github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-10-22 12:27:10 +00:00
Code Issues Projects Releases Wiki Activity
777 Commits 124 Branches 178 Tags
6078d4bd43e4b42a9889c2ccf9abc324ea0e8a42
Commit Graph

5 Commits

Author SHA1 Message Date
Mark Stemm
30ebfd4bcc Switch port to 8181. 
Won't conflict with k8s api server port.
 2017-09-18 08:46:50 -07:00
Mark Stemm
646aed5b8b Explicitly spawn program via shell. 
So example continues to work.
 2017-06-14 15:26:17 -07:00
Mark Stemm
6356490b1c Misc demo improvements. 
Small changes to improve the use of falco_event_generator with falco:

 - In event_generator, some actions like exec_ls won't trigger
   notifications on their own. So exclude them from -a all.
 - For all actions, print details on what the action will do.
 - For actions that won't result in a falco notification in containers,
   note that in the output.
 - The short version of --once wasn't working, fix the getopt.
 - Explicitly saying -a all wasn't working, fix.
 - Don't rely on an external ruleset in the nodejs docker-compose
   demo--the built in rules are sufficient now.
 2017-02-01 14:51:18 -08:00
Mark Stemm
73e52e1e91 Don't run the spawned program in a shell. 
Instead, run it directly. This avoids false positives when running
non-bash commands and false negatives when trying to run a shell.
 2016-10-24 15:56:45 -07:00
Mark Stemm
4a941df787 Example showing running bash via a bad rest api. 
Simple docker-compose environment that starts a simple express server
with a poorly-designed /api/exec/<cmd> endpoint that executes arbitrary
commands, and uses falco to detect running bash.
 2016-07-07 15:35:11 -07:00