github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-26 06:42:08 +00:00
Code Issues Projects Releases Wiki Activity
3,115 Commits 121 Branches 172 Tags 104 MiB
2d8efee73e
Commit Graph

3115 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jason Dellaluce
2d8efee73e refactor(userspace/falco): improve design and docs of stats writer 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 12:48:18 +02:00
Jason Dellaluce
28ff6ad3bd refactor(userspace/falco): rename stats writer source files 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 12:48:18 +02:00
Jason Dellaluce
2f5461bed0 refactor(userspace/falco): use new stats writer in event processing action 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 12:48:18 +02:00
Jason Dellaluce
605dd2816d refactor(userspace/falco): re-implement stats writer 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 12:48:18 +02:00
Jason Dellaluce
c5442ccb41 new(userspace/falco): introduce new refactored stats writer class 
This new model uses an async worker and a concurrent queue to handle
stats writing. This ensures better performance, because the live event
processing loop will just need to do a push on the queue instead of writing
to a file (only when the timer triggers), and should be thread-safe by design.

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 12:48:18 +02:00
Jason Dellaluce
9646308651 update(test): use event source selection in plugins tests 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 12:47:18 +02:00
Jason Dellaluce
e15d9f6f51 update(test): use event source selection in k8s audit tests 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 12:47:18 +02:00
Jason Dellaluce
ce0dd918fb refactor(test): enable selecting event sources in regression test suite 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 12:47:18 +02:00
Jason Dellaluce
cc4ccc40d7 refactor(userspace/falco): implement complete event source selection 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
Co-authored-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-08-26 12:47:18 +02:00
Jason Dellaluce
0e2a053151 new(userspace/falco): add new cli option to selectively enable event sources 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 12:47:18 +02:00
Jason Dellaluce
97bf0338b9 refactor(userspace/falco): introduce standalone action for event source selection 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 12:47:18 +02:00
Melissa Kilby
6c12cc655e cleanup(rules): cleanup redundant use of always_true macros 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2022-08-26 11:40:18 +02:00
Melissa Kilby
7387fffcef cleanup(rules): cleanup rules disabled by default - 3 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2022-08-26 11:40:18 +02:00
Jason Dellaluce
34ca78786a refactor(userspace/falco): make signal handlers thread-safe 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 11:31:18 +02:00
Jason Dellaluce
f2aba88a6c refactor(userspace/falco): ensure falco outputs are non-blocking and define exiting condition 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 11:31:18 +02:00
Jason Dellaluce
bc765f1b7d chore(userspace/falco): log in signal handlers instead than in event processing loop 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 11:31:18 +02:00
Jason Dellaluce
c2a8efc329 chore(userspace/engine): fix typos 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 11:26:18 +02:00
Jason Dellaluce
978f192c38 chore(userspace/engine): fix codespell typos 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 11:26:18 +02:00
Jason Dellaluce
1120fb2564 doc(userspace/engine): define thread-safety guarantees of falco_engine::process_event 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 11:26:18 +02:00
Jason Dellaluce
1b8847c06b refactor(userspace/engine): make stats manager thread-safe for on_event method 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 11:26:18 +02:00
Jason Dellaluce
3839fdca1e update(userspace/falco): avoid using zlib in webserver 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 11:23:17 +02:00
Jason Dellaluce
f599fab439 update(falco.yaml): update default configuration and its comments 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 11:23:17 +02:00
Jason Dellaluce
2b7bcc87a7 update(userspace/falco): add configuration entry for webserver threadiness 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 11:23:17 +02:00
Jason Dellaluce
0eacd41cd5 refactor(userspace/falco): support zlib and custom threadiness in webserver 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 11:23:17 +02:00
Jason Dellaluce
d9b6473db2 refactor(userspace/engine): increase const coherence of falco engine 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 11:04:18 +02:00
Melissa Kilby
a6137e9475 update(rules): Directory traversal monitored file read - include failed open attempts w/ new macro open_file_failed 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2022-08-25 21:44:15 +02:00
Melissa Kilby
dd49038b0d cleanup(rules): Directory traversal monitored file read 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2022-08-25 21:44:15 +02:00
Melissa Kilby
6efc5b42f7 new(rules): Directory traversal monitored file read 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2022-08-25 21:44:15 +02:00
Jason Dellaluce
7d3dacc6d7 refactor(userspace/falco): cleanup actions order 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-25 17:02:15 +02:00
Jason Dellaluce
a9d185f5e1 refactor(userspace/falco): drop inspector dependency on print_plugin_info action 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-25 17:02:15 +02:00
Jason Dellaluce
bd26bc09c2 refactor(userspace/falco): drop inspector dependency on print_ignored_events action 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-25 17:02:15 +02:00
Jason Dellaluce
97e3209222 refactor(userspace/falco): drop inspector dependency on load_rule_files action 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-25 17:02:15 +02:00
Jason Dellaluce
6d30061576 refactor(userspace/falco): drop inspector dependency on list_plugins action 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-25 17:02:15 +02:00
Jason Dellaluce
2caadd1af5 refactor(userspace/falco): add action for printing syscall events 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-25 17:02:15 +02:00
Jason Dellaluce
b307853e39 update(userspace/falco): use move semantics in falco logger 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-25 17:00:15 +02:00
Leonardo Grasso
8e8491f280 update(test/output_files): add "hostname" to fixture 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2022-08-25 16:59:15 +02:00
Leonardo Grasso
3d61d3427e fix: correct env var name FALCO_HOSTNAME 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2022-08-25 16:59:15 +02:00
Leonardo Grasso
928e10f0ce fix(userspace/falco): print hostname when json formating is enabled 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2022-08-25 16:59:15 +02:00
Leonardo Grasso
34ad5c43fb update(userspace/engine): add support for hostname 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2022-08-25 16:59:15 +02:00
Jason Dellaluce
f7b662f936 update(cmake): bump libs and driver version to 6599e2efebce30a95f27739d655d53f0d5f686e4 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-25 16:32:15 +02:00
Jason Dellaluce
45bf4db077 fix(cmake/libs): enforce using bundled re2 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-25 16:32:15 +02:00
Jason Dellaluce
a8353307c7 update(cmake): bump libs and driver version to 2433c822e1c3ed55f6528c18a27373a677ce76af 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-25 16:32:15 +02:00
Jason Dellaluce
6db7353264 update(tests/engine): sync ast structs to new libs definitions 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-25 16:32:15 +02:00
Jason Dellaluce
d35dba30ed update(userspace/engine): sync ast structs to new libs definitions 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-25 16:32:15 +02:00
Ian Robertson
8872f256f6 Support multiple URLs for DRIVERS_REPO environment variable (comma separated) 
Signed-off-by: Ian Robertson <ian.robertson@wpengine.com>
 2022-08-24 18:25:10 +02:00
Ian Robertson
c40a216434 Identify DRIVER_VERSION and ARCH by storing in their proper directories 
Signed-off-by: Ian Robertson <ian.robertson@wpengine.com>
 2022-08-24 18:25:10 +02:00
Andrea Terzolo
3e3a380702 update(CI): do not check hidden files with codespell 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2022-08-23 16:29:05 +02:00
Andrea Terzolo
5e65e195ae fix(CI): codespell should ignore ro word 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-08-23 16:29:05 +02:00
Andrea Terzolo
02fce93d02 update(CI): remove release branches from the push event 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-23 15:55:05 +02:00
Andrea Terzolo
6051f2de81 update(CI): build Falco to run CodeQL Analysis 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-08-23 15:55:05 +02:00