falco

mirror of https://github.com/falcosecurity/falco.git synced 2025-07-01 09:02:18 +00:00

Author	SHA1	Message	Date
kaizhe	f7ac7f34b7	rename rule Signed-off-by: kaizhe <derek0405@gmail.com>	2020-04-21 19:04:14 +02:00
kaizhe	a1145d9841	rule update: add a rule to detect reverse shell Signed-off-by: kaizhe <derek0405@gmail.com>	2020-04-21 19:04:14 +02:00
Leonardo Di Donato	b0f5e59fc5	docs: changelog for 0.22.1 Co-authored-by: Lorenzo Fontana <lo@linux.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com> Signed-off-by: Lorenzo Fontana <lo@linux.com>	2020-04-17 14:26:35 +02:00
Leonardo Di Donato	9f6833e1db	build: move packages scripts via CMake Co-authored-by: Lorenzo Fontana <lo@linux.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2020-04-17 13:30:52 +02:00
Leonardo Di Donato	24d04e6125	fix(scripts/debian): refinements to the scripts for DEB package Co-authored-by: Lorenzo Fontana <lo@linux.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2020-04-17 13:30:52 +02:00
Leonardo Di Donato	81e56067f8	fix(scripts/rpm): obtain the driver version (now different from the Falco version) Co-authored-by: Lorenzo Fontana <lo@linux.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2020-04-17 13:30:52 +02:00
Leonardo Grasso	c241f131b8	docs: CHANGELOG for 0.22.0 Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2020-04-17 10:56:48 +02:00
Jean-Philippe Lachance	ad4b8d4b9c	fix(falco-cluster-role): Add missing privileges for the apps Kubernetes API group Fixes #1064 Signed-off-by: Jean-Philippe Lachance <jplachance@coveo.com>	2020-04-16 13:18:56 +02:00
Massimiliano	4d1820311e	improvement(rbac): remove 1.17 deprecated rbac api group replace rbac.authorization.k8s.io/v1beta1 with rbac.authorization.k8s.io/v1 as for the changelog Signed-off-by: maxgio92 <massimiliano.giovagnoli.1992@gmail.com>	2020-04-16 12:50:35 +02:00
Massimiliano	aa34e16d96	improvement(deployment): remove 1.16 deprecated deployment api group version replace extension/v1beta1 with 1.16-supported apps/v1 version as for release announcement BREAKING CHANGE: spec.rollbackTo is removed, spec.selector is now required and immutable after creation, spec.progressDeadlineSeconds now defaults to 600 seconds, spec.revisionHistoryLimit now defaults to 10, maxSurge and maxUnavailable now default to 25% issue #1043 Signed-off-by: maxgio92 <massimiliano.giovagnoli.1992@gmail.com>	2020-04-16 12:50:35 +02:00
Massimiliano	4b449dde75	feat: support k8s 1.17 when deployed as DaemonSet update API resource version and remove deprecated one. Signed-off-by: maxgio92 <massimiliano.giovagnoli.1992@gmail.com>	2020-04-16 12:50:35 +02:00
Massimiliano	f515ffc439	feat: support k8s 1.16 when deployed as DaemonSet update API resource version and remove deprecated one. Signed-off-by: maxgio92 <massimiliano.giovagnoli.1992@gmail.com>	2020-04-16 12:50:35 +02:00
Leonardo Di Donato	6c0e5297fa	fix(integrations/k8s-using-daemonset): --cri flag correct socket path The libsinsp cri interface prepends (at runtime) the `HOST_ROOT` prefix. Thus, even if the CRI socket has been mounted on `/host/var/run/containerd/containerd.sock`, the correct `--cri` flag value is `/var/run/containerd/containerd.sock`. Co-authored-by: Lorenzo Fontana <lo@linux.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2020-04-16 12:47:26 +02:00
Nicolas Marier	91a0b510fa	rule(macro user_expected_system_procs_network_activity_conditions): create the macro It's useful to ignore some system binaries that use the network under certain conditions, so this should be overridable by the user. Signed-off-by: Nicolas Marier <nmarier@coveo.com>	2020-04-14 13:22:09 +02:00
Nicolas Marier	76062b93ab	rule(list known_system_procs_network_activity_binaries): add a list of known procs for convenience This makes it more convenient to add more allowed procs and many other rules have a similar mechanism to whitelist certain processes. Signed-off-by: Nicolas Marier <nmarier@coveo.com>	2020-04-14 13:22:09 +02:00
Vicente Herrera	9fd08ce3e4	Introduce missing allowed_full_admin_users macro so its corresponding rule is disabled by default Signed-off-by: Vicente Herrera <vicenteherrera@vicenteherrera.com>	2020-04-14 13:19:14 +02:00
Vicente Herrera	3ce11f093f	Removed default K3s admin user from list, clarified comments Signed-off-by: Vicente Herrera <vicenteherrera@vicenteherrera.com>	2020-04-14 13:19:14 +02:00
Vicente Herrera	e7b3d7a7e0	Added four new rules, to detect k8s operation by an administrator, nodes successfully joining the cluster, nodes unsuccessfully attempt to join, creation ingress without TLS certificate Signed-off-by: Vicente Herrera <vicenteherrera@vicenteherrera.com>	2020-04-14 13:19:14 +02:00
Vicente Herrera	2c2d126a54	Added two new rules to detect traffic to image outside local subnet and detect traffic that is not to authorized server process and port Signed-off-by: Vicente Herrera <vicenteherrera@vicenteherrera.com>	2020-04-14 13:19:14 +02:00
Bob Aman	ffa137fc7c	rule(Delete Bash History): Fix typo in tags Signed-off-by: Bob Aman <bob@sporkmonger.com>	2020-04-14 12:54:02 +02:00
Bob Aman	534a642074	rule(Delete or rename shell history): Fix typo in tags Signed-off-by: Bob Aman <bob@sporkmonger.com>	2020-04-14 12:54:02 +02:00
Leonardo Di Donato	fd572f4bd2	update(cmake/modules): driver version bump to a259b4bf49c3 Co-authored-by: Lorenzo Fontana <lo@linux.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2020-04-10 18:04:54 +02:00
kaizhe	1548ccbc4f	rule(Write below root): use pmatch to check against known root directories Signed-off-by: kaizhe <derek0405@gmail.com>	2020-04-09 12:32:30 +02:00
Lorenzo Fontana	a0c189b730	fix: HOST_ROOT environment variable detection The HOST_ROOT environment variable was incorrectly detected when deploying Falco inside a container. Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com> Signed-off-by: Lorenzo Fontana <lo@linux.com>	2020-04-08 19:14:44 +02:00
Lorenzo Fontana	37476aabed	fix(driver/bpf): exact check on bpf_probe_read_str() return value Bump version of the driver to (commit: cd3d10123eef161d9f4e237581c1056fca29c130) that fixes #896 Summary of the needed fix can be found at patch [0] [0] https://patch-diff.githubusercontent.com/raw/draios/sysdig/pull/1612.patch Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com> Signed-off-by: Lorenzo Fontana <lo@linux.com>	2020-04-08 19:13:14 +02:00
Leonardo Di Donato	39a27e0a09	docs: badges links to bintray repos now Co-authored-by: Lorenzo Fontana <lo@linux.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2020-04-08 19:11:44 +02:00
Leonardo Di Donato	11843948e8	docs(README): versions section Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2020-04-08 19:11:44 +02:00
Leonardo Grasso	35691b0e05	update(docker): update README.md Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2020-04-01 11:49:59 +02:00
Leonardo Grasso	ea0f78c2c2	chore(docker): remove kernel/linuxkit and kernel/probeloader images Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2020-04-01 11:49:59 +02:00
Leonardo Grasso	61e859745d	chore(docker): remove RHEL-base image Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2020-04-01 11:49:59 +02:00
kaizhe	6834649fa5	rule(Service Account Created in Kube Namespace): only detect sa created in kube namespace with success Signed-off-by: kaizhe <derek0405@gmail.com>	2020-03-27 13:02:57 +01:00
danmx	4df5fe83be	update(cmake): using sha256 instead of md5 Signed-off-by: danmx <daniel@iziourov.info>	2020-03-27 00:34:54 +01:00
kaizhe	e1cb2e9bb0	rule(Detect outbound connections to common miner pool ports): whitelist sysdig/agent and falcosecurity/falco for query miner domain dns Signed-off-by: kaizhe <derek0405@gmail.com>	2020-03-27 00:33:24 +01:00
Leonardo Di Donato	09b87b9a3d	fix(test): use .falco dir Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2020-03-23 18:50:06 +01:00
Lorenzo Fontana	a9658d446f	fix(test): urrlib from python 2 to 3 Signed-off-by: Lorenzo Fontana <lo@linux.com>	2020-03-23 18:50:06 +01:00
Leonardo Di Donato	fbcdb57cea	update(docker): entrypoints to call falco-driver-loader now Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2020-03-23 18:50:06 +01:00
Leonardo Di Donato	b3998a6b44	build(scripts): insert versions into falco-driver-version and install it Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2020-03-23 18:50:06 +01:00
Leonardo Di Donato	b39f322994	fix(scripts): falco-probe-loader becomes falco-driver-loader and distinghuishes driver version from falco version Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2020-03-23 18:50:06 +01:00
Leonardo Di Donato	c1d840d471	update(test): account only for falco version in tests, not driver version Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2020-03-23 18:50:06 +01:00
Leonardo Di Donato	d3a215a2db	new(userspace/falco): return also driver version from --version flag Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2020-03-23 18:50:06 +01:00
Leonardo Di Donato	3934f19f3d	build: cmake var to store the URL where to lookup for prebuilt drivers Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2020-03-23 18:50:06 +01:00
Leonardo Di Donato	7f9d3ca422	fix(.circleci): ensure stable docker images (packages built from tag) have exact FALCO_VERSION env variable This avoids `FALCO_VERSION` variable to be equal to `latest` while `falco --version` correctly returns 0.21.0 Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2020-03-23 18:50:06 +01:00
Leonardo Di Donato	c1c9ba56ac	fix(.circleci): ensure docker images (packages built from master) have correct FALCO_VERSION env variable Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2020-03-23 18:50:06 +01:00
Leonardo Di Donato	7b44aafc6a	ci: avoid stable releases to be published to *-dev repositories too Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2020-03-19 10:36:36 -07:00
Leonardo Di Donato	a56803e3c7	ci: override package update It may been necessary to override a Falco version package update since the release process stopped for causes not depending on itself. Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2020-03-19 10:36:36 -07:00
Leonardo Di Donato	ce5bc89698	ci: upsert versions on git tag (release) It can happen that bintray API is unresponsibe. In this case, we may need to re-run the CI job manually and be able to not be blocked by already created versions for the a given git tag. Same for _developmen_ releases (from master). Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2020-03-19 10:36:36 -07:00
Lorenzo Fontana	ea46adfbc8	new(userspace/falco): add --disable-cri-async flag Signed-off-by: Lorenzo Fontana <lo@linux.com>	2020-03-18 16:23:19 +01:00
Lorenzo Fontana	c5674c9001	build: fix tbb dependency rename Signed-off-by: Lorenzo Fontana <lo@linux.com>	2020-03-18 04:07:47 -07:00
Kris Nova	1cbe0b27bb	docs(readme): adding new release archive Signed-off-by: Kris Nova <kris@nivenly.com>	2020-03-17 21:48:31 +01:00
Lorenzo Fontana	9db36822e7	update(docker/tester): python 3 support for regression tests Signed-off-by: Lorenzo Fontana <lo@linux.com>	2020-03-17 21:24:31 +01:00

1 2 3 4 5 ...

1841 Commits