falco

mirror of https://github.com/falcosecurity/falco.git synced 2025-06-25 22:32:07 +00:00

Author	SHA1	Message	Date
stephanmiehe	c782655a53	Fix rule linting Signed-off-by: Stephan Miehe <stephanmiehe@github.com>	2022-06-10 13:58:42 +02:00
Federico Di Pierro	ba6c86696f	fix(build): docker-container buildx engine does not support retagging images. Tag all images together. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2022-06-10 12:54:43 +02:00
Federico Di Pierro	9d2aba240d	fix(build): fixed publish-docker-dev job context. Signed-off-by: Federico Di Pierro <nierro92@gmail.com> Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-06-10 09:33:42 +02:00
Federico Di Pierro	b059e83dd2	fix(scripts): fixed publish-deb script with manual arch filter. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2022-06-09 17:52:40 +02:00
Federico Di Pierro	6a034c17e0	fix(scripts): forcefully create packages dir for debian packages. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2022-06-09 17:52:40 +02:00
Aldo Lacuku	e6f99a61c9	chore(falco): fix indentation Signed-off-by: Aldo Lacuku <aldo@lacuku.eu>	2022-06-09 12:50:39 +02:00
Aldo Lacuku	7b83943059	fix(falco): compilation issues with new libs version Signed-off-by: Aldo Lacuku <aldo@lacuku.eu>	2022-06-09 12:50:39 +02:00
Aldo Lacuku	2111699a96	chore(engine): bump falco engine version number to 13 Signed-off-by: Aldo Lacuku <aldo@lacuku.eu>	2022-06-09 12:50:39 +02:00
Aldo Lacuku	b6d0607716	chore(cmake): bump falco-security libs version to 075da069af359954122ed7b8a9fc98bc7bcf3116 Signed-off-by: Aldo Lacuku <aldo@lacuku.eu>	2022-06-09 12:50:39 +02:00
Federico Di Pierro	1c83a449bc	fix(build): removed leftover line in circleci config. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2022-06-09 12:11:39 +02:00
Federico Di Pierro	534f66e601	fix(build): fixed circleCI artifacts publish for arm64. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2022-06-09 10:51:39 +02:00
Federico Di Pierro	a98bf52345	update(docker): updated falco-builder to fix multiarch support. Signed-off-by: Federico Di Pierro <nierro92@gmail.com> Co-authored-by: Leonardo Grasso <me@leonardograsso.com>	2022-06-09 09:33:39 +02:00
Leonardo Grasso	aad70f3de2	fix(.circleci): correct command for build-arm64 Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2022-06-09 08:35:39 +02:00
odidev	4aa0fe1b95	ARM64 build Signed-off-by: odidev <odidev@puresoftware.com>	2022-06-09 08:35:39 +02:00
odidev	0ebc7cd969	ARM64 build Signed-off-by: odidev <odidev@puresoftware.com>	2022-06-09 08:35:39 +02:00
Federico Di Pierro	4f759b6b2b	fix(build): use apt instead of apk when installing deps for aws ecr publish. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2022-06-08 15:40:18 +02:00
Federico Di Pierro	ca677db651	update(build): avoid double build of docker images when pushing to aws ecr. Moreover, fixed subtle whitespace-bug in various buildx lines. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2022-06-08 12:58:17 +02:00
Federico Di Pierro	0a98e11428	fix(build): try to use root user for cimg/base. Moreover, fixed buildx usage. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2022-06-08 11:11:55 +02:00
Andrea Terzolo	7068e9958f	tests(k8s_audit_plugin): fix a k8s_audit_plugin test Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2022-06-07 16:07:53 +02:00
Andrea Terzolo	e5af3899f9	chore(k8s_audit_plugin): bump k8s_audit_plugin version Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2022-06-07 16:07:53 +02:00
Federico Di Pierro	3f29660258	update(scripts): ported publish-deb and publish-rpm scripts to be multi arch. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2022-06-07 11:02:54 +02:00
Federico Di Pierro	62794966b1	update(build): updated circle ci to properly use `docker buildx` to build multiplatform images. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2022-06-07 11:02:54 +02:00
Federico Di Pierro	984b94f734	new(docker,scripts): port all docker images to be multiarch ready. They can be pushed with `docker buildx` for various architectures. Moreover, updated falco-driver-loader to support multiple architectures. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2022-06-07 11:02:54 +02:00
Federico Di Pierro	f9b0568187	update(changelog): added 0.32.0 release notes. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2022-06-03 10:29:43 +02:00
Federico Di Pierro	13eb8d2d48	update(build): updated plugins to latest versions. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2022-06-01 14:50:38 +02:00
Aldo Lacuku	7a774f6b2e	chore(userpace/falco): do not print error code in process_events.cpp Signed-off-by: Aldo Lacuku <aldo@lacuku.eu>	2022-06-01 13:35:38 +02:00
Federico Di Pierro	3fef329d11	update(build): updated libs to 39ae7d40496793cf3d3e7890c9bbdc202263836b for Falco 0.32.0. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2022-05-31 18:12:09 +02:00
Andrea Terzolo	9392c0295a	fix(falco-scripts): remove driver versions with `dkms-3.0.3` Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2022-05-30 13:08:40 +02:00
Aldo Lacuku	765ef5daaf	chore(userspace/falco): fix punctuation typo in output message when loading plugins Signed-off-by: Aldo Lacuku <aldo@lacuku.eu>	2022-05-30 10:46:40 +02:00
Matan Monitz	9f163f3fe0	Update rules/falco_rules.yaml Co-authored-by: Leonardo Grasso <me@leonardograsso.com> Signed-off-by: Matan Monitz <mmonitz@gmail.com>	2022-05-28 10:13:30 +02:00
Matan Monitz	4c95c717d2	known_shell_spawn_cmdlines - lighttpd Signed-off-by: Matan Monitz <mmonitz@gmail.com>	2022-05-28 10:13:30 +02:00
beryxz	54a2f7bdaa	rule(macro net_miner_pool): additional syscall for detection Signed-off-by: beryxz <coppi.lore@gmail.com>	2022-05-28 09:29:30 +02:00
Federico Di Pierro	eb9a9c6e7d	update(build): updated libs to 1be924900a09cf2e4db4b4ae13d03d838959f350 Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2022-05-26 18:19:26 +02:00
Federico Di Pierro	75712caa9a	fix(test): dropped `file://` from k8s audit log tests. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2022-05-26 12:37:26 +02:00
Federico Di Pierro	db5f1bec3d	update(cmake): updated plugins. Moreover, add support for aarch64 plugins, even if Falco 0.32 won't be distributed with official arm64 support. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2022-05-26 12:37:26 +02:00
Federico Di Pierro	1d343c93f3	update(build): updated libs version for Falco 0.32.0 release. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2022-05-26 11:07:27 +02:00
Jason Dellaluce	3b462af58e	fix(userspace/falco): enable k8s and mesos clients only when syscall source is enabled Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-05-25 19:23:26 +02:00
Jason Dellaluce	09eae35f3a	refactor(userspace/falco): create action for initializing k8s and mesos clients (step 2) Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-05-25 19:23:26 +02:00
Jason Dellaluce	383b8f9660	refactor(userspace/falco): create action for initializing k8s and mesos clients Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-05-25 19:23:26 +02:00
Jason Dellaluce	13d70b65ae	update(userspace/engine): rename ruleset.h in filter_ruleset.h Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com> Co-authored-by: Leonardo Grasso <me@leonardograsso.com>	2022-05-25 09:16:45 +02:00
Jason Dellaluce	9fd10220a5	update(userspace/falco): sync falco with new engine definitions Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-05-25 09:16:45 +02:00
Jason Dellaluce	0abd7eaa28	refactor(userspace/engine): refactor engine interface and internals This updates the engine to comply and work properly with the newly-introduced interface design. Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-05-25 09:16:45 +02:00
Jason Dellaluce	5ddc8e20f4	test(userspace/engine): adapt test_rulesets to new definitions Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-05-25 09:16:45 +02:00
Jason Dellaluce	a1bdf95a0f	refactor(userspace/engine): improve ruleset interface definitions The filter_ruleset interface its implementation evt_type_index_ruleset have been modified as follows: - Only keep track of ruleset ids and not names. The falco engine will take care of mapping easy-to-remember ruleset names to ruleset ids. To emphasize this, use ruleset_id everywhere and not ruleset. Also, make it non-optional. - Have explicit separate functions to enable/disable rules, instead of a single enable() method combined with a boolean flag. This does not change the falco_engine interface, which has similar methods, to avoid breaking API changes. Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com> Co-authored-by: Mark Stemm <mark.stemm@gmail.com>	2022-05-25 09:16:45 +02:00
Jason Dellaluce	833fec8537	refactor(userspace/engine): leverage falco_rule def in stats manager Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-05-25 09:16:45 +02:00
Jason Dellaluce	50c2aa9c81	refactor(userspace/engine): update rule loader to use new filter_ruleset interface Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-05-25 09:16:45 +02:00
Jason Dellaluce	f41f51f736	refactor(userspace/engine): update falco engine to use new ruleset interface and have one ruleset for each source This also fixes a couple of bugs. With the current implementation, the multi-ruleset feature is broken with multiple sources. Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-05-25 09:16:45 +02:00
Jason Dellaluce	3af8d1c0d2	refactor(userspace/engine): adapt existing ruleset implementation to new filter_ruleset interface Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-05-25 09:16:45 +02:00
Jason Dellaluce	bbbdb311e0	refactor(userspace/engine): introduce interface for rulesets and their factory This interface will allow us to use different ruleset implementations inside the same engine. The goal is to define API boundaries that will allow swapping the current evttype-index ruleset implementation more easily. Key benefits include: smaller component with less responsibilities, easier substituibility, more testable design, opportunity to adopt different index strategies depending on the ruleset implementation. Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-05-25 09:16:45 +02:00
Andrea Terzolo	d860472987	update(userspace/falco): improve falco termination Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2022-05-24 18:35:18 +02:00

... 5 6 7 8 9 ...

3239 Commits