatch-renaming 
More falco->digwatch renaming
 2016-05-01 16:19:30 -07:00
Henri DF
bde9631cd4 More falco->digwatch renaming 2016-05-01 23:13:28 +00:00
Henri DF
c702713107 Add discarded syscalls to README 2016-05-01 09:14:43 -07:00
Henri DF
244ebad1da Merge pull request #33 from draios/falco-digwatch-renaming 
More falco->digwatch renaming
 2016-05-01 09:10:08 -07:00
Henri DF
5052039ee1 More falco->digwatch renaming 2016-05-01 16:09:49 +00:00
Henri DF
81e51d13e7 Update README.md 2016-04-28 17:06:57 -07:00
Henri DF
657573d3a9 Merge pull request #31 from draios/discard-by-type 
Drop high-volume events
 2016-04-28 15:36:33 -07:00
Henri DF
e207bc5f3a Drop high-volume events 2016-04-28 20:58:28 +00:00
Henri DF
8252b9decb Update README.md 2016-04-27 22:10:35 -07:00
Henri DF
edb112f167 Merge pull request #32 from draios/rename-falco 
Name change!
 2016-04-27 20:28:52 -07:00
Henri DF
abe6220651 Renaming 2016-04-28 03:28:19 +00:00
Henri DF
8b5fcf866a Merge pull request #30 from draios/logging 
Logging
 2016-04-22 16:01:37 -07:00
Henri DF
6d72619968 rename digwatch_syslog -> digwatch_logger 2016-04-22 16:01:00 -07:00
Henri DF
4c64295adc Digwatch logging 
Log digwatch messages to syslog and/or stderr
 2016-04-22 15:56:18 -07:00
Henri DF
5413935f15 Small tweak to usage message 2016-04-22 15:33:43 -07:00
Henri DF
fad88ee4b7 Remove signal handling 
Not currently serving any purpose
 2016-04-22 14:59:58 -07:00
Henri DF
6b2ef3088c Merge pull request #29 from draios/install-digwat 
Add install-digwatch script template
 2016-04-21 16:36:15 -07:00
Henri DF
1baedc156f Add install-digwatch script template 2016-04-21 16:33:17 -07:00
Henri DF
d59e66da86 Merge pull request #28 from draios/json-output 
Add support for json-formatted output
 2016-04-21 16:31:53 -07:00
Henri DF
45f8096dd3 Add support for json-formatted output 2016-04-21 16:30:51 -07:00
Henri DF
f837dfc78c Change s3 URL https->http for Jenkins 2016-04-21 23:17:00 +00:00
Henri DF
fc5b51774a Update README.md 2016-04-12 21:57:10 -07:00
Henri DF
8ad7679f7f Remove priority_level from yaml file 
It is not currently used for anything, will revert when that time comes.
 2016-04-12 21:49:54 -07:00
Henri DF
f2e9504bb1 Merge pull request #27 from draios/package-tweaks 
Packaging and configuration
 2016-04-12 21:37:12 -07:00
Henri DF
b14ae8ac11 Add digwatch.yaml to packages 2016-04-12 21:35:39 -07:00
Henri DF
6e008a2ff5 Improve error message when rules file not found 2016-04-13 03:43:31 +00:00
Henri DF
a529b11e0d Clean up usage message and choice of flags 2016-04-13 03:43:31 +00:00
Henri DF
86e2e17c33 Change rules file command-line setting 
Now is optional, and uses -u rather than passed as a positional arg.
 2016-04-13 03:43:31 +00:00
Henri DF
ef93844234 Rename digwatch.conf -> digwatch_rules.conf 2016-04-13 03:43:30 +00:00
Henri DF
357276b787 Fix opt def for scap input file 
(was 'R', should be 'r')
 2016-04-12 18:36:24 -07:00
Henri DF
b4bc2d52be rename infile -> scap_filename 2016-04-12 18:34:49 -07:00
Henri DF
d0e489b5c2 Remove unneccessary HAS_FILTERING conditional 2016-04-12 18:29:48 -07:00
Henri DF
859047c5f2 Merge pull request #26 from draios/file-output 
File output
 2016-04-12 18:20:31 -07:00
Henri DF
89b1a55d9e Add file output 2016-04-13 01:19:27 +00:00
Henri DF
b2698f9d20 Set up outputs listed in configuration object 2016-04-13 01:19:21 +00:00
Henri DF
179e5519ce Small refactoring of output config 
This is a step towards being able to support multiple outputs of
different types (including file outputs which require their own config).
 2016-04-12 23:21:14 +00:00
Henri DF
4eef8c9647 Merge pull request #25 from draios/configuration 
Configuration
 2016-04-12 16:15:30 -07:00
Henri DF
42de0507fa search for yaml config file 
In order:
1) cmdline opt
2) in-tree path
3) /etc/digwatch.yaml
 2016-04-12 23:14:44 +00:00