github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-10-22 12:27:10 +00:00
Code Issues Projects Releases Wiki Activity
1,649 Commits 124 Branches 178 Tags
5cdca39ae61d3c153b02cfe00816d661f8b7c010
Commit Graph

112 Commits

Author SHA1 Message Date
Leonardo Di Donato
5cdca39ae6 update(docker/stable): use the falcosecurity deb repo 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-02-28 17:32:38 +01:00
Leonardo Di Donato
1ec2f2cea3 update(docker/minimal): download falco binary 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-02-28 17:32:38 +01:00
Leonardo Di Donato
dfdd9693fc update(docker): slim images to use falcosecurity new repo and new GPG key 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-02-28 17:32:38 +01:00
Leonardo Di Donato
8415576097 update(docker/rhel): using the new falcosecurity repo and falcosecurity GPG key 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-02-28 17:32:38 +01:00
Leonardo Di Donato
b59e4b6072 chore(docker,cmake,scripts): correct maintainers email 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-02-28 17:32:38 +01:00
Leonardo Di Donato
2a739364d6 fix(docker): fix symbolic linking for /usrc/src inside docker images entrypoint 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-02-26 10:02:24 +01:00
Adrián Arroyo Calle
bcfc1fc9ff fix: indentation 
Signed-off-by: Adrián Arroyo Calle <adrian.arroyocalle@gmail.com>
 2020-02-26 10:02:24 +01:00
Adrián Arroyo Calle
3eb634d49f fix: entrypoint now uses base path 
Signed-off-by: Adrián Arroyo Calle <adrian.arroyocalle@gmail.com>
 2020-02-26 10:02:24 +01:00
Kris Nova
9eeed5912b Updating falco:local 
- Using `debian:stable` for the local image as well

Signed-off-by: Kris Nova <kris@nivenly.com>
 2020-02-25 13:21:23 +01:00
Kris Nova
5c294bacc7 Fixing falco:stable image 
- Updating stable image to pull from `debian:stable`
 - Updating maintainer label in all Dockerfiles to include `LABEL maintainer="cncf-falco-dev@lists.cncf.io"`

Signed-off-by: Kris Nova <kris@nivenly.com>
 2020-02-25 13:21:23 +01:00
rajibmitra
d77080a8c2 update: changelog 0.20.0 
Signed-off-by: rajibmitra <fiorm.github@gmail.com>
 2020-02-24 11:05:15 +01:00
Leonardo Di Donato
a1d6a4762e fix(docker/minimal): libyaml 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-24 11:53:02 +01:00
Leonardo Di Donato
24549e163a update(docker): switch to 0.19.0 
Co-authored-by: Lorenzo Fontana <fontanalorenzo@me.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-23 15:32:47 +01:00
Leonardo Di Donato
f3dcacea5b fix(docker/tester): share rules and trace files with docker test runners 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-23 15:04:39 +01:00
Leonardo Di Donato
cf803759ef fix(docker/tester): falco-tester does not have to check for docker/local anymore 
Co-Authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-23 15:04:39 +01:00
Leonardo Di Donato
347b581d95 chore: cleanup docker test runners 
Co-Authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-23 15:04:39 +01:00
Lorenzo Fontana
c96248e4fc chore(integration): libyaml in tester docker file for deb packages 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-23 15:04:39 +01:00
Lorenzo Fontana
c7b8d6123a chore(integration): add dkms to docker test deb runner 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-23 15:04:39 +01:00
Lorenzo Fontana
46181a7336 update(integration): rpm tester docker image 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-23 15:04:39 +01:00
Lorenzo Fontana
6bd4c3a041 update(integration): falco tester entrypoint 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-23 15:04:39 +01:00
Lorenzo Fontana
6d737c1def new(integration): docker deb runner 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-23 15:04:39 +01:00
Leonardo Di Donato
12a86d33ef fix(docker/builder): add llvm toolset back to falco-builder 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-21 12:51:50 +01:00
Leonardo Di Donato
55364405aa chore(docker/builder): remove unneded layer 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-21 12:51:50 +01:00
Leonardo Di Donato
077fbea0a7 update(docker/builder): back to centos:7 as base image 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-21 12:51:50 +01:00
Leonardo Di Donato
182c07a31f update: force deps to always use the system openssl 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-20 13:59:24 +01:00
Leonardo Di Donato
77d23d2cc6 update(docker/tester): switch to fedora:31 
Co-Authored-By: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
521c3198bd build(docker/builder): vanilla CentOS 8 for the builder 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
56885f8810 build(docker/tester): remove openssl compat libraries 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Leonardo Di Donato
9a3c98d93b fix(docker/local): adding libyaml 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
d8c21ef837 build(docker/tester): rename prepare artifacts step 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
b8335b510d build: falco tester automatic version 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Leonardo Di Donato
eef9c8c8e1 update(docker/builder): having a sibling sysdig deps directory is no 
more needed

Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
50af72c393 build(docker/builder): adapt entrypoint to the new dependencies 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
f567172bff update(docker/builder): install build dependencies in builder 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Mark Stemm
09cdc857c1 Fix compile warnings 
Noticed these while compiling in the latest alpine image.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2020-01-15 09:35:28 +01:00
Mark Stemm
c3f7d15e26 Add k8s audit support to falco event generator 
Currently, the falco event generator only generates system call
activity. This adds support for k8s_audit events by adding a script +
supporting k8s object files that generate activity that matches the k8s
audit event ruleset.

The main script is k8s_event_generator.sh, which loops over the files in
the yaml subdirectory, running kubectl apply -f for each.

In the interests of keeping things self-contained, all objects are
created in a `falco-event-generator` namespace. This means that some
activity related with cluster roles/cluster role bindings is not
performed.

Each k8s object has annotations that note:

1. The specific falco rules that should trigger.
2. A user-friendly message to print when apply-ing the file.

You can provide a specific rule name to the script. If provided, only
those objects related to that rule will trigger. The default is "all",
meaning that all objects are created.

The script loops forever, deleting the falco-event-generator namespace
after each iteration.

Additionally, the docker image has been updated to also copy the script
+ supporting files, as well as fetching the latest available `kubectl`
binary. The entrypoint is now a script that allows choosing between:
 - syscall activity: run with .... "syscall"
 - k8s_audit activity: run with .... "k8s_audit"
 - spawn a shell: run with .... "bash"

The default is "syscall" to preserve existing behavior.

In most cases, you'll need to provide kube config
files/directories that allow access to your cluster. A
command like the following will work:

```
docker run -v $HOME/.kube:/root/.kube -it falcosecurity/falco-event-generator
k8s_audit
```

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2020-01-15 09:35:28 +01:00
Leonardo Di Donato
28fa4a72e8 docs(docker/builder): usage reports clang version too 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-12-13 13:04:23 +01:00
Leonardo Di Donato
ac4f089903 update(docker/builder): add llvm-toolset-7 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-12-13 13:04:23 +01:00
Leonardo Di Donato
a200d17581 chore: improving naming 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-11-14 10:00:36 -08:00
Leonardo Di Donato
514d8bacc3 update(docker): introduce SKIP_MODULE_LOAD env variable 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-11-14 10:00:36 -08:00
Leonardo Di Donato
3e9ebfb354 fix(docker): adapt dockerfiles to HOST_ROOT env var 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-11-14 10:00:36 -08:00
Leonardo Di Donato
3ce2056dc5 fix(docker): glob rather than ls in the docker entrypoints 
Plus, make them use HOST_ROOT env var, not SYSDIG_HOST_ROOT

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-11-14 10:00:36 -08:00
Yash Bhutwala
8c2a36ca00 fix the image name and tag for the linuxkit Dockerfile 
Signed-off-by: Yash Bhutwala <ymb002@bucknell.edu>
 2019-11-05 15:46:33 +01:00
Lorenzo Fontana
eae65475e0 docs(docker): version bump to 0.18.0 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2019-10-31 12:32:39 +01:00
Leonardo Di Donato
f71c4f0bfd update: refer to latest probeinstaller library in falcoctl/pkg 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-10-11 19:43:56 +02:00
Lorenzo Fontana
7dc62b3119 docs: reflect the changes to probeloader docker images 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2019-10-11 19:43:56 +02:00
Lorenzo Fontana
707cdb5184 chore(docker/minimal): fix typo and set 0.17.1 as base 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2019-10-11 19:43:56 +02:00
Lorenzo Fontana
3c30ad9d38 chore(docker/kernel/linuxkit): reformat dockerfile 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2019-10-11 19:43:56 +02:00
Lorenzo Fontana
0c6d21eca4 update: httploader now is named probeloader and uses the falcoctl 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2019-10-11 19:43:56 +02:00
Michael Ducy
b49ade5627 use COPY not ADD 
Signed-off-by: Michael Ducy <michael@ducy.org>
 2019-10-11 19:43:56 +02:00