github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-01 00:52:16 +00:00
Code Issues Projects Releases Wiki Activity
1,821 Commits 119 Branches 172 Tags 104 MiB
86b473e224
Commit Graph

1821 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Vaibhav
1c80c1f458 feat(userspace): Add more functions to banned.h. 
These include:
* vsprintf()
* sprintf()
* strcat()
* strncat()
* strncpy()
* swprintf()
* vswprintf()

This also changes `userspace/falco/logger.cpp` to remove a `sprintf`
statement. The statement did not affect the codebase in any form so
it was simply removed rather than being substituted.

Fixes #1035

Signed-off-by: Vaibhav <vrongmeal@gmail.com>
 2020-02-13 18:01:39 +01:00
Jean-Philippe Lachance
488e667f46 Add Coveo to the list of Falco adopters 
Signed-off-by: Jean-Philippe Lachance <jplachance@coveo.com>
 2020-02-07 11:47:06 +01:00
Leonardo Di Donato
253ff64d64 chore: stick with the error messages we have 
Because we can't easily change the integration test fixtures.

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-02-07 11:28:57 +01:00
Leonardo Di Donato
b3171dbae1 update(userspace/falco): use mutable proto fields where applicable 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-02-07 11:28:57 +01:00
Leonardo Di Donato
738d757b08 docs(userspace/falco): document gRPC errors and actions 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-02-07 11:28:57 +01:00
Leonardo Di Donato
5663d4d02b update(userspace/falco): major, minor, patch are digits, so use integers 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-02-07 11:28:57 +01:00
Leonardo Di Donato
2a9c9bdc53 update(cmake/modules): module to detect Falco version from the git index 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-02-07 11:28:57 +01:00
Leonardo Di Donato
ae2eb8de8e fix(userspace): ensure threadiness is gt 0 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-02-07 11:28:57 +01:00
Leonardo Di Donato
c7aff2d4cb new(userspace/falco): register version gRPC service 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-02-07 11:28:57 +01:00
Leonardo Di Donato
bc297bdc8f build: better way to extract falco commit hash (also extract ref) 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-02-07 11:28:57 +01:00
Leonardo Di Donato
2a91289ee4 update(userspace/falco): request context and request stream context templatize the service too now 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-02-07 11:28:57 +01:00
Leonardo Di Donato
c224633454 new(userspace/falco): initial work for version gRPC svc registration 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-02-07 11:28:57 +01:00
Leonardo Di Donato
714a6619ad new(userspace/falco): gRPC unary version service impl 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-02-07 11:28:57 +01:00
Leonardo Di Donato
550ee0d8fc build: compile version proto 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-02-07 11:28:57 +01:00
Leonardo Di Donato
8d49e45d44 docs(userspace/falco): document version protobuf 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-02-07 11:28:57 +01:00
Leonardo Di Donato
5e8f98ea92 new(userspace/falco): protobuf for gRPC version service 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-02-07 11:28:57 +01:00
Leonardo Di Donato
e560056b92 update(userspace/falco): define version part variables 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-02-07 11:28:57 +01:00
Leonardo Di Donato
84261d2071 build: extract version pieces 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-02-07 11:28:57 +01:00
Leonardo Di Donato
c374264384 docs(tests/falco): license for webserver unit tests 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-02-07 11:28:57 +01:00
Lorenzo Fontana
af3d89b706 fix(userspace/engine): formatting and auto declarations 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-02-06 19:16:21 +01:00
Lorenzo Fontana
5b9001d1d5 fix(userspace/engine): make sure that m_uses_paths is always false by default 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-02-06 19:16:21 +01:00
Lorenzo Fontana
240f7e2057 fix(userspace/engine): base64 format fix 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
 2020-02-04 21:00:00 +01:00
Vaibhav
22a95796c1 feat(userspace): Add banned.h which includes banned functions. 
This defines certain functions as invalid tokens, i.e., when
compiled, the compiler throws an error.

Currently only `strcpy` is included as a banned function.

Fixes #788

Signed-off-by: Vaibhav <vrongmeal@gmail.com>
 2020-02-04 17:47:56 +01:00
Leonardo Di Donato
f98da284d0 docs: update references to branches into README 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-02-03 17:15:45 +01:00
Mark Stemm
3693b16c91 Let puma reactor spawn shells 
Sample Falco alert:

```
Shell spawned by untrusted binary (user=git shell=sh parent=puma reactor
cmdline=sh -c pgrep -fl "unicorn.* worker\[.*?\]" pcmdline=puma reactor
gparent=puma ggparent=runsv aname[4]=ru...
```

https://github.com/puma/puma says it is "A Ruby/Rack web server built
for concurrency".

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2020-02-03 16:13:57 +01:00
Mark Stemm
48a0f512fb Let cilium-cni change namespaces 
Sample Falco alert:

```
Namespace change (setns) by unexpected program (user=root
command=cilium-cni parent=cilium-cni host CID2 CID1 image=<NA>)
```

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2020-02-03 16:13:57 +01:00
Mark Stemm
01c9d8ba31 Let runc write to /exec.fifo 
Sample Falco alert:

```
File below / or /root opened for writing (user=<NA>
command=runc:[1:CHILD] init parent=docker-runc-cur file=/exec.fifo
program=runc:[1:CHILD] CID1 image=<NA>)
```

This github issue provides some context:
https://github.com/opencontainers/runc/pull/1698

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2020-02-03 16:13:57 +01:00
Mark Stemm
7794e468ba Alow writes to /etc/pki from openshift secrets dir 
Sample falco alert:

```
File below /etc opened for writing (user=root command=cp
/run/secrets/kubernetes.io/serviceaccount/ca.crt
/etc/pki/ca-trust/source/anchors/openshift-ca.crt parent=bash
pcmdline=bash -c #!/bin/bash\nset -euo pipefail\n\n# set by the node
image\nunset KUB...
```

The exception is conditioned on containers.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2020-02-03 16:13:57 +01:00
Mark Stemm
0d74f3938d Let avinetworks supervisor write some ssh cfg 
Sample Falco alert:

```
File below /etc opened for writing (user=root command=se_supervisor.p
/opt/avi/scripts/se_supervisor.py -d parent=systemd pcmdline=systemd
file=/etc/ssh/ssh_monitor_config_10.24.249.200 program=se_supervisor.p
gparent=docker-containe ggparent=docker-con...
```

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2020-02-03 16:13:57 +01:00
Mark Stemm
e5f06e399f Let mcafee write to /etc/cma.d 
Sample Falco alert:

```
File below /etc opened for writing (user=root command=macompatsvc
self_start parent=macompatsvc pcmdline=macompatsvc self_start
file=/etc/cma.d/lpc.conf program=macompatsvc gparent=macompatsvc
ggparent=systemd gggparent=<NA> CID1 image=<NA>)
```

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2020-02-03 16:13:57 +01:00
Mark Stemm
fa3e48ca1a Add "dsc_host" as a MS OMS program 
Sample Falco alert:

```
File below /etc opened for writing (user=<NA> command=dsc_host
/opt/dsc/output PerformRequiredConfigurationChecks 1 parent=python
pcmdline=python
/opt/microsoft/omsconfig/Scripts/PerformRequiredConfigurationChecks.py
file=/etc/opt/omi/conf/omsconfig/con...
```

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2020-02-03 16:13:57 +01:00
Kris Nova
bf0cdb7c38 Updating community section of README.md 
Pointing to the community repo as the source of truth

Signed-off-by: Kris Nova <kris@nivenly.com>
 2020-01-28 14:23:56 +01:00
Kris Nova
be67c4adaf Updating logo and slogan to match branding guidelines 
Signed-off-by: Kris Nova <kris@nivenly.com>
 2020-01-28 14:21:21 +01:00
Kris Nova
b088a57dd0 Adding Glossary 
- Adding section to define language used in the project

Signed-off-by: Kris Nova <kris@nivenly.com>
 2020-01-28 12:35:15 +01:00
Kris Nova
40fbc96736 Updating with comments from Bencer 
Signed-off-by: Kris Nova <kris@nivenly.com>
 2020-01-28 12:35:15 +01:00
Kris Nova
c350876456 Updating README.md from Janet's review 
- Updating language around contributed/created/donated
 - Adding 3 key benefits

Signed-off-by: Kris Nova <kris@nivenly.com>
 2020-01-28 12:35:15 +01:00
Kris Nova
bf8367b280 Updating Falco Logo Path 
Signed-off-by: Kris Nova <kris@nivenly.com>
 2020-01-28 12:35:15 +01:00
Kris Nova
c510808299 Adding branding guidelines to GitHub 
Signed-off-by: Kris Nova <kris@nivenly.com>
 2020-01-28 12:35:15 +01:00
Leonardo Di Donato
a1d6a4762e fix(docker/minimal): libyaml 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-24 11:53:02 +01:00
Leonardo Di Donato
32b373aa9a build: fix dep version 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-23 16:35:33 +01:00
Leonardo Di Donato
3132174459 docs: update CHANGELOG with last major change for 0.19.0 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-23 15:32:47 +01:00
Leonardo Di Donato
a3845b43fc update(integrations): switch to 0.19.0 
Co-authored-by: Lorenzo Fontana <fontanalorenzo@me.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-23 15:32:47 +01:00
Leonardo Di Donato
24549e163a update(docker): switch to 0.19.0 
Co-authored-by: Lorenzo Fontana <fontanalorenzo@me.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-23 15:32:47 +01:00
Leonardo Di Donato
dab9835712 update: changelog for 0.19.0 
Co-authored-by: Lorenzo Fontana <fontanalorenzo@me.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-23 15:32:47 +01:00
Leonardo Di Donato
725f16b71c chore: use latest falco-tester again 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-23 15:04:39 +01:00
Leonardo Di Donato
f3dcacea5b fix(docker/tester): share rules and trace files with docker test runners 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-23 15:04:39 +01:00
Leonardo Di Donato
cf803759ef fix(docker/tester): falco-tester does not have to check for docker/local anymore 
Co-Authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-23 15:04:39 +01:00
Leonardo Di Donato
347b581d95 chore: cleanup docker test runners 
Co-Authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-23 15:04:39 +01:00
Lorenzo Fontana
c96248e4fc chore(integration): libyaml in tester docker file for deb packages 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-23 15:04:39 +01:00
Lorenzo Fontana
c7b8d6123a chore(integration): add dkms to docker test deb runner 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-23 15:04:39 +01:00