github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-07 19:59:25 +00:00
Code Issues Projects Releases Wiki Activity
2,104 Commits 118 Branches 173 Tags 104 MiB
6e36afdba3
Commit Graph

2104 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Leonardo Di Donato
abfd6d8a1a update(userspace/falco): reorganize grpc server 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
5d0266a09e new(userspace/falco): grpc context and stream context 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
e394bcf119 update(userspace/falco): mvoing proto enum defs outside 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Lorenzo Fontana
89e23164fa new(userspace/falco): initial grpc server implementation 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2019-09-25 16:43:32 +03:00
Lorenzo Fontana
f3fcc8a974 new(userspace/falco): falco output protocol definition 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2019-09-25 16:43:32 +03:00
Lorenzo Fontana
19bc0149bd build: setup grpc and proto for falco outputs 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
Co-Authored-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
toc-me[bot]
6f18b0de74 update(proposals): ToC for proposals/20190826-grpc-outputs.md 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Co-authored-by: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 14:37:46 +03:00
Leonardo Di Donato
47ab5bf39d update(proposals): address review comments and suggestions 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 14:37:46 +03:00
Leonardo Di Donato
510d215558 docs(proposals): grpc output design details 
Co-Authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 14:37:46 +03:00
Leonardo Di Donato
734d48204d docs(proposals): design details for the gRPC output 
Co-Authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 14:37:46 +03:00
Leonardo Di Donato
1ad75ad653 docs(proposals): proto3 definitions for grpc output proposal 
Co-Authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 14:37:46 +03:00
Leonardo Di Donato
1ee769a76c docs(proposals): gRPC outputs goals/non-goals 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 14:37:46 +03:00
LoganSteinberg
19f69f4f08 Fix typo 
Signed-off-by: Logan <ljsteinb@edu.uwaterloo.ca>
 2019-09-19 01:05:16 +02:00
Logan
04504ad6a6 Rebase, fix order 
Signed-off-by: Logan <ljsteinb@edu.uwaterloo.ca>
 2019-09-19 01:05:16 +02:00
Jonathan Pulsifer
b72989459d Adding Shopify to ADOPTERS.md 
Signed-off-by: Jonathan Pulsifer <jonathan.pulsifer@shopify.com>
 2019-09-17 00:44:19 +02:00
Michael Ducy
93a803fcda fix copy/paste 
Signed-off-by: Michael Ducy <michael@ducy.org>
 2019-09-16 10:12:22 +02:00
Michael Ducy
a0f7883a86 add ADOPTERS.md 
Signed-off-by: Michael Ducy <michael@ducy.org>
 2019-09-16 10:12:22 +02:00
Leonardo Di Donato
a019b54fe6 docs: specify labels that apply to each area 
If this work as intended PR will automatically get the area labels depending on the files he modified.
In case the user wants it can still apply other areas manually, by slash command, or editing the PR template during the opening of the PR.

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-16 10:11:25 +02:00
Leonardo Di Donato
6833d8a022 docs: update the PR template with better areas 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-16 10:11:25 +02:00
Sumit Kumar
34654fd753 fix(docker/stable): fix libgcc-6-dev dependencies 
added `libmpx2` to be install during `apt-get install` which is a dependency for `dpkg: libgcc-6-dev:amd64`
Signed-off-by: Sumit Kumar <sumitsaiwal@gmail.com>
 2019-09-15 10:29:41 +02:00
Leonardo Di Donato
531506e1f0 docs: update changelog 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-13 12:57:17 +02:00
Leonardo Di Donato
1789590d13 docs: markdown code of conduct 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-13 12:57:17 +02:00
Leonardo Di Donato
2adf258fa4 docs: markdown governance 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-13 12:57:17 +02:00
Mark Stemm
6e11e75c15 Pass the build dir along when running tests 
As of 0e1c436d14, the build directory is
an argument to run_regression_tests.sh. However, the build directory in
falco_tests.yaml is currently hard-coded to /build, with the build
variant influencing the subdirectory.

Clean this up so the entire build directory passed to
run_regression_tests.sh is passed to avocado and used for the build
directory.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2019-08-30 07:25:23 -07:00
Leonardo Di Donato
193f33cd40 fix: office hours are bi-weekly 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-08-21 17:28:30 +02:00
Leonardo Di Donato
14853597d3 docs: office hours zoom link 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
Co-authored-by: Lorenzo Fontana <lo@linux.com>
 2019-08-21 17:08:03 +02:00
Leonardo Di Donato
49c4ef5d8c feat(userspace): open the event source/s depending on the flags 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
Co-authored-by: Lorenzo Fonanta <lo@linux.com>
 2019-08-21 17:08:03 +02:00
Leonardo Di Donato
1eeb059e10 feat(userspace): can not disable both the event sources 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-08-21 17:08:03 +02:00
Leonardo Di Donato
870c17e31d feat: flag to disable sources (syscall, k8s_audit) 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-08-21 17:08:03 +02:00
Kris Nova
c713b89542 Adding OSS changes to README 
Signed-off-by: Kris Nova <kris@nivenly.com>
 2019-08-21 15:38:59 +02:00
Lorenzo Fontana
7d8e1dee9b fix(docker/local): fix build dependencies 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
 2019-08-21 14:45:37 +02:00
Lorenzo Fontana
39b51562ed fix(rules): modification of a file should trigger as if it was opened or created 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2019-08-20 09:45:08 +02:00
Lorenzo Fontana
f05d18a847 new: download all dependencies over https 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2019-08-17 17:36:43 +02:00
Guangming Wang
731e197108 cleanup: fix misspelled words in readme.md 
Signed-off-by: Guangming Wang <guangming.wang@daocloud.io>
 2019-08-16 18:13:42 +02:00
Lorenzo Fontana
e229cecbe1 fix(rules): make chmod rules enabled by default 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2019-08-16 10:23:28 +02:00
Lorenzo Fontana
3ea98b05dd fix(rules/Set Setuid or Setgid bit): use chmod syscalls instead of chmod command 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2019-08-16 10:23:28 +02:00
Lorenzo Fontana
7bc3fa165f new: add @kris-nova to owners 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2019-08-13 22:42:43 +02:00
Leonardo Di Donato
3a1ab88111 new: webserver unit test skeleton 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-08-13 15:48:06 +02:00
Leonardo Di Donato
2439e97da6 update(tests): setup unit tests for userspace/falco too 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-08-13 15:48:06 +02:00
Leonardo Di Donato
8c62ec5472 fix(usperspace): webserver must not fail with input that exceeds the expected ranges 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-08-13 15:48:06 +02:00
Leonardo Di Donato
c9cd6eebf7 update(userspace): falco webserver must catch json type errors (exceptions) 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-08-13 15:48:06 +02:00
Leonardo Di Donato
723bc1cabf fix(userspace): accessing a (json) object can throw exceptions because of wrong types 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-08-13 15:48:06 +02:00
Leonardo Di Donato
330d7ef2d7 fix: ignore build files generated by the regression tests 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-08-13 15:48:06 +02:00
kaizhe
1fc509d78b rule update: fine grained sending to mining domain 
Signed-off-by: kaizhe <derek0405@gmail.com>
 2019-08-12 17:37:01 +02:00
kaizhe
a7ee01103d rule update: add rules for crypto mining 
Signed-off-by: kaizhe <derek0405@gmail.com>
 2019-08-12 17:37:01 +02:00
Lorenzo Fontana
03fbf432f1 fix: make sure that when deleting shell history the system call is taken into account 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2019-08-07 15:38:22 +02:00
Mark Stemm
94d89eaea2 New tests for handling multi-doc files 
New automated tests for testing parsing of multiple-doc rules files:

 - invalid_{overwrite,append}_{macro,rule}_multiple_docs are just like
   the previous versions, but with the multiple files combined into a
   single multi-document file.

 - multiple_docs combines the rules file from multiple_rules

The expect the same results and output as the multiple-file versions.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2019-08-02 11:01:59 -07:00
Mark Stemm
76f64f5d79 Properly parse multi-document yaml files 
Properly parse multi-document yaml files e.g. blocks separated by
---. This is easily handled by lyaml itself--you just need to pass the
option all = true to yaml.load, and each document will be provided as a table.

This does break the table iteration a bit, so some more refactoring:

 - Create a load_state table that holds context like the current
 - document index, the required_engine_version, etc.
 - Pull out the parts that parse a single document to load_rules_doc(),
   which is given the table for a single document + load_state.
 - Simplify get_orig_yaml_obj to just provide a single row index and
 - return all rows from that point to the next blank line or line
   starting with '-'

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2019-08-02 11:01:59 -07:00
kaizhe
3dbd43749a rule update: add exception for write below rpm (#745) 
Signed-off-by: kaizhe <derek0405@gmail.com>
 2019-08-01 20:07:24 +02:00
Mark Stemm
2439873a96 Prepare for 0.17.0 
New changelog, bump version.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2019-07-31 14:05:12 -07:00