falco

mirror of https://github.com/falcosecurity/falco.git synced 2025-06-25 22:32:07 +00:00

Author	SHA1	Message	Date
Melissa Kilby	6c12cc655e	cleanup(rules): cleanup redundant use of always_true macros Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2022-08-26 11:40:18 +02:00
Melissa Kilby	7387fffcef	cleanup(rules): cleanup rules disabled by default - 3 Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2022-08-26 11:40:18 +02:00
Jason Dellaluce	34ca78786a	refactor(userspace/falco): make signal handlers thread-safe Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-26 11:31:18 +02:00
Jason Dellaluce	f2aba88a6c	refactor(userspace/falco): ensure falco outputs are non-blocking and define exiting condition Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-26 11:31:18 +02:00
Jason Dellaluce	bc765f1b7d	chore(userspace/falco): log in signal handlers instead than in event processing loop Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-26 11:31:18 +02:00
Jason Dellaluce	c2a8efc329	chore(userspace/engine): fix typos Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-26 11:26:18 +02:00
Jason Dellaluce	978f192c38	chore(userspace/engine): fix codespell typos Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-26 11:26:18 +02:00
Jason Dellaluce	1120fb2564	doc(userspace/engine): define thread-safety guarantees of falco_engine::process_event Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-26 11:26:18 +02:00
Jason Dellaluce	1b8847c06b	refactor(userspace/engine): make stats manager thread-safe for on_event method Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-26 11:26:18 +02:00
Jason Dellaluce	3839fdca1e	update(userspace/falco): avoid using zlib in webserver Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-26 11:23:17 +02:00
Jason Dellaluce	f599fab439	update(falco.yaml): update default configuration and its comments Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-26 11:23:17 +02:00
Jason Dellaluce	2b7bcc87a7	update(userspace/falco): add configuration entry for webserver threadiness Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-26 11:23:17 +02:00
Jason Dellaluce	0eacd41cd5	refactor(userspace/falco): support zlib and custom threadiness in webserver Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-26 11:23:17 +02:00
Jason Dellaluce	d9b6473db2	refactor(userspace/engine): increase const coherence of falco engine Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-26 11:04:18 +02:00
Melissa Kilby	a6137e9475	update(rules): Directory traversal monitored file read - include failed open attempts w/ new macro open_file_failed Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2022-08-25 21:44:15 +02:00
Melissa Kilby	dd49038b0d	cleanup(rules): Directory traversal monitored file read Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2022-08-25 21:44:15 +02:00
Melissa Kilby	6efc5b42f7	new(rules): Directory traversal monitored file read Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2022-08-25 21:44:15 +02:00
Jason Dellaluce	7d3dacc6d7	refactor(userspace/falco): cleanup actions order Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-25 17:02:15 +02:00
Jason Dellaluce	a9d185f5e1	refactor(userspace/falco): drop inspector dependency on print_plugin_info action Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-25 17:02:15 +02:00
Jason Dellaluce	bd26bc09c2	refactor(userspace/falco): drop inspector dependency on print_ignored_events action Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-25 17:02:15 +02:00
Jason Dellaluce	97e3209222	refactor(userspace/falco): drop inspector dependency on load_rule_files action Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-25 17:02:15 +02:00
Jason Dellaluce	6d30061576	refactor(userspace/falco): drop inspector dependency on list_plugins action Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-25 17:02:15 +02:00
Jason Dellaluce	2caadd1af5	refactor(userspace/falco): add action for printing syscall events Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-25 17:02:15 +02:00
Jason Dellaluce	b307853e39	update(userspace/falco): use move semantics in falco logger Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-25 17:00:15 +02:00
Leonardo Grasso	8e8491f280	update(test/output_files): add "hostname" to fixture Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2022-08-25 16:59:15 +02:00
Leonardo Grasso	3d61d3427e	fix: correct env var name `FALCO_HOSTNAME` Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2022-08-25 16:59:15 +02:00
Leonardo Grasso	928e10f0ce	fix(userspace/falco): print `hostname` when json formating is enabled Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2022-08-25 16:59:15 +02:00
Leonardo Grasso	34ad5c43fb	update(userspace/engine): add support for hostname Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2022-08-25 16:59:15 +02:00
Jason Dellaluce	f7b662f936	update(cmake): bump libs and driver version to 6599e2efebce30a95f27739d655d53f0d5f686e4 Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-25 16:32:15 +02:00
Jason Dellaluce	45bf4db077	fix(cmake/libs): enforce using bundled re2 Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-25 16:32:15 +02:00
Jason Dellaluce	a8353307c7	update(cmake): bump libs and driver version to 2433c822e1c3ed55f6528c18a27373a677ce76af Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-25 16:32:15 +02:00
Jason Dellaluce	6db7353264	update(tests/engine): sync ast structs to new libs definitions Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-25 16:32:15 +02:00
Jason Dellaluce	d35dba30ed	update(userspace/engine): sync ast structs to new libs definitions Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-25 16:32:15 +02:00
Ian Robertson	8872f256f6	Support multiple URLs for DRIVERS_REPO environment variable (comma separated) Signed-off-by: Ian Robertson <ian.robertson@wpengine.com>	2022-08-24 18:25:10 +02:00
Ian Robertson	c40a216434	Identify DRIVER_VERSION and ARCH by storing in their proper directories Signed-off-by: Ian Robertson <ian.robertson@wpengine.com>	2022-08-24 18:25:10 +02:00
Andrea Terzolo	3e3a380702	update(CI): do not check hidden files with codespell Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it> Co-authored-by: Leonardo Grasso <me@leonardograsso.com>	2022-08-23 16:29:05 +02:00
Andrea Terzolo	5e65e195ae	fix(CI): codespell should ignore `ro` word Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2022-08-23 16:29:05 +02:00
Andrea Terzolo	02fce93d02	update(CI): remove release branches from the `push` event Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it> Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-23 15:55:05 +02:00
Andrea Terzolo	6051f2de81	update(CI): build Falco to run CodeQL Analysis Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2022-08-23 15:55:05 +02:00
Andrea Terzolo	9359db904b	update(CI): remove `python` from languages we use python only in out tests Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2022-08-23 15:55:05 +02:00
Andrea Terzolo	4c3b797003	update(CI): remove codeQL `schedule` option Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2022-08-23 15:55:05 +02:00
Andrea Terzolo	8259a2cd5f	new(CI): add CodeQL security scanning to Falco. Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it> Co-authored-by: Chris Aniszczyk <caniszczyk@gmail.com>	2022-08-23 15:55:05 +02:00
Jason Dellaluce	e7502431a2	update(userspace/falco): move rate limiter out of falco outputs framework Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-23 15:52:05 +02:00
Jason Dellaluce	bec103de1a	docs(falco.yaml): improve rate limiter config docs Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-23 15:52:05 +02:00
Jason Dellaluce	6c74aa1a29	update(userspace/falco): enable per-event-source rate limiter Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-23 15:52:05 +02:00
Jason Dellaluce	af0b624a3a	fix(userspace/falco): set alert throttling config defaults Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-23 15:52:05 +02:00
Jason Dellaluce	8760f04bf2	refactor(userspace/falco): make output framework explicitly thread-safe Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-23 15:52:05 +02:00
Jason Dellaluce	88494d1412	update(falco.yaml): disable alert throttling by default Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-08-23 15:52:05 +02:00
Mark Stemm	8e61e46016	Add an "Ok, with warnings" overall status. In outputs it could be confusing to see a line: <filename>: Ok followed by a set of warnings. To differentiate this, add a top level status "Ok, with warnings" when rule loading was successful but had warnings. Signed-off-by: Mark Stemm <mark.stemm@gmail.com>	2022-08-19 11:55:43 +02:00
Mark Stemm	3c7b6e037a	Falco engine changes to support multiple files in rule load results The methods that throw exceptions from stringified results need to additionally pass a rules_contents_t struct. This also meant that they need to call the filename + content version of load_rules. To avoid some duplicate code between the two load_rules_file methods, move the work of opening the file into a private method read_file(). It can throw an exception, which is passed through for the void return method and caught + converted into a load_result error for the method that returns a load_result. Also, to avoid duplicate code between the void load_rules and load_rules_file methods, add a private method interpret_load_result() which throws an exception if the result has an error and prints warnings otherwise if verbose is true. Signed-off-by: Mark Stemm <mark.stemm@gmail.com>	2022-08-19 11:55:43 +02:00

1 2 3 4 5 ...

3104 Commits