3019 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Mark Stemm	044a7c153e	Don't track event "tags" i.e. event types in rulesets ... Modify rulesets to not keep track of the event types for a given set filter. Instead, using the changes in https://github.com/falcosecurity/libs/pull/74 event types are returned directly by the filter. Within each ruleset, there's a vector that maps from event number to set of filters that are related to that event number. There's also a general set of filters for all event types. run() both indexes into the per-event vector as well as iterate over the all event types set. Also, used shared_ptr instead of direct pointers, which matches the updated interface used by lua_parser. This simplifies the bookkeeping a bit (no more delete when removing rulesets). Given these changes, there's no need for a separate falco_sinsp_ruleset class any longer, so remove it. Signed-off-by: Mark Stemm <mark.stemm@gmail.com>	2021-10-12 17:59:38 +02:00
Frederico Araujo	a0f7d7cf85	update(adopters.md): add falco libs users section ... Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>	2021-10-07 12:32:12 +02:00
Frederico Araujo	bb81133201	docs(changelog.md): update for release 0.30.0 ... Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>	2021-09-30 17:20:15 +02:00
Michele Zuccala	46d5266ac8	build(cmake): bump libs version to 3aa7a83 ... Signed-off-by: Michele Zuccala <michele@zuccala.com>	2021-09-29 19:50:14 +02:00
Leo Di Donato	3414ca5361	update(proposal): clarify that old drivers are not removed anymore ... Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2021-09-29 16:51:25 +02:00
Jason Dellaluce	0eb170cf5f	update(test): enhance test cases for tags in json outputs ... Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2021-09-28 12:44:27 +02:00
Jason Dellaluce	21fa6e9505	update(outputs): make tags configurable in json output ... Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2021-09-28 12:44:27 +02:00
Michele Zuccala	b82cbb1b59	build(cmake): bump libs version to 5727c45 ... Signed-off-by: Michele Zuccala <michele@zuccala.com>	2021-09-24 17:58:22 +02:00
Domenico Chirabino	d033868ab9	falso.service: set StandardOutput to null ... Signed-off-by: Domenico Chirabino <chirabino@protonmail.com>	2021-09-23 08:46:47 +02:00
Jason Dellaluce	7c98d0047c	update(outputs): fixing spacing issue ... Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2021-09-21 18:59:10 +02:00
Jason Dellaluce	c7d9b6ee7f	test(outputs): add source and tags to json output ... Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2021-09-21 18:59:10 +02:00
Jason Dellaluce	8273e57598	new(outputs): add source and tags to json output ... Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2021-09-21 18:59:10 +02:00
Jason Dellaluce	b0562242e8	test(grpc): Test tags on outputs service ... Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2021-09-21 18:59:10 +02:00
Jason Dellaluce	ca66b84e5a	new(grpc): Add tags to outputs service ... Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2021-09-21 18:59:10 +02:00
spartan	7c9ec9fc17	fix bugs ... Signed-off-by: Spartan-65 <liuyanchong@outlook.com>	2021-09-21 18:54:09 +02:00
Jason Dellaluce	9ea43c2663	update(test): check output order in output_strictly_contains ... Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2021-09-21 18:53:09 +02:00
Jason Dellaluce	4d55847bd4	fix(test): avoid output_strictly_contains failures ... Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2021-09-21 18:53:09 +02:00
Michele Zuccala	a684bec007	update(userspace/falco): throw logic errors on invalid config values for metadata download ... Signed-off-by: Michele Zuccala <michele@zuccala.com>	2021-09-20 16:56:15 +02:00
Michele Zuccala	812aa9b566	new(userspace/falco): add customizable metadata fetching params ... Signed-off-by: Michele Zuccala <michele@zuccala.com>	2021-09-20 16:56:15 +02:00
Tom Keyte	e0f8b81692	Remove duplicate allowed ecr registry rule ... Signed-off-by: Tom Keyte <tom.keyte@onsecurity.co.uk>	2021-09-17 11:12:54 +02:00
Alberto Pellitteri	874809351f	rules(list https_miner_domains): fix typo in the list ... Co-authored-by: darryk10 <stefano.chierici@sysdig.com> Signed-off-by: Alberto Pellitteri <albertopellitteri96@gmail.com>	2021-09-17 09:16:54 +02:00
Alberto Pellitteri	4527228ef8	rules(list https_miner_domains): add new miner domains ... Signed-off-by: Alberto Pellitteri <albertopellitteri96@gmail.com> Co-authored-by: darryk10 <stefano.chierici@sysdig.com>	2021-09-17 09:16:54 +02:00
Alberto Pellitteri	e684c95e23	rules(list miner_domains): add new miner domains ... Signed-off-by: Alberto Pellitteri <albertopellitteri96@gmail.com> Co-authored-by: darryk10 <stefano.chierici@sysdig.com>	2021-09-17 09:16:54 +02:00
Leonardo Grasso	2390ca447a	new: ability to filter by a node when fetching K8S metadata ... Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2021-09-16 15:33:41 +02:00
Leonardo Grasso	af0e6da375	build(cmake/modules): upgrade driver version to f7029e ... Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2021-09-16 15:33:41 +02:00
Michal Schott	84e7d3f18f	Switching from stable to old-stable (buster). ... Added libssl-dev package. Signed-off-by: Michal Schott <michal.schott@onegini.com>	2021-09-10 01:11:38 +02:00
Thomas Labarussias	2a8c0e8bb7	add Qonto as adopter ... Signed-off-by: Thomas Labarussias <issif+github@gadz.org>	2021-09-02 17:36:36 +02:00
Michele Zuccala	f28688551c	fix(build): adapt to new debian 11 package names ... Signed-off-by: Michele Zuccala <michele@zuccala.com>	2021-08-25 17:18:20 +02:00
Leonardo Grasso	b12d37a3b8	docs(RELEASE.md): switch to 3 releases per year ... Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2021-08-25 17:17:20 +02:00
Loris Degioanni	5e027c7fe2	Proposal for a libs plugin system ... Description of changes to falcosecurity/libs and /falco to support plugins to provide events and extract fields from events. Signed-off-by: Loris Degioanni <loris@sysdig.com> Co-authored-by: Leonardo Di Donato <leodidonato@gmail.com> Co-authored-by: Mark Stemm <mark.stemm@gmail.com> Co-authored-by: Leonardo Grasso <me@leonardograsso.com>	2021-08-24 17:52:19 +02:00
Leo Di Donato	efbe887d6e	docs: CHANGELOG for 0.29.1 cleanup ... Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2021-07-30 12:20:10 +02:00
Leonardo Grasso	7dcbeb1f44	build(.circleci): ncurses is not required anymore ... Since `libs` version 13ec67ebd23417273275296813066e07cb85bc91 Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2021-07-29 18:20:47 +02:00
Leonardo Grasso	93667f2d3e	build(docker/builder): ncurses-dev is not required anymore ... Since `libs` version 13ec67ebd23417273275296813066e07cb85bc91 Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2021-07-29 18:20:47 +02:00
Leonardo Di Donato	b5b1763d09	docs: CHANGELOG for Falco 0.29.1 changeset ... Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2021-06-30 16:14:26 +02:00
Leonardo Di Donato	d6690313a0	update(rules): bump the required engine version to version 9 ... Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2021-06-23 10:44:03 +02:00
Leonardo Di Donato	98ce88f7ef	chore(rules): imporve name of the list for userfaultfd exceptions ... Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2021-06-23 10:44:03 +02:00
Leonardo Di Donato	9ff8099501	update(userspace/engine): bump falco engine version ... Co-authored-by: Kaizhe Huang <derek0405@gmail.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2021-06-23 10:44:03 +02:00
Leonardo Di Donato	7db4778f55	update(rules): introducing list user_known_userfaultfd_activities to exclude processes known to use userfaultfd syscall ... Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2021-06-23 10:44:03 +02:00
Leonardo Di Donato	7f761ade4b	update(rules): introducing the macro consider_userfaultfd_activities to act as a gate ... Co-authored-by: Kaizhe Huang <derek0405@gmail.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2021-06-23 10:44:03 +02:00
Leonardo Di Donato	84257912e0	update(rules): tag rule as syscall ... Co-authored-by: Kaizhe Huang <derek0405@gmail.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2021-06-23 10:44:03 +02:00
Leonardo Di Donato	9bc942c654	new(rules): detect unprivileged (successful) userfaultfd syscalls ... Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2021-06-23 10:44:03 +02:00
Leonardo Di Donato	8216b435cb	update(rules): adding container info to the output of the Lryke detecting kernel module injections from containers ... Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2021-06-23 10:44:03 +02:00
maxgio	78f710c706	docs(release.md): update ... Signed-off-by: maxgio92 massimiliano.giovagnoli.1992@gmail.com Co-authored-by: Leo Di Donato <leodidonato@gmail.com>	2021-06-22 18:59:28 +02:00
maxgio	1dd97c1b6f	docs(release.md): update ... Signed-off-by: maxgio92 massimiliano.giovagnoli.1992@gmail.com Co-authored-by: Leo Di Donato <leodidonato@gmail.com>	2021-06-22 18:59:28 +02:00
maxgio92	3ef5716fa2	docs(release.md): document website snapshot for new minor versions ... Signed-off-by: maxgio92 <massimiliano.giovagnoli.1992@gmail.com>	2021-06-22 18:59:28 +02:00
maxgio92	64102078c7	docs(release.md): update gh release description template ... Signed-off-by: maxgio92 <massimiliano.giovagnoli.1992@gmail.com>	2021-06-22 18:59:28 +02:00
maxgio92	9703853da8	docs(changelog.md): add new non-user facing change ... Signed-off-by: maxgio92 <massimiliano.giovagnoli.1992@gmail.com>	2021-06-21 16:55:25 +02:00
maxgio92	96403fa275	docs(changelog.md): fix typo in rules change log ... Signed-off-by: maxgio92 <massimiliano.giovagnoli.1992@gmail.com>	2021-06-21 16:55:25 +02:00
Thomas Spear	acd5422b55	Fix link to CONTRIBUTING.md in the Pull Request Template ... Signed-off-by: Thomas Spear <tspear@conquestcyber.com>	2021-06-21 11:01:38 +02:00
maxgio92	099c79ddde	docs(changelog.md): add release 0.29.0 ... Signed-off-by: maxgio92 <massimiliano.giovagnoli.1992@gmail.com>	2021-06-17 17:43:54 +02:00